What is a threat assessment?

After yesRisk Assessmentterday’s post, it became evident many people had never heard of threat assessments in terms of  mental health and crime prevention. Typically assessments are not added to the calculus of overall preventative measures on a local law enforcement level. In most cases this is due to a misunderstanding of their usefulness. In other cases unfortunately, assessments are willfully avoided in an effort to limit agency liability. In the end, we all do assessments of people, situations, buildings, syndicates and so on daily, we just don’t formalize them and distribute them outside of a controlled group. After having conducted well over 400 assessments in the last five years, I’ve learned the only good assessment is one that can be acted upon. For this to happen, they have to be sent to the people who need them most. This piece will focus on some basic tenets of an assessment. Later, I will discuss the “to whom…” portion. Understand, an in-person class on assessments lasts 10 hours so what follows is a very compressed version.

The first thing to remember is threat assessments are dynamic. This is to say, what is accurate now may not be so in 10 minutes. For this reason, assessors expend a lot of energy keeping the assessment as accurate as possible. Most times, the assessment will hold for the time needed to take action whether that be mental health intervention or detainment. There are times however when the ink will have barely dried and the assessment needs to be updated. This point is very important to remember for two groups of people; the customer and the command staff. For this reason both the customer and command staff must dedicate a person to continually liaise with the assessment team so pertinent updates can be pushed quickly to the end users.

The next critical element of an assessment is research. Knowing the risk a subject poses comes in part from understanding from where they came both literally and figuratively. Assessors must dive deep into the history of the subject for this information. For law enforcement this means reading potentially dozens of police reports, arrest records, and field contact cards. The work can be tedious, but one nugget of information can make a life or death difference. For corporate security or contractors, research may be a major obstacle but it’s not one that cannot be overcome. Most counties across the country publish court records on-line and most police departments will provide copies of reports for a nominal fee. If that is all you have, then do what you can. Take a moment to research the subject’s digital world as well. For some, you may only find a digital shadow, while others have a significant digital footprint.

Once the research is complete, the assessor moves to the analysis phase. In reality, an assessment team would simultaneously dig and analyze, however in most agencies assessments fall on one or two people. For this reason, it is necessary to set aside time strictly for analysis. During this phase the assessor begins building a profile of the subject. They will answer questions like, is there a history of violence? What motivated the violence? What are the subject’s stressors? Based on known information, does the subject have a plan to commit violence? Do they have means, motivation, and opportunity? What is the subject’s pattern of life? Finally, as a byproduct of good analysis, the assessor should start seeing shatter-points or weak spots in the subject’s behavior. These become critical in the conclusion phase.

Post analysis, the assessment team needs to make a decision; what is the threat level? The assumption here is a threat matrix already exists. If it does not, then an assessment is nothing more than a research project. The best threat matrices are simple and contain at a minimum three levels. Threat matrices with five or more levels can be cumbersome and not conducive to true assessments. Once the assessment team has made a decision on the threat level, they need to be prepared to defend their choice. This is where the research and analysis will be scrutinized and tested. If done correctly, the threat level will coincide with the known information.

Finally, the conclusion of the assessment is where the customer will start their approach. The conclusion should highlight weaknesses in the subject’s pattern of life, violent plans, or criminal tendencies. These areas need to be exploited in order to frustrate the subject’s plan. By the time the customer reads the conclusion they should have already fo
rmulated a plan and know where their best chances of success lay. The conclusion is where analysis meets actions.

As you have probably noted by now, a full scale assessment will take time. For this reason, assessment teams should have a plan in place for short term assessments that can be used in the interim until a full scale product arrives. Regardless of the length, all assessments should provide actionable intelligence that can be taken by the customer and immediately applied to whatever operation is needed.

Analyze this; 2.5

“On a scale of one to five, which number represents thermonuclear war and which represents peace? The answer is simple; it depends on the value of one.”

