Ten years on: learning from the Steve Dennis case

Each year on 19 August, we celebrate World Humanitarian Day, acknowledging the tireless efforts of aid workers to assist crisis-affected communities and remembering those who have tragically lost their lives. This year’s theme is #ItTakesAVillage, recognising the magnitude of the collective effort required to deliver humanitarian assistance. Similarly, collective action is needed within organisations and across the sector to keep aid workers safe. World Humanitarian Day provides a ripe opportunity to reflect on the incidents that have shaken our sector and re-affirm the importance of security risk management (SRM) to keep aid workers safe. This blog by David Clamp explores one such incident and the lessons we can learn.

Why now?

It’s been ten years since a complex incident in Kenya prompted significant change within NGO SRM. The repercussions of the incident, particularly the court case brought by one affected, Steve Dennis, have been felt across the sector. I caught up with Steve in June 2022 to reflect on the changes we have seen since the incident.

The world has changed since 2012, but having spoken to colleagues across the sector, it’s apparent that Steve’s trial three and a half years later still has lessons for us all. This short overview aims to draw actionable conclusions for security managers and organisations.

What happened?

For those new to what happened, it’s worth separating the original incident and the case. On 29 June 2012, Steve and other Norwegian Refugee Council (NRC) employees were in a three-car convoy during a VIP visit to the IFO II refugee camp in Dadaab, Kenya, near the Somali border. The vehicles were attacked while leaving the camp. Tragically, the driver of one car was shot and killed, whilst another driver, Steve and two other NRC staff were shot but survived. Steve and three others were abducted; an armed rescue four days later freed them. Significant questions emerged about contributing factors leading up to the incident and the organisation’s support of the victims afterwards. In February 2015, Steve brought a claim for compensation in the Oslo District Court. The court ruled in favour of Steve and awarded damages, finding gross negligence on the part of the organisation.

Key learnings identified after the case

This was the first time such a ruling had decided against an international NGO. It was clear that the landscape of duty of care in the sector had changed. An INGO Security manager working at the time reflects now that ‘It really made organisations sit up and take notice. Before then, organisations had been happy to say that staff safety was always paramount, but this was an actual legal case, and it shook us all, and our Trustees.’

The main areas of learning include:

• In the year before the incident, repeated concerns of risk management neglect were ignored
• Immediately before the incident, the expected lines of decision-making within the organisation were not in place; arguably leading to the incident
• Duty of care is legally demonstrable, and this case set a precedent
• Organisations need to provide appropriate support after an incident
• It’s more cost-effective for organisations to have strong security and duty of care systems which prevent incidents and provide good support if they do happen than to go through an expensive and reputationally damaging court case

For Steve, the case demonstrated that it was no longer acceptable for an organisation to demand compliance from staff with a view that ‘this is what you signed up for’. Staff should always have accurate information to make an informed choice regarding their security.

The changing context since 2015

So how has the NGO SRM world changed since? It is undeniable that organisations of all sizes have revisited their security structures. Smaller organisations have become aware of their duty of care responsibilities; larger organisations have reviewed their structures, risk appetites and staff support mechanisms. Networks such as GISF have gained influence (indeed, a security manager noted that GISF lobbying after the case led directly to the donor expectation that 1.5 per cent of total project costs are allocated to duty of care). Expertise has grown, there is comprehensive provision of wellbeing support, Employee Assistance Programmes (EAP) are now widely available, and INSSA has created a professional certification for the sector.

But at the same time, the context has changed:

• Mainstreaming of safeguarding since the 2018 media focus
• More stakeholders are involved in conversations about access to programmes
• Localisation of security management has risen to the agenda
• Covid-19 disrupted our work between 2020 and the present day
• Increased number of conflicts in medium-level risk contexts, the latest being the conflict in Ukraine

The question is whether these have diverted our attention from considerations of duty of care. My perspective is that for some, they have done just that. Organisations have been affected differently, depending on the visibility of duty of care within senior management and Trustee boards throughout the last few years.

Let’s look briefly at two of these changes.

Covid-19 brought massive disruption. While a small number of organisations continued working on their programmes relatively uninterrupted, most had normal operations interrupted and redesigned operational protocols to enable continuity. Funding streams and travel systems were significantly interrupted. Some (my most recent employer included) did not survive.

It has been suggested that organisations sometimes rush their programmes instead of implementing a measured, safe response when moving into new humanitarian contexts like Ukraine. Speaking to contacts across the sector, it’s clear that at the start of 2022, organisations were not as coordinated as they are now. Some took decisions based on a need for publicity or a desire to deliver a response without adequately considering risk management or duty of care. Staff faced with air raid sirens which sound every time there is an airstrike inevitably will not go into the shelters every time, and compliance is hard to enforce remotely. One consultant working 20 miles from the Ukraine front line observed ‘I take a view on whether or not to go each time. More usually I don’t.’

Questions to ask yourself and your organisation

I suggest it’s time to pause and assess whether our organisations are in the right place. Consider the following:

• The Trustees of your organisation in 2015 are probably no longer there. Your current Trustees might not know about the case. Is the same true for your Senior Management Team? It’s time to remind them.
• Are your practices and decisions genuinely defensible in court? Steve reflected: ‘Organisations should ask themselves, “When justifications for decisions are heard in a court, will they make sense? We heard a long line of illogical decisions in my trial and hasty derogations from sound security recommendations. This fulfilled the requirement of gross negligence: a heightened neglect of staff safety throughout the organisation. Negligence of a smaller magnitude would still have satisfied the court’s requirements for breach of duty of care.’
• Are your staff support structures fit for purpose? Do your colleagues have access to appropriate support if needed? Is your EAP provider able to support crisis-level situations? If not, who would you turn to? Is there discretionary funding to support colleagues who fall outside regular support structures?
• Who makes the decisions that affect exposure to risk? Do staff make informed choices, or are they compelled to follow instructions?
• Is there a genuine, impartial route for your colleagues to give negative feedback? Some organisations have an internal point of contact like an ombudsman to provide this. Steve now supports colleagues in such situations, particularly if they have less capacity to articulate and pursue their case – contact Steve here.

As we look forward to the next step in the evolution of our growing sector and SRM, we need to look back at the significant influences on our recent history – and this case is an excellent place to start. It is always complex to learn from incidents such as this that have been traumatic for those involved. A short piece like this only scratches the surface. But if this article starts a conversation with your Trustees or Senior Management Team about whether you provide an adequate level of duty of care, it’s been worth it.

About the Author

David was a Security Focal Point and member of GISF for over 20 years, most recently as Director of Safety, Operations & Governance for Raleigh International. He now works as a consultant with  www.dhclamp.com and acts as secretariat for the UK Humanitarian / Development SFP Network. Contact David here.

Related: