Protecting the C-Suite from the Tax Man

If Executive Protection is one of your security roles, you need to be up to date on the latest best practices to maximize security and minimize risk—in the most cost-effective and efficient way possible. An Independent Security Study will help select executives in your company avoid unnecessary tax liability and at the same time assess your company’s security environment while providing great value to you in your role as a corporate security professional.

Why Do You Need an Independent Security Study?

Your Executive Protection might include air travel, airport protection, ground transportation, and a travelling protective detail to ensure the safety of company executives, especially if they travel internationally. The IRS will tax the gross income of those executives for transportation security costs—unless you can show a bona fide business-oriented security concern for the protection provided. An Independent Security Study meets the necessary requirements for the IRS to avoid this tax—and saves your CEO money.

You Can’t Conduct the Study Yourself

An important part of the IRS compliance is that the study is done by an outsider, e.g., independent consultant. You can’t conduct your own assessment. The Independent Security Study is based on an objective assessment of all facts and circumstances and the employer applies the specific security recommendations contained in the security study to the employee on a consistent basis.

An Independent Security Study Benefits You and Your Organization

The net result of the Independent Security Study conducted by an independent consultant is an evaluation of your personnel, programs, policies, technologies, operations, and current security environment to identify areas of strength along with opportunities for improvement. In addition, your compliance with the IRS showing the security you provide your executives is part of an overall security program also benefits you and your organization.

What Are the IRS and Tax Connections to the Study?

The Independent Security Study is tailored to fulfill IRS statutory requirements as they relate to validating employer-provided transportation for business-oriented security concerns and overall security programs. The Independent Security Study documents employer-provided transportation for security concerns for corporations seeking to specifically exclude security-related cost and items from the executive’s gross income. 


Building the Perfect (Security) Beast

We turn to a consultant to help us with a challenge we can’t solve ourselves, to supply the knowledge and experience of industry best practices and regulatory compliance, provide a particular type of subject matter expertise, or to guide us through a specific project. While a security consultant is certainly an advisor, assessor, examiner, and evaluator, we can also ask him or her to modify, correct, enhance, and create safety- and security-related documents—specifically, procedural standards such as guidelines, policies, plans, rules, and directives.

Imitation Is the Highest Form of Flattery

If you could create a security department that was an industry leader with best-in-class operations, would you? Of course you would, but how do you know your program is better than the rest? What puts you ahead of your competitors and, equally important, keeps you there? Your success starts with the documents that reflect the mission of the security program while at the same time protect the brand of the organization. Ideally you want to benchmark against companies similar in shape, size, and footprint. If you work for a multinational corporation operating in multiple continents with a global corporate security department, then you want to compare yourself to similar organizations and their full breadth of the security department policies.

All For One and One For All

Employees are more likely to see security as a company priority if management visibly supports security efforts and initiatives. Consequently, a security program is most effective when people see it as an important part of a company’s goals and vision. Among the best ways to demonstrate that support is to include security as one of management’s core values and to promulgate official company policies regarding security. And as the most effective means to this end, multi-disciplinary involvement in the creation and vetting of these documents invites partnerships with legal, HR, IT, and employee assistance to collaboratively design inclusive and relevant procedures. A security department simply cannot do all this by itself.

Let’s Talk About the Nuts and Bolts  

Now that we’ve addressed the importance of building a security program through the “power of paper,” let’s focus on the specific documents needed. Applicable security directives and guidelines can include documents such as:

  • A clean desk policy
  • Access control procedures
  • Restricted area access
  • Visitor management
  • Background screening requirements

While physical security measures are critical, the access protocols and practices and the ability to screen and filter all personnel, services, deliveries, and equipment seeking access to the facilities and its environs are equally, if not more, important. The implementation and effectiveness of security systems, such as closed-circuit surveillance equipment, exterior and perimeter security systems and monitoring, and electronic access control systems, can be determined by the written guidelines and published rules giving instructions on the proper use of these technologies.

Training Is a Perishable Skill

The success or failure of a security program could depend on the training curriculum, security awareness information, and education materials designed not only for the security team, but also for the entire organization. Non-security personnel must receive ongoing and current training on safety-related information regarding emergency preparedness, fire prevention, and workplace violence mitigation, among many areas. Your best practice based security program should combine research, collaboration, institutional knowledge, and professional experience to produce training that engages people by providing practical and hands-on tools they can implement immediately.

