Issue 47 - Article 9

The Global Code of Conduct for Private Security Companies: why it matters to humanitarian organisations

June 24, 2010

In the aftermath of the January 2010 earthquake in Haiti, there were reports of violence breaking out during handouts of foreign aid. In December 2009, a suicide bombing took place in an area of Kabul that was home to several aid agencies. According to OCHA, there were at least 12 incidents targeting humanitarian organisations in North Kivu in the Democratic Republic of Congo (DRC) in January 2010.[1] These are just some examples showing that insecurity remains a major challenge to international humanitarian operations. In response, aid agencies have adopted several different measures and approaches, including contracting private companies to provide security services.

The advantages or otherwise of using the private sector to assist in a humanitarian organisation’s security policy is a broad topic, and one well outside the scope of this article. Suffice it to say that, for humanitarian organisations, the advantages of using security providers to assist in the protection and training of aid agency staff need to be balanced against the actual, and reputational, vulnerabilities that they are exposed to when hiring these companies. Whatever the merits of the decision, private security companies are now an integral part of the security policy of many aid agencies.


The need for scrutiny

Knowing who your contractors are is critical. An aid agency that uses private security has a particular moral duty to uphold – it is specifically helping a local population, and so should not be involved in actions that actually harm them. There are also potential legal liabilities. At the very least, if it were careless in its contracting of security, an aid agency could face lawsuits by those harmed by the actions of private contractors. There is also a risk of severe reputational damage arising from an incident, undermining the agency’s credibility and reducing its access to the local population and its ability to perform humanitarian missions.

Despite the risks, many organisations have no concrete guidance on how to contract or manage private security firms. This is understandable given the difficult contexts in which humanitarian organisations operate and their often limited resources and expertise. The choice of providers in a particular context may be limited, and local regulations may place restrictions on which private security companies can be used (for example, only local ones, not international). But the imperative to do the best one can given the circumstances still exists, particularly for a service that has such potentially disastrous consequences.


The Montreux Document as a starting point for best practice

Thankfully, humanitarian organisations do not need to start from scratch. In a diplomatic initiative taken by the Swiss government and the ICRC, 34 states have endorsed the Montreux Document.[2] The document as a whole is principally aimed at states, reminding them of their obligations under international humanitarian and human rights law and setting out best practice for governments in their interactions with the private security industry.

In a supporting brochure[3] NGOs are reminded, however, that they can also make practical use of the Montreux Document in helping to formulate internal policy with regard to private security companies. The list of best practices in the Montreux Document includes recommendations that clients determine which services they want to outsource and that they clearly set out how they will select and contract companies, including the criteria they will apply in making their selection. There are also recommendations regarding clauses that should be included in contracts and ways that clients can monitor compliance with the contract and ensure that companies are held accountable for any breaches.


The Code of Conduct

More help comes from a new initiative by the Swiss government to establish a Global Code of Conduct. Based on human rights and international humanitarian law, the Code of Conduct builds upon the Montreux Document. However, whereas Montreux was aimed primarily at states, the new Code of Conduct is aimed primarily at the private security industry itself. Indeed, the private security industry has been one of the principal drivers for better regulation of the sector, and has worked closely with the Swiss government in the early stages of elaboration of the Code.


The first section of the Code sets out the norms and standards that companies should follow.[4] Areas covered include the use of force to defend people and property and a prohibition on the use of torture. The Code also requires private security companies to adopt and implement broader management policies to ensure that they operate in compliance with human rights norms, for example taking measures against harassment, sexual abuse and trafficking, training personnel appropriately and, crucially, thoroughly vetting new hires. The section concludes with an undertaking by private security companies to set up both employee and third-party grievance procedures. The overall aim is to clarify the standards according to which private security companies should operate, thereby encouraging an overall improvement in the quality of services they provide and minimising any adverse human rights impacts.

This section of the Code can be incorporated into contracts with clients, and as such is clearly relevant to humanitarian organisations. By including a clause along the lines of ‘the private security company shall comply with the standards set out in the Global Code of Conduct’, humanitarian organisations can easily incorporate compliance with high industry standards into their commercial contracts. In effect, this would make a breach of human rights standards a breach of contract, giving the humanitarian organisation the opportunity to terminate its relationship with the private security company. It also allows humanitarian organisations to demonstrate that they have taken measures to ensure that the highest standards are met. In the event that an agency faced legal action in the aftermath of a human rights incident involving a private security company it had contracted, it could point to these measures as evidence that appropriate steps had been taken in retaining the company.


