For those harmed by private security companies, justice has seemed a long way off. Last year a United Nations panel alleged that a group of private security companies, based in and operating out of Britain, Australia, Lebanon, South Africa and Uganda, was involved in training deaths and possibly attacks on civilians in Somalia. At least one of the companies involved is a signatory to the International Code of Conduct for Private Security Providers, a voluntary code backed by industry and the American, British, Swiss and Australian governments.

Continuing gaps in accountability

I wrote to the companies involved, to ask them what they were doing to make grievance procedures available to victims. Signatories to the International Code of Conduct commit to make such procedures available, as well as to take various steps to improve respect for human rights and humanitarian law through training, control and reporting measures. Only one of the companies replied. They denied all the allegations, and told me in no uncertain terms that should I continue to pursue the matter they would not ‘hesitate to employ measures’ to protect their reputation against the ‘unsubstantiated’ allegations – in other words, sue me for defamation.

None of the countries named in the UN report is on the record as having taken any action against the companies.  All the evidence from Afghanistan and Iraq over the last decade is in fact that whatever the law on the books, in practice private security companies often prove beyond the law’s reach. Their overseas operations are rarely scrutinized by independent monitors or investigators from their home countries. And victims of private security companies’ misconduct confront almost insuperable obstacles in accessing effective judicial mechanisms. A recent $5.28 million settlement in a case brought against a private security company alleged to be involved in abuses at Abu Ghraib was remarkable precisely because it is unique.

Trading legitimacy for accountability

As things stand, there was little that I could do to hold the companies to their commitments under the International Code of Conduct (‘ICoC’). Although 592 companies are currently signatories to the Code, there has been no mechanism in place to hold them to their commitments. That may be about to change. As Meg Roggensack of Human Rights First, a key driver of the process, put it to me: ‘What we have now are the bones of an effective oversight mechanism.’

On 22 February 2013, a multistakeholder group agreed, by consensus, the charter of an international governance and oversight mechanism for the International Code of Conduct. The official version will be published by the Swiss government after internal legal review. The governments involved included the US, UK, China, France, Germany and Australia. Companies came from the US, UK, Africa, Pakistan and Iraq. And civil society representatives included Human Rights First, Human Rights Watch, the International Corporate Accountability Roundtable, the International Commission of Jurists and ControlPMSCs.

The mechanism is likely to be formally created in the middle of 2013. It is a voluntary arrangement, relying on industry support and participation, as well as input from governments and civil society, to drive up standards across the market, over time. But the inclusion of key government clients – notably the US and UK – could create strong incentives for industry participation, if in time those governments make participation in the ICoC system a precondition for access to government contractors. The Swiss government has in the past said it will, and the UK government has given similar signals. The US Department of Defense also requires its private security contractors to abide by a national standard (‘PSC-1’) that is drawn from the Code, and which will provide one pathway to certification under the ICoC.

It is possible, then, that over time certification with the Code will become a market norm. Code certification will substantially raise the credibility of a private security company, precisely because it will belong to an international governance mechanism, supported by key governments and overseen by a mechanism that gives civil society actors an equal say. An annual meeting of all the members of the system will discuss Code implementation and give companies access to the learning and expertise from governments, civil society and clients.

The quid pro quo is a simple one: in return for this increased legitimacy and access to expertise, companies commit to cooperate with a system of reporting, independent field monitoring and – crucially – complaints. The price of increased legitimacy is increased accountability.

The field monitoring scheme will focus on situations that pose the greatest human rights risk, and will operate according to established human rights methodologies – allowing monitors access to affected communities and local actors, as well as company field operations. Checks and balances built into the scheme will, at the same time, ensure appropriate sensitivity around the sharing of information, for example to protect companies from the loss of legal privileges and to protect victims from possible reprisal. Civil society involvement in the governance and operation of the monitoring scheme will ensure it is based on human rights expertise from around the world, and that it reflects the legitimate interests of affected communities. This promises substantially to improve the accountability of the industry.

In addition, the complaints process offered by the new scheme could provide a significant new mechanism for victims to seek justice, when the company involved is not providing an effective remedy. The mechanism will work with both the victim and the company to provide an effective remedy – either through changes to the company's own grievance procedure, through reference to existing grievance procedures (including state courts), or through the development of a bespoke solution tailored to the claim itself.

This is an innovative approach that protects the legitimate interests of all parties – industry, governments, and victims. And by using the ‘effective remedy’ test set out in the UN Guiding Principles on Business and Human Rights, the mechanism will align this industry with the best practice emerging in other global industries facing similar security and operational challenges, such as the extractive industry.

Only a step forward – not the end

There are no guarantees that this scheme will work. But it seems to be worth trying. The current system, relying on state regulation alone, works for industry and government clients – but not for victims. The new regime may, in time, prove to offer something more. But as Meg Roggensack of Human Rights First made clear in conversation with me, ‘This is just the bones of a workable solution. We still have to put meat on the bones. And that’s going to take time – and effort.’

The scheme will only be effective if all the stakeholder groups involved – companies, government, and civil society – participate actively. If companies choose not to opt in, the scheme will have little influence over market norms. If governments do not, in time, link procurement decision-making to certification within the scheme, many companies will remain outside the scheme.

Equally, though, serious civil society engagement is needed to make the scheme a success. The scheme gives civil society blocking power in all key mechanism decision-making. If civil society does not use that power both to keep companies and governments honest, and to help the system generate constructive guidance for the industry, then the scheme risks becoming a figleaf for ongoing impunity – and a wasted opportunity for constructive engagement.

Some civil society actors rightly ask whether the scheme could block efforts to develop binding regulation of the industry at the national and international levels. In theory, it could. In practice, however, this need not be a zero-sum game. Monitoring and third-party claims can help to shed light on how this industry operates in the field. This will improve transparency and accountability and create a stronger evidence-base for proponents of binding legislative regulation.

Now or never?

The new mechanism will not provide justice to victims of past private security company abuses in Somalia or Iraq. It could, though, bring accountability significantly closer for future victims. The solution on the table is certainly not perfect. But it seems to be a package that all the major stakeholders can live with; and a package that is workable and likely, in time, to improve the industry’s human rights performance.

If we miss this chance, accountability for the private security industry may recede even further into the distance. Not to the vanishing point of ‘never’, perhaps – but from the perspective of victims, indistinguishably close to it.