This article was downloaded by: [University of Texas Libraries]On: 23 September 2013, At: 14:01Publisher: RoutledgeInforma Ltd Registered in England and Wales Registered Number: 1072954 Registeredoffice: Mortimer House, 37-41 Mortimer Street, London W1T 3JH, UK

Security StudiesPublication details, including instructions for authors andsubscription information:http://www.tandfonline.com/loi/fsst20

(Self) Regulating War?: VoluntaryRegulation and the Private SecurityIndustryRenée de Nevers aa Department of Public Administration of the Maxwell School,Syracuse University,Published online: 08 Oct 2009.

To cite this article: Renée de Nevers (2009) (Self) Regulating War?: Voluntary Regulation and thePrivate Security Industry, Security Studies, 18:3, 479-516, DOI: 10.1080/09636410903132854

To link to this article: http://dx.doi.org/10.1080/09636410903132854

PLEASE SCROLL DOWN FOR ARTICLE

Taylor & Francis makes every effort to ensure the accuracy of all the information (the“Content”) contained in the publications on our platform. However, Taylor & Francis,our agents, and our licensors make no representations or warranties whatsoever as tothe accuracy, completeness, or suitability for any purpose of the Content. Any opinionsand views expressed in this publication are the opinions and views of the authors,and are not the views of or endorsed by Taylor & Francis. The accuracy of the Contentshould not be relied upon and should be independently verified with primary sourcesof information. Taylor and Francis shall not be liable for any losses, actions, claims,proceedings, demands, costs, expenses, damages, and other liabilities whatsoever orhowsoever caused arising directly or indirectly in connection with, in relation to or arisingout of the use of the Content.

This article may be used for research, teaching, and private study purposes. Anysubstantial or systematic reproduction, redistribution, reselling, loan, sub-licensing,systematic supply, or distribution in any form to anyone is expressly forbidden. Terms &Conditions of access and use can be found at http://www.tandfonline.com/page/terms-and-conditions

Security Studies, 18:479–516, 2009Copyright © Taylor & Francis Group, LLCISSN: 0963-6412 print / 1556-1852 onlineDOI: 10.1080/09636410903132854

(Self) Regulating War?:

Voluntary Regulation and the Private SecurityIndustry

RENEE DE NEVERS

Private security companies’ growing participation in U.S. and in-ternational military missions has raised concern about whether theprivate security industry is subject to sufficient controls. Industryself-regulation is often proposed as part of a multilayered frame-work of regulations to govern PSCs. But what can self-regulationcontribute to regulation of the private security industry? This mat-ters because privatization in the security realm has moved beyondunderstandings of the proper breakdown of public and privatefunctions concerning the use of force. This article assesses what self-regulation can contribute to the control of this industry and whetherthe private security industry lends itself to effective self-regulation. Itconcludes that the private security industry does not exhibit the ca-pacity to adopt and implement effective self-regulation on its own. Ifself-regulation is to complement state and international regulation,participation in the design and oversight of self-regulation must bebroadened beyond private security companies alone.

Private security companies (PSCs) have recently come under scrutiny due toincreased reliance on private contractors to support the United States’ militarymissions in Afghanistan and Iraq. These companies have made headlines as

Renee de Nevers is an Assistant Professor in the Department of Public Administration ofthe Maxwell School at Syracuse University.

I would like to thank William C. Banks, Brian D. Taylor, the participants in the SawyerLaw and Politics Program Colloquium at the Maxwell School, two anonymous reviewersand the editors at Security Studies for their helpful comments, and Diana Keller, CarolineKouassiaman, and Denise Lee for their research assistance. I am grateful to the MaxwellSchool for providing research support through the Appleby-Mosher Faculty Grants program.

479

Dow

nloa

ded

by [

Uni

vers

ity o

f T

exas

Lib

rari

es]

at 1

4:01

23

Sept

embe

r 20

13

480 R. de Nevers

the victims of insurgent attacks in Iraq, most notably the killing and mutilationof four employees of Blackwater USA in Fallujah in March 2004.1 Contractorshave gained attention for their involvement in some of the abuses at AbuGhraib in 2004, and the killing of innocent civilians in Baghdad in September2007.2

The range of tasks these companies carry out around the globe, andanxiety about the conduct of company employees, has led to widespreadagreement that private security companies need to be better regulated. Oneleading scholar of PSCs noted that the cheese industry is more regulated thanprivate military firms.3 However, regulating PSCs is difficult. Companies offer-ing security-related services are frequently headquartered in countries otherthan those where their services are used, and they may hire employees fromthird countries. Moreover, their tasks vary widely, ranging from demining toensuring the security of diplomats in war zones.

These complexities have led to concurrence that multiple and over-lapping levels of regulation are needed, with industry self-regulation asone piece, along with international, national, and sometimes regionalregulations.4 Self-regulation is the preference of some in the private securityindustry.5

But what can self-regulation contribute to the control of this indus-try? Moreover, does the private security industry lend itself to effective self-regulation? These are critical questions, particularly since self-regulation hasbecome one of the de facto regulatory mechanisms for the industry. More-over, they touch on a core governance issue: determining the appropriate

1 In February 2009 Blackwater was renamed Xe. I use the name Blackwater throughout the article.2 Jonathan Finer, “Security Contractors in Iraq Under Scrutiny after Shootings,” Washington Post, 10

September 2005; Sudarsan Raghavan and Josh White, “Blackwater Guards Fired at Fleeing Cars, SoldiersSay,” Washington Post, 12 October 2007.

3 P. W. Singer, The Private Military Industry and Iraq: What have We Learned and Where to Next?(Geneva: Geneva Center for the Democratic Control of the Armed Forces, 2004), 14.

4 For some discussions of regulatory options, see Michael N. Schmitt, “Humanitarian Law and DirectParticipation in Hostilities by Private Contractors or Civilian Employees,” Chicago Journal of InternationalLaw 5, no. 2 (2004): 511–46; P. W. Singer, “War, Profits, and the Vacuum of Law: Privatized Military Firmsand International Law,” Columbia Journal of Transnational Law 42, no. 2 (2004): 521–50; Deborah Avant,The Market For Force: The Consequences of Privatizing Security (Cambridge: Cambridge University Press,2005); Fred Schreier and Marina Caparini, Privatising Security: Law, Practice and Governance of PrivateMilitary and Security Companies (Geneva: Geneva Center for the Democratic Control of the Armed Forces2005); Caroline Holmqvist, Private Security Companies: The Case for Regulation, Stockholm InternationalPeace Research Institute (SIPRI) policy paper no. 9, 2005; Sarah Percy, Regulating the Private SecurityIndustry (London: International Institute for Strategic Studies, 2006); Joanna Spear, Market Forces: ThePolitical Economy of Private Military Companies, FAFO report no. 531, 2006; Kathleen M. Jennings, ArmedServices: Regulating the Private Military Industry. FAFO report no. 532, 2006; and Simon Chesterman andChia Lehnardt, ed., From Mercenaries to Market: The Rise and Regulation of Private Military Companies(Oxford: Oxford University Press, 2007).

5 Andrew Bearpark and Sabrina Schulz, “The Future of the Market,” in From Mercenaries to Market,eds., Simon Chesterman and Chia Lehnardt (Oxford: Oxford University Press, 2007); and Doug Brooks,“In Search of Adequate Legal and Regulatory Frameworks,” Journal of International Peace Operations 2,no. 5 (March/April 2007): 4.

Dow

nloa

ded

by [

Uni

vers

ity o

f T

exas

Lib

rari

es]

at 1

4:01

23

Sept

embe

r 20

13

(Self) Regulating War? 481

boundary between government and private functions. This is a particularconcern when the use of force is concerned. Scholars examining the privatesecurity industry emphasize that outsourcing military functions fundamen-tally challenges the Weberian notion of the state, which assumes the state’smonopoly over the use of force.6 The claim that PSCs can self-regulate pushesthis debate into the realm of private authority, where entities other than thestate create rules and institutions guiding behavior within states and in theinternational system.7 Understanding the utility of PSC self-regulation mayhelp clarify the appropriate demarcation of public and private functions inthe security realm.

I argue that the private security industry lacks the incentive and ca-pacity to adopt and implement effective self-regulation on its own. “Effec-tive” or “obligatory” self-regulation includes both establishing industry stan-dards for appropriate corporate behavior and creating mechanisms to ensurethat companies comply with the standards they commit to by joining self-regulatory schemes. I use effective and obligatory to describe self-regulationthat incorporates monitoring and sanctions to ensure compliance. To date,self-regulation by this industry has been both aspirational in character andlacking in oversight mechanisms. Absent external pressure from increasedregulation or loss of contracts, private security companies are unlikely totake the steps needed to make industry self-regulation a useful complementto state and international regulation.

Industry self-regulation can take many forms, ranging from general busi-ness principles to standards backed up by extensive monitoring and enforce-ment mechanisms. Moreover, participants in the design and implementationof self-regulatory mechanisms range from solely members of a business sec-tor, to a broad scope of actors, including governments, nongovernmentalorganizations (NGOs), and those affected by business operations, along withindustry members.

Evaluating the potential for self-regulation by PSCs requires both under-standing current industry self-regulatory efforts and examining whether thisindustry has the characteristics that would enable it to implement effectiveself-regulation on its own. Self-regulation by the private security industry hastaken the form of voluntary codes of conduct initiated by industry associa-tions and individual corporate codes adopted by some companies. The oneindustry association code with international application relies on industry

6 P. W. Singer, Corporate Warriors: The Rise of the Privatized Military Industry (Ithaca, NY: CornellUniversity Press, 2003), 170; Avant, The Market for Force, 1–3; and Anna Leander, “The Market for Forceand Public Security: The Destabilizing Consequences of Private Military Companies,” Journal of PeaceResearch 42, no. 5 (2005): 605–22.

7 For some discussions of private authority, see A. Claire Cutler, Virginia Haufler, and Tony Porter,ed., Private Authority and International Affairs (Albany, NY: State University of New York Press, 1999);and Rodney Bruce Hall and Thomas J. Biersteker, ed., The Emergence of Private Authority in GlobalGovernance (Cambridge: Cambridge University Press, 2002).

Dow

nloa

ded

by [

Uni

vers

ity o

f T

exas

Lib

rari

es]

at 1

4:01

23

Sept

embe

r 20

13

482 R. de Nevers

governance without external oversight. I focus here on industry-initiatedcodes because they are the primary mechanisms that PSCs use. I do not seekto assess motivations leading individual firms to join self-regulatory mecha-nisms; rather I evaluate the industry’s capacity to self-regulate.

The private security industry does not lend itself to the sort of effec-tive, internally managed self-regulation that some industry associations haveadopted. It shares few characteristics with industries that have adopted oblig-atory self-regulatory mechanisms.8 Drawing on the management literature onself-regulation, literature on private authority, and institutionalist studies ofstandards organizations, I derive a framework of elements common to in-dustries whose associations have introduced obligatory self-regulation. Theseare (1) factors motivating self-regulation, (2) industry characteristics, and (3)trade association attributes. Comparing the private security industry to indus-tries that have implemented obligatory self-regulation, three key differencesemerge. First, the industry perceives little threat of government regulationthat might impel it to act defensively. PSCs have followed contradictory poli-cies in response to reputational concerns, both advocating self-regulation asan alternative to formal regulation and also supporting government regula-tion as a way to bolster the industry’s legitimacy. Second, the private securityindustry does not share a sense of a “community of fate,” so that it expectsto sink or swim together. Third, these factors have given PSCs little incentiveto develop strong trade associations able to design and enforce effectiveself-regulation.

These differences do not mean that self-regulation should be aban-doned, because even aspirational self-regulation can contribute to oversightof the private security industry. The reputational benefits corporations seekby adopting optional business principles provide a basis for external monitor-ing, and these principles can be given legal weight in contracts. In countrieslacking formal regulation, these standards create a baseline for companybehavior. Additionally, weak self-regulation may evolve into more effectiveforms if other stakeholders engage with industries or corporations to es-tablish or strengthen oversight mechanisms. As long as gaps exist in state-and international-level regulation of the private security industry, additionalregulatory mechanisms, even imperfect ones, can play a role. It would be amistake to trust self-regulation too heavily, but it would be foolish to ignorewhat it might yield within a broader regulatory framework.

8 Joseph V. Rees, Hostages of Each Other: The Transformation of Nuclear Safety Since Three MileIsland (Chicago: University of Chicago Press, 1994); Neil Gunningham and Joseph V. Rees, “Industry Self-Regulation: An Institutional Perspective,” Law and Policy 19, no. 4 (October 1997): 363–414; Jennifer Nash,“The Emergence of Trade Associations as Agents of Environmental Performance Improvement” (paper,presented at the Greening of Industry Network Conference, 1999); and Michael J. Lenox and JenniferNash, “Industry Self-Regulation and Adverse Selection: A Comparison Across Four Trade AssociationPrograms,” Business Strategy and the Environment 12, (2003), 343–56.

Dow

nloa

ded

by [

Uni

vers

ity o

f T

exas

Lib

rari

es]

at 1

4:01

23

Sept

embe

r 20

13

(Self) Regulating War? 483

“Private security” is used to describe many different military and securityservices ranging from fighting wars to logistics. I concur with the prevalentunderstanding of the industry, which incorporates companies providing ser-vices associated with formerly military or police functions. My concern iswith PSCs providing security services in conflict zones or regions in whichstate or local authority is weak.9 The key question is whether these compa-nies can work together to create and enforce standards governing corporateand employee behavior in the core activities that distinguish them from otherbusinesses: the provision of physical security services and training peoplein the use of force. (I am less concerned with regulation of logistics andsupport functions provided by PSCs, since regulation in these areas raisesdifferent ethical and legal questions.) This is an acute challenge, becausePSC activities can fall under international humanitarian law (IHL) as well asdomestic regulations. The private security industry’s ability to regulate theseactivities independently is questionable. If self-regulation is to be a usefulregulatory tool, participation in its design and oversight mechanisms mayneed to be expanded.

