When it comes to managing human sources (confidential informants, CHIS, HUMINT) it is critical to get the balance right between the benefits that can be gained from the source and the risks involved in managing the source. Generally speaking, within law enforcement risk management is a poorly understood concept, with officers paying the amount of attention to it that at best can be described as tokenism. Here are a few key ideas in relation to the managing risk with sources:
Risk should be managed in away that ensures compliance with local legislation. This will include, privacy legislation, health and safety legislation and any local laws that pertain to managing sources.
The method used for managing risk should be an internationally recognised method, such as contained in the International Standards Organisation ISO 31018 and have an agreed vocabulary within the agency.
Risk should always be stated using two terms likelihood (probability) the chances of the thing happening, and consequences (impact) the result of it happening.
Values for likelihood and consequences should be agreed with five levels for each – very low to very high.
There will be a broad range of potential consequences which must be enumerated. These can be covered across four areas. Think rope – then there is less chance of hanging your self or being hung out!
1. Reputation – the reputation damage to the agency.
2. Operational – The operational harm to the agency such as the compromise of investigations.
3. Physical Harm – the injury to any person.
4. Economic – the potential financial cost to the agency.
Each risk should be clearly document in the risk section of the source file. One form for each risk. If you have too many forms (Approximately +20) it is a clear indicator the source is too risky to manage.
A simple model will guide the completing officer through all the potential risks. A commonly used model is 3 P L E M:
o Public risks – How would the public view what the law enforcement agency is doing?
o Physical risks – Will anyone get hurt? Informant, public or officer?
o Psychological risks – Will anyone be psychologically damaged?
o Legal risks – Is there a conflict with the law or agency policy in what is proposed?
o Economic risks – What are the potential financial implications?
o Moral and Ethical – What moral or ethical dilemmas are involved?
Where a risk is documented it can be managed in one of four ways:
1. Avoided. The proposed course of action is not followed.
2. Retained. We accept there is a risk but the cost of treating the consequences outweighs the potential loss.
3. Transferred. The financial cost of the event going wrong is transferred to another party. For example: as we do with car insurance.
4. Treated. A series of control measures are put in place to reduce the likelihood and/or the consequences. This will be the common strategy for most risks.
Risk should be continuously monitored and updated at each review.
Our book Invest Now or Pay Later provides detailed instruction on how the risk relating to confidential informants should be managed. The methods outlined will stand up to international scrutiny. Our two day course on managing risk for confidential informants will ensure that all your staff are identifying and managing all the risks. We also provide consultancy services to agencies to make sure your structures for managing confidential informants are appropriate. If requested by Chief of Police or Chief Constable have a limited number of free consultancy slots available. (You pay only travel and accommodation.)
We will also provide expert testimony in relation to risk management in the area of confidential informant management.
