The Enemy Within
In the dynamic and popular end of the security world, in the land of fast cars, operators dressed in black sliding up and down buildings and constant, dynamic, heart stopping action, the “enemy” is pretty easy to spot and, hopefully, quickly and deftly dealt with in a positive, profitable and cost effective manner.
However, as you move steadily through our world, you leave the tumultuous waters of Close Protection, Surveillance, and “Q Department” technology to eventually drift into the more gentle and slow moving back waters, where the chiselled jawed, suave security operator is seldom, indeed if ever, seen.
For here, Dear Reader, is the land of the Personnel Professional, where we find, standing at the gates of the corporate citadel, the mighty Human Resources Manager.
Like the doughty, fearless, thick limbed heroes of the Norse Sagas’ the Human Resources Manager stands, double headed axe in hand, shield strung across a broad back, as the gate keeper of the company citadel.
This is the ultimate bulwark against which all footpads, miscreants and ne’er do wells will cast themselves in a fruitless effort, to pass said Manager and gain entry into the corporate citadel! Errrrrr, well no, actually!
This is the unsecured Portal through which the enemy will be welcomed and given entry, unchecked, unseen and unsuspected.
Unseen Enemy
If you look back at history, every kingdom, and mighty realm was brought to its knees by an unseen enemy; the traitor within with free, unfettered access, trusted and beloved by the majority, suspected by only the few, all of whom suffered ultimately from the backlash of the majority.
Your company is no different from these kingdoms of old. You cannot conceive that someone within your organisation could be engaged in activities which will damage or destroy your company, can you?
Well wake up and smell the smouldering cordite and tumbling masonry. It can, it will and it probably is as you are reading this. Like cancer, you will only know of the problem when it’s too late and untreatable. To focus your minds on the truth that lies before you, here is a tale about an international accountancy firm, who recruited an employee from Iran who quickly achieved a prime position within the Corporate Finance Dept.
The recruit spent 12 years providing Human Resources with total waffle relating to his background and previous employment, all disguised in the mists of “I can’t really tell you, as my family were loyal to the Shah and if any of my real details fall into the current regime’s hands then my family and I would be potentially repatriated and executed”.
Most of the cynical security professionals reading this are now moaning loudly and churning out expletives, but the HR department actually believed him. The employee was allowed to continue without providing the same level and quantity of personal details as colleagues. Finally, after 12 years of poor performance, incompetence and under performing, HR summoned up the courage and placed him on Garden Leave, preparatory to dismissal from the firm.
I hear your mighty cheer, Dear Reader, but wait; your excitement is ill founded and premature.
Damage
HR, feeling exultant in a job well done, retired for the weekend without briefing security of the employee’s downgraded status or having his access prevented. As you correctly guess, the employee returned to the office on Saturday evening, told the uniformed security officers that he was being re-appointed to new offices and security duly helped him remove all his files from the office to his waiting car.
Cut a long story short, the experienced security manager became involved on Monday and after no more than four hours belated but re-active Due Diligence, the employee was identified no less as an Iranian Intelligence officer!
He was truly the Enemy Within. The damage he caused the firm concerned was substantial, both reputationally and commercially.
HR is charged with ensuring the rights of the individual and this is the way it should be. However, they frequently take this role to the extreme and often to the detriment of the company that employs them. The more worrying part is that company directors are content to let this happen and, in abrogating their responsibility instead of exercising pro-active Due Diligence, the enemy slips through unguarded doors, unseen and unsuspected to cause havoc and destruction.
“So what is Due Diligence and how do we use it?” I hear you cry.
In-House Due Diligence or Employee Vetting
Due Diligence is simply a process whereby you find out as much as you can about those whom you employ and those with whom you are engaged or will be engaged in business.
Essentially, “Know Thine Enemy” and “Know More About Them Than They Do About You”. It’s all about maintaining a commercial and operational advantage and that’s good profitable business!
For those of you who employ staff, the first part of an effective Due Diligence programme is to screen every new employee. This process should never stop. All new workers of whatever grade should be screened on arrival, re-screened every five years and every time somebody is promoted, they should be screened again. Each time, the process should be more detailed relative to the knowledge and authority the employee gains or is given.
Now, on reading this your HR department will be enrolling at night school to study advanced witchcraft in order to make wax effigies of the writer, into which pins will be plunged in all sorts of places. They will protest that mass and on-going screening is intrusive, will cause extra work, blow stretched budgets to smithereens and “it’s just not fair or nice to the employees”.
In response to this, consider a little matter upon which the writer was involved back in the late eighties. An American multi-national electronics company, at the forefront of developing computer and PCB technology, invested millions of dollars in developing new products, only to find that within weeks of delivering said new products to the market place an almost identical but cheaper product came whistling out of East Germany. Naturally enough, the company began to realise there was a problem within.
A highly sophisticated investigation and “Sting” was put in place which identified the Finance Director was responsible for stealing the prototype products and selling them to the East Germans. Following evidence obtained by a UK security company, he ended up having an appointment with the FBI and then moving off to jail for many years.
This man had been in the company for 20 years, having joined at a junior grade and worked his way to the Board. He was well liked, trusted and respected. But, what nobody knew was that he was both a traitor to his company and his country. The full extent of the damage he caused to the company, commercially, operationally and reputationally was never fully quantified.
The new employee with the smile
The person who joins your company as a good intentioned, smiley faced, well-qualified employee may be a fine, honest, upstanding individual. However, never lose sight of the fact that they may not. Just remember the old adage, “in God we trust, everybody else gets vetted and searched!”
Fraud
Every fraud the writer has investigated has involved a member or members of staff, some or all of who have been serial fraudsters. They committed fraud in one company, where they were allowed to leave, joined another company and, bingo, continued committing fraud.
Nobody is allowed to say anything negative about an employee on a reference form. The whole process is a costly, paper-shovelling, job, which creates piles of pointless paper. You need to have a system that asks questions, looks for problems and then asks further questions. Get this process ensconced in your policy and procedures manual and have somebody aggressively manage it! This responsibility should not sit with HR.
The responsibility is with your Security Manager and the security department.
HR can complete the function, but the procedures must be in place to “flag up” anything out of the ordinary or inconsistent and move the application or re-vetting straight to Security.
The honest and genuine applicants sail through these processes. Such procedures do not prejudice the honest applicant, but they will target and identify those whom you absolutely do not want working in your business.
The other critical point to remember is the person who joined your company ten years ago is not the same person now as they were then. The only consistent fact about them is their date of birth. In this day and age, they may have changed their name, their marital status, their sex, their sexual orientation, their outlook on life, their religion or all of the above!
These changes may have made them better people, who in turn have spread joy and happiness where ere they go. However, in this stressful, modern life, more than likely, they now have more pressures, financial problems, developed or increased drink problems, fallen in love with the old Columbian marching powder, got a gambling addiction, met bad people who have dragged them to the Dark Side of The Force, and Lord knows what else.
Any one of these factors may be the trigger to turn a person from “Employee of the Year” to a one-person crime wave or socially defective problem deep within your business, that may be almost impossible to remove given current employment law.
Regular screening is critical
This is why you must regularly and consistently screen staff. You may find people who have problems, and well-designed, in-house support programmes may help them through these problems. In this case you have done the right thing and may recover an employee who becomes the company’s biggest fan and a solid employee who will stay with you all their working life. But you will never know unless you screen and screen regularly. Screening or Vetting is an integral part of a company’s security, risk management or loss prevention programme.
Regular screening is one of the cornerstones of your security programme.
Each level of screening should follow different formats, depending on who’s being screened and why.
Due Diligence for Associates, Competitors and Acquisitions
When dealing with new clients’, old clients’ acquisitions, takeovers or whatever, complete your Due Diligence. Frequently in these situations, Company Directors or Boards abrogate this responsibility to the lawyers, bankers and accountants who are paid vast fortunes to ensure everybody remains safe.
Due Diligence and Compliance are the much vaunted and trumpeted watchwords of modern business. They have spawned another load of restrictive, controlling, paper-generating groups and departments, none of whom have so much as thrown a Tupperware party in anger, let alone taken risk and undertaken inspired, courageous business. Don’t rely on their say so that Due Diligence has been done. Check and check and check again and if there is anything that makes you think twice, then act on the intuition immediately.
An example!
Some years ago, two highly successful brothers were in the process of acquiring another profitable group of companies to add to their portfolio. This Group had particularly caught their eye, as a part thereof had invested a king’s ransom into research in Russia to develop and manufacture biofuel, which in the late nineties they believed was worth investing in.
All looked well, but the brothers hard-earned instincts told them something was not right. The banks, lawyers and accountants had completed their Due Diligence and signed the deal off. The brothers trusted their instincts and employed a UK security company to go to the location of the research and development centre in Russia to actually see what was there. The location took several days to find, but was eventually discovered at a grid reference miles from what passed for civilisation in this snowy waste of the former USSR.
Great skills! Boots on the ground and a Mark 1 eyeball deployed!
A uniquely qualified security professional was dispatched into the wilds of Russia where Europeans never went and here, miles from any form of civilisation; he found a big shiny warehouse, complete with a furnace, coal and a large supply of cabbages for the creature within. This poor unfortunate, disowned by both local inhabitants and the gene pool from which he originated, was living the Life of Reilly. Constant fuel and food delivered monthly, so that this captain of local industry could make soup, stay toasty warm and keep the furnace blazing, which kept him alive and the warehouse from disappearing in the snow.
Photographs were duly taken and returned to London, where they were presented to the Board of the Group who had siphoned off millions having created a complete fiction of biofuel development, believing nobody from the lawyers, banks or accountants completing Due Diligence would ever go there, even if they could locate it. Loads of Money!!!!!!
Errrrr, well no, actually. Cometh the security professional and the whole bogus deal went west. Fraudsters waltzed off to Wood Street, brothers saved from terminal loss and profitable business inherited for almost nothing. That’s the power of Due Diligence!
Due Diligence is not about fiddling with paperwork and believing Wikipedia.
If you are about to take a big gamble, decision or a risk, get the security professionals who work in this peculiar world of ours to take the risk with you, take that leap of faith for you and dare greatly to return and tell you the actual story other than that which everyone is satisfied to believe.
We have removed the names to protect the stupid and gullible, who rather worryingly are still out there!
Christopher Cully
Managing Director, Dilitas Ltd.
For further information or advice:
Email: info@dilitas.com www.dilitas.co.uk