Regulating the security industry

Executive Summary

National Audit Office Value for Money Report

1. The Security Industry Authority (the Authority) was established in April 2003, under the Private Security Industry Act 2001 (The Act). The Authority’s two key roles are to reduce criminality in the security industry and to improve security standards. It has carried out these roles primarily by licensing individuals who work as security guards, and all types of door supervisors and vehicle immobilisers. The Authority has identified that compliance with the licensing regime is currently over 90 per cent. Since 2001, the Authority has licensed over 248,000 individuals and the current cost of a licence is £245.
2. The Authority has also established a voluntary Approved Contractor Scheme under the Act. This enables companies that meet certain quality criteria to be able, among other benefits, to deploy applicants for a licence while their applications are being processed. 
3. The Authority’s roll out of licensing has been hindered by a number of problems. While the number of applicants produced in 1999 by the Home Office was accurate, the time profile of applications was not, and the cost of running the Authority was significantly underestimated. In 2003, the Home Office produced an estimate of the likely licence fee at between £150 and £190 and it was set at the higher figure for the period from 2003-04 to 2006-07. This fee was set too low to enable the Authority to meet its objective to break even. The Authority has required additional funding of £17.4 million in the four years to 2007-08 to meet the funding gap.
4. The two computerised systems procured by the Authority to process applications and produce licences have both at different times been unable to cope with increases in demand for licences. In the winter of 2005-06 the Authority’s system was unable to cope with the large number of later than planned applications arising from the roll out of licensing to a large part of the regulated industry. This caused delays in issuing licences and resulted in the Authority incurring additional costs. In autumn 2007, the Authority’s replacement system was not ready on time and as a result for a period of six weeks few applications were processed and a backlog of applications built up. In total these two problems with issuing licences resulted in the Authority incurring additional costs of over £1 million.
5. The Authority was set up to regulate individuals but a number of other countries also regulate businesses. There are in excess of 2,000 businesses in the security industry in the United Kingdom ranging from large national companies with thousands of employees to small unincorporated businesses with less than 10 employees. Despite the Authority’s use of a bulk application process by which companies can make applications on behalf of their employees, and the introduction of an on-line register of licence holders, the Authority does not always know which businesses employ which licensed individuals; nor does it know how many private security companies there are. The Authority’s voluntary Approved Contractor Scheme has proved popular and is generally a sound tool to deliver the Authority’s statutory duty to improve standards in the private security industry, but it is not a way of regulating businesses. The Authority is currently undertaking a study to assess the possible compulsory registration of companies in the sector. One approach would be to coordinate such registration with the annual returns companies make to Companies House.
6. The Authority also has a responsibility to ensure compliance with the legislation and to undertake enforcement, for which it has 54 staff. The Authority uses the Police’s National Intelligence Model as the basis for its compliance and enforcement work, usually in partnership with the police and local authority licensing teams. Using the National Intelligence model means that the Authority’s compliance and enforcement work is intelligence-led and conducted in a way that its partners understand, since they too use the model. As well as participating in multi agency enforcement operations, in May 2008 the Authority carried out the first in a series of random checks on security sites to test for compliance.
7. We found that the police were generally content with their operational relationship with the Authority. Most police forces we spoke to told us that the existence of the Authority and compulsory licensing of door staff had increased professionalism in the industry, and they considered that there was large-scale compliance with the scheme in their areas. The local authorities we spoke to were more critical. Some said they did not know their contacts in the Authority, were critical of the lack of sanctions and concerned about staff turnover in the Authority’s enforcement teams.
8. In 2005, the Hampton Report “Reducing Administrative Burdens” was issued. This report laid down a number of principles for how Government regulators should operate. These included that all regulations should be easily understood, implemented and enforced, that regulators should provide authoritative and easily accessible advice, that no inspection should take place without a reason and that sanctions should be proportionate and meaningful. We made an initial assessment of how the Authority is performing against the main principles of the Hampton report. We found that the regulations for the security industry are proportionate and that the Authority provides generally good advice for stakeholders. The Authority’s reputation has, however, been undermined by problems in processing applications. Its compliance and enforcement activities are also generally proportionate but we found that there are gaps in the sanctions it can apply, particularly on companies. The Authority has demonstrated a sense of purpose but needs to quantify and articulate its outcomes and achievements better to address the concerns of stakeholders.
   
