This third and final part of Xavier MacDonald’s article on high end jeweller robberies covers strategy: risk assessment and resulting priorities; procedures, training and audit.
When one has clearly identified the different robbers, even if certain people may think this is politically incorrect, knowing how they operate, identifying the dangers and anticipating the problems, what does one concretely do, in order to reduce these risks? The security professional should first of all perform a risk assessment of all the sites to locate the weaknesses and fix them immediately, implement countermeasures to slow the robbers down, draft procedures so that all have the same mission understanding; train personnel and guards to observe and report incidents and perform regular in and out-of-house audits. All these phases which should be performed in this particular order are essential if one wants to anticipate and deter attacks rather than merely to suffer them. In that regard, the smallest flaw undetected by security but noted by the criminal can often have a serious human and financial outcome. It will allow him/her to determine which security measures are necessary to put in place, what is cost-effective and what is not and where the priorities are. There is no ideal copy-and-paste matrix concerning the security of a site but an individual analysis to recommend and implement tailor-made decisions.
Risk assessments and resulting priorities
Risk assessment has to be seen primarily as a management tool where one balances the potential dangers against the benefits. Risk is thus a combination of opportunity and danger. Similar to the CEO who has to analyse the risks of an opportunity (new segments of a market, accessories, etc.,) the security manager has also to detect and to take into account the current and new security risks in order to protect the goods whilst allowing sales to continue. What risk is there in the theft of a bottle of champagne during a presentation and what risks exist that could lead to an attack of a store by an experienced robber? Priorities have to be given and one must never lose this from sight even under the pressure from others. From these major and minor findings he should then put them by order of priority since all the sites cannot always be re-engineered at the same time.
When the security manager finishes his risk assessment concerning the different risks, weaknesses and how to fix them, he can then put together his security strategy and tactics which will help him structure his security budget. It will then be possible for him to know where to spend the security resources, how to improve procedures, what training is required for personnel and when to perform audits. At this moment, only, can the security manager send his strategy and budget to his hierarchy for their approval. They in turn will have to decide what importance they give to each possible threat and the financial and brand image losses as well as psychological and sociological incidents they are prepared to give up. The more the security manager clearly and concisely explains the security situation, the more he/she has the chance that his strategy is taken seriously and that he obtains the necessary funds and support.
The author believes that analysing and finding the risks and fixing the weaknesses are still not sufficient to anticipate and deter robberies. It is only a question of time and motivation, according to Roger Matthews, before a site is attacked. Criminals adapt to targets and can overrun the security equipment and procedures. The time factor is irrelevant to the criminal during the planning phase of an attack. It is hence up to the security manager to keep ahead of them by putting in countermeasures to make it more difficult and to slow them down.
By placing himself in the shoes of the criminals, the security manager has to push his analysis as far as possible in order to put in place several countermeasures at each level and in different areas. Gary Tredgett, a Lloyd’s underwriter, calls it “the onion ring theory, having layer upon layer of controls in place” and “using different methods and deterrents”.29 All good security systems need to have countermeasures (deterrents) to allow them to continue functioning. If the first defence fails or is overrun due to electronic failure, errors due to personnel or attacks made by robbers, another countermeasure should immediately take over and so on.
There are the regular countermeasures to limit access to sensitive areas and to slow robbers down but there are also the urgent ones to put in place because of new modes of operation. This is why the security manager must always keep well informed of how the criminals operate or by reading about what attacks are on-going. These countermeasures will slow the criminals down and allow, at a minimum, a gain of time so that the police, the security sub-contractor or oneself can intervene. Time is the first major countermeasure the security manager has concerning the robbery itself, since robbers have to get out very quickly. The more time they need the more one has a chance they will go elsewhere. Time is thus the robber’s worst enemy during the armed robbery. Redoine told the author that “nothing resists us; it’s all a question of time”.30 Bruce Schneier, a security specialist, writes that there are “trade-offs” concerning security meaning there are “… costs in terms of money, convenience, comfort, freedom and so on that inevitably attach themselves to security systems”31. He simply means that the more a site/area is sensitive the more time one has to give up in order to have access to it. Since high-end stores and safe rooms represent a high risk, the security measures must be proportionally adapted to protect these goods and staff.
