What is a threat assessment?

After yesRisk Assessmentterday’s post, it became evident many people had never heard of threat assessments in terms of  mental health and crime prevention. Typically assessments are not added to the calculus of overall preventative measures on a local law enforcement level. In most cases this is due to a misunderstanding of their usefulness. In other cases unfortunately, assessments are willfully avoided in an effort to limit agency liability. In the end, we all do assessments of people, situations, buildings, syndicates and so on daily, we just don’t formalize them and distribute them outside of a controlled group. After having conducted well over 400 assessments in the last five years, I’ve learned the only good assessment is one that can be acted upon. For this to happen, they have to be sent to the people who need them most. This piece will focus on some basic tenets of an assessment. Later, I will discuss the “to whom…” portion. Understand, an in-person class on assessments lasts 10 hours so what follows is a very compressed version.

The first thing to remember is threat assessments are dynamic. This is to say, what is accurate now may not be so in 10 minutes. For this reason, assessors expend a lot of energy keeping the assessment as accurate as possible. Most times, the assessment will hold for the time needed to take action whether that be mental health intervention or detainment. There are times however when the ink will have barely dried and the assessment needs to be updated. This point is very important to remember for two groups of people; the customer and the command staff. For this reason both the customer and command staff must dedicate a person to continually liaise with the assessment team so pertinent updates can be pushed quickly to the end users.

The next critical element of an assessment is research. Knowing the risk a subject poses comes in part from understanding from where they came both literally and figuratively. Assessors must dive deep into the history of the subject for this information. For law enforcement this means reading potentially dozens of police reports, arrest records, and field contact cards. The work can be tedious, but one nugget of information can make a life or death difference. For corporate security or contractors, research may be a major obstacle but it’s not one that cannot be overcome. Most counties across the country publish court records on-line and most police departments will provide copies of reports for a nominal fee. If that is all you have, then do what you can. Take a moment to research the subject’s digital world as well. For some, you may only find a digital shadow, while others have a significant digital footprint.

Once the research is complete, the assessor moves to the analysis phase. In reality, an assessment team would simultaneously dig and analyze, however in most agencies assessments fall on one or two people. For this reason, it is necessary to set aside time strictly for analysis. During this phase the assessor begins building a profile of the subject. They will answer questions like, is there a history of violence? What motivated the violence? What are the subject’s stressors? Based on known information, does the subject have a plan to commit violence? Do they have means, motivation, and opportunity? What is the subject’s pattern of life? Finally, as a byproduct of good analysis, the assessor should start seeing shatter-points or weak spots in the subject’s behavior. These become critical in the conclusion phase.

Post analysis, the assessment team needs to make a decision; what is the threat level? The assumption here is a threat matrix already exists. If it does not, then an assessment is nothing more than a research project. The best threat matrices are simple and contain at a minimum three levels. Threat matrices with five or more levels can be cumbersome and not conducive to true assessments. Once the assessment team has made a decision on the threat level, they need to be prepared to defend their choice. This is where the research and analysis will be scrutinized and tested. If done correctly, the threat level will coincide with the known information.

Finally, the conclusion of the assessment is where the customer will start their approach. The conclusion should highlight weaknesses in the subject’s pattern of life, violent plans, or criminal tendencies. These areas need to be exploited in order to frustrate the subject’s plan. By the time the customer reads the conclusion they should have already fo
rmulated a plan and know where their best chances of success lay. The conclusion is where analysis meets actions.

As you have probably noted by now, a full scale assessment will take time. For this reason, assessment teams should have a plan in place for short term assessments that can be used in the interim until a full scale product arrives. Regardless of the length, all assessments should provide actionable intelligence that can be taken by the customer and immediately applied to whatever operation is needed.

Exploiting Criminal Syndicate Risks

Combating organized crime is like cleaning oil off your driveway. There are dozens of methods to clean up the mess, yet none of them will do the job alone. Deciding how to clean the mess is just as frustrating as actually cleaning. In the same manner, many law enforcement organizations don’t know where to begin when routing out syndicate crime. In most cases law enforcement aims their resources at the most obvious areas; street level criminals and money. These are not altogether bad tactics however just like cleaning the sludge off your driveway a few methods alone will not eradicate the syndicate. Instead of traditional methods for combating organized crime, law enforcement can learn a few tricks from traditional risk analysis.

Syndicates thrive off the fact they don’t appear complicated on the surface. However, they typically sink deep roots into one or more methods of preserving their existence which adds layers of complexity. Their diffused rooting, while necessary for survival, is also a weakness and can be exploited through common risk analysis.  For example, when examining supply chains, business continuity plans, or site security we look at several factors including communication, redundancy, and resiliency. Using this same tactic we can expose risks within organized criminal syndicates and exploit them to collapse the enterprise.

The first step in analyzing a syndicate’s risk is to map their internal structure. For example, all successful criminal syndicates have at least three levels of organization; upper leadership, mid-level management, and foot soldiers. Many syndicates will have other operational and management levels. To adequately collapse the order you need to know the structure from top to bottom and understand how each level interacts with ones above and below. Mapping may not be easy if the syndicate utilized a cellular structure however that too has weaknesses that can be exploited.

The next step is to detail what the syndicate needs to survive. In most cases you find common needs like communication, recruits, and possibly money. There may be several “needs” and the more the better because with more needs comes more risk. Once you have mapped out the groups’ needs, overlay them on the structure. This will let you see which level of the group is responsible for these needs. At this point, several “red flags” will become obvious. These red flags are what we call “risks.” If no red flags are obvious then deeper analysis may be needed to expose other facets of the group like ideology and cultural dependency.

Similar to prioritizing risks for mitigation, you now prioritize the syndicate’s risks for exploitation. Target one element and become the threat directly associated to that risk. In some cases where the risks are cultural this will require non-traditional law enforcement techniques like outreach and collaboration. In syndicates where the risks are not cultural and easily identified, exploiting the weakness will threaten the group’s entire stability.

Combating organized crime through risk analysis is of course more complicated than described above, however the basic template will not change. Every criminal syndicate has weaknesses, it’s up to law enforcement to find the weaknesses, exploit them fully, and eradicate the group.