The murder of UnitedHealthcare CEO Brian Thompson is a recent reminder of security risks that high-profile leaders face. The targeting of corporate executives has unfortunately become commonplace, including instances where they are harassed, stalked, and kidnapped; targeted for spear phishing; and impersonated using artificial intelligence. In the digital age, where criminals have near-instant access to business and personal information, in-house counsel must ensure their organizations have strong executive protection policies in place, including hiring armed security professionals.
A security-oriented culture is essential in organizations of all types, and they must comply with federal, state, and local requirements around licensing and training to avoid legal and reputational risk that can arise from spotty implementation of protection measures. As a result, large companies are increasingly seeking outside legal advice surrounding how to legally and responsibly implement security measures.
Organizations that deploy security professionals to protect executives must continually modify their efforts as new risks arise. Risks to executives stem from publicity surrounding their business-related decisions, high-profile issues involving the organizations they lead, or even taking—or refusing to take—positions on political or social issues. Extensive information about executives is easily accessible online, often including their travel and physical locations. And the dark web provides access to unlawful resources.
Safety concerns are compounded when leaders travel to regions prone to natural disasters or political instability. Organizations deploy security professionals in an effort to safeguard executives from physical violence, kidnapping, and extortion and to protect sensitive information. Additionally, safeguarding an executive can help protect an organization’s value and finances, as business leaders have an outsized impact on financial metrics.
Protecting an organization’s executives comes with a unique set of legal requirements that vary by jurisdiction. Therefore, organizations must have policies and protocols in place to ensure compliance, often across a range of states and municipalities. This is especially important for organizations that maintain operations in multiple jurisdictions or whose executives travel regularly to high-profile locations.
For example, some states, such as Virginia, require armed security professionals who are providing security services for employees of their employer and are “in direct contact with the general public” to obtain a license or another form of registration from the state regulator in charge of security professionals, while others do not require licensing when a security professional is providing security services under those circumstances.
Other states delegate licensing requirements to the county or municipal level. Before any travel that includes its security professionals, an organization must confirm that their licensing complies with all jurisdictional requirements.
Additionally, self-defense laws vary by state, including whether a security professional has a duty to deescalate prior to using deadly force. Some states, such as New Jersey, impose a duty to retreat, requiring security professionals to attempt to remove a protectee from a dangerous situation before using force, except when in the protectee’s home. Some states apply this exception to a protectee’s home and workplace.
There are also jurisdiction-specific requirements involving training specifications of security professionals, privacy and surveillance tactics, recertification of security professionals, and required liability insurance that an organization must maintain. “Qualified Law Enforcement Officers” and “Qualified Retired Law Enforcement Officers,” as defined by the Law Enforcement Officers Safety Act, are permitted, with a few exceptions, to carry concealed weapons throughout the United States, regardless of state or local laws.
Employing these individuals as security professionals can simplify an organization’s compliance efforts, as these individuals do not have to abide by jurisdiction-specific concealed carry restrictions but may still have to obtain a security license depending on where they are operating.
In addition to the legal requirements, an organization’s risk tolerance and culture should inform its relevant policies and protocols. While the need to implement or enhance executive protection has never been clearer, there are myriad issues an organization must consider, particularly for those operating in multiple states with executives who travel widely.
It is imperative for organizations to understand the legal requirements of executive protection, how they vary across jurisdictions, and the risks of non-compliance. These consequences include civil fines, reputational damage, and, potentially, criminal charges. Protecting an organization’s executives is of paramount importance. In doing so, decision-makers also need to ensure they are not adding risk to the company and its bottom line.
This article does not necessarily reflect the opinion of Bloomberg Industry Group, Inc., the publisher of Bloomberg Law and Bloomberg Tax, or its owners.
Author Information
Timothy Sini is partner in Nixon Peabody’s government investigations and white collar defense practice.
Ryan Maloney is an associate in Nixon Peabody’s complex disputes practice.
Write for Us: Author Guidelines
To contact the editors responsible for this story:
Learn more about Bloomberg Law or Log In to keep reading:
See Breaking News in Context
Bloomberg Law provides trusted coverage of current events enhanced with legal analysis.
Already a subscriber?
Log in to keep reading or access research tools and resources.