Overlapping spheres of competences and responsibility are also simple and effective countermeasures. The person opening a store with the key must not have the alarm code or the safe code. Alarms and safes must be under constraint and equipped with time locks and time delays at opening. Another countermeasure would be the opening via a video monitoring service. Checks and balances once again since these countermeasures will make attacks more complicated for robbers. Personnel must also learn to break habits, use different routes when going to work and change their times of arrival. Another system is to make all personnel enter the store at the same time. The variations and combinations of countermeasures are infinite and often free but people tend not to use them. The benefits of countermeasures like this are fourfold: personnel security, protection of the goods, very cheap and easy to implement. All are reassured including personnel and the underwriters since this reduces the risk of an attack.
It is however one thing to perform a risk assessment, finding all the weaknesses in the system and quite another to put in countermeasures, to draft clear procedures, to train personnel and to control regularly to check that everything is understood and working as planned. The author believes that procedures are critical concerning security even though they may not always please personnel. Security is first of all a bottom-up review by putting in the correct procedures. There are different kinds of procedures that need to be written in high-end jewellery houses. There are the Standard Operating Procedures (SOP) for the stores locally or worldwide that give the general outlines of security; local guard procedures, temporary procedures for special events and exhibitions, private presentations, consignment procedures, procedures concerning all the departments e.g., the workshop, the depot, special orders, marketing, the press and so on. For a photo-shoot, for example, it is not the press or the communications department that should decide if security is necessary or not. The press may also have reduced budgets, friends in the media to impress or film stars to satisfy. Consigning goods to a film star is excellent for media coverage especially during the film festivals but the security manager must find ways of consigning goods to these people but without losing them. The security manager has to analyse the situation and put in place the correct procedures to make this happen.
There are procedures for CCTV, panic buttons, for client presentations with trays but security does not stop there. Who controls the rear doors? Who is allowed access control? Who has the keys? Who has the codes to the alarm system and to the safe? What about transportation of goods to and from the site? What security do the workshop sub-contractors have? What procedures do back-office personnel have? Security takes a lot of common sense, vision, anticipation and time but also because it is needed everywhere. There is not an area where security is unnecessary but the levels change according to the protection needed. The security manager must thus write down clear procedures for all the departments in the company and not just the stores. He must know what is going on in the stores and also inform all the back office personnel of the risks of attacks and of being indiscreet. Personnel must be taught never to talk about opening and closing procedures or any other security issues with outside people including families. They must be told that the security system is very difficult to overrun in order to make robbers go elsewhere. This is good if it is leaked!
People will follow procedures if they understand them and see the end state. There is a natural willingness to comply with these rules and regulations as long as they are feasible and possible to carry out. There is no point in trying to implement unreasonable procedures since they will often be ignored. A security manager must work closely with all the departments in the company so that he perfectly understands how they work and integrate their difficulties and agendas into his security strategy and procedures. He has to talk regularly with the directors and managers to make sure his messages get across and that they understand and agree with him. There is no point in putting in procedures if they are countered, ignored or interpreted in a different way. As soon as one’s back is turned, personnel will continue their business as usual. Rules and procedures take time to understand, to put in place, to be accepted and implemented by all. Procedures can also be ignored by employees because of a culture difference between countries and continents where the local employees are simply not aware of the risks or used to follow rules and regulations. Procedures are essential for having good security. They are cheap to draft but are time-consuming to write and difficult to get right. Good procedures must also be improved regularly because of changes in local laws, rules and technology upgrades and new criminal modes of operation.