This question is an oversimplified explanation of quantitative analysis. Every action has a numeric value and when those values are taken together, massaged with an algorithm, and plotted on a graph they tell you everything you need to know. Ask yourself this however, is that really true? Can quantitative analysis really tell you what you need to know in each discipline? Perhaps in finances, traffic accidents, and poker games the answer is yes, but when it comes to real world risk analysis, numbers are as useful as elven magic.

Before you click away in an angry huff, consider this: You’ve been asked to analyze the risk of recidivism of a convicted felon who is about to be released from prison. When you look through his criminal history you see he committed two armed robberies, six shoplifts, and four assaults over a three year period. He spent the last seven years in prison. Based on that information what is his risk of recidivism?

Odds are if you presented those facts to a criminal intelligence analyst or a police detective you would be told the risk is high. They would assign a numerical value to each crime, add them up, use some crazy algorithm and tell you this person is going to be a problem. If you went strictly by the numbers, then yes, this ex-con will more than likely offend again. If you step outside of the number parameters however, you encounter the reality of the assessment which is, the ex-con is a human being.

Saying the convict is human is not social commentary, it’s a fact that requires a different method for cataloging. Enter qualitative analysis. Based on the person’s history there is cause to believe he may re-offend, however there are several variables at play. For example, what were the socio-economic conditions of the subject prior to incarceration? Has the person found religion while in prison? What conditions will greet the subject upon his release? What factors that were present seven years ago will still be present upon release? All of these questions are extremely important when analyzing the risk of recidivism or any risk involving human beings. If you don’t believe me, ask yourself this; what number value should be associated with anomalous human behavior?

The challenges facing an analyst converted to the world of qualitative analysis is knowing which questions to ask and where they rank in the final risk analysis. Each situation demands a new grouping of questions, however over time, the analyst will recognize core questions asked in each analysis. This is why risk analysis on people require more than one analyst and should go through a rigorous vetting process with other equally skilled analysts. After all, we are mapping human behavior and can’t exclude the possibility of personal bias.

It is time we train our law enforcement risk analysts and investigators to use a qualitative system. It will be a change, and challenges lie ahead, but as we encounter the growing need for threat intelligence, predictive analysis, and efficient forecasting we need to focus on the reason for the analysis; evaluating possibility. Numbers alone won’t do the trick.

Exploiting Criminal Syndicate Risks

Combating organized crime is like cleaning oil off your driveway. There are dozens of methods to clean up the mess, yet none of them will do the job alone. Deciding how to clean the mess is just as frustrating as actually cleaning. In the same manner, many law enforcement organizations don’t know where to begin when routing out syndicate crime. In most cases law enforcement aims their resources at the most obvious areas; street level criminals and money. These are not altogether bad tactics however just like cleaning the sludge off your driveway a few methods alone will not eradicate the syndicate. Instead of traditional methods for combating organized crime, law enforcement can learn a few tricks from traditional risk analysis.

Syndicates thrive off the fact they don’t appear complicated on the surface. However, they typically sink deep roots into one or more methods of preserving their existence which adds layers of complexity. Their diffused rooting, while necessary for survival, is also a weakness and can be exploited through common risk analysis.  For example, when examining supply chains, business continuity plans, or site security we look at several factors including communication, redundancy, and resiliency. Using this same tactic we can expose risks within organized criminal syndicates and exploit them to collapse the enterprise.

The first step in analyzing a syndicate’s risk is to map their internal structure. For example, all successful criminal syndicates have at least three levels of organization; upper leadership, mid-level management, and foot soldiers. Many syndicates will have other operational and management levels. To adequately collapse the order you need to know the structure from top to bottom and understand how each level interacts with ones above and below. Mapping may not be easy if the syndicate utilized a cellular structure however that too has weaknesses that can be exploited.