This paper will proceed as follows. First, I provide a brief overview of theprivate security industry and existing regulations that apply to PSC activities.I then examine industry self-regulation, with particular attention to industrycodes of conduct and the factors leading some industry associations to adoptand enforce obligatory codes. Next, I consider current PSC self-regulation andexamine whether the private security industry lends itself to effective self-regulation. I conclude by assessing what contributions self-regulation canmake to the regulation of the private security industry given my findings.

THE PRIVATE SECURITY INDUSTRY: SCOPE AND CURRENTREGULATORY FRAMEWORK

Scope and Size

Various terms are used to describe private companies offering military orsecurity functions, including private military firms, private security compa-nies, private military and security companies, the private security industry,and mercenaries.10 PSCs have been defined as “private business entities thatdeliver to consumers a wide spectrum of military and security services, oncegenerally assumed to be exclusively inside the public context”11 or as “private

9 Many companies operate both in their home states and overseas. Regulatory problems have beenmost acute with regard to transnational operations, and this is what industry self-regulatory efforts havesought to address.

10 Singer, Corporate Warriors; Avant, The Market for Force; Percy, Regulating the Private SecurityIndustry; Fabien Mathieu and Nick Dearden, Corporate Mercenaries: The Threat of Private Military andSecurity Companies (London: War on Want, 2006); and Jeremy Scahill, Blackwater: The Rise of the World’sMost Powerful Mercenary Army (New York: Nation Books, 2007).

11 Singer, Corporate Warriors, 8.

Dow

nloa

ded

by [

Uni

vers

ity o

f T

exas

Lib

rari

es]

at 1

4:01

23

Sept

embe

r 20

13

484 R. de Nevers

companies that sell military services.”12 Industry representatives and someobservers argue that PSCs’ corporate structure makes the mercenary labelinappropriate.13 It is important to note, however, that Tim Spicer, formerpresident of a now-defunct company widely regarded as mercenary, coinedthe term “private military company” to escape the mercenary label.14 Effortsto change the discourse regarding these companies continues; one Britishindustry executive argued recently that the industry’s services should bethought of as “business facilitation”; and a new journal aimed at PSCs refersto the “global stability industry.”15 I use the terms “private security company”to mean companies offering military and security services, and the “privatesecurity industry” to refer to the industry as a whole.

PSCs conduct a broad array of activities, ranging from combat to theprovision of intelligence, interrogation, and security advice and training.16

Peter Singer classified private military companies in three categories: militaryprovider firms, which are engaged on the battlefield either as fighters or incommand roles; consulting firms, which advise and train military forces; andsupport firms, which provide the logistical “tail” for military troops.17 Deb-orah Avant expanded this classification to encompass companies providingboth military and security services, and to capture their security functionsboth outside and within the state in which they are incorporated. Externally,she argues that companies provide “operational support, military advice andtraining, and logistical support.” Companies may provide governments withinternal services that parallel these external functions: site security, eitherwith or without arms, advice and training for police forces, crime preven-tion, and intelligence.18 As she notes, some corporations may offer a rangeof these services. PSCs sell their services to governments, international orga-nizations, NGOs, and other corporations.

Although the earliest PSCs marketed their war-fighting skills, central tocurrent understandings of the industry is that PSCs offer services short of

12 Christopher Kinsey, “Challenging International Law: A Dilemma of Private Security Companies,”Conflict, Security, and Development 5, no. 3 (December 2005): 270.

13 Singer, Corporate Warriors, 44–48; Percy, Regulating the Private Security Industry, 14; and Brooks,“In Search of Adequate Legal Frameworks,” 4.

14 Leander, “The Market for Force and Public Security,” 608; Duncan Campbell, “Marketing the New‘Dogs of War,”’ in Making a Killing: The Business of War (Center for Public Integrity, 2002) availableat http://www.public-i.org/bow/. Spicer and his company, Sandline International, flaunted African armsembargos and inadvertently contributed to the overthrow of the government of Papua New Guinea in the1990s. See Singer, Corporate Warriors, 115, 192-96. On the role of mercenaries in Africa, see Abdel-FatauMusah and J. Kayode Fayemi, ed. Mercenaries: An African Security Dilemma (London: Pluto Press, 2000).

15 The Private Security Phenomenon: Policy Implications and Issues (Brussels: Security and DefenceAgenda Roundtable, 7 December 2006), 17; and Serviam available at http://www.serviammagazine.com.

16 For comprehensive discussions of the private security industry, see Singer, Corporate Warriors;and Avant, The Market for Force.

17 P. W. Singer, “Corporate Warriors: The Rise of the Privatized Military and its Ramifications forInternational Security,” International Security 26, no. 3 (Winter 2001/02): 200–2.

18 Avant, The Market for Force, 16–17.

Dow

nloa

ded

by [

Uni

vers

ity o

f T

exas

Lib

rari

es]

at 1

4:01

23

Sept

embe

r 20

13

(Self) Regulating War? 485

combat, and generally use force only in self-defense. During the 1990s,there were some notable examples of PSCs, such as Executive Outcomes(EO) or Sandline, contracting to fight wars for the governments of SierraLeone and Angola.19 The widespread condemnation this generated led mostPSCs to reject an explicit combat role, and some scholars argue that a normagainst offensive missions is emerging.20 Other scholars suggest that com-panies engaging in offensive activities have simply learned to avoid publicview.21 Many firms argue that they work only for governments or reputableclients, but there are, in effect, two markets for the services they provideso that companies willing to work for disreputable governments or nonstateactors, including criminal groups, will find willing buyers.22 The industry’sargument that companies will avoid such work to protect their reputation isbelied by the fact that few if any PSCs have lost business by working withillicit groups.23

Most PSCs have a relatively small permanent staff and maintain databasesof potential employees, who are generally former military or police officers,hired on short-term contracts to carry out specific tasks. PSCs argue that thisstructure enables them both to be cost effective and to provide specializedskills to clients on short notice.24 The pool of potential employees is increas-ingly international.

The private security industry’s size is difficult to determine. One 2005 es-timate found that 210 private military and security companies had been activeat some point between 1990 and 2004; and one recent compilation of pri-vate military companies includes 137 companies.25 Over three hundred firmshave been contracted to provide services in Iraq and ninety are believed tobe working in Afghanistan, and PSCs are thought to have worked in as manyas 110 countries around the globe.26 Use of the term “contractors” furtherconfuses estimates of the industry’s size and makeup. There are an estimated

19 Kevin O’Brian, “Private Military Companies and African Security,” in Mercenaries: An AfricanSecurity Dilemma, eds., Abdel-Fatau Musah and J. Kayode Fayemi (London: Pluto Press, 2000); Singer,Corporate Warriors,101-18; and Spear, Market Forces.

20 Percy, Regulating the Private Security Industry, 54.21 Jeffrey Herbst, “The Regulation of Private Security Forces,” in The Privatisation of Security in

Africa, eds., Greg Mills and John Stremlau (Johannesburg: The South African Institute of InternationalAffairs, 1999):121–22; and Leander, “The Market for Force and Public Security,” 614.

22 Singer, Corporate Warriors, 180-82, 222-26.23 Leander, “The Market for Force and Public Security,” 614–15.24 On PSCs’ corporate structure, see Singer, Corporate Warriors, 73–78.25 “Agencies Need Improved Financial Data Reporting for Private Security Companies,” Of-

fice of the Special Inspector General for Iraq Reconstruction, 30 October 2008, available athttp://www.sigir.mil/reports/pdf/audits/09-005-f.pdf; and Avant, The Market for Force, 10–15; list ofPrivate Military Corporations from Sourcewatch.org, available at http://sourcewatch.org/index.php?title=Private Military Corporations#List of PMCs, 12 November 2007.

26 Singer, “The Private Military Industry and Iraq”; Jennifer K. Elsea and Nina M. Serafino, PrivateSecurity Contractors in Iraq: Background, Legal Status, and Other Issues (Washington, DC: CongressionalResearch Service, 2007), 3; Lisa Rimli and Susanne Schmeidl, Private Security Companies and Local Pop-ulations: An Exploratory Study of Afghanistan and Angola, eds., Ulrike Jorad and Adrian Schuster (Bern:

Dow

nloa

ded

by [

Uni

vers

ity o

f T

exas

Lib

rari

es]

at 1

4:01

23

Sept

embe

r 20

13

486 R. de Nevers

twenty thousand to forty-eight thousand “private security contractors” in Iraq,which refers to PSC employees conducting security functions. But these pri-vate security contractors are a subset of the 182,000 contractors in Iraq,27

most of whom also work for private security companies. The latter carry outsupport services, rather than security services.

Concern About Regulation

PSCs’ involvement in battle zones and incidents of abuse has made regula-tion of the industry salient. Particularly since the U.S. invasion of Iraq in 2003,support for privatization has led to the outsourcing of many formerly militaryfunctions.28 Indeed, the Department of Defense’s (DoD’s) “total force” con-cept, initially developed to integrate the national guard and reserve forces infuture U.S. combat operations, now includes contractors as well.29

This expanded reliance on private security companies was both pre-ceded and accompanied by high visibility abuses by some PSC employees.30

The 16 September 2007 shooting incident, in Nisoor Square in Baghdad,involving a U.S. State Department convoy escorted by Blackwater employ-ees, in which seventeen Iraqi civilians were killed and more were injured,received extensive attention.31 But other abuses have also caused concern.In 1999 and 2000, some DynCorp International contractors training policeforces in Bosnia were accused of owning women and girls, as young asfourteen, who had been coerced into prostitution.32 Private contractors werealso implicated in the 2004 abuse scandal at Iraq’s Abu Ghraib prison.33

Swiss Peace, 2008), 73, available at http://www.swisspeace.ch/typo3/fileadmin/user upload/pdf/PSC.pdf;and Campbell, “Marketing the New ‘Dogs of War.”’

27 Elsea and Serafino, Private Security Contractors in Iraq.28 The push to privatize military functions was a tangential goal in Rumsfeld’s transformation of

the military. On transformation, see Michael O’Hanlon, “Rumsfeld’s Defense Vision,” Survival 44, no. 2(2002); and Stephen J. Cimbala, “Transformation in Concept and Policy,” Joint Forces Quarterly 38 (2005):28–33. On outsourcing, see Paul R. Verkuil, Outsourcing Sovereignty (Cambridge: Cambridge UniversityPress, 2007).

29 David S. C. Chu, Strategic Plan for Fiscal Years 2006–2011 (Washington, DC: Office of the UnderSecretary of Defense for Personnel and Readiness, 2006).

30 It is worth noting that over one thousand contractors were killed between 2003 and mid-2007, and over 7,500 U.S. contractors have been injured. Jan Schakowsky, “Schakowsky Uncov-ers 1,001 Contractor Deaths in Iraq,” available at http://www.house.gov/list/press/il09 schakowsky/pr contractordeaths 080607.shtml; and Walter Pincus, “Contractors in Iraq Have Become U.S. Crutch,”Washington Post, 20 August 2007. See also Iraq Coalition Casualties, http://icasualties.org/Iraq/Contractors.aspx.

31 Raghavan and White, “Blackwater Guards Fired at Fleeing Cars”; Sabrina Tavernise and JamesGlanz, “Iraqi Report Says Blackwater Guards Fired First,” New York Times, 19 September 2007; and SteveFainaru and Carol Leonnig, “Grand Jury to Probe Shootings by Guards,” Washington Post, 20 November2007.

32 Hopes Betrayed: Trafficking of Women and Girls to Post Conflict Bosnia and Herzegovina forForced Prostitution (New York: Human Rights Watch, 2002), 62–68.

33 Singer, “The Private Military Industry and Iraq,” 13.

Dow

nloa

ded

by [

Uni

vers

ity o

f T

exas

Lib

rari

es]

at 1

4:01

23

Sept

embe

r 20

13

(Self) Regulating War? 487

Contractors have been involved in multiple shooting incidents in Iraq.As one PSC employee in Iraq noted, “Contractors shoot at people all the time,but we don’t stop to see if anyone was killed or injured.”34 Although therehave been allegations of contractors deliberately shooting civilian bystandersand Iraqi government employees, criminal charges for killing civilians inIraq have been filed only once, in December 2008.35 Additionally, there areallegations that some company employees who reported incidents of whatthey perceived to be deliberate shootings of civilians have been fired.36

This behavior is particularly troubling because PSC employees weregranted immunity from prosecution under Iraqi law by the Coalition Pro-visional Authority’s Order 17 issued on 27 June 2004.37 After the September2007 Nisoor Square incident, the Iraqi government demanded an end tocontractor immunity in the U.S.-Iraqi Status of Forces agreement that took ef-fect in January 2009. But the combination of immunity and impunity causedconcern among U.S. military officers. As Brig. Gen. Karl R. Horst, deputycommander of an infantry division in Iraq noted in 2005, “These guys runloose in this country and do stupid stuff. There’s no authority over them, soyou can’t come down on them hard when they escalate force . . . They shootpeople, and someone else has to deal with the aftermath. It happens all overthe place.”38 Army lawyers who served in Afghanistan note that their onlyrecourse when contractors were accused of abuses was to insist that theiremployer fire them and send them home.39

Current Regulations Governing the Private Security Industry

Contrary to the impression that PSCs are unregulated, various forms of reg-ulation currently apply to this industry. Yet the transnational nature of theindustry and its activities complicates regulation. Moreover, as private actors,PSCs are bound by the terms of their contracts. This affects state regulationand accountability because PSCs’ contracts may contain privacy clauses pre-venting public disclosure, which obstruct the transparency that applies to

34 Quoted in Robert Young Pelton, Licensed to Kill: Hired Guns in the War on Terror (New York:Crown Publishers, 2006), 340.