Now that the risks have been analysed, the weaknesses found, the countermeasures put in place and the procedures clearly written out, personnel need to be kept alert by regularly informing and reminding them of the potential dangers. Security officers and staff have to be trained to think like predators and always on the look out to anticipate future events. To reduce attacks against jewellery houses, the security professional must constantly explain to all concerned how the criminals operate, what to do to counter or deter them during the reconnaissance phase and to report events even minor ones. This takes time but in the medium run will pay off. Personnel and guards must be very vigilant during this phase to detect the offenders and make them go elsewhere. These criminals have to perform a reconnaissance inside the store to identify the positioning of the cameras, the alarms, type of security door and type of cabinet glass; who has the keys and badges, how to go to the back-office, the rear door, names of personnel, etc. Sometimes they will even buy goods (with cash!) so that sales personnel and guards do not become suspicious. All this information will be carefully noted and processed. The more the attack is prepared with accuracy, the more they have a chance of avoiding unforeseen events and the less they will be nervous before and during the attack. They will try to find the flaw (weakness) in the system irrelevant of the time it takes. Who has the code to the door, to the alarm system; what are the opening or closing procedures; who is in charge and so on.
Security officers and salespeople all know that there are chances of being attacked but sometimes prefer to avoid thinking about it as if it would never happen and could be swept away. They cannot be completely surprised when they take place since like all retail businesses there will always be this risk and this will always be part of the equation. This is the reason why regular training is essential to make them think of all the dangers and know what to do if they take place. Managers, sales personnel and guards should also be trained with real case studies by explaining the different phases of how a store was hit and how it could have been avoided. Salespeople and guards need to be trained regularly concerning robberies and sleight of hand in order to comprehend and understand why to follow or respect procedures. Training guards and personnel takes time since they are not like computers that can be upgraded in a few minutes. They need time to understand what to do and why they have to do it. Changing people’s habits is often time-consuming simply because people need time to understand the changes and to adapt to new environments. Since attacks do not take place every day, regular reminders and practices are crucial so that personnel have the right reflexes and react correctly. There is no room for improvising and one does not get a second chance concerning a robbery. Without any regular training, the procedures finish up on the top of a shelf in a dusty folder or personnel simply do not remember what to do. Practice makes perfect as the saying goes since robberies are rare and these exercises can often help to develop better procedures but also to protect personnel.
There is also a part of intuition or a sixth sense that sales people and security officers instinctively have but are rarely trained to develop. In a store where a ring had been stolen from an experienced salesperson he told the author, during the de-briefing phase, that he had noticed that the ‘mystery client’ was very nervous, not focussing on his questions and not giving normal answers. This simply annoyed the salesperson. The important point here is why then did the salesperson not take immediate action by bringing the sales trays back to his side and warn the guard or other colleagues of this suspicious event? All the precursory signs were there but the salesperson didn’t pick them up. Another kind of blindness seems to affect salespeople who often do not work as a team and only remain focused on the sale.
To make sure that procedures are correctly implemented, that training is understood and that there are no other weaknesses in the system, the security manager must verify what is really going on by carrying out audits. Audits can either be carried out in-house or be outsourced to security experts; it all depends on what information one wants to obtain. Jewellery stores, personnel and security officers need to be audited regularly by the security manager or with independent auditors who will put them in real-life conditions. The in-house and outsourced auditors have to ask personnel the right questions in order to find all the weaknesses. This may take a little more time but at the end of the day one will very often discover the weak links in the system or with personnel. When carrying out audits, the security manager will often find some of the weaknesses but personnel can also inform him of flaws in the security system. Drive-by audits simply do not exist in security. The security manager must, for example, be regularly present before opening and at closing time to observe at distance how these are done and by whom. This is also where the robbers will be observing.
A lack of incidents is seldom an indication that the procedures and training are correct. Security audits are a humbling experience simply because they allow oneself to know where one’s weaknesses are and that is exactly how they must be seen. They are a management tool, a thermometer to place in a company to see whether they are above or below standards. The results found by in-house or external auditors can be quickly integrated into the company’s procedures which will in turn beef up security. “Si vis pacem, para bellum” (Flavius Vegetius) – If you want peace, prepare for war.
