How to Choose the Best Security Company for you?
With the intensifying rate of civil insecurity and public unrest in the world today, the requirement to hire personal Executive Protection services is increasing dramatically. Add to that the major economic shock that COVID-19 has caused around the world, the decision of which VIP protection company to hire has become even more difficult. Whether a celebrity, or an ultra-high-net-worth, you place your life, reputation, and family’s safety in the hands of strangers. Therefore it is important to ensure robust due-diligence is carried out, but what do you need to research, ask, and know?
Due diligence is vital. The purpose of hiring security services is risk management. Just as you may perform background checks on the staff that you hire, or that look after your family, it is vital to lower your risk-exposure by performing enhanced vetting on any prospective security provider.
What are the top 10 checks anyone should do on their Executive Protection and VIP Security Provider?
- Corporate Structure
Start by investigating the provider’s corporate structure. For example, is the provider a corporation that reports to an active Board of Directors comprised of shareholders and non-stakeholders that brings expertise and high-level management to the business, or is it more like a ‘mom-and-pop’ set-up? Also, does that corporate structure follow their own corporate vision, mission statement and values? There are thousands of one-person LLCs purporting to be bonafide, and ‘global’ security providers, yet are little more than one person ‘CEOs’ with a lot of smoke and mirrors.
Digging deep is easier than ever these days. Start by browsing through the supplier’s website and see how robust it is. Does the site help to distinguish the provider from all the others?
- About Them
Are detailed, and clear biographies and a dedicated ‘About Us’ page present on their website? Is there information provided on key staff members that help to identify them as subject matter experts? A lot of small, one-person, or non-legitimate organizations will brush over their backgrounds, or provide vague and general information on their About Us page about the company only, or that they are industry experts that have been in the game 30 years.
- A lot of companies have multiple names up there, but they are subcontractors and non-affiliated – a quick LinkedIn check should identify that pretty quickly.
- A lot of people use vague wording such as ‘extensive experience in security and former ABC, but again, LinkedIn will help identify actual background, or if in doubt, just ask them and don’t be afraid to deep dive in more detail.
- Corporate Entity Validity
Take a moment to verify if the supplier is an active business entity in the state in which it is doing business. All states, as well as many counties and cities, require all businesses to register with them before they are allowed to legally provide services. All states have web sites that provide entity searches. If the supplier you are investigating does not have a valid or active business entity registration, that supplier does not have the authority to conduct business. It also questions the validity of the supplier’s additional compliance duties.
Another resource to verify the validity of a supplier, especially if they are approved to provide services to the U.S. government, is Dun & Bradstreet. Dun & Bradstreet allows free searches of their business directory and can also provide details regarding the financial strength of the supplier. Financial strength is vital for a business to be well established, successful, and reliable.
- State Security Licensing
If you are looking for security within the USA, most states also mandate some sort of licensing requirements for security companies. The license requirements vary depending on the type of security services that are to be provided; private investigation, personal protection, armed protection, etc.
Many states provide online searches of the businesses that are registered and licensed in their jurisdictions to provide security services. Just like corporate entity validation, verify if the supplier has the appropriate business licensing to perform security services and that the licensing is still active. Any license in abeyance also disqualifies the provider from providing those licensed activities and questions the supplier’s straightforwardness and soundness. If in doubt, ask the provider for a copy of their security business license, as this license is to be readily available for public inspection.
Don’t expose yourself or your company to fines, or worse yet, to a lawsuit. A few moments of effort can also save you from bad publicity, as found out by a Denver television station, and a large multinational security company recently when they were linked to the hiring of an unlicensed security guard. 
- The Importance of Compliance
Regulatory compliance is the first step in risk mitigation. Compliance is put in place to make certain that licensees and corporations act responsibly and obey all of the legal laws and regulations that pertain to their business, their staff, and their treatment of their customers.
Any problems found with any of the items mentioned previously are key identifiers that the supplier you are investigating does not take compliance seriously enough.
Internal compliance also provides evidence that all necessary and reasonable actions have been taken to prevent an incident. Internal compliance focuses on internal policies and standards to ensure that the supplier operates according to its leadership.
An additional way to establish if a supplier is legitimate is to verify if it is ISO9001 certified. ISO9001 is the international standard for a quality management system. To be certified to that standard, the supplier must demonstrate their ability to consistently provide services that meet customer and regulatory requirements, and to demonstrate continuous improvement. Why is ISO9001 so important?
- Do They Take Their Own Business of Security Seriously?