35 Steve Fainaru, “Four Hired Guns in an Armored Truck, Bullets Flying, and a Pickup and TaxiBrought to a Halt: Who Did the Shooting and Why?” Washington Post, 15 April 2007; and Bill Sizemore,“Iraq Killing Tracked to Contractor Could Test Laws,” Virginian-Pilot, 11 January 2007; and Del QuentinWilber, “Contractors Charged in ’07 Deaths,” Washington Post, 9 December 2008. One contractor wascharged under the UCMJ for attacking another contractor. See Michael R. Gordon, “U.S. Charges Contractorat Iraq Post in Stabbing,” New York Times, 5 April 2008.

36 Fainaru, “Four Hired Guns in an Armored Truck.”37 Coalition Provisional Authority, Order Number 17 (Revised 2004), available at http://www.cpa-

iraq.org/regulations/20040627 CPAORD 17 Status of Coalition Rev with Annex A.pdf.38 Finer, “Security Contractors in Iraq Under Scrutiny.”39 Army JAGs, discussion with Renee de Nevers, 30 May 2007.

Dow

nloa

ded

by [

Uni

vers

ity o

f T

exas

Lib

rari

es]

at 1

4:01

23

Sept

embe

r 20

13

488 R. de Nevers

many government documents.40 The preference for privatization that droveoutsourcing to PSCs also coincided with a push for deregulation, which hasmade some governments, such as the United States, reluctant to expandregulation. Finally, those seeking to outlaw PSCs worry that regulation willgive these companies greater legitimacy.41 International and state-level reg-ulations have been examined by several scholars, so only a brief overviewis offered here.42

At the international level, regulation is minimal. International humanitar-ian law sets minimum standards of behavior for all actors in conflict zones,and these guidelines cover PSC employees.43 The challenge is accountability,since authority over PSCs has been ambiguous in conflict zones. Debates con-tinue about state responsibility for the actions of those acting in their name,including PSCs, and whether corporations or executives could be held liablefor employee violations of international law if they knew about them.44

A few international instruments proscribe the actions of mercenaries,including the UN convention banning mercenaries, which opened for signa-ture in 1989, the Organization of African Unity (OAU, now the African Union)convention outlawing reliance on mercenaries, and Additional Protocol Iof the Geneva Conventions, signed in 1977. Yet it is doubtful that theseconventions could be used to ban PSCs, because the complex definition ofmercenaries they rely on rarely applies to particular individuals or cases. Tobe labeled a mercenary, one must be recruited to fight and do so solely forprivate gain, while not being associated with parties to the conflict either asa citizen or as a member of the armed forces, or sent by those parties.45

State-level regulation is regarded as important both to ensure state con-trol over security functions, even privatized, and because regulatory enforce-ment is most likely to occur at the state level.46 Many states regulate privatesecurity guards and related businesses, but only the United States and South

40 Laura A. Dickinson, “Public Law Values in a Privatized World,” Yale Journal of InternationalLaw 31 (2006): 383–426; and Deborah Avant and Lee Sigelman, “What Does Private Security inIraq Mean for Democracy at Home?” UCLA International Institute, January 2008, 21–22, available athttp://www.international.ucla.edu/cms/files/PrivateSecurityandDemocracy.pdf. To be sure, governmentscould stipulate greater openness.

41 Holmqvist, Private Security Companies, 42.42 See note 3 above.43 “Privatisation of War: the Outsourcing of Military Threats,” International Committee of the Red

Cross, available at http://www.icrc.org/Web/Eng/siteeng0.nsf/html/privatisation-war-230506.44 Emmanuela-Chiara Gillard, “Business Goes to War: Private Military/Security Companies and Inter-

national Humanitarian Law,” International Review of the Red Cross 38, no. 863 (2006): 531–36; and GillesCarbonnier, “Corporate Responsibility and Humanitarian Action,” International Review of the Red Cross83, no. 844 (2001): 947–67.

45 Sarah Percy, “Mercenaries: Strong Norm, Weak Law,” International Organization 61 (2007): 367–97; and Yoram Dinstein, The Conduct of Hostilities Under the Law of International Armed Conflict(Cambridge: Cambridge University Press, 2004), 50–52; and Singer, “War, Profits, and the Vacuum ofLaw,” 527–32.

46 Holmqvist, Private Security Companies, 50; and Schreier and Caparini, Privatising Security, 104–16.

Dow

nloa

ded

by [

Uni

vers

ity o

f T

exas

Lib

rari

es]

at 1

4:01

23

Sept

embe

r 20

13

(Self) Regulating War? 489

Africa have laws directly governing international aspects of this industry.The U.S. regulatory framework gives it far greater control over PSCs thanSouth Africa’s largely ineffective efforts have.

South Africa is one of the only states that has sought to constrain PSCs’international activities. It passed legislation in 1998 requiring governmentapproval for any PSC contracts to provide services in other countries. Thiswas largely ineffective, however, because its language was too broad andvague.47 New legislation, signed into law in November 2007, makes it a crimefor any South African citizen to work in a conflict zone without governmentpermission. This law could have broad repercussions, because roughly twothousand to four thousand South Africans are believed to be working inIraq, and another eight hundred serve in the British military.48 Moreover,the bill’s wording could apply to humanitarian workers in conflict zones aswell as the intended targets—mercenaries—which indicates the difficulty ofdesigning legislation specifically for PSCs.49

A handful of other countries have some regulations addressing the pri-vate security industry. Angola, for example, passed laws regulating PSCs in1992 and 1994, although these are considered ineffective, and Afghanistanhas sought unsuccessfully to develop PSC regulations since 2002.50 The Iraqigovernment requires PSCs to register with the Interior Ministry, although manycompanies had not complied with this requirement in 2007. Due to outrageover the immunity of PSC employees under CPA Order 17, the governmentinsisted that the employees be subject to Iraqi law beginning in January2009.51 The United Kingdom has studied the question of PSC regulation, buthas not acted on the range of proposals presented in 2002.52

The United States has regulated PSCs overseas through its licensing pro-cedures, covering the export of military equipment and more general con-tracting laws, for companies working with federal agencies. The InternationalTransfer of Arms Regulation (ITAR) was designed to regulate arms trades andto ensure that they support U.S. foreign policy goals. ITAR also governs train-ing accompanying some arms deals, and this has been used to regulatePSCs. All contracts are overseen by the State Department’s Office of DefenseTrade Controls, sometimes with input from other departments.53 If contracts

47 Singer, Corporate Warriors, 118; Avant, The Market for Force, 161–63; and Percy, Regulating thePrivate Security Industry, 30–32.

48 Nathan Hodge, “Army for Hire,” Slate, 31 August 2006; and Len Le Roux, “South African Mer-cenary Legislation Enacted,” Institute for International Security Studies, 21 January 2008, available athttp://www.issafrica.org/blog/2008/01/iss-today-south-african-mercenary.html.

49 Percy, Regulating the Private Security Industry, 30–32; and Michael Peel and Alec Russell, “SouthAfrica Mercenary Law Attacked,” Financial Times, 29 May 2007.

50 Rimli and Schmeidl, Private Security Companies and Local Populations.51 Karen De Young, “U.S. Moves to Replace Contractors in Iraq,” Washington Post, 17 March 2009.52 Christopher Kinsey, “Regulation and Control of Private Military Companies: The Legislative Di-

mension,” Contemporary Security Policy 26, no. 1 (2005): 84–102.53 Avant, The Market for Force, 149–51.

Dow

nloa

ded

by [

Uni

vers

ity o

f T

exas

Lib

rari

es]

at 1

4:01

23

Sept

embe

r 20

13

490 R. de Nevers

exceed fifty million dollars, then congressional notification is required inaddition to the State Department’s oversight. Firms have often simply splitlarger contracts into pieces to avoid congressional oversight.54 Several otherlaws apply to PSC employees, including the DOD’s guidelines for personnelaccompanying U.S. forces overseas and the broader contracting rules that fallunder the Defense Federal Acquisition Regulations Supplement (DFARS), aswell as some aspects of the USA Patriot Act.55

Beginning in 2007, the U.S. Congress introduced several bills to improveoversight of contracting in Iraq, due to concerns about the misuse of govern-ment funds and basic questions about how many contractors the governmentemployed in Iraq, or how many of them carry weapons.56 The 2008 defenseauthorization bill, HR 1585, also directed the DoD, the State Department,and USAID, the three main agencies active in Iraq and Afghanistan, to estab-lish a memorandum of understanding addressing PSC hiring practices, rulesof engagement, and coordination with the military in these conflict zones,among other things. It also mandated establishing a database on the useof contractors that would be shared with Congress.57 President George W.Bush vetoed HR 1585 on 28 December 2007, and in his signing statementaccompanying his signature of the subsequent draft, Bush rejected some ofthe congressional provisions regarding oversight.58

Many questions were raised about PSC accountability under criminallaw after the Nisoor Square incident. Civilian employees of the DOD canbe prosecuted for crimes under the Military Extraterritorial Jurisdiction Act(MEJA), passed in 2000. MEJA’s scope initially covered only DOD contractors,and in 2004 it was revised to cover contractors “supporting the mission ofthe Department of Defense overseas.” Some scholars suggest that this istoo vague.59 The Blackwater employees implicated in the September 2007

54 Singer, “War, Profits, and the Vacuum of Law,” 539; and Deborah Avant, “The Implications ofMarketized Security for IR Theory,” Perspective on Politics 4, no. 3 (2006): 512. The problems that havearisen from scanty oversight and the use of inappropriate contracts are beyond the scope of this paper.For some discussions, see Percy, Regulating the Private Security Industry, 26–28; Eric Schmitt, “PanelFaults Army’s Wartime Contracting,” New York Times, 1 November 2007; and Dickinson, “Public LawValues in a Privatized World.”

55 Doug Brooks, testimony for the House Committee on Government Reform, Subcommittee onNational Security, “Emerging Threats, and International Relations,”109th Cong., 2nd sess., 13 June 2006,3–4. Alan Chvotkin, vice president of the Professional Services Council, interview by Renee de Nevers,16 July 2007.

56 Elsea and Serafino, Private Security Contractors in Iraq, 33–36.57 National Defense Authorization Act of 2008, HR 1585, 110th Cong., 1st sess., 20 March 2007,

available at http://www.govtrack.us/congress/billtext.xpd?bill=h110-1585.58 National Defense Authorization Act for Fiscal Year 2008, HR 4986, 110th Cong., 2nd sess., 16

January 2008.59 See amendments to the law made on 28 October 2004. Also see Jonathan Groner, “Untested Law

Key in Iraqi Abuse Scandal,” Legal Times, 11 May 2005; and Glenn R. Schmitt, “Amending the MilitaryExtraterritorial Jurisdiction Act of 2000: Rushing to Close an Unforeseen Loophole,” Army Lawyer, June2005.

Dow

nloa

ded

by [

Uni

vers

ity o

f T

exas

Lib

rari

es]

at 1

4:01

23

Sept

embe

r 20

13

(Self) Regulating War? 491

shooting worked for the State Department, and thus were not explicitly cov-ered by MEJA. Five Blackwater contractors were charged under MEJA withmanslaughter in December 2008 for their actions in the Nisoor Square shoot-ings. Their lawyers contend that MEJA does not apply.60

MEJA also requires that U.S.-based federal prosecutors investigate andprosecute crimes that occurred outside the country. By 2006, the Departmentof Justice (DOJ) acknowledged that it had not acted on multiple allegations ofcrimes committed by contractors; it began one investigation in early 2007. Anamendment to the DOJ’s 2008 funding bill would require reports on incidentsof contractor misconduct, and on the DOJ’s response.61

Concerns about MEJA’s jurisdiction also led Congress to revise the U.S.Uniform Code of Military Justice (UCMJ), which governs military person-nel, in late 2006 to bring all contractors under its purview. Senator LindseyGraham introduced this change to ensure military commanders greater con-trol over contractors on the battlefield. The UCMJ only applies to DOD contrac-tors, however, while contractors in Iraq work for multiple agencies.62 More-over, the DOD was slow to issue implementing guidelines for the amendedUCMJ. Only after the 16 September 2007 shooting incident did the Secretaryof Defense clarify field commanders’ authority over private contractors. No-tably, this incident revealed military commanders’ uncertainty about theirauthority, along with DOD’s uncertainty about how contractor oversight hadbeen conducted in Iraq.63

The State Department also revised its guidelines for security detailsafter the Nisoor Square incident and mandated greater oversight by theDiplomatic Security Service personnel of all missions conducted by privatepersonal security details. The State Department and the DOD also agreed thatthe military should coordinate the activities of all contractors in Iraq, to guardagainst confusion.64

Regulations governing PSCs thus exist at the international and statelevel, but their scope is incomplete. The fact that the United States, whoseregulations governing PSCs are the most comprehensive, has had trouble

60 Wilber, “Contractors Charged in ’07 Iraq Deaths.”61 William Matthews, “Contractor Crackdown: Civilian Contract Employees Can Now be Prosecuted

under the UCMJ,” Armed Forces Journal, February 2007; and Erica Razook, testimony for Amnesty Interna-tional, on 19 June 2007, to the House Committee on the Judiciary Subcommittee on Crime, Terrorism, andHomeland Security, available at http://judiciary.house.gov/hearings/June2007/Razook070619.pdf; and BillSizemore, “Blackwater Supports Inquiry into Fatal Shooting,” Virginian-Pilot, 25 July 2007.

62 Matthews, “Contractor Crackdown.” The DOD estimates that it employs 7,300 PSC contractors. PeterSpiegel and Julian E. Barnes, “Gates Moves to Rein in Contractors in Iraq,” Los Angeles Times, 27 September2007.

63 Spiegel and Barnes, “Gates Moves to Rein in Contractors.” See also http://www.usdoj.gov/criminal/dss/docs/03-10-08dod-ucmj.pdf.