Management may fear bad audits and may even be tempted to use the information to send out sanctions to personnel. It is important that the security manager explains to hierarchy that they are only an exercise and that it is a learning process for all concerned and that they cannot be used to sanction personnel otherwise this would cause unnecessary concern and fear. The author often explains to guards and personnel that these audits must be seen as a game and they must do their best to win.
Internal security audits are to a certain level independent and impartial since they are carried out by professionals who usually know what they are doing but they can also have their limits. They unfortunately tend to focus on existing procedures rather than taking a step back to get a better and broader picture. The danger – and this is often the case with in-house audits – is that the security manager may want to give a watered down version of what is really going on, so as not to show his weaknesses. The security manager may simply want to tell his head of department what he wants him to hear and not what he should hear because of operational or budgetary reasons. This can be part of a purely human reasoning since giving one’s manager negative information is not as pleasant as giving positive or slightly favourable feedback. To avoid this, the security managers should also be audited each year by top management and between security managers from the other brands in the Group. This would no doubt create a form of competitive spirit but would allow them to find the weaknesses and also learn from each other.
Outsourced audits are beneficial to the whole company and will actively participate in the bottom line results. They are a win-win even though the results may seem a little harsh for management and especially for the security manager. Auditors see things with a clear and independent perspective and will also see things that have been overlooked with the passing of time. The books, accounts and invoices are checked yearly in accounts payable by independent auditors and so should the security department’s procedures and equipment with security experts and brokers who are experts in this field.
A security professional must at one moment or the other write down objectively or explain orally all the weaknesses in the system. Management may not accept or may postpone in-house recommendations but may better accept them when they are carried out by independent experts. These experts need to be hired by top management so that personnel know that they are important for the company but also will limit any form of complacency between the security manager and the audit company. Outsourced auditors must be completely free to detect any security problem in the system by going as far as possible in their search.
One has probably never read or will ever read a report sent in by a professional robber stating that a security system and the procedures were just too efficient and thus made him go down the road. Criminality in jewellery stores goes down when it becomes more difficult and less attractive for robbers. Criminals do not retire or go straight overnight, they simply move on to easier targets since “…there is no noticeable decrease in the industry on the whole”.32 If the defender’s system is effective, it is likely that robbers will move on since it will “…generate a displacement effect to softer targets in the same field”.33 When jewellery store attacks increase, it is most probably because procedures and security are tighter in other sectors. “If there is a weakness in a country or a town; a bad co-operation between the police and the retail merchants, they will exploit this. If an area is really secured and that there is cohesion between all the actors then thefts and armed robberies become very difficult – but not impossible”.34 Sending the robbers and thieves to the store down the road is a short sighted approach. It is together with all the protectors that one can, through a better understanding of each other and by exchanging information, that one can best fight crime in the jewellery trade. This information has to travel very fast in all directions, especially between the in-house stores, the other jewellery houses, the police, the loss adjusters, etc, to merge and form a close-knit community.
If the high-end jewellery industry as a whole would learn to anticipate attacks and then revamp their procedures, training and certain security features, criminals will simply move on to easier and more profitable targets. From a criminal perspective, diamond/gold traders and shops, gemmologists, jewellery couriers and jewellery sub-contractors, museums, auction houses and casinos all present in today’s environment highly profitable alternative targets. Tightening or enforcing security measures in jewellery houses, as well as adapting to the new modes of operation, will make the robbers move on to new areas. By reducing your attractiveness as a potential target you can logically reduce the probability of an attack. As the previously cited retired U.S. embassy security official remarked, “Bottom line: ugly is beautiful! Remember: a dissuasive image is your best defence.”
