Duty of Care - An Introduction
Duty of Care can be viewed as an extension of Health & Safety law. This Law is set out to protect the individual. If we take a look back to a 1950s English building site, it would have been doubtful that you would have seen a hard hat, hi-vis, eye-pro, safety footwear, hearing protection, let alone receive a safety briefing.
As I go through all of these terms, I bet you know what I’m talking about despite us not necessarily being involved in the construction trade. Furthermore, I’m sure you could identify these items and, if asked to go onto a construction site, would expect to have these provided. Health & safety was in their infancy in the 1950s, and you could argue that Duty of Care is in much the same place nowadays.
I’m going to do my best to steer away from the word “security” as I feel it often leads us to focus our attention on guns and bombs when in actual fact, there are a host of things that we need to consider notwithstanding those mentioned above obviously.
Finally, I am going to turn my attention to Ethiopia and use it as a case study and outline what we are doing there now and how this forms part of an organisation’s overall Duty of Care strategy.
There are many definitions of Duty of Care, and their differences depend primarily on 3 factors:
1. The country of operations and their definition.
2. The donor – if there is a donor, of course.
3. Home nation of the organisation
Often there is an overlap, so we must understand this right from the start. It is worth getting advice from a legal advisor specialising in this field. More often than not, if there is a conflict in terms of DoC requirements, you would be best advised to implement the more robust definition.
So there are two things we can take away from this:
1. Over time, we have developed cultural awareness and understanding of Health & Safety.
2. To manage duty of care, we need to identify the threats, assess the risks and implement measures accordingly to keep people safe.
The other point worth making is that there are two strands to Duty o Care. The first is the legal obligation. The second is the moral obligation – so even if there isn’t a law telling me I should provide for my personnel, what is the right thing to do. When it comes to Duty of Care, we’re protecting two things – the individual and the organisation (financially and reputationally).
Duty of Care – Legal Implications NRC Case Study ( 2012)
So as we move forward with DoC and look to the legal implications, we need to find a basis for this, and a definitive piece of case law is often considered to be Dennis vs Norwegian Refugee Council. Despite being an incident in Kenya, working for the NRC, the ruling from this case has paved the way for other legal structures to consider their own view of DoC. To better help us understand this, I will look at a defining piece of case law.
On 29 June 2012 – Steven Dennis (NRC) was injured and kidnapped whilst conducting a VIP visit to IFO II refugee camp, Dadaab, Kenya, and held for 4 days. In 2015 Dennis submitted a claim to the Oslo District Court for economic and non-economic compensation. Dennis pursued legal claims against the NRC. The claim focussed on determining negligence concerning the incident, based on:
The foreseeability of risk,
Mitigating measures to reduce and avert risk,
Gross negligence,
Causation and loss.
Causation and loss this is what Dennis would have received if this had not happened. The court concluded that the NRC acted with gross negligence. Kidnapping is foreseeable, which is to say that there was intelligence to suggest a threat of kidnap and that measures could have been put in place to mitigate the risk.
The key term I’d highlight for you from this ruling is “informed consent”. Dennis argued that he had not received adequate briefing on the overall security situation or what measures to manage these threats. Dennis was therefore not in a position to make an informed decision as to whether or he wished to undertake the trip.
Informed consent is critical to all of this. The individual must be given enough information to decide, and this should be recorded.
The 4T’s
When it comes to the management of risk – we have my preferred range the 4 Ts;
Treat – put in place measures to reduce the impact and/or probability.
Tolerate – the threat and associated risk does not go above the organisation’s risk tolerance levels.
Transfer – hand over the role to a 3rd party – be careful here. Delegating DoC needs to be considered carefully.
Terminate – just don’t do it. This is generally the least preferred option.
Duty of Care - Considerations
So if we take the points made by the Oslo court ruling in Dennis vs NRC, what considerations do we need to make? First and foremost – you do not need to spend millions executing your duty of care obligations. Measures must be proportionate to the risk but also to the organisation.
Some key questions to get you started – context of operations
What are the threats? (threat is the thing that might cause you harm, a risk is the chance of it happening)
What are you doing?
Who is doing it?
Where are you doing it?
What are other actors, similar to us, doing in this area? This was one of the key findings in Dennis vs NRC. Other actors operating in the same area were using more robust measures to safeguard against kidnap. They had identified the threat, assessed the risk and implemented measures to mitigate against a kidnapping. This is where we start to get into Risk Management.
Duty of Care Documentation
Here are some examples of the types of documents that you might consider as part of the Duty of Care plans. This does not need to be a long and laborious exercise in creating documents. In fact, the more concise you can make them, the better. This way you will stand more chance of people reading and using them. It’s worth taking a collaborative approach so that all elements of the team can be part of the process.
Duty of Care Policy this can be just a one-pager that lays out what you are trying to achieve and governs how you will do this.
Security Risk Assessment – This is where we identify the threats that we face. Again, collaboration. We work with people, people are diverse and have differing views on threats, and we should take this into account.
The following key document is the Security Plan – this can be held at the organisation level and mirrored at the project or country level. This is where we really get into the detail of how we do things. At this point, we can take the opportunity to emphasise the employee’s responsibility to adhere to the company’s ways of working. Contractual clauses and training assist in compliance.