64 Richard J. Griffin, “Private Security Contracting in Iraq and Afghanistan,” statement before theHouse Committee on Oversight and Government Reform, 2 October 2007; and John M. Broder andDavid Johnston, “U.S. Military Will Supervise Security Firms,” New York Times, 3 October 2007.

Dow

nloa

ded

by [

Uni

vers

ity o

f T

exas

Lib

rari

es]

at 1

4:01

23

Sept

embe

r 20

13

492 R. de Nevers

determining PSC accountability points to the need for a more effective regu-latory framework at both levels. This also suggests that alternative regulatorymechanisms such as self-regulation deserve further exploration.

INDUSTRY SELF-REGULATION

What role can self-regulation play in governing the private security indus-try? Industry representatives in the United States and the United Kingdom,where many of the largest PSCs are based, have advocated self-regulationeither as part of a regulatory framework or instead of state regulation. Theyargue that self-regulation can be effective for several reasons. Market forceswill push companies to preserve a good reputation, in order to avoid losingbusiness.65 Normatively, the good PSCs hire retirees from highly professionalmilitary organizations, who will act professionally.66 Furthermore, the indus-try “knows itself better” than outsiders do, and it will be better able to controlits members’ behavior, particularly across international borders where stateregulations may be left behind.67 But what is self-regulation, and how doesit fit with the private security industry? In this section, I provide a briefoverview of self-regulation. Business associations have been the dominantforum for self-regulation within the private security industry, so I focus onindustry associations as one locus of self-regulation. I then discuss codes ofconduct. I focus on codes because this has been the self-regulatory mech-anism adopted by PSCs and their associations. I examine the motivationsdriving industry associations to adopt obligatory mechanisms, and the char-acteristics peculiar to industries and the industry associations that have doneso. This will provide the basis for evaluating the private security industry’scapacity to self-regulate.

What is Self-Regulation?

Self-regulation is one means by which private authority is exercised. It hasbeen defined as an effort by those that would otherwise be subject to formalregulations to “design and enforce the rules themselves.”68 Self-regulationcan take many forms and involves different degrees of formalization alonga spectrum, from independent rule-making by organizations to traditional

65 One of the key issues, of course, is what aspects of reputation matter to companies in this industryor to their clients. On this point see, among others, Spear, Market Forces, 43–44.

66 Singer, Corporate Warriors, 77; and Deborah Avant, “The Emerging Market for Private MilitaryServices and the Problems of Regulation,” in From Mercenaries to Market, eds., Simon Chesterman andChia Lehnardt (Oxford: Oxford University Press, 2007), 192.

67 Bearpark and Schulz, “The Regulation of the Private Security Industry,” 247.68 Virginia Haufler, A Public Role for the Private Sector (Washington, DC: Carnegie Endowment for

International Peace, 2001), 8.

Dow

nloa

ded

by [

Uni

vers

ity o

f T

exas

Lib

rari

es]

at 1

4:01

23

Sept

embe

r 20

13

(Self) Regulating War? 493

government regulation, with various gradations of oversight in between.69

The degree of formality depends on the interplay between private organi-zations and state organs. As external pressure from the state increases, self-regulatory mechanisms take on more elements of formal regulation. Two keyelements of self-regulation are its voluntary nature, and the fact that it implies“beyond-compliance” constraints that are tougher than existing regulation.70

Self-regulation builds on a long history of private rule-making, and his-torical experience shapes different states’ self-regulatory patterns.71 Privatemaritime rules governed commerce in the Mediterranean over two thousandyears ago, for example, and guilds such as the Hansa League establishedcodes to regulate trade.72 The insurance industry monitors shipping safetystandards and developed its own norms for insuring war risk, and manyaspects of international trade and finance are governed by privately de-rived rules.73 The medical and legal professions have long been privatelygoverned, with gradual state sanction of professional standards enforced byprivate organizations.74 Self-regulatory structures also reflect different states’institutional experiences. In the United States, for example, standards settingprocesses are decentralized and competitive, while in Europe there is a moreconsultative hierarchical framework that can include firms, interest groups,and the state.75

Organizations choose to self-regulate for both defensive and reputa-tional reasons.76 First, defensively, self-regulation is primarily an effort topreempt government regulation. It often reflects a desire to avoid top-downpressure from the state in the form of new or more intrusive state regulation.Industries may act preemptively to gain first-mover advantage by initiating

69 Rob Baggott, “Regulatory Reform in Britain: the Changing Face of Self-Regulation,” Public Admin-istration 67 (1989): 437–38.

70 Halina Ward, Legal Issues in Corporate Citizenship (London: International Institute for Environmentand Development, 2003), 1; and Aseem Prakash, Greening the Firm (Cambridge: Cambridge UniversityPress, 2000).

71 Walter Mattli and Tim Buthe, “Setting International Standards: Technological Rationality or Primacyof Power?” World Politics 56 (2003).

72 Edgar Gold, Maritime Transport (Lexington, KY: Lexington Books, 1981), 4–30.73 Ibid., 118–21; Virginia Haufler, “Self-Regulation and Business Norms,” in Private Authority and

International Affairs, eds., A. Claire Cutler, Virginia Haufler, and Tony Porter (Albany, NY: State UniversityPress of New York, 1999); Robert E. Litan, “Economics: Global Finance,” in Managing Global Issues,eds., P.J. Simmons and Chantal de Jonge Oudraat (Washington DC: CEIP, 2001); and Vinod Aggarwal,“Economics: International Trade,” in Managing Global Issues.

74 Ronnie D. Lipschutz and Cathleen Fogel, “Regulation for the Rest of Us?” in The Emergence ofPrivate Authority in Global Governance, eds., Rodney Bruce Hall and Thomas Biersteker (Cambridge:Cambridge University Press, 2002), 121.

75 Mattli and Buthe, “Setting International Standards.”76 Haufler, A Public Role for the Private Sector, 27–28.

Dow

nloa

ded

by [

Uni

vers

ity o

f T

exas

Lib

rari

es]

at 1

4:01

23

Sept

embe

r 20

13

494 R. de Nevers

guidelines, both to shape potential new regulation and to ensure that re-quired standards are less onerous.77

Beyond-compliance initiatives also may be adopted to avoid bottom-uppressures from civil society groups. Industry initiatives have sometimes beendesigned as proactive attempts to counter regulatory constraints proposedby NGOs and stakeholder coalitions. The American Forest and Paper Asso-ciation (AF&PA), for example, the major business association for companiesthat grow trees or manufacture pulp, paper, and wood products in NorthAmerica, introduced the Sustainable Forestry Initiative (SFI) in 1994 to com-pete against an alternate market-based certification program proposed by theForest Stewardship Council (FSC), a multistakeholder environmental group.78

Second, industries may adopt self-regulation for reputational reasons.Self-regulation can be intended to preserve an industry’s or firm’s positiveimage, or if this image has been damaged, it may adopt self-regulatory mech-anisms to regain public trust.79 Market pressures and competition can alsocreate reputational incentives to self-regulate, since companies aim to pre-serve their firms’ market position. But, market pressures can be contradictory.Organizations recognize that shared standards can facilitate business trans-actions, for example, but they will compete to ensure that their standardsbecome the norm.80 Similarly, self-regulation can be a way to protect marketshare by excluding new entrants from the market and limiting competitionto members of a closed club or association.81

If self-regulation is a means for exercising private authority, industryassociations are among the actors adopting self-regulation. Private author-ity involves cooperation among corporations to establish norms and rulesgoverning business practices. Forms of private authority are distinguishedby different levels of institutionalization, ranging from the informal devel-opment of norms guiding industry practices, to private regimes made upof formal and informal institutions that collectively provide governance inspecific economic domains.82

77 Mattli and Buthe, “Setting International Standards”; Aseem Prakash, “A New-Institutionalist Per-spective on ISO 14000 and Responsible Care,” Business Strategy and the Environment 8, no. 6 (1999):322–35.

78 Benjamin Cashore, Graeme Auld, and Deanna Newsom, Governing Through Markets (New Haven:Yale University Press, 2004), 95–101.

79 Mattli and Buthe, “Setting International Standards.”80 Baggott, “Regulatory Reform in Britain,” 436; and Mattli and Buthe, “Setting International Stan-

dards.”81 Anthony Ogus, “Rethinking Self-Regulation,” Oxford Journal of Legal Studies 15, no. 1 (1995):

97–108.82 Cutler, Haufler, and Porter detail six different forms of cooperation: informal industry norms

and practices, coordination services firms, production alliances and subcontractor relationships, cartels,business associations, and private regimes. Cutler, Haufler, and Porter, Private Authority and InternationalAffairs, 9–13.

Dow

nloa

ded

by [

Uni

vers

ity o

f T

exas

Lib

rari

es]

at 1

4:01

23

Sept

embe

r 20

13

(Self) Regulating War? 495

Business associations are among the more institutionalized forms of pri-vate authority, and one of the more visible sites of interfirm cooperation.83

These associations are defined as “nonprofit organizations of business com-petitors in a single industry.” Their primary function is to promote the “col-lective economic interests” of the companies they represent, but they havealso actively sought at different times to influence members’ behavior andattitudes.84 Cooperation can be difficult, however, because trade associa-tions are made up of rival firms, and by nature, they are “uneasy alliances ofcompanies that are trying to do each other in.”85

Trade associations can be classified as two types. Representative asso-ciations carry out lobbying functions, by seeking to further the industry’sinterests in the political arena. Self-regulatory associations seek to developand enforce behavioral guidelines for industry members. Trade associationsoften carry out both functions, but different associations are likely to givegreater weight to one or the other of these functions.86

While self-regulation has generally been used to describe rule-makinginvolving businesses and government, dissatisfaction among civil societygroups has led more actors to seek involvement in nonstate rule-making.As a result, “multistakeholder” rule-making processes have proliferated, withcontributions from employees, international organizations, regulators, andNGOs.87 This has expanded the realm of “compet[ition] for rule-making au-thority or legitimacy.”88 Firms have responded to this competition by adopt-ing corporate social responsibility (CSR) programs, as civil society groupstargeted the labor and environmental practices of prominent corporations.This also generated what has been termed “nonstate market-driven” formsof governance, which rely on market mechanisms to influence corporatebehavior.89 International efforts to develop voluntary corporate standardswith multistakeholder input also emerged. For example, the Voluntary Prin-ciples on Security and Human Rights, established in December 2000, weredeveloped through consultation between the governments of the UnitedKingdom, the United States, Norway, and the Netherlands, and extractive

83 Ibid.84 Nash, “The Emergence of Trade Associations,” 3–5.85 John Braithwaite and Brent Fisse, “Self-Regulation and the Control of Corporate Crime,” in Private

Policing, eds., Clifford Shearing and Philip C. Stenning (Newbury Park, CA: Sage Publications, 1987), 243.86 Cutler, Haufler, and Porter, Private Authority, 12–13; and Andrew A. King and Michael W. Toffel,

“Self-Regulatory Institutions for Solving Environmental Problems: Perspectives and Contributions from theManagement Literature,” HBS Technology and Operations Management Unit Research paper no. 07-089,16 July 2007, available at http://www.ssrn.com/abstract=985619.

87 Codes of Corporate Conduct: Expanded Review of Their Contents (Organisation for Economic Co-operation and Development (OECD), 2001); and Ann Florini, The Coming Democracy (Washington, DC:Island Press, 2003).

88 Cashore, Auld, and Newsom, Governing Through Markets, 17.89 One example is Fair Trade Coffee, a program in which sellers agree to sell coffee beans that

are certified by members of Fair Labor Organizations International, which have been produced meetingeconomic, social, and environmental criteria. For a discussion of NSMD governance, see ibid.

Dow

nloa

ded

by [

Uni

vers

ity o

f T

exas

Lib

rari

es]

at 1

4:01

23

Sept

embe

r 20

13

496 R. de Nevers

industry representatives and human rights NGOs.90 The goal is to encouragecompanies in the extractive industry to ensure that human rights concerns ofthe communities they affect guide business operations.91 Finally, multistake-holder processes may also provoke more self-regulation as industries seekto thwart outsider efforts to generate new rules.92

Why is self-regulation attractive? From the industry perspective, at leastfour factors matter. First, self-regulation gives companies greater flexibil-ity. It allows industries both to determine procedures and to adapt indus-try standards or practices as knowledge and technology improve, whichrigid state guidelines would forestall. Second, the industry’s expertise makesself-regulation a better fit. In particular, science-based industries argue thatoutside regulators— and civil society groups—cannot understand the com-plexity of their operations, so self-regulation is more appropriate.93 Third,its private nature allows for problem-solving audits conducted by industrymembers, as opposed to more adversarial state audit mechanisms, and firmsare likely to perceive industry-run regulatory mechanisms as less threatening.These factors can help reduce monitoring and enforcement costs.94 Fourth,government acceptance of an organization or profession’s capacity to self-regulate confers authority and legitimacy on that organization, and on theprofession as a whole.95 Legitimacy is also central to industry efforts to avertbusiness guidelines established by civil society groups.96

Self-regulation is also attractive to governments. First, because compa-nies voluntarily accept constraints on what they do and how they do it,self-regulation can expand regulation’s reach beyond the state’s regulatorycapacity.97 Second, self-regulation may cost the state less than governmentoversight would.98 Particularly in the 1990s, governments found themselvessqueezed between diminishing oversight resources and increased citizendemands to protect the environment and labor standards. Self-regulation

90 Voluntary Principles on Security and Human Rights 2006, available at http://www.voluntaryprinciples.org/.

91 The human rights NGOs who helped develop the principles have expressed concern with theimplementation of the principles and guidelines for membership. “NGO Response to the Voluntary Prin-ciples Participation Criteria,” Amnesty International, IOR 40/003/2006, 16 February 2006, available athttp://web.amnesty.org/library/index/engior400032006.

92 Cashore, Auld, and Newsom, Governing Through Markets, 100.93 Peter Simmons and Brian Wynne, “Responsible Care: Trust, Credibility, and Environmental Man-

agement,” in Environmental Strategies for Industry, eds., Kurt Fischer and Johan Schot (Washington, DC:Island Press, 1993), 218.