Bauer, A. & Raufer, X (2009). La Face Noire de la Mondialisation: CNRS Editions
Bauer, A. & Raufer, X (2002). La guerre ne fait que Commencer : Folio
Bellaïche, A. (2007). Ma vie sans postiche: First Editions
Champeyrade, C. (2007). Sociétés du Crime. Un tour du monde des mafias et cartels: CNRS Editions
Faïd, R. & Pierrat, J (2010) Braqueur. Des cités au grand banditisme: La Manufacture de Livres
Gayraud, J.F. (2008). Le monde des mafias. Géopolitique du crime organise: Odile Jacobs
Glenny, M. (2009). McMafia. Seriously organised crime: Vintage
Kennet, B & Suc, M (2008) Antonio Ferrara: Le Cherche Midi
Levy, D. (2010). Braquages. Actualité, evolution, ripostes: CNRS Editions
Mason, B. (2004). Nine lives. Confessions of a master jewel thief. Bantan Press
Matthews, R. (2002). Armed robber: Willan Publishing
Picca, G. (2009) La criminologie: Que sais-je. 8ème édition.
Pierrat, J. (2008) Mafias, gangs et cartels. La criminalité internationale en France : Denoël Impacts
Ploquin, F. (2005) Parrains et caïds : Fayard
Raufer, X. (2009) Les nouveaux dangers planétaires. Chaos mondial, décèlement précoce : CNRS Editions.
Schneier, Bruce. (2003) Beyond Fear Thinking Sensibly about security in an uncertain world Copernicus books
Tsouras, P.G. (1992) Warrior’s words. Dictionary of military quotations: Cassell
The official definition of robbery in England and Wales is “A person is guilty of robbery if he or she steals and immediately before or at any time so doing and in order to do so, uses force or puts or seeks to put any person in fear of being then and there subjected to force. In summary, robbery is stealing aggravated by violence”. (Home Office 1991:1).
The term ‘armed robbery’ needs to be explained since it implies the use by criminals of a lethal weapon but also a concealed or fake one, knives, clubs, etc. According to Roger Matthews p17 “Robbery is stealing aggravated by violence”.
The British have a delightfully curious sense of humor. They refer to their police special branch and intelligence personnel as “the funnies” and to their special forces operatives as “the naughties.” In both milieus the dictum that “it takes a thief to catch a thief” is instinctively appreciated. The same operational wisdom can be found in the following study of high end jewelry robberies written by friend and former colleague the Franco-British security specialist Xavier MacDonald. If you are in the luxury trades, whether as a security officer or, perhaps more specifically, as a managing director or CEO, read this analysis. It will widen your perspective. It will provide you a degree of street smarts concerning the ever evolving art of robbing the rich not to be found in any business school curriculum. In short, everything you always wanted to know about avoiding the risk of high end robberies but were afraid to ask.
Colonel, U.S. Special Forces
In this paper Xavier summarises in a readily consumable manner, the most important principles of security for High Value Retail. Indeed, ever higher values which have multiplied ten-fold in the past five years. Were it not for the surfeit of global investment funds flooding the market, insurance rates would have increased proportionately. They may yet do in a jump, if other sources of investment appear.
Security, even at this level of basic principles, is not taught at management schools and is little known in the C suite. Yet the consequences of poor security can have serious effects on earnings: customers frightened away, media speculation, downgrading of image, dead or injured staff/ customers, cancellation of insurance cover, with consequential effects on ebitdas.
Whilst no one expects the CEO to check if guards are attentive, no one will respond to the person who is delegated to check, unless that person has the full support of the CEO.
Our motto here is, “Sales trumps security” as it must, if we are all to eat; but there is one corollary: there must be sufficient respect between sales and security staff so that a guard will not raise his hand to indicate something appears amiss without good reason and therefore when he does…. Full control of the door goes to security with good grace. That is their job. Without good security staff you will be targeted. Repeatedly.
The security staff is not motivated by sales commissions, but by the satisfaction of good team work and recognition of protecting the sales staff and stock. If you treat them as a necessary encumbrance, they will switch off. Prowling criminals will notice.
This is not a complex subject- all the less so when compared to some selling and accountancy instruments which chiefs must master these days, but good security is a vital tool for an efficient workplace and staff; think in terms of physical and electronic protections and human procedures.
A police quote is that these days the only folk paying attention in the street are the police and the criminals: everyone else is late or on their Iphone. Your security staff should also be motivated to read the street, watching for risks coming towards them and better, watching the watchers.
John Shaw ACII FCILA FEUDI-ELAE