Another key factor to consider when choosing a supplier is whether or not they take their own business of security seriously. Physical security is not the only type of security you should be investigating the supplier on, but also personal data security (yours and theirs), and reputation management.
Prior to providing a detailed statement of work, is the supplier willing to produce or sign a non-disclosure agreement? Do they even have one? Is the treatment of specific information or personal data identified in the supplier’s contract? Is the supplier’s infrastructure considered to be HIPPA compliant, and do they follow the EU system of GDPR? What is GDPR – Click Here
Do they have robust cyber and IT protection including Endpoint detection, and have they implemented two-factor authentication (2FA), across all of their systems to help protect them from unauthorized access? A good indicator would be to ask them for a copy of their IT security plan and have them complete a key supplier cyber due-diligence questionnaire. Have your IT specialist, or a contracted resource assess them.
8. Are They a Reputational Risk to Your Brand?
Do a quick OSINT check on the relevant LinkedIn, Twitter, or Facebook profiles, etc. include the company and their key employees. Have there been recent updates? Is there anything overly political, or not aligned to your culture, or that carries a reputational risk? A lot of security operators feel the need to post pictures of themselves with clients, their vehicles, and residences, others like overtly showing firearms, or are more interested in their appearance on social media than professionalism.
A good warning sign is photos of them in suits carrying firearms, flexing or overly focused on the hard-skills such as range time, or posting politically charged comments. If they do that on social media what will they do around your entourage, crew, or associates?
Also, with some strategic research, you can see if there are any recent or historic incidents associated with the company or its leadership. Multiple large, and established security companies (still in business) have been involved in client incidents, have bribery allegations against them, ongoing court battles, and have shown negligence on tasks that have been publicly identified in the media.
- Liability Insurance
Another very important piece to perform due diligence is a supplier’s insurance coverage. Make certain that the supplier has the appropriate amount of coverage for your requirement. Verify not only the limits to the amount of coverage but the types of coverages as well. For example, does the supplier have professional and commercial general liability coverage? Do they have excess umbrella coverage and workers’ compensation, etc?
As with the corporate entity and business license registrations, also double-check that the supplier’s insurance coverage is active and not expired, being certain to check each type of coverage, as not all coverage types are always covered by the same insurance policy and carrier. Ask them to provide a COI.
If the supplier will allow it, find out who they supply services to and what those services are, then verify them. Identify the type of services that you are looking for and see if they are comparable.
A good indicator is if the company first initiates an NDA, and then only provides client references and testimonials once they have established and sought permission from their own clients to do so. A big warning sign is if they name drop clients on their website, social media, or within the first few conversations. If they do that with you, then you can bet that they will drop your name with other prospective clients.
Lastly, do not forget to look into the supplier’s past performance history, as a legitimate supplier’s track record, it will indicate if they are a proper fit for you.
The Industry is Solid, but it Has it’s Weak Points
The VIP protection industry and Executive Protection circuit have a good group of suppliers and there are some high-level providers out there. But, there are a lot of jokers in the pack, trying to use smoke and mirrors to capture work. Just by following the basic guidelines above, the discerning client can help make an informed decision and one that will help them manage risk from those they seek to manage theirs.
Bigger is not always the best
Large companies often lack the attention and agility that smaller providers provide. Also, it is widely known that they often sub-contract to smaller companies. Even ‘market-leaders’ have habits of employing young, inexperienced personnel, and after some ‘intensive’ training, pass them onto clients at extortionate rates.
Time Spent on Due-Diligence is Never Wasted
Take the time to find a legitimate executive protection and risk management company, keeping in mind that when it comes to protection, the cost does not necessarily mean quality, size does not equate to service, and a little bit of asking around will help you discover a bit more about the ‘brand and reputation’ of those in the industry.
Smoke and mirrors can only hide so much from a client who works to see past the distractions.
A properly vetted supplier will have all of their risks mitigated, as well as yours. Key indicators show that qualities matter right now, not just price. Key selling points surround legal compliance and accountability, but also thankfully, skillset and experience. Customers are choosing providers with honesty, transparency, and ethical leadership. The security company you chose must also be able to adapt, be problem solvers, and be rock solid with communication.
This article was written by Dustin Fain, the CFO of ETS Risk Management Inc. Dustin provides the analysis and insight that help frame the company’s most important decisions. He oversees all finance and human resource departments of ETS; establishing efficient internal protocols while incorporating new technologies to ensure smooth and simplified service to clients and stakeholders.