94 Ogus, “Rethinking Self-Regulation;” Prakash, “A New-Institutionalist Perspective on ISO 14000”;Ruth Pearson and Gayle Seyfang, “New Hope or False Dawn? Voluntary Codes of Conduct, LabourRegulation, and Social Policy in a Globalizing World,” Global Social Policy 1 (2001); and Ann Florini,“Business and Global Governance,” The Brookings Review 21 (2003), 6–8.

95 Baggott, “Regulatory Reform in Britain.”96 Cashore, Auld, and Newsom, Governing Through Markets, 8.97 John Braithwaite, “Enforced Self-Regulation: A New Strategy for Corporate Crime Control,” Michi-

gan Law Review 80, no. 7 (1982): 1467.98 Ibid.; Ogus, “Rethinking Self-Regulation,” 97.

Dow

nloa

ded

by [

Uni

vers

ity o

f T

exas

Lib

rari

es]

at 1

4:01

23

Sept

embe

r 20

13

(Self) Regulating War? 497

provides a potential solution to both problems, because industries or corpo-rations are expected to absorb the administrative costs of self-regulation.99

Third, self-regulation may be attractive when governments lack the politicalwill or authority to meet regulatory needs, particularly if the scope of theactivities needing regulation is transnational.100

Self-regulation has drawbacks, however. First, it can lead to free-riding iffirms can benefit from the prevention of state regulation without participatingin voluntary programs.101 Second, firms may face conflicts of interest betweenprofit maximization and compliance with voluntary standards. Companies arelikely to accept proposed changes in industry behavior that are cost neutral orwill save money, but they may ignore voluntary standards that will be costlyto implement.102 Third, self-regulatory mechanisms may be antidemocraticif they set regulations that affect third parties (such as consumers) withoutgiving them a voice in the regulatory process.103

Codes of Conduct

Voluntary codes of conduct have been one of the most visible self-regulatorytools adopted by corporations and business associations in the last thirtyyears. They are also the mechanism by which PSC associations have soughtto self-regulate; I focus on codes in particular for this reason.

As with other self-regulatory mechanisms, industry-adopted codes ex-ist along “a spectrum containing different degrees of legislative constraints,outsider participation . . . and external control and accountability.”104 I dis-tinguish between two broad categories: aspirational codes, and obligatorycodes. First, trade association codes are often aspirational in nature. Suchcodes tend to be statements of broad principles, rather than requiring spe-cific commitments. They lack monitoring or enforcement requirements andmay be created to improve community relations, or to educate outsidersabout an industry’s policies. Aspirational codes may also intend to deflectpressure to adopt codes designed through multistakeholder processes.105

Such codes are often perceived by outsiders and company employees as

99 Ogus, “Rethinking Self-Regulation”; and Cashore, Auld, and Newsom, Governing Through Markets.100 King and Toffel, “Self-Regulatory Institutions for Solving Environmental Problems.”101 Andrew A. King and Michael J. Lenox, “Industry Self-Regulation Without Sanctions: The Chemical

Industry’s Responsible Care Program,” Academy of Management Journal 43, no. 4 (2000): 700; andPrakash, Greening the Firm.

102 Braithwaite, “Enforced Self-Regulation,” 1,469.103 Ogus, “Rethinking Self-Regulation.”104 Ogus, “Rethinking Self-Regulation,” 100.105 Pearson and Seyfang, “New Hope or False Dawn?” 60; Florini, “Business and Global Governance,”

7; and Behind the Mask: the Real Face of CSR (London: Christian Aid, 2004). For some evaluations of thecontent of different codes, see Kathryn Gordon and Maiko Miyake, Deciphering Codes of CorporateConduct: A Review of Their Contents (OECD, 2000); and Codes of Corporate Conduct; Muel Kaptein,“Business Codes of Multinational Firms: What Do They Say?” Journal of Business Ethics 50 (2004): 13–31.

Dow

nloa

ded

by [

Uni

vers

ity o

f T

exas

Lib

rari

es]

at 1

4:01

23

Sept

embe

r 20

13

498 R. de Nevers

mere public relations intended to improve an industry’s image, but not itsbehavior.106 The Caux Principles established by a group of business leadersin 1994, for example, are widely regarded as aspirational.107

A second category is what I term “obligatory” or “effective” codes, whichare intended substantially to influence industry members’ activities.108 Themajor difference between these and aspirational codes is that they incorpo-rate verification or enforcement mechanisms to ensure that self-regulationis credible. Participation is voluntary, but obligatory codes seek to ensurechanges in company behavior. There are three key factors distinguishingobligatory from aspirational codes.

1. Information. To be effective, obligatory codes must both disseminate clearinformation on the standards they set and require regular reporting oncompany efforts to meet them.

2. Monitoring. There must be monitoring of reports or data on companycompliance. This may be internal to the trade association, but it ofteninvolves external actors as well.

3. Sanctions. There must be sanctions for failure to adhere to the standardsin these codes. Sanctions may combine punitive and normative elements,involving the threat of expulsion or state regulation, or peer pressure toconform.109

Some obligatory codes are national in scope; others, such as the nuclearindustry’s voluntary regulations and the chemical industry’s Responsible Careenvironmental program, expanded over time to govern firms in a range ofcountries.110

106 Jennifer Howard, Jennifer Nash, and John Ehrenfeld, “Standard or Smokescreen?” CaliforniaManagement Review 42, no. 3 (2000): 64–65; Jedrzej George Frynas, “The False Development Promise ofCSR,” International Affairs 81 (2005): 583; and Haufler, A Public Role for the Private Sector, 60.

107 Caux Round Table, available at http://www.cauxroundtable.org/principles.html; KathrynGordon, The OECD Guidelines and Other Corporate Responsibility Instruments: A Comparison (OECD,2001), 9; and Florini, “Business and Global Governance.”

108 This is similar to what Braithwaite and Fisse refer to as “enforced self-regulation.” Their modelincludes a government regulatory role, which is not necessarily present in all obligatory codes. Braith-waite and Fisse, “Self-Regulation and the Control of Corporate Crime,” 223. Cashore, Auld, and Newsomdistinguish between codes and certification programs by state versus market involvement in enforcement.Cashore, Auld, and Newsom, Governing Through Markets, 92. My interest is in efforts by industry associ-ations to establish credible self-regulatory mechanisms, so I include codes with a range of enforcementmechanisms in this category.

109 Enforcement mechanisms are evaluated by Rees, Hostages of Each Other; Gunningham and Rees,“Industry Self-Regulation”; King and Lenox, “Industry Self-Regulation without Sanctions”; Haufler, A PublicRole for the Private Sector; and Lenox and Nash, “Industry Self-regulation and Adverse Selection.”

110 The Responsible Care program was initially developed in Canada and then adopted by the U.S.chemical industry. It is now a global initiative setting voluntary guidelines for the chemical industryin fifty-two countries. Similarly, the nuclear industry’s program was expanded globally after the 1986Chernobyl disaster and is governed internationally by the World Association of Nuclear Operators. SeeJohn Braithwaite, “The New Regulatory State and the Transformation of Criminology,” British Journal

Dow

nloa

ded

by [

Uni

vers

ity o

f T

exas

Lib

rari

es]

at 1

4:01

23

Sept

embe

r 20

13

(Self) Regulating War? 499

Three points are worth making here. First, many observers agree onthe critical role of information to ensure compliance.111 Reporting need notbe public to be effective, however. Many industry associations are quitesecretive and may not make compliance records accessible to any but theirown monitoring bodies. What matters is the independence of the industry’smonitoring process or body, whether it takes its responsibilities seriously,and whether it will sanction noncompliant members—or credibly threatenexternal sanctions.112

Second, U.S. trade associations are constrained in their ability to pun-ish poor performance, because U.S. antitrust legislation means they havevirtually no sanctions other than expulsion from the association at their dis-posal.113 The only additional options are the threat of peer pressure andshaming, or formal regulation, if members’ lapses indicate a failure to meetgovernment standards. The Institute of Nuclear Power Operators (INPO), forexample, not only ranks member firms relative to one another on theiradherence to safety standards, but also can threaten to share informationregarding serious safety problems with the government’s Nuclear RegulatoryCommission.114

Third, although weak, aspirational codes are not meaningless. Thirdparties can hold member companies accountable to the principles that theypledge to adopt. Some human rights groups have used corporate pledgesto push them to adopt better practices with regard to labor conditions, forexample.115

Motivations and Characteristics of Industries Adopting ObligatoryCodes

What spurs industries to adopt obligatory self-regulatory mechanisms? I drawon the management literature on self-regulation, the private authority litera-ture, and institutionalist studies of standards organizations to derive a frame-work of elements common to industries whose associations have introducedthis kind of self-regulation. It includes factors leading industry associations

of Criminology 40 (2000): 228; Prakash, Greening the Firm, 83–91; and Responsiblecare.org, available athttp://www.responsiblecare.org/page.asp?p=6341&1=1.

111 Rees, Hostages of Each Other; Gunningham and Rees, “Industry Self-Regulation”; Haufler, A PublicRole for the Private Sector; and Avant, The Market for Force.

112 King and Toffel, “Self-Regulatory Institutions”; Harry J. Van Buren and Karen D. W. Patterson,“Institutional Practices of and Complements to Industry Self-regulation with Regard to Labor Practices,” pa-per presented at the 2nd Annual Conference on the Institutional Foundations of Industry Self-Regulation,Cambridge, MA, 2007; and Braithwaite and Fisse, “Self-Regulation and the Control of Corporate Crime.”

113 King and Lenox, “Industry Self-Regulation Without Sanctions”; and Lenox and Nash, “IndustrySelf-Regulation and Adverse Selection.”

114 Rees, Hostages to Each Other; and King and Lenox, “Industry Self-Regulation without Sanctions.”115 Haufler, A Public Role for the Private Sector, 58–79. See also Florini, The Coming Democracy.

Dow

nloa

ded

by [

Uni

vers

ity o

f T

exas

Lib

rari

es]

at 1

4:01

23

Sept

embe

r 20

13

500 R. de Nevers

to adopt obligatory self-regulation, industry characteristics, and the attributesof their associations.

FACTORS IMPELLING OBLIGATORY SELF-REGULATION

Both defensive and reputational factors provoke associations to adopt oblig-atory self-regulation, First, defensively, self-regulation may be adopted inresponse to a perceived external threat to an industry’s business practices.The most obvious threat is the fear that harsher state regulation or constraintson the industry are imminent. Alternate regulatory proposals from industryoutsiders such as citizens’ groups or NGOs are another external threat thatmay impel an industry association to act.

Second, reputational factors can also lead industry associations to act.Just as reputation is a corporate asset of individual corporations, obligatoryself-regulation can be a collective attempt to protect an industry’s legitimacy,if its business practices are under scrutiny.116 Notably, defensive and repu-tational factors may merge. The AF&PA’s SFI, for example, was developed inpart because its members sought to avert another bitter battle like that overthe spotted owl’s habitat in the Pacific Northwest, which hurt the forestryindustry’s image.117

A common stimulus for obligatory self-regulation to deflect governmentaction is a critical event like a major accident or the growing perception thatthe industry is in crisis.118 This is particularly notable in response to con-cerns about an industry’s environmental impact.119 The chemical industry,for example, was impelled to take action after Union Carbide’s catastrophicaccident in Bhopal, India in 1984, which killed thousands of people, andby the 1989 Exxon Valdez oil spill in Alaska.120 The CMA adopted the Re-sponsible Care program because industry leaders recognized that unless theindustry acted, public concern over the industry’s environmental practiceswould generate pressure for tougher government regulations.121

Critical events or accidents must be significant in two ways to convincean industry to initiate changes in its behavior: public perceptions of the eventand the industry’s interpretation of it. If media coverage and assessmentslead the industry to conclude that the event has damaged its image, then it

116 Haufler, A Public Role for the Private Sector, 27–27; and Nash, “The Emergence of Trade Associ-ations.”

117 Cashore, Auld, and Newsom, Governing Through Markets, 100.118 Jennifer Nash, “Industry Codes of Practice: Emergence and Evolution,” in New Tools for Environ-

mental Protection, eds., T. Dietz and P. C. Stern (Washington, DC: National Academy Press, 2002), 236-8;Andrew J. Hoffman and William Ocasio, “Not All Events are Attended Equally,” Organization Science 12,no. 4 (2001): 414–34; and Van Buren and Patterson, “Institutional Predictors,” 13.

119 King and Toffel, “Self-Regulatory Institutions,” 7.120 Haufler, A Public Role for the Private Sector, 32–33.121 King and Lenox, “Industry Self-Regulation Without Sanctions,” 699.

Dow

nloa

ded

by [

Uni

vers

ity o

f T

exas

Lib

rari

es]

at 1

4:01

23

Sept

embe

r 20

13

(Self) Regulating War? 501

may establish obligatory self-regulatory mechanisms to deflect pressure foradditional regulation. Notably, industries respond differently to very similarevents that are interpreted differently. For example, the Exxon Valdez oilspill was deemed an oil pollution problem and created serious concern inindustries perceived as polluters, while an earlier oil spill of the BurmahAgate tanker on the Texas coastline in 1979 was viewed as a maritimeaccident and attracted little public attention or criticism of industrial practices.Hence, the chemical industry paid little attention to it.122

INDUSTRY CHARACTERISTICS

Certain types of industries are more likely to respond to external factors byadopting obligatory self-regulation. A critical feature of these industries is thatthey are populated by “generic” corporations, rather than companies with a“brand” they sell directly to the public, such as Nike or Nestle. Companiesare lumped together by outsiders as a single group, rather than having inde-pendent name recognition. They are interdependent as a community of fate,in that the whole industry’s image can be affected by the behavior of a singlefirm, particularly one that suffers a major accident or acts especially badly.123

Because companies cannot easily distinguish themselves from others that areperceived to be like them, they may face common sanctions.124 This givesthem a collective incentive to cooperate on standards, even though they arecompeting against one another. This was stated starkly by a nuclear powercompany executive.