The next step is to detail what the syndicate needs to survive. In most cases you find common needs like communication, recruits, and possibly money. There may be several “needs” and the more the better because with more needs comes more risk. Once you have mapped out the groups’ needs, overlay them on the structure. This will let you see which level of the group is responsible for these needs. At this point, several “red flags” will become obvious. These red flags are what we call “risks.” If no red flags are obvious then deeper analysis may be needed to expose other facets of the group like ideology and cultural dependency.

Similar to prioritizing risks for mitigation, you now prioritize the syndicate’s risks for exploitation. Target one element and become the threat directly associated to that risk. In some cases where the risks are cultural this will require non-traditional law enforcement techniques like outreach and collaboration. In syndicates where the risks are not cultural and easily identified, exploiting the weakness will threaten the group’s entire stability.

Combating organized crime through risk analysis is of course more complicated than described above, however the basic template will not change. Every criminal syndicate has weaknesses, it’s up to law enforcement to find the weaknesses, exploit them fully, and eradicate the group.

Using Risk to Fight Crime?

Risk, risk management, and risk mitigation strategies have existed in one form or another for several years in banking and business. The discipline of risk management however tends to be ignored when it comes to law enforcement. This is not to say law enforcement is unfamiliar with risk, they most certainly are, but they tend to see risk only in terms of measuring officer safety. Risk management strategies can also be used to fight crime in a more efficient and effective manner.

Risk requires four elements; context, environment, actions, and consequences. In law enforcement the consequences are always the same; crime. Therefore the other three elements serve as the core of crime prevention through risk management. The best way to describe this is to use a scenario. Take an alley between two multi-level buildings. Alone, the alley represents nothing, and based on its simplicity is not at risk of crime. Take that same alley and change the environment to nighttime, say 9:35pm and add the context of the alley being the quickest route from the local library to St. Mary’s college. With these factors in the place, the alley begins to look more and more like a breeding ground for crime, but we still need actions, which in law enforcement comes in the form of suspects and victims. Suspect actions typically fall closely in line with environment, as in you will find more drug users around drug houses and potentially more vehicle burglary suspects in shopping mall parking lots. In this case, let’s assume this dark alley is the meeting place for small time street robbers and thieves of opportunity. The final element needed to make this scenario come to life is the actions of a victim. Namely, they need to enter the alley.

There are many ways of looking at the alley scenario. Each one requires that law enforcement see the alley and all of its elements as precursors to crime. This conclusion well in place, we must now look at how to prevent the crime. Some law enforcement minds would respond by increasing marked car patrols in the area of the alley. The thought being, “bad guys don’t like the police and will stop being bad guys while we are around.” In terms of basic crime prevention this is a questionable practice, but in terms of risk management it’s absolutely useless. Random patrols do not remove any of the elements of risk we identified above. From a pure risk management standpoint we need to remove one or more of the elements creating the risk. The addition of sufficient lighting for example will affect the environment as will visible CCTV cameras. Public outreach on the part of the school to educate the students on the dangers of walking alone will mitigate the risk of a solo student using the alley. Finally the use of strategic policing, focusing on high risk suspects in the area, will mitigate the chances a suspect and victim will meet in the alley.

The alley example is an obvious oversimplification of larger criminal problems however the same basic principle applies across the board. If a neighborhood is known for gang activity, it is incumbent on the police to examine the area from a risk management stand-point and move strategically to counter the gang problem. The same can be said for neighborhoods known for burglaries, intersections known for collisions, and apartment complexes famous for drug crime. Simply forming task forces with the stated goal of arrests, does nothing to mitigate further risk. However when you remove one element from each of these criminal equations, your chances of diminishing the risk of continued crime increases exponentially. This also places the police agency in a position to form crime eradication strategies to hopefully bring safety and security to the area.

Risk based policing fits neatly with intelligence led policing techniques in that it is most successful after a full examination of the criminal dynamic has taken place. This furthers the goal of efficient resource allocation. As technology continues to spring forward the use of social networking and digital communications will increase the success of risk based policing. Risk based policing is not a panacea, but it is a far more effective strategy than random police patrols or strategies based solely on high arrest statistics.