   Value for Money
   
9. Since it was set up, the Authority has introduced regulation into a previously unregulated sector effectively. Evidence indicates a high level of compliance which has delivered benefits in reducing the number of criminals engaged in security activities. The Approved Contractor Scheme is a success. Licensing could, however, have been implemented more efficiently. Responsibility for the inefficiency lies in part with:
   
   • the Home Office because their initial assessment understated the cost of running the Authority and their profile of the industry was inaccurate;
   • the Authority because the systems that they procured to process applications for licences have failed to cope in 2005 and 2007 with the number of applications for licences; and
   • the security industry which attempted to manage demand from their employees but did not do so.

   These factors have cost the taxpayer an additional £17 million to April 2008, which has compromised the value for money achieved.
   
   Recommendations
   

10. The Authority needs to improve its strategic and operational planning to deal with future challenges successfully. These include: the large number of licences to be renewed in 2008-09; new sectors and regions to be regulated; the management and re-tendering of its managed service contract; maintaining the quality of its Approved Contractor Scheme; and the successful regulation of security at the 2012 Olympic Games.
11. We recommend as follows:
    
    To the Home Office
    
    • The introduction of statutory licensing was compromised by an inaccurate initial Regulatory Impact Appraisal which meant that the costs of licensing were underestimated. When producing Regulatory Impact Assessments for new legislation the Home Office needs to consider the performance data held by other public bodies undertaking similar roles or providing similar services.
    • A key part of better regulation is that citizens should only be required to submit information to Government agencies once, since sending original identity documentation by post is a potential security risk, is costly and should be minimised. Working with the Home Office the Authority has made progress, as it is now able to check the data held by the Identity and Passport Service in real time; but the Authority also needs direct access to similar data held by other Government agencies.
      
    
    To the Security Industry Authority
     
    • Many of the performance issues affecting the Authority have arisen from inaccurate or inadequate forecasting. The Authority needs to improve the quality of its forecasting by including a range of likely scenarios into its models and forecasts. To improve the management of its work flow the Authority should create and maintain a short, medium and long term forecast of future demand for licences.
    • When compulsory licensing is extended to new sectors, it is likely that most applications will arrive just before or just after the deadline. The Authority should improve its contingency planning and be more flexible in its deployment of resources so that its systems are not overwhelmed by peaks of demand.
    • The Authority has a statutory duty to raise standards in the industry. The Authority’s main lever for raising standards in the industry is the voluntary Approved Contractor Scheme. In consultation with stakeholders, the Authority should over time raise the required standards for the training to be provided by scheme members to employees.
    • The Authority licences individuals, but in practice the regulation of the industry is enforced through the businesses in the security industry. This de facto regulation should be made formal with the introduction of a low cost registration of private security businesses which is separate from the voluntary Approved Contractor Scheme. To reduce the administrative burden on companies the Authority should coordinate, with Companies House, to allow registered companies to comply with this requirement by providing information on their status in their annual Companies Act returns.
    • The Authority currently has no sanction between an Improvement Notice and a criminal prosecution that it can impose on companies that engage in persistent but minor transgressions of the Act. We consider that the Authority’s regulatory powers should include a further sanction for those companies that engage in such persistent minor transgressions of the regulations. The new Regulatory Enforcement Sanctions Act 2008, which has created a mechanism for the Authority to acquire some further powers, could be a suitable vehicle for this change. Separately, whistle blowing provisions, like those used successfully by the competition authorities under the Enterprise Act 2002, should also be introduced.
    • The Authority only has limited resources to enforce the provisions of the Act and is reliant on working with the police, local authorities and other enforcement partners to fulfil its obligations. It should improve its relations with local authorities and other enforcement partners via the Local Authority Coordinators of Regulatory Services (LACORS) and Home Office Regional Deputy Directors, so that it can evidence how the Act is being enforced.