The industry learned one profound lesson from Three Mile Island, thatno one operating these plants is an island unto himself. He can be thebest goddamned operator in the world, but if the guy on the bottom ofthe list gets into trouble, the whole industry is in trouble . . . . We’re allin the same boat here—that’s the bottom line. One guy goes down andit has a tremendous impact on all the utilities—on their operations, ontheir resources, on their ability to earn money.125

The community of fate aspect may influence corporate decisions ina competitive environment. Some scholars argue that firms join beyond-compliance programs only if they expect to gain a market edge that willoutweigh the costs associated with participation.126 Averting top-down state

122 Hoffman and Ocasio, “Not All Events are Attended Equally.”123 I thank an anonymous reviewer for suggesting this approach. On regulation and communities

of fate, see among others, Braithwaite, “The New Regulatory State,” 228; and Nash, “Industry Codes ofPractice,” 239.

124 King and Toffel, “Self-Regulatory Institutions,” 7.125 Rees, Hostages to Each Other, 105.126 Prakash, “A New-Institutionalist Perspective,” 324.

Dow

nloa

ded

by [

Uni

vers

ity o

f T

exas

Lib

rari

es]

at 1

4:01

23

Sept

embe

r 20

13

502 R. de Nevers

regulation is a nonexcludable benefit that all firms in a given industry en-joy, but self-regulatory schemes must also provide excludable benefits toovercome the collective action problem of convincing companies to partic-ipate.127 The generic nature of industries that adopt obligatory codes sug-gests that at the association level, intra-industry competition may be trumpedby the shared need to ensure the industry’s survival or its ability to con-tinue operating without intrusive oversight. This matters because industry-administered codes are not the only option open to individual firms. Theycan choose alternatives such as adopting individual corporate codes or join-ing “umbrella” or “ready-made” codes of conduct established by internationalorganizations, states, or multistakeholder groups.128

INDUSTRY ASSOCIATION ATTRIBUTES

The industry associations adopting obligatory self-regulation also share cer-tain attributes. These associations tend to be relatively large, with enoughstaff and budget to bear the costs of creating, implementing, and monitoringa code of conduct.129 For example, the Institute of Nuclear Power Operations(INPO), the regulatory association established by the nuclear power industryin 1979 within months of the Three Mile Island nuclear accident, had a staffof about four hundred in the early 1990s that set standards and conductedinspections, with a budget of about $54 million annually.130 The ChemicalManufacturers Association (CMA), which established its Responsible Care pro-gram in 1989, had a staff of three hundred in 1998 and an operating budgetof $41 million.131 The AF&PA had a budget of $32.1 million in 2006.132 Theseassociations’ resources, and the fact that they are often dominated by largefirms, matter because these firms can bear the costs of obligatory codes,and they will because they have a larger reputational and financial stake atrisk.133

Industry associations adopting obligatory codes diverge in the scopeof their membership. The INPO encompasses the entire industry sector,

127 Ibid. See also King and Lenox, “Industry Self-Regulation without Sanctions,” 700.128 Pearson and Seyfang, “New Hope or False Dawn?” 56–60. On different codes of

conduct that corporations can join, see European Corporate Governance Institute, availableat http://www.ecgi.org/codes/all codes.php; and United Nations Global Compact, available athttp://www.unglobalcompact.org/index.html. While participation in these codes is notable, it remainsquite small compared to the universe of corporations worldwide; roughly 2,900 corporations had signedon to the UN’s Global Compact as of January 2007, for example.

129 Nash, “The Emergence of Trade Associations,” 33.130 Rees, Hostages to Each Other, 1, 50.131 Nash, “The Emergence of Trade Associations,” 24. The CMA is now the American Chemistry

Council.132 American Forest and Paper Association, available at http://www.afandpa.org/template.

cfm?section=About AFandPA.133 Nash, “Industry Codes of Practice,” 240; and Van Buren and Patterson, “Institutional Predictors.”

Dow

nloa

ded

by [

Uni

vers

ity o

f T

exas

Lib

rari

es]

at 1

4:01

23

Sept

embe

r 20

13

(Self) Regulating War? 503

and when established, the AF&PA members controlled virtually all U.S. paperand two-thirds of solid wood production, as well as 90 percent of industrialforestland.134 In contrast, the American Chemical Council (ACC), the successorto the CMA, counts at best a fraction of the industry as its members. Scopedoes not appear significant to the adoption of obligatory self-regulation,but associations with only partial industry representation may face greaterproblems with free-riding.135

SELF-REGULATION AND THE PRIVATE SECURITY INDUSTRY

Does the private security industry lend itself to obligatory self-regulatorymechanisms? PSC self-regulation has taken two forms: the adoption of indi-vidual corporate codes of conduct by eighteen companies, and participationin industry associations promoting self-regulation by sixty-five.136 One-halfof those with individual codes also participate in an industry associationpromoting a code. Only two associations seek to address their members’international activities. One industry association, the International Peace Op-erations Associations (IPOA), adopted a code of conduct in 2001 that seeksto regulate its members’ behavior globally; it had fifty-two members in early2009. A second association, the British Association of Private Security Compa-nies (BAPSC), is planning a code to govern its members’ international behavior,and it has five full members and ten provisional members.137 Other codesgovern PSCs operating domestically in specific countries or regions, such asIraq and the European Union. All of these are aspirational in character.

With rough estimates putting the industry’s size at about 130-300 activePSCs, this suggests, first, that the majority of PSCs working internationallydo not actively participate in self-regulatory mechanisms. Second, amongthose that do, self-regulation through industry association mechanisms is thepreferred option. This is a tentative conclusion, however, because the BAPSC

has yet to formalize its code of conduct.

134 Cashore, Auld, and Newsom, Governing Through Markets, 95.135 King and Lenox found that companies might join industry associations with obligatory codes

opportunistically, to gain reputational benefits in the short run. King and Lenox, “Industry Self-RegulationWithout Sanctions,” 702.

136 Participation was determined by examining corporate websites included in the list of 210 PSCsin Avant, The Market for Force, 10-15, and websites of members of the IPOA and BAPSC. Some privateregulation of employees exists in certification programs for individuals working in the private securityindustry; I do not discuss these here since they focus on employees rather than companies. For examplesof certification programs, see ASIS, available at http://www.asisonline.org; and International ContractorsAssociation (ICA), available at http://www.icaonline.us/news.php.

137 Membership criteria were agreed on in the fall of 2007, and all provisional members had toreapply for full membership. Sabrina Schulz, then BAPSC Director of Policy, correspondence with Reneede Nevers, Fall 2007.

Dow

nloa

ded

by [

Uni

vers

ity o

f T

exas

Lib

rari

es]

at 1

4:01

23

Sept

embe

r 20

13

504 R. de Nevers

The IPOA’s code is aspirational, and it promotes general guiding princi-ples.138 Doug Brooks, the IPOA’s president, contends that the code’s generalityis necessary given the IPOA’s diverse membership.139 It aims to promote eth-ical standards by encouraging members to abide by IHL and human rightslaw. The code encourages members to exceed minimum legal requirementsin ensuring ethical behavior regarding the use of force; to work with author-ities and groups, like the International Committee of the Red Cross (ICRC),in their work and in investigations, as needed; and to work only for le-gitimate clients. Members are encouraged to ensure training and vetting ofemployees, to respect client confidentiality, and to rely on detailed contractsregarding their activities, which should not include offensive missions unlessthese have international sanction. They should also try to impart the code totheir employees.

To be sure, the IPOA established an internal standards committee in 2006and an enforcement mechanism in 2007 to investigate complaints lodgedagainst members, with expulsion from the IPOA as the ultimate sanction.These mechanisms are relatively untested and they are reactive, rather thanproactive, since they rely on external actors to catch bad behavior, ratherthan requiring companies to self-report or designating an independent mon-itor.140 While reactive mechanisms may be unproblematic in domestic set-tings, this is insufficient in conflict zones, where independent monitoringmay be infeasible.

Given the limited and aspirational character of the private security in-dustry’s current efforts to self-regulate, does this industry exhibit the potentialto develop obligatory codes to govern its’ members behavior? The previousevaluation of industry associations adopting self-regulation suggests that thekey characteristics to examine are:

� Factors Motivating Obligatory Self-Regulation- Defensive and reputational concerns- Critical Events

� Industry Characteristics� Industry Association Attributes

I will examine each of these in turn.

138 “Code of Conduct,” International Peace Operations Association (IPOA), available athttp://www.ipoaworld.org/eng/codeofconductv12en.html.

139 Doug Brooks, interview by Renee de Nevers, 15 July 2007.140 Brooks expressed surprise that only four complaints were lodged in the first year or so after the

compliance mechanism was established. Ibid.

Dow

nloa

ded

by [

Uni

vers

ity o

f T

exas

Lib

rari

es]

at 1

4:01

23

Sept

embe

r 20

13

(Self) Regulating War? 505

Motivating Factors

Although PSC associations have pursued self-regulation for both defensiveand reputational reasons, the external threats confronting the industry andits business practices do not correspond to those facing other industriesthat have adopted obligatory codes. This has influenced the private securityindustry’s response. Notably, PSCs have not felt the need to strengthen theircollective ability to self-regulate by increasing the revenues or capacity ofexisting industry associations.

DEFENSIVE CONCERNS

The private security industry has faced a negligible threat of increased gov-ernment regulation. Rather, the trend in the United States since the end of theCold War has been toward both privatization and deregulation.141 Indeed,the industry’s rapid growth is a direct result of the push to privatize formerlygovernment functions. There is little indication that the United States, orother states, are contemplating expansive regulation of the private securityindustry even after the September 2007 Nisoor Square incident in Iraq.142

The BAPSC’s formation may be linked to the U.K.-government’s evaluation ofregulatory options for PSCs, which resulted in the publication of a green pa-per detailing six alternatives in February 2002.143 But the government has notfollowed up on the green paper with legislation governing PSCs. Nor havePSCs faced the threat of alternate regulatory options proposed by outsiders.The lack of regulatory pressure helps explain the aspirational nature of theIPOA’s code and other codes governing the private security industry.

To be sure, the private security industry has sought at times to deflect ad-ditional formal regulations or to position itself to shape regulations. This canbe seen in several ways. First, some familiar with the IPOA credit it with theabsence of new U.S. regulation prior to 2007, because IPOA and other indus-try representatives convincingly argued that self-regulation would addressperceived problems.144 Industry spokespeople also insist that the industryis already sufficiently regulated. They argue that the problem is not a lackof regulation, but lack of oversight and enforcement, and industry officialshave supported at least some congressional efforts to expand oversight.145

141 Verkuil, Outsourcing Sovereignty, 6–9; and Singer, Corporate Warriors, 66–70.142 New legislation on private contractors focused on expanding government oversight capacity. See

previous discussion on regulation above in “Current Regulations Governing the Private Security Industry.”143 Foreign and Commonwealth Office, “Private Military Companies: Options for Regulation,” The

Green Paper (London: The Stationery Office, 2002).144 Chvotkin, interview by Renee de Nevers, 16 July 2007.145 Congressional staffers, discussions with Renee de Nevers, 17 July 2007; and Brooks, “Testi-

mony.” On problems of oversight, see Elsea and Serafino, Private Security Contractors in Iraq, 28-30; and Jacques S. Gansler, Urgent Reform Required: Army Expeditionary Contracting, available athttp://www.army.mil/docs/Gansler Commission Report Final 071031.pdf.

Dow

nloa

ded

by [

Uni

vers

ity o

f T

exas

Lib

rari

es]

at 1

4:01

23

Sept

embe

r 20

13

506 R. de Nevers

The IPOA’s Brooks also worked with opponents of South Africa’s antimerce-nary legislation to try to prevent its passage and warned that it could havedisastrous consequences due to some companies’ reliance on South Africanemployees.146 Second, industry representatives have argued against partic-ular regulatory options. Most notable was the industry’s concern about theUCMJ’s expansion in December 2006. Third, industry officials seek to shapefuture regulation by arguing for industry input in new legislation, at boththe state and international level.147 All three of these trends were evident inthe industry’s response to the enormous press attention it received after theSeptember 2007 Nisoor Square incident.

REPUTATIONAL FACTORS

Reputational concerns have led industry associations to adopt contradic-tory policies; they advocate self-regulation and assert its advantages, butat the same time they favor some government regulation as a way tobolster the industry’s legitimacy. This differs from other industries adopt-ing obligatory self-regulation, which tend to be heavily regulated to beginwith.

Self-regulation is intended to provide a competitive edge, a way to rein-force and protect responsible companies’ market position.148 Both the IPOA

and the BAPSC argue that consumers should rely on association membershipas a way to distinguish between “good” and “bad” PSCs.149 But reputationalconcerns have also led to industry support for government regulation asa way to gain the legitimation that formal regulations would bestow. Con-cern for legitimacy reflects the industry’s derivation from a profession thatis now regarded as illegitimate: mercenarism. Self-regulation by illegitimateindustries is less likely to be viewed as credible, however, which may helpexplain the industry’s support for some formal regulation alongside self-regulation.150 This extends back to EO in South Africa. Eeben Barlow, EO’sfounder, believed that government regulation would legitimate the industryand give it tacit state endorsement, rather than constraining EO’s activities;regulated industries cannot be outlaws. Industry figures from Barlow onhave insisted that they support regulations that would weed out the “cow-boys,” the irresponsible companies that are spoiling the industry’s image.

146 Scahill, Blackwater, 363-64; and Percy, Regulating the Private Security Industry, 32.147 Brooks, “In Search of Adequate Legal Frameworks,” 4; Doug Brooks, testimony of the Interna-

tional Peace Operations Association, to the House Armed Services Committee Subcommittee on Oversightand Investigations, 25 April 2007, 7; and James D. Schmitt, statement before the United States Senate Com-mittee on Homeland Security and Governmental Affairs, 27 February 2008.

