Understanding Violence Management


The subject of violence as a corporate risk area is not new. Despite this, there are often fundamental flaws in the way in which organisations respond to it. In November 2014 McColl’s newsagent was fined £225000 at Liverpool Crown Court for failing to protect their staff from multiple incidents of violence. Specifically, this related to a string of armed robberies. In 2010 a security officer was tried (and acquitted) for the manslaughter of a suspected shoplifter who was strangled to death during the struggle following a pursuit. There are many other cases that could be cited. With such a foreseeable risk, and with such high stakes, why might organisations fail to treat violence risks appropriately and what can they do to improve their resilience?

One reason for poor violence management might be as simple as risk blindness. With significant market pressures on an organisation, they may choose not to spend time and resources understanding what they perceive to be an unlikely risk event, oblivious to the potential impacts.

Yet such incidents present significant costs to an organisation. First and most obviously there is the direct harm done to the staff, both physically and emotionally. This human cost can translate directly into financial costs for increased absenteeism, increased (and more problematic) recruitment and reduced output due to cultural harm.

Then there are more direct costs. The Health and Safety Executive statistics for prosecutions from 2013-2014 demonstrate a 95% conviction rate, with an average £15000 fine per breach of health and safety legislation. Common breaches will be a failure to risk assess, compounded by a failure to act on a risk assessment and a failure to consult staff. These failures stack up in an organisation like a jenga set, waiting for an event that brings them all tumbling down.

It is important to note that health and safety failures are criminal acts that increase the organisational risk beyond the human costs and, as such, cannot be transferred to third parties. As an area of health and safety concern, the management of violence is often therefore logically included in the wider health and safety precautions. It is this that introduces the first failure in its management.

It should also be recognised that violence is a dynamic risk. As a result, it cannot and should not be assessed in the same way as static risks, such as trip hazards or hazardous substances. There are significant factors present in situations of violence risk that a standard risk assessment form simply is not designed to capture. Most mentions of violence in typical risk assessments are usually one line in a standard form with a suggested control measure of ‘follow your training and company procedures’. Since risk assessment is the bedrock of controlling risks of harm to people, the lack of a reliable risk assessment model for violence related risks is a significant obstacle to organisations seeking to protect their staff and customers.

Likewise, formal training for health and safety management does not cover the specialised issue of violence risk in sufficient detail. A health and safety manager who lacks the experience of violence risk issues is unlikely to be able to identify all the core factors involved and present a robust series of countermeasures, even with the necessary accreditations.

Another reason for poor violence management may be the organisational culture and attitudes. These can vary from outright denial (‘it won’t happen here’) to total acceptance (‘it’s a part of the job’). In any risk area, successful treatments require acceptance and understanding. Violence is a complicated and emotive subject that, more often than not, triggers denial responses. Denial does not support understanding. If an organisation truly seeks to reduce its liability for violence risk, it needs to start by understanding how and why violence may be perpetrated at their locations.

Certainly, violence has many vectors into an organisation. It could come as a result of an attempted detention of a shoplifter by a private security officer, it could be a return visit by a disgruntled ex-employee, it could be a factor in another criminal act perpetrated against the organisation or in any one of dozens of other ways. If the risk vectors for violence are myriad, the typical organisational responses are equally varied, due to there currently being no recognised standards or accepted training in place for the management of work related violence.

Organisational policies on violence management are often well meaning but ill-informed, usually creating significant additional risk by issuing policy statements to staff that are often confused or else outright unlawful. Because this is a specialist risk area, reliable and qualified advice is hard to come by. As a result, organisations often create their policy based on documents that they find on the internet or else simply update an old document in their risk folders with a few changes that are never cleared for their legality or appropriateness. These enter the canon of procedure and over the years become accepted as the correct way of doing things without ever being questioned or assessed by qualified practitioners.

Organisations may seek to transfer their risk to a third party for the management of violence (such as using private security) but may in fact be retaining or even exacerbating it. Such organisations often direct their contractors using their own policies. Client satisfaction is sometimes measured using service level agreements that may also have unintended consequences. While there may be strong arguments for setting a measurement for the number of arrests in a retail establishment, this may also influence behaviour that increases the risks of violence. Due to commercial pressures, retailers may employ a lone security officer who is then tasked to perform arrests in an environment where there is no suitable holding facility. There are a number of risks in this scenario. Current best practice indicates that the minimum number of security officers required to safely detain a single individual physically is four, however retailers are unlikely to quadruple their security spending and so open communication, partnership and innovation are required to provide these businesses with viable solutions.

An imperfect understanding of both security and risk management can lead an organisation to engage security providers who can ill-afford to explain the risks they are inheriting even if they themselves understand them. Years of uninformed practice and commercial pressure make it extremely difficult for enlightened contractors to guide their clients to new best practice, especially if it means increasing costs to reduce risks. These contractors may be inheriting huge risks that they cannot transfer but must not retain.

The security industry itself does not fully understand the risks of violence, with most operating procedures on arrest and detention being years out of date and with no clear genesis. While the Security Industry Authority has taken a significant step forward with mandatory physical intervention training for door supervisors, there is no requirement for retail security officers to have such training. Further, there are 23 different training models currently approved (and no annual requirement to refresh the training), so that even if the workforce were all trained to the specification, there is no guarantee that they would all respond in the same way, again increasing risks. To date, there have been no longitudinal studies of the mandatory physical intervention training to see whether or not it is effective.

Legally, it is clear that organisations have duties of care over their employees, but what about their customers? In 2010 the Court of Appeal case of Everett & Anor v Comojo Ltd discussed an incident in which two customers in a private members nightclub were stabbed by a third party while on the premises, leading to a civil action against the club for failing to protect them under its duty of care. While the appeal failed, the judges concluded “there is a duty on the management of a night club in respect of the actions of third parties on the premises” It was also noted that the confirmation that a duty of care existed due to the ‘proximity’ of the relationship between the customers and the nightclub further reinforced the duties imposed under the Occupiers Liability Act 1957. This could easily be transposed to other organisations, and the outcome of other cases may differ.

The British Retail Consortium noted in a recent survey that many incidents of violence are as a result of security personnel stopping suspected shoplifters. Where this occurs and leads to either direct harm or an accident during a pursuit, it raises the question as to where liability lies. It could be argued that any harm occurred as a direct result of the actions of the security officer in giving chase, creating a chain of causation and therefore potential liability.

Taking all of these issues into account, what actions should an organisation take to treat their violence risks? The following steps are recommended.

  1. Establish a culture of acceptance.
  2. Establish a response system to support victims. This is good practice and can reduce the emotional impact of an event.
  3. Engage a qualified person to review relevant policies and systems of work for the direct responses to violence as well as for working practices that might serve as behavioural triggers.
  4. Engage a qualified and experienced person to perform a full suite of violence risk assessments including recommended controls.
  5. Create an annual training strategy based on the risk assessments and budget accordingly.
  6. Consult with all employees who may be considered at risk of violence in the workplace. This is a health and safety requirement.
  7. Source a suitable specialist training provider.
  8. Implement a robust reporting procedure to ensure that all incidents and near-incidents are captured for analysis.

Violence risk management is clearly a complex and specialised area. However, it is certainly one in which the cost of mitigation is far outweighed by the human, cultural, financial, legal, reputational and financial costs of a significant event of violence.

Astute has a consultancy package specifically designed to manage violence in the workplace.

Richard Diston




By Richard Diston MSc MSyI