The next section of the Code aims to establish an international accountability mechanism (IAM) to ensure that the standards set out in the first section are met. While still in the development stage, it is anticipated that this will include some form of international certification of private security companies, and a complaints mechanism for third parties.

Certification would essentially comprise a process whereby private security companies submit an application to a certification body, showing that they are in compliance with the standards in the Code of Conduct. Those companies that fulfilled these requirements would be issued a certificate, which would act as a ‘stamp of approval’ that the firm could use publicly. An auditing team could then periodically evaluate this certification. In time, humanitarian organisations could use certification to help in selecting a private security company. Certification would mean that the company is considered to be in compliance with the standards in the Code. By only hiring such companies, humanitarian agencies could show that they have taken measures to ensure that the highest standards are met. Several key clients, including governments, have indicated their willingness to only hire companies that meet these high standards.

There are several potential shortcomings to this certification procedure, of course. First, the scheme is not up and running, and at the time of writing it was likely to be several months at least before it became operational. Second, it requires a real, effective and independent quality-control process to ensure that companies really are in compliance with the standards. This will be both difficult and expensive. Third, the principal driving-force behind the IAM has been the large, multinational private security companies, and it is not clear whether the certification scheme will be relevant to the small, local companies that many humanitarian organisations tend to use. The details of certification are still only in draft format, so there remains an opportunity for humanitarian organisations to provide input to ensure the certification process is as independent and thorough as possible. As regards local private security companies, it will also be important to ensure that this issue is adequately addressed in the certification process. It may be that certification of private security companies is a long-term goal, even if not immediately realisable.


When established, the IAM is also likely to have a third-party complaints mechanism. Private security companies found to be in breach of the IAM by this mechanism may have their certification revoked. The IAM may also award damages to victims of any malpractice by the company.[5] When this mechanism is established, humanitarian agencies should be able to report any breaches of the Code, whether involved directly as a client or not. In fact, by the nature of where they work and the job they do, field staff are in many ways best-placed to bear witness to the impact of private security companies on local populations and to report human rights violations.[6]



Even though the Code of Conduct is still in the development stage, humanitarian agencies can begin using the standards it sets out, and the Montreux Document, in their contracts with private security companies. Agencies should also ensure that they provide input in the elaboration of the IAM certification and complaints mechanisms.[7] The Montreux Document and the standards section of the Code may also be useful yardsticks against which to assess national or other international policies and regulations. Agencies could also increase awareness in the field of the Montreux Document principles and the Code of Conduct, and recommend adoption of its principles to governments, members of parliament, companies and other NGOs. When the certification procedure is established agencies should consider using only private security companies that are certified; once the complaints mechanism is established, agencies should work to raise awareness of it in the field so that victims know of this additional avenue of redress.


André du Plessis is Project Associate in the Privatisation of Security Program, Geneva Centre for the Democratic Control of Armed Forces (DCAF).


[1] ‘Desperate Haitians Over-run UN Food Hand-out’, Times Online, 26 January 2010; ‘Suicide Bomb Hits Afghanistan Capital, Kabul’, BBC News, 15 December 2009; ‘DRC: Security Beefed Up for North Kivu IDPs’, IRIN Humanitarian News and Analysis, 8 February 2010.

[2] A/63/467. The organisation for which I work – the Geneva Centre for the Democratic Control of Armed Forces (DCAF) – is supporting the Swiss government in its promotion of the Montreux Document and its work on the Code of Conduct.

[3] ‘Brochure on the Montreux Document’, p. 43,

[4] A first draft was released for public consultation between January and May 2010 (available for download at These comments are currently being considered for a final draft. At the time of writing, it was expected that the Code would be agreed and signed up to by leading private security companies in the second half of 2010.

[5] The IAM is not intended to replace other dispute resolution procedures, but is intended to be an extra tool for redress. In particular, it should not replace or hinder any criminal investigations or proceedings.

[6] Again, this should be in addition to reporting any incidents or crimes to the local authorities. The IAM does not seek to replace judicial criminal or civil proceedings.

[7] Contact the author at to ensure participation in this process.


Comments are available for logged in members only.