148 “Frequently Asked Questions about the IPOA,” http://www.ipoaonoline.org.149 On such claims by both IPOA and BAPSC representatives, see “The Private Security Phenomenon.”150 Van Buren and Patterson, “Institutional Predictors,” 15.

Dow

nloa

ded

by [

Uni

vers

ity o

f T

exas

Lib

rari

es]

at 1

4:01

23

Sept

embe

r 20

13

(Self) Regulating War? 507

This is a recurrent theme: the industry is responsible, ethical, and law-abiding, and only a fringe of bad actors—or bad employees—besmirchesits reputation.151 At the same time, industry representatives also tend toreject negative stories about the industry as “sensational” and “irresponsi-ble.”152

CRITICAL EVENTS

A few recent events can be suggested as possible critical events that mightdamage PSCs’ image and increase the industry’s concern about state regula-tion: the Abu Ghraib prison scandal in early 2004, in which several privatesecurity contractors were implicated; the killing of four Blackwater employ-ees in Fallujah, Iraq, on 4 April 2004; and the 16 September 2007 NisoorSquare incident, in which Blackwater employees killed seventeen Iraqi civil-ians and wounded many others. Of these, only the last appears to have thepotential to spur the industry to action.

First, prior to the Nisoor Square incident, there was little indicationthat PSCs worried that a poor reputation—either another company’s or theirown—would hurt business, which might increase support for obligatorycodes. Few companies suffered for poor behavior. DynCorp’s contract totrain the Iraqi police was renewed by the U.S. government in September 2006,for example, despite serious concerns both about the quality of its trainingand its billing practices. Titan Corporations’ contract with the governmentfor a range of services was renewed in spite of its guilty plea in a briberyinvestigation and the involvement of Titan contractors in the Abu Ghraibscandal.153

Second, the absence of press attention, before September 2007, to therole that private contractors have played in Iraq and Afghanistan is striking.Analyses of media coverage have noted the paucity of news stories aboutPSCs over the last several years, in spite of the industry’s dramatic growth.154

Media coverage spiked significantly just after the 2004 contractor deaths inFallujah, and somewhat after the publication of a book critical of Blackwaterearly in 2007. There was no noticeable change in coverage of contractors with

151 Herbst, “The Regulation of Private Security Forces,” 119–121; Toni Pfanner, “Interview withAndrew Bearpark,” International Review of the Red Cross 38 (2006): 456; and Schmitt, “Statement,” 4–5.

152 Brooks, “Testimony.”153 James Glanz and David Rhode, “The Reach of War: U.S. Report Finds Dismal Training of Afghan

Police,” New York Times, 4 December 2006; “DynCorp International Awarded Extension of Iraq PoliceTraining,” DynCorp 2006, http://www.dyn-intl.com/news2006/news090506.aspx; and Jonathan Karp andAndy Pasztor, “US: Titan to Pay Fine and Plead Guilty in Bribery Probe,” Wall Street Journal, 20 January2005. DynCorp is a member of the IPOA.

154 “A Media Mystery: Private Security Companies in Iraq—A PEJ Study,” Project for Excellence inJournalism, 21 June 2007, http://www.journalism.org/node/6153. See also Avant and Sigelman, “WhatDoes Private Security in Iraq mean for Democracy at Home?” 23–28.

Dow

nloa

ded

by [

Uni

vers

ity o

f T

exas

Lib

rari

es]

at 1

4:01

23

Sept

embe

r 20

13

508 R. de Nevers

regard to Abu Ghraib, in spite of the press attention this scandal generated.155

Overall, media coverage of PSCs was relatively low in relation to the role theycurrently play in conflict zones.

The two incidents involving Blackwater employees were viewed quitedifferently by the U.S. media. The Fallujah killings briefly illuminated thecontractors’ role in the U.S. war effort. The outrage generated by the desecra-tion of the contractors’ bodies helped shape media coverage of the incident,and coverage largely portrayed Blackwater and other PSCs as patriotic andsupportive of the war effort.156 Questions were raised about why the mili-tary was relying so heavily on contractors, but media coverage dropped offwithin a few months.157

In contrast, the Nisoor Square killings set off a firestorm of coverage,most of it negative.158 Media attention to the industry had been growingslowly prior to this event and focused on issues such as the impunity withwhich PSC employees appeared to be behaving in Iraq and Afghanistan.159

Coverage of the Nisoor Square incident had several features that could beperceived as damaging by the industry. U.S. military officials and soldiers ex-pressed their distaste for contractor behavior and concern that it was hurtingthe counterinsurgency effort; other PSCs distanced themselves from Black-water; and both the scope of U.S. reliance on contractors in war zones, andthe paucity of regulations governing their actions, were illuminated.160 Therealso was protracted discussion of the CPA’s grant of immunity from Iraqi lawto contractors in June 2004, which some claimed had fed the atmosphere of

155 “A Media Mystery.”156 On the Fallujah incident and Blackwater’s role, see David Barstow et al., “Security Companies:

Shadow Soldiers in Iraq,” New York Times, 19 April 2004; Pelton, Licensed to Kill, 118-42; and Scahill,Blackwater, 95–115.

157 “A Media Mystery.”158 A Lexis-Nexus search for “Blackwater” between 15 September and 7 November 2007 showed 965

references, while a search for “private military contractor” registered 998 results between 16 Septemberand 7 November 2007, almost as many as it registered in the previous seven years: 1,000 referencesbetween August 2000 and 15 September 2007.

159 The Washington Post, for example, ran several stories in 2007 covering the shooting of Iraqicivilians by contractors, poor safety records and hiring practices among PSCs, and violations of U.S. militaryregulations governing PSCs, among other things. Fainaru, “Four Hired Guns in an Armored Truck”; SteveFainaru, “Cutting Costs, Bending Rules, and a Trail of Broken Lives,” Washington Post, 29 July 2007;Steve Fainaru, “For Abducted Guards, Iraq Wasn’t Just About Money,” Washington Post, 30 July 2007;and Renae Merle, “Coming Under Fire: DynCorp Defends its Work in Training Foreign Policy Forces,”Washington Post, 19 March 2007.

160 See, for example, Joseph Neff, “DynCorp Boss Disses Blackwater,” available at http://blogsarchive.newsobserver.com/blackwater/index.php?title=dyncorp boss disses blackwater&more=1&c=1&tb=1&pb=1, 9 November 2007; P.W. Singer, Can’t Win With’Em, Can’t Go to War Without ‘Em,Brookings Institution policy paper no. 4, September 2007; and Steve Fainaru, “Guards in Iraq CiteFrequent Shootings,” Washington Post, 3 October 2007.

Dow

nloa

ded

by [

Uni

vers

ity o

f T

exas

Lib

rari

es]

at 1

4:01

23

Sept

embe

r 20

13

(Self) Regulating War? 509

impunity there.161 The U.S. Congress responded with several steps intendedto strengthen government oversight over contractors, as noted earlier.162

Whether the Nisoor Square incident will catalyze greater efforts to self-regulate remains to be seen, and opinions differed among scholars of PSCsover whether this incident would hurt the industry’s reputation, or onlyBlackwater’s.163 Previous examples suggest that it may take years for indus-tries to react to critical events by adopting obligatory codes, and reactionsmay occur only after negative attention accumulates, as in the case of thechemical industry. Other companies’ efforts to distance themselves fromBlackwater’s behavior suggest concern about the industry’s image. But con-gressional efforts to increase oversight in 2007 and 2008 generated politicalresistance, and the 2009 changes in Iraqi law regarding contractors may havelessened pressure for action by the industry.

Two points are worth noting. First, the IPOA decided in early October2007 to investigate whether Blackwater’s conduct in the Nisoor Square in-cident had violated the association’s code of conduct. This indicates thatthe IPOA seeks to take its code seriously. Blackwater withdrew from the or-ganization on 12 October 2007, however, rather than accede to this review,which implies ambivalent support for the existing private enforcement mech-anisms.164 Second, Blackwater’s State Department contract was renewed inApril 2008; it ended only after the Iraqi government refused to grant thecompany an operating license in 2009.165 This suggested that governmentinertia and ties with existing contractors mattered more than the company’sreputation or behavior. Together with the limited media attention that Black-water’s 2008 contract renewal attracted, this suggests that in the short run,the Nisoor Square incident is unlikely to convince the industry to adoptobligatory self-regulation.

161 Pelton, Licensed to Kill, 116; John M. Broder and David Risen, “Armed Guards in Iraq Occupya Legal Limbo,” New York Times, 19 September 2007; and Steve Fainaru, “Where Military Rules Don’tApply,” Washington Post, 20 September 2007.

162 It is important to note that the change of control in the U.S. House of Representatives followingthe November 2006 mid-term elections influenced Congress’ willingness to investigate the Blackwaterincident and promote new regulation of the industry. There were some efforts by members of Congresson each side of the aisle to politicize the issue of contractors, playing on the fact that Blackwater inparticular had strong ties to the Republican Party. Since my concern is with the industry’s capacity toself-regulate, I do not explore this issue further here.

163 Zachary Goldfarb, “A Tougher Line on Government Contracting: Blackwater Fallout May RippleThrough Industry,” Washington Post, 8 October 2007.

164 Bill Sizemore, “Blackwater Quits Trade Group that was Reviewing Its Conduct,” Virginian-Pilot,14 October 2007.

165 Dana Hedgpeth, “State Department to Renew Deal with Blackwater for Iraq Security,” WashingtonPost, 5 April 2008; and Rod Nordland, “Ex-Blackwater Workers May Return to Iraq Jobs,” New York Times,4 April 2009.

Dow

nloa

ded

by [

Uni

vers

ity o

f T

exas

Lib

rari

es]

at 1

4:01

23

Sept

embe

r 20

13

510 R. de Nevers

Industry Characteristics

Like industries adopting obligatory codes, the private security industry islargely generic in form. Few PSCs have brand-name recognition. This reflectsthe absence of media attention to the industry, discussed earlier, and the in-dustry’s distance from the general public. Blackwater is by far the best-knownPSC. Although the Fallujah incident in 2004 gained Blackwater attention as apatriotic supporter of the U.S. war effort, the trend of reporting since then hasbeen negative, due to some incidents in Iraq in which Blackwater employeesbehaved poorly and the publication of a book sharply critical of the com-pany.166 Few other companies are well known by the public; but those withsome notoriety, such as the now-defunct EO, have featured in both academicand popular discussions of PSCs.

Uncertainties about its size and nature prevent a definitive assessmentof the private security industry’s characteristics. Nonetheless, the sense of acommunity of fate does not appear to be strong, for two reasons. First, thedesire to “do each other in” appears to outweigh a sense of group interde-pendence among PSCs. Since the late 1990s, some industry members havesought to distinguish between respectable and disreputable companies. Thisis a competitive form of “branding” begun by Eeben Barlow, who wantedto create a high-end image for EO and to weed out the competition, asnoted earlier. This effort continues today and was evident in the industry’sresponse to the Nisoor Square incident. Additionally, competition and antag-onism have made it difficult for companies to work together. Of course, thisis not unique, but PSC competition has been fierce. Interindustry frictions aremost evident in the United Kingdom, where some major PSCs have remainedoutside the BAPSC. They may be withholding judgment to determine if theBAPSC will be effective, but this also reflects antagonism among some PSC

founders.167 Competition and antagonism may also explain the IPOA’s refusalto accept the membership application of U.K.-based Aegis Defense Services,in spite of its industry prominence.168 Competition is also evident in the factthat several companies filed lawsuits in 2007 challenging the fairness of theprocess by which large U.S. government contracts were awarded for workin Iraq, and earlier, companies had questioned the awarding of contracts tocompetitors.169

166 Analyses of the Fallujah incident also criticized Blackwater’s actions there. Sizemore, “Iraq KillingTracked to Contractor”; and Scahill, Blackwater; and “A Media Mystery.”

167 Author’s interview with industry representative, July 2007; O’Brian, “Private Military Companies”;and Percy, Regulating the Private Security Industry, 59.

168 David Phinney, “From Mercenaries to Peacemakers? Scandals Confront Military Security Industry,”Corpwatch, 25 November 2005, available at http://www.corpwatch.org/article.php?id=12829.

169 Luke Baker, “British Firms Battle for Iraq Security Deals,” Reuters, 2 October 2007; Alec Klein andSteve Fainaru, “Firms Protest Exclusion from Iraq Security Bid,” Washington Post, 5 May 2007; Alec Kleinand Steve Fainaru, “Judge Halts Award of Iraq Contract,” Washington Post, 2 June 2007; Alec Klein, “U.S.

Dow

nloa

ded

by [

Uni

vers

ity o

f T

exas

Lib

rari

es]

at 1

4:01

23

Sept

embe

r 20

13

(Self) Regulating War? 511

A second reason that an industry outlook is absent is the diversity oftasks undertaken by companies within the PSC rubric and confusion aboutthe industry’s breadth. The IPOA, for example, considers only companies pro-viding security functions PSCs. It classifies the peace and security industry itrepresents in three categories: logistics and support companies, PSCs, andfirms engaged in development and security sector reform.170 The bulk ofthe IPOA’s members fall within the PSC framework discussed earlier, how-ever. Confusion over the industry’s boundaries inhibits development of acommunity of fate.

The private security industry is fragmented. Although it is largely generic,with the notable exception of Blackwater, this does not appear to have trans-lated into a sense of shared fate. The tasks companies in this industry do arediverse enough that they may feel little connection. Although some industryrepresentatives expressed concern about damage to the industry’s reputa-tion, there was little indication prior to September 2007 that the industryfeared this would hurt business.