Necessity Is the Mother of Invention

We adapt our policies and procedures to our needs and current situation. And the need for most new policies and procedures is driven by knowing current best practices and awareness of emerging threat scenarios. With clients in both the public and private sector, The Lake Forest Group offers you insight acquired through decades of engagements helping organizations assess their current security program—beginning with their written policies and procedures. From there, we can ensure that your corporate environment, financial services, international affairs, business operations, brand integrity, protective intelligence, operational protocols, budget execution, and human resources are built on a strong, best-in-class security foundation.


How to Protect President Donald J. Trump

It seems that Donald J. Trump has taken the fight to the Republican Party and shows no signs of going away as a serious candidate to become the GOP presidential nominee. As a matter of fact, at this point if it were a boxing match, the referee might have to stop the bout because the other contenders are bloodied, battered and beaten. Ever since he jumped into this race, Mr. Trump has been on the attack and the mainstay of his campaign has been to punch and counterpunch his competitors as well as his critics. Just ask John McCain, Lindsey Graham, Hillary Clinton, and Megyn Kelly, to name a few, how it feels to be in the crosshairs of The Donald.

High Profile Equals High Exposure

In today’s political world, these candidates become high-profile targets because of their high exposure. Due in part to the Internet and social media, sensitive information about candidates, such as addresses of private residences, family members, salaries, and business ventures, are accessible to the public. And magnifying this exposure, the candidates are constantly attending public events, especially in Iowa and New Hampshire that require maneuvering through crowds of unscreened people at functions such as state fairs and parades. A preventative protective methodology balances ends, ways, means, and threats to identify and assess risks in these scenarios and opportunistic vulnerabilities. To reach optimum event security, a thorough process of properly trained and prepared security personnel analyze appropriate risk control measures and apply interrelated countermeasures and protective tactics to harden these events.

I Stepped Into a Burning Ring of Fire

Event security planning can be more easily described by explaining the “ring” methodology. The five rings of protection are: (1) the outer perimeter typically secured by public sector personnel at the federal, state, and local level, filtering people, equipment, and vehicles requiring event access; (2) the middle perimeter is the event security assets comprised of private security guards and law enforcement officers screening and controlling entry; (3) the inner perimeter is the restricted areas inside the event site, such as the stage; (4) the fourth perimeter is the intelligence collection and information sharing between the private and public sectors; and (5) the fifth perimeter, the life blood of the event, is cyber security dedicated to critical infrastructure, including electricity, power grid, water, and communications.

If You’re Not First, You’re Last

Armed with the “knowledge and power of the rings,” a best practice-based event security template identifies appropriate countermeasures that will lower the various levels of risk. The countermeasures and design alternatives are specifically tailored to address an event security operational plan, executive protection measures, emergency preparedness policies, interoperable communications, and risk mitigation strategies. I believe the ability to meet security, risk management, and emergency preparedness objectives will—at many critical junctures—rise or fall on whether the security team can execute-to-plan. That is the benchmark and you should never settle for anything other than the highest level of execution and performance when designing your event security and executive protection strategies.

Imitation is the Sincerest Form of Flattery

Best practices in executive protection should be benchmarked to determine the most effective and efficient operations suitable for the candidate and the event. Following how the best executive protection programs keep apprised of emerging threats while also staying informed of industry trends in countering these risks will strengthen your own strategy. The advance work that precedes the arrival of the candidate is just as, if not more, important than the security employed during the event. A laser-focused emphasis needs to be placed on the preparations, strategies, instructions, and responses, so that if any crisis were to occur, all contingencies are in place.

Even though many of us are not experienced with protecting a presidential candidate as he or she moves through large-scale event venues, the tenants of rock solid executive protection and event security plans are still paramount to your own specific needs and situations.