Standard Operating Procedures – Details all the actions that we carry out, for example, a Journey Management plan.
Moving from point A to point B, We’ve identified Road Traffic Accidents (RTA) as a critical threat to staff safety. So what we need to do now is put into place procedures that will reduce the likelihood and impact of having an RTA.
If we identify that most RTAs take place at night, we can impose a no driving at night rule (unless in an emergency and only with the permission of XYZ) – this reduces the likelihood of an accident. Wearing a seatbelt, qualified drivers, speed limits, quality of vehicles, all of which reduce the impact of an accident.
We also need to consider how we transfer this information to those it applies to directly. “Before any journey taking place, the following must take place and be signed off.” What we’re doing is threefold – Firstly, enforcing the rules – Secondly, creating an audit trail – Thirdly, reassuring and obtaining the individuals’ informed consent.
Next, we need to consider what we do if it goes wrong, and this should also be part of any briefings. The list of things that could go wrong is almost limitless, so we need to rely on straightforward emergency response procedures that guide rather than being so explicit that if one part fails, the procedures no longer work. Checklists are often helpful – Guidance on what to do across a range of the most likely or most impactful situations.
A Crisis Management Plan or Critical Incident Management Plan – differing terms, mean the same thing. These plans are generally HQ level, so one step removed from the incident, and they guide the HQ team on the actions to consider and carry out. Different organisations will have different risk tolerances, and consequently, one person’s incident may be another person’s crisis.
The last area in your Risk Management structure that I will talk about is an HRE plan. Hibernate, Relocate Evacuate.
Hibernation, Relocation & Evacuation – Ethiopia Case Study (November 2021)
We’ve been working with clients in Ethiopia to assist them with their planning of staff safety, focusing on HRE plans.
Hibernate – Essentially, you lockdown in a location. Ideally, of your choosing and prepare for such an event. Food, water, power, anything that you might consider essential to survive for a limited period in that location. We would generally advise hibernating when a situation has evolved so quickly that we do not have time to do anything else safely.
Relocate involves moving people from one location to another but within the same country. For example, if Gondar were to fall to TPLF, one might consider relocating to Bahir Da or further south to Addis.
Evacuate – This is generally the movement of international staff from the country.
So we’ve established that, broadly speaking, we have 3 options. They do not follow sequentially. They can be taken individually. It depends on the situation and the people involved.
So, a couple of examples of what we did at the time and how we monitored the situation;
We have assisted and advised on the “evacuation” of Ethiopian nationals and internationals. The international airport remains open to commercial flights, but as I’ve mentioned, we need to consider a possible closure and then a significant limitation on possible international departures. In some cases, Ethiopians of dual nationality have chosen to leave at the earliest opportunity.
We’re also aware of Tigrayans working for international organisations wishing to leave the country, and we’ll advise accordingly. This is obviously extremely sensitive.
We also have more rural-based projects, specifically in Bahir da, south of Gondar. At present, they are preparing for hibernation and have expressed a desire not to relocate to Addis, given the current situation in the capital. We have, however, developed triggers.
Hibernation, Relocation & Evacuation Triggers
The information I’m about to go through can be delivered in various forms, PPT, Word, SMS, WhatsApp/Telegram/Signal, or voice. This is a live example of Trigger planning that we have worked through with a client. I have focussed on Addis in the interest of time but will touch on more rural areas to the NW.
The actions for Triggers relates directly back to the HRE Plan - Amber in this case.
Triggers are identified events that cause us to carry out or consider a pre-planned action. For example, the city, town, village, and location are hit by indirect fire. This would generally indicate that an assault is about to take place. At this point, there is unlikely to be time to relocate, also difficult to anticipate which direction or direction an assault may come from – Hibernate.
Or, as an example - Gondar is taken by forces advancing south. The reports suggest a continued advance and that fighting has been extremely bloody. The decision based on the situation in Gondar may make relocation a realistic and sensible option.
Conclusion
When it comes to the development of Duty of Care and the implementation of risk management procedures, there are a few key factors, and I’ve touched on these as we’ve gone through them.
Have natural processes and procedures that enhance, not limit, your operations. You’re not wherever you are to show off excellent risk management. You’re there to do a job, but safely.
Buy-in and embedding a culture. Firstly, it needs to be driven through leadership and senior management. The buy-in part from staff comes when you make it inclusive and collaborative. As part of this, I would advise using internationally supported local, national safety and security staff. I will never be Ethiopian, I will never understand the nuances at a local and cultural level and a local national, nor will I have the same networks. I also won’t have the same freedom of movement.
If you’re looking for making your safety and security more sustainable, then my advice would be to use or capacity builds local, national security teams. Flying in my likes, on rotation 8 weeks on 3 weeks off is expensive. Flights, accommodation, insurance, replacements are all costly, not to mention the current climate change issues.
If covid has taught us one thing within this industry, a model of internationally supported local, national staff are more than capable of providing superb levels of support on the ground.
And whilst the original statement of this talk remains extant, we can place ourselves in the best possible position to protect our staff and the organisation by implementing common-sense procedures to manage the risk.