Industry Association Attributes

Neither the IPOA nor the BAPSC resemble the industry associations that haveimplemented obligatory self-regulation in terms of their size or the resourcesat their disposal. To begin with, there is no single trade association thatrepresents the private security industry. This is not unusual; companies maybe affiliated with many trade associations, depending on the range of theirbusiness practices, and industry associations are often state-based.171 TheIPOA and the Private Security Industry Association of Iraq (PCSAI) are amongthe few that accept international membership, and only the IPOA and the BAPSC

have explicitly advocated self-regulation to govern international businesspractices.

Those trade associations representing international PSCs are both smalland resource-poor. The IPOA had a full-time staff of three in 2008, alongwith several interns. Its budget is somewhere between $104,000-$416,000annually.172 The BAPSC has two part-time staff and assesses membership dues,which are not public, based on company revenues.173 The staffs of the INPO

Army Awards Iraq Security Work to British Firm,” Washington Post, 14 September 2007; and ChristopherKinsey, “Examining the Organizational Structure of UK Private Security Companies,” Defence Studies 5,no. 2 (2005): 188–212.

170 Brooks, “Testimony,” 1–2.171 For one list of associations related to the security industry, see Privatemilitary.org, available at

http://www.privatemilitary.org/securityindustry.html.172 Dues range from two thousand to eight thousand dollars, based on the firm’s business and the

type of membership it chooses. See http://ipoaworld.org/eng/membershiplevels.html.173 Andrew Bearpark, discussion with Renee de Nevers, 11 March 2009.

Dow

nloa

ded

by [

Uni

vers

ity o

f T

exas

Lib

rari

es]

at 1

4:01

23

Sept

embe

r 20

13

512 R. de Nevers

and CMA, in contrast, number in the hundreds, and they and the AF&PA havemultimillion dollar revenues.174

The difference in resources is critical because the lack of resources limitsindustry associations’ ability to create and enforce obligatory self-regulation.More importantly, this indicates that industry association members see noneed to incur the costs to enable the industry association to implementobligatory codes of conduct. Some of the industry’s largest firms are mem-bers of these associations. The IPOA includes MPRI, Armor Group and—untilOctober 2007—Blackwater; and some of the largest U.K.-based PSCs havejoined the BAPSC, including Aegis, Armor Group, and Olive Group. Thesecompanies could bear the costs of obligatory self-regulation if they chose;moreover, in other industries, larger companies have often led in implemen-tation of obligatory standards because they had more to lose due to theirmarket share. It appears, however, that neither defensive nor reputationalfactors have led these or other companies to conclude that stricter industrystandards beyond state regulatory requirements are worth the higher coststhey would entail. Instead, the IPOA’s enforcement mechanism was rejectedby Blackwater, which pulled out of the association rather than subjecting itsactivities to review.

Whether the IPOA or the BAPSC will develop the capacity to initiate oblig-atory self-regulation remains to be seen. Their very different origins may playa role. The IPOA was not founded by industry members. Instead, it appearsto be a volunteer trade association, established by Doug Brooks in 2001after consultations with academics, NGOs, and industry members.175 In this, itdiffers from the standard trade association that is formed by corporations pri-marily for lobbying and public relations purposes, and it is unclear whetherindustry members want to invest it with sufficient capacity to oversee theindustry. The BAPSC was established by private security companies based inthe United Kingdom in 2006. Its stated goal is to “raise standards of op-eration and advocate self-regulation” (emphasis added).176 The associationseeks a close relationship with the British government to ensure that its mem-bers’ activities support the goals of British foreign policy.177 Self-regulation’sprominence in the BAPSC’s formation suggests that its members may provewilling to ensure that the association has the capacity to fulfill this function,but this will depend on the British government’s regulatory decisions.

174 Rees, Hostages to Each Other; Nash, “The Emergence of Trade Associations”; and American Forestand Paper Association, available at http://www.afandpa.org.

175 Brooks, interview with Renee de Nevers, 15 July 2007.176 “About US,” BAPSC, available at http://www.bapsc.org.uk/about us.asp.177 Previously, the British industry had not felt linked to British policy. Avant, The Market for Force,

174.

Dow

nloa

ded

by [

Uni

vers

ity o

f T

exas

Lib

rari

es]

at 1

4:01

23

Sept

embe

r 20

13

(Self) Regulating War? 513

Summary

The private security industry only weakly resembles industries that haveadopted obligatory forms of self-regulation through industry associations.Like others adopting obligatory codes, the private security industry’s accep-tance of self-regulation is motivated by defensive and reputational factors,and a desire to preempt state regulation and to distinguish reputable firmsfrom others. But the threat of formal regulation it has faced is low, and PSC

self-regulation remains aspirational. Industry members also seek the legiti-mation benefits that regulation would bestow on the industry. The NisoorSquare incident may prove to be a critical event that stimulates industryinterest in obligatory self-regulation. But Blackwater’s withdrawal from theIPOA, and its 2008 contract renewal, in spite of its tarnished reputation, makesindustry action to strengthen self-regulation in the short run unlikely.

The industry lacks an important characteristic common to industries thathave adopted obligatory regulation. Although largely generic (with the no-table exception of Blackwater), industry members do not appear to perceivetheir fates as sufficiently linked to adopt stronger self-regulation. Indeed, oneindustry observer stated that the industry “doesn’t have a heart.”178 Privatesecurity industry associations also lack the attributes of associations adopt-ing stringent self-regulation in the critical area of capacity. The two industryassociations currently seeking to promote self-regulation are relatively smalland poor in comparison to associations that have adopted obligatory codes.Nor do they represent the bulk of the industry. Most important, their lack ofcapacity suggests that industry association members have not been willingto invest the resources to enable these associations to implement obligatorycodes.

SELF-REGULATION’S CONTRIBUTIONSAND CONSTRAINTS FOR PSCS

Industry self-regulation has strengths and weaknesses. It can be merely pub-lic relations or a means by which companies or industries significantly shapecorporate behavior. This paper has focused on industry association effortsto self-regulate through codes of conduct, the main self-regulatory mecha-nism adopted by the private security industry. The goal has been to evaluatewhether this industry lends itself to forms of self-regulation that go beyondgeneral principles.

Self-regulation by the private security industry today is aspirational inform and limited in its ability to govern the industry. Three key points emergewith regard to current PSC self-regulation. First, the private security industry

178 Malcolm Nance, Director, Special Readiness Services International, discussion with Renee deNevers, 29 June 2007.

Dow

nloa

ded

by [

Uni

vers

ity o

f T

exas

Lib

rari

es]

at 1

4:01

23

Sept

embe

r 20

13

514 R. de Nevers

lacks a key characteristic common to industries adopting obligatory codes:the sense of a community of fate. Second, it lacks the capacity to adoptobligatory self-regulatory mechanisms on its own. Third, the threat of stateregulation it faces has been too weak to convince companies to invest ina strong industry association with the capacity to develop and enforce self-regulatory standards. Indeed, most PSCs remain outside the associations thathave promoted self-regulation.

Should PSC self-regulation simply be written off, then? The answer isno. Although imperfect, self-regulation can contribute to oversight of thisindustry.

First, if done right, self-regulation can enhance formal regulation by fur-thering the regulatory reach of the state. Even weak self-regulation providesa baseline that makes higher regulatory standards possible. The reputationalmotivation driving even aspirational efforts to self-regulate makes it pos-sible to hold companies to the standards they promote. Moreover, weakself-regulatory mechanisms may evolve, particularly if other stakeholdersconcerned about an industry’s business practices get involved. Voluntarystandards may also be converted into legal obligations if they are writteninto contracts between companies and their clients, thereby giving thesecodes legal force.179 Indeed, Laura Dickinson has argued that, given theweakness of international law as well as current state regulation, contractlaw may be a useful means to hold PSCs and other international corporationsaccountable for their behavior overseas.180

Second, the inadequacies of existing regulations governing the privatesecurity industry globally suggest that self-regulation should not be dis-missed. There is a strong need for both national and international legislationto govern PSC activities, and efforts to improve the regulatory frameworkin each area should proceed in tandem. But progress is likely to be slowin the international arena, and uneven among states. The industry’s natureheightens the need for international standards to ensure accountability acrossborders, but progress toward international guidelines or a convention gov-erning PSCs within the UN framework is unlikely in the near term due toongoing tensions about how to define this industry and different views ofPSCs’ legitimacy.181 Self-regulation may enhance oversight in states or re-gions with little formal regulation governing PSCs; it may not be sufficient,but it is better than no regulation at all.

Nonetheless, governments must recognize their critical role in makingself-regulation work. The threat of formal regulation—the “shadow of theregulator”—is a key lever helping convince industries to establish and ad-here to obligatory self-regulation. The U.S. Congress’s reinvigorated interest

179 Ward, “Legal Issues in Corporate Citizenship”; and Avant, The Market for Force, 53.180 Dickinson, “Public Law Values in a Privatized World.”181 Percy, Regulating the Private Security Industry, 49–52.

Dow

nloa

ded

by [

Uni

vers

ity o

f T

exas

Lib

rari

es]

at 1

4:01

23

Sept

embe

r 20

13

(Self) Regulating War? 515

in regulating PSCs after the September 2007 Blackwater debacle is thus apositive sign. Future legislation may help clarify and ensure the legal sta-tus of PSCs working for the United States. In recent Senate hearings, expertshave proposed requiring greater contractual clarity on a range of issues, toestablish consistent PSC requirements regarding IHL, training, and recruitingand vetting of employees. The critical need to strengthen oversight capac-ity within agencies like the DOD, which employs many PSCs, has also beenstressed.182 Presidential resistance to greater congressional oversight of gov-ernment reliance on contractors, however, may weaken the government’sleverage.183

The dramatic expansion in states’ reliance on PSCs to carry out tasks thatinclude armed security operations—albeit termed defensive—raises ques-tions about what roles governments should rely on contractors to carry out.To determine the appropriate balance between government and private ac-tors regarding the use of force, we must step back and evaluate the fitof certain regulatory means in the first place. Although military contractorshave a long history, the private security industry is relatively new. Gov-ernment reliance on PSCs has advanced far ahead of discussions about theappropriate boundaries between public and private functions in the securityrealm. Reliance on private authority in the form of industry self-regulation,as advocated by private security trade associations, will not lead to effec-tive rule-making unless the industry’s parameters are better delineated, itsmembers evince greater interest in making self-regulation work, or externalactors play an oversight role. As examples from other industries have shown,however, PSCs may not be motivated to make self-regulation more effectiveunless the threat of formal regulation is real. Government efforts to redrawthe lines regarding state control over security functions may be necessary toprovoke meaningful action by the private sector.184

Current PSC efforts should therefore be viewed as the start of a process,rather than being dismissed or accepted without question. The IPOA claimsto welcome input, so an evolutionary effort to strengthen its standards andprocedures may be possible. To be credible, this would require cooperationbetween the industry, governments, and other stakeholders, including theindustry’s critics. The BAPSC seeks a close relationship with the U.K. govern-ment, which creates the prospect of government input and oversight of anyself-regulatory mechanisms it establishes.

182 Laura A. Dickinson, testimony before the United States Senate Committee on Homeland Securityand Government Affairs, 27 February 2008.

183 Rafael Enrique Valero, “Bush Targets Contract Oversight Provisions,” Government Executive,available at http://www.govexec.com/dailyfed/0208/022208nj2.htm.

184 Notably, the oversight commission rejected by the George W. Bush administration was taskedwith recommending distinctions between “inherently governmental” battlefield functions and securityfunctions that could be privatized. Valero, “Bush Targets Contract Oversight Provisions.”

Dow

nloa

ded

by [

Uni

vers

ity o

f T

exas

Lib

rari

es]

at 1

4:01

23

Sept

embe

r 20

13

516 R. de Nevers

Two options to strengthen industry self-regulation would be for gov-ernments to make compliance with industry codes a contractual obligationor to use voluntary compliance as a certification tool for companies seekinggovernment contracts. PSC self-regulation would become more formalized asa result, with greater government oversight. Such a requirement could alsohelp build the capacity of industry associations because companies wouldhave a stronger incentive to join associations and help cover the costs ofself-regulation. But such steps should be taken carefully. Not only mustgovernments ensure their own capacity to monitor compliance, but theyshould avoid rewarding industry associations with the responsibility of cer-tifying corporations until the associations prove they can implement the keyelements of obligatory self-regulation: clear industry standards and reportingrequirements for companies, credible monitoring of corporate complianceeither within the industry or by external actors, and sanctions mechanismsthat have some clout.

It should not be assumed, however, that industry associations are theright locus for PSC self-regulation; multistakeholder processes may be betterable to monitor industry behavior. The ICRC and the Swiss government, forexample, have engaged in dialogue with industry representatives regardingPSCs’ roles and responsibilities under International Humanitarian Law, andefforts like this may provide a better starting point for more effective orenforceable self-regulation.185 A working group based at Princeton Universityis similarly seeking to identify problems and develop new standards forPSCs.186 Governments cannot abdicate their role in this process, however,because in the end, accountability rests at the state level.

Industry self-regulation is likely to remain part of any regulatory frame-work governing PSCs. But it would be a mistake to trust to self-regulationalone. As it is currently configured, this industry does not lend itself to oblig-atory self-regulation. Those who support self-regulation must do more tomake it effective if this is to become a valid part of the regulatory frame-work. But if they care about ensuring responsible behavior by PSCs in conflictzones, states and international organizations must do more to develop theother pieces of a workable regulatory framework as well.

185 “The Montreux Document,” 17 September 2008, available at http://www.eda.admin.ch/etc/medialib/downloads/edazen/topics/intla/humlaw.Par.0056.File.tmp/Montreux%20Document.pdf.

186 “A New Legal Framework For Military Contractors?” Princeton Problem Solving Workshop Seriesin Law and Security, 2007, available at http://www.lapa.princeton.edu/newsdetail.php?ID=17.

Dow

nloa

ded

by [

Uni

vers

ity o

f T

exas

Lib

rari

es]

at 1

4:01

23

Sept

embe

r 20

13