The Boehner Case Speaks to the Need for a Threat Management Plan

The recent arrest of a country club bartender who threatened to kill House Speaker John Boehner makes a strong case for the need for organizations to design and implement an effective threat management plan. After Michael Robert Hoyt was indicted this past January, details of his life, mental health, work history, access to weapons, and regular proximity to a public figure have become available that present a situation in which an established comprehensive threat management plan might have avoided.  An effective threat management plan is constructed and implemented by multiple parties with different, but complimentary backgrounds. An experienced investigator, mental health physician, human resources professional, and protective security expert are examples of the applicable skill sets required to build the plan.

Often serving drinks to Boehner and other high profile members, Hoyt worked as a bartender at the Wetherington Country Club in West Chester, Ohio for five years until he was fired last October after several members complained about him. After his arrest, police searched his home and found an assault rifle magazine, ammunition, and a notebook containing “John Boehner” and “Ebola” among other writings, as well as lists of country club members. Arrest reports state that Hoyt was visibly upset about being fired, which might have prompted him to send an 11-page blog naming Boehner as the devil to his ex-girlfriend, neighbor, and father as well as emails to Debbie Boehner that mentioned his firing. In these communications, he claimed that he had the access and opportunity to poison Boehner’s wine if he had chosen to do so.

Other recovered documents state that Hoyt had been hearing voices though his car speakers telling him that Boehner was evil, eventually leading him to call 911 and ask the operator to tell his father he was sorry. When police went to his residence, he volunteered to be taken to the hospital for psychiatric evaluation. Hoyt had been previously treated for a psychotic episode two years ago and prescribed medication, which he stopped taking after six months.

As part of its protective responsibilities, my former employer, the United States Secret Service (USSS), has long held the view that the best protective strategy is prevention. In keeping with that tactic, their threat management efforts identify, assess, and control persons who have the interest and ability to mount attacks against USSS protected individuals. The Exceptional Case Study Project (ECSP), the USSS’s first operationally relevant study on assassins and near-assassins, was completed in 1998. The ECSP was a five-year operational analysis of the thinking and behavior of individuals who assassinated, attacked, or approached to attack a prominent person of public status in the United States. It employed an incident-focused, behaviorally-based approach consisting of a systematic analysis of investigative reports, criminal justice records, medical records, and other source documents, as well as in-depth interviews with subjects.

The ECSP determined assassinations and attacks on public officials and figures are the products of understandable and often discernible processes of thinking and behavior. Most people who attack others perceive the attack as the means to a goal or a way to solve a problem. An individual’s motives and selection of a target are directly connected. Ideas of assassination develop over weeks, months, even years, and are stimulated by television and newspaper images, movies, and books. Potential assassins seek out historical information about assassination, the lives of attackers, and the protectors of their targets. They may deliberate about which target—and sometimes targets—to choose. They also may transfer their interest from one target to another. After selecting a target, attackers and near-lethal attackers develop plans and sometimes rehearse before mounting an attack.

When conducting a threat assessment, protectors and investigators must also pay attention to the individual’s choice of a potential target, assuming the individual has selected a target. The following questions should be addressed:

How well is the target known to the individual? Is the individual acquainted with the target’s work and lifestyle patterns?

Is that information readily available, as in the case of many public officials or highly visible public figures?

How vulnerable is the target to an attack? What changes in the target’s lifestyle or living arrangements could make attack by the individual more difficult or less likely?

How sophisticated is the target about the need for caution?

How concerned about safety is the target? How concerned are those around the target (such as family or staff)?

Let’s see how these individual characteristics, investigative questions, information analysis, and management options apply in the Boehner case. First, the potential attacker had an evident process of thinking and behavior—he blamed the target for the loss of his job and the Ebola virus. Second, the investigation uncovered two red flags—history of mental illness and access to weapons. Third, he communicated with friends, family members, and Boehner’s spouse about his interest in the target. Finally, and the most concerning, the management component was missing because nothing was done to “manage” Hoyt until after the plot was revealed.

We can all learn from this incident and apply it to our own particular situations. We don’t have to fear an imminent assassination to understand the danger of a disgruntled employee and the importance of performing our due diligence in background screenings, proper investigative processes, and assessment capabilities that identify the initial signs of potential threats. When you recognize that a threat management plan must be in place to prevent harm from being done, have access to these resources, and are knowledgeable to the required multi-disciplinary acumen, you have a strong foundation upon which to build your own threat management plan.