Last month a member of a senior management team for a large NGO, organization and person will both remain nameless, was abducted; in a country that shall also remain nameless. This was the second employee abduction in that country over the past several years; both never made the news - the first was a national staff member, the most recent, an international staff member. Abductions have been at the top of the threat matrix for quite some time in this location and the country office has had a number of security officer visits, with lots of good assessments and trainings.
So, senior staff member gets snatched, a ransom is demanded, threats are made, there's lots of confusion about roles, responsibilities, and what to do (both at the country office and headquarters levels), staff member gets released after ransom is paid by the family (oh yes, our organization has a policy of never paying ransoms), staff member is released unharmed and everyone lives happily ever after. Right?
I don't think so. There are five points I want to raise about this incident and abductions in general.
1. Minimize the risk. I'm not privy to the after-action report for this particular incident (if indeed one was ever generated), but from preliminary reports it certainly sounded like said staff member was likely not following security policies when the incident took place. I'd love to see some statistics associated with aid workers who end up victims of violence. My guess is it would mirror stats from law enforcement and fire, where complacency and feelings of invulnerability start to erode vigilance after a number of years. With cops and firefighters, it's usually not the rookies who get in trouble, but more often the veterans with 5 to 7 years under their belts.
2. Establish and follow your contingency plans. You're working in a place where abductions are a big threat. You've already had one staff member kidnapped in the near past. You would think an organization would have a solid contingency plan in place that would run like clockwork if a similar incident happened again. It sure didn't seem like it in this case. Are unrehearsed, poorly executed or non-existent contingency plans in the best of interest of your staff? Especially the ones who become the victim of a security incident?
3. Do no harm. For this particular NGO, when the national staff member was abducted and a ransom was paid (again by the family, but with a bit of help from an office donation), it was hushed up. Other NGOs operating in the area eventually found out about it and were none too happy they weren't told or consulted. I talked to someone who commented, "Ka-ching! Need some quick money, just grab an aid worker." I don't know how widely known this latest abduction is, but knowing the humanitarian community, I'm guessing other organizations have heard about it through the grapevine by now. Yes, I know. Staff are a priority, so we had to do something. But in following the old "do no harm" mandate, those making the decisions would be wise to give some deep thought to the potential implications of how they choose to deal with an abduction.
4. Cost of doing business. Managers always cringe when I ask this question and start looking really uncomfortable. What's the cost of doing business? Is an occasional abduction OK? How about a murder? What about a rape? The military calls it acceptable losses. Humanitarian organizations don't like to think about it. What are the potential costs you're willing to incur to complete your mission? What will make you pull out? These questions should be addressed way before an incident occurs.
5. Don't cover it up. One of my biggest beefs in doing security work for the humanitarian sector is despite all of the talk of transparency, security incidents tend to get shoved underneath the carpet with alarming regularity. Organizations have become slaves to public relations. Oh my, what will our donors think? This is going to reflect badly on us if it gets out, because that staff member should have known better. Organizations have lost sight of the value of learning from the past. With many NGOs, information about security incidents is never even shared internally with field staff. How can you honestly say you are doing your best to minimize staff risk if you don't take the opportunity to use prior security incidents to teach people and real world case studies to reinforce points?
I'm a little cynical and think it will be business as usual when it comes to NGOs and abductions. That means ransoms paid, incidents hushed up, information not shared, and a lack of standardized coordination and cooperation in handling abductions when they do occur.
There's just no economic incentive at the present time to get most organizations to address these issues and rethink their approaches. Unfortunately, the only way I see this changing is a high-visibility lawsuit or two aimed at a deep-pockets NGO where a staff member died or got hurt in a security incident and the organization failed to demonstrate an adequate level of due diligence before, during or after the event.