Threat Assessment Teams and Their Value to Protective Intelligence for Executive Protection  

Protective operations haven’t changed much over the last two decades.  At its most basic level, you are paid to place yourself between your protectee and harm’s way.  Simply put, your job boils down to “prepare for the bad guy, see the bad guy, stop the bad guy.”  Some do it better than others, and while it seems simple, the numerous online video fails that reflect everything from “fists” to “eggs” being thrown at protectees would indicate it’s not.  Avoiding physical attacks is one of the many reasons we use every available intelligence resource in our proactive approach to protection.   

One significant change in the last 20 years has been the abundance and inclusion of protective intelligence (PI) resources for corporate EP teams.  PI in contemporary protective operations cannot be overstated. It is widely recognized that all protective operational coverage is fundamentally based on the “threat.” This fact underscores why every U.S. federal protective agency maintains a dedicated protective intelligence division to complete threat analysis, management, and assessment.  

Lacking the extensive resources available to government agencies, corporate EP teams must rely on internally developed intelligence resources and externally contracted intelligence vendors. This blend of protective threat intelligence is tailored to each company and team, reflecting their unique preferences, budgets, and needs.  Beyond available conventional intelligence tools, EP teams should also consider the use and integration of corporate Threat Assessment Teams (TATs).  As part of the continuity of business and crisis management planning for most corporations, TATs were developed specifically to address the potentially violent and adverse behaviors of employees.  This conduct negatively impacts business activities and is often directed at key stakeholders within the corporate leadership structure.      

Threat Assessment Teams 

In the last decade, TATs have become commonplace in most Fortune 500 companies.  Like many of the best practices used by corporate EP teams, TATs also incorporate best practices and recommendations from existing federal and public programs.  The U.S. Secret Service (USSS) is regarded as the leading authority in Threat Assessment management and best practices in the United States.  Through decades of experience, the agency has developed the Behavioral Threat Assessment Unit (BTAU) model, which is widely recognized for successfully supporting state and local law enforcement agencies in preventing targeted violence in public spaces and schools.  

This model is a valuable proactive and structured framework to identify, evaluate, and mitigate potential threats for sectors including law enforcement, corporations, religious organizations, and educational institutions.  Corporations have adapted this model within their own Threat Assessment Teams to identify and manage employee threat behaviors.  Key elements of the process and principles of the model that are applied to Threat Assessment Teams include: 

• Comprehensive Data Collection: Early intervention is at the core of the BTAU’s model in managing concerning behaviors, emphasizing a managed outcome to the behavior that does not result in violence or other unwanted behaviors.  The collection of comprehensive information about potential threats supports early intervention and includes:  
• Background Investigations: Collecting information about individuals who may pose a threat, including their personal history, past behavior, relationships, and any previous incidents of violence or criminal activity, is an important first step in the process.  While the government can store data forever, corporations are legally limited in their collection and storage of PII.  Always confer with legal counsel regarding the collection of personal information.   
• Behavioral Analysis: A TAT should initiate a behavioral Threat Assessment in response to any concerning behaviors. These behaviors include actions or communications by an individual that are troubling or inappropriate and indicate a potential for violence. The information-gathering process by the Threat Assessment Teams is intended to provide a comprehensive picture of the individual’s behavioral history and current life circumstances and enables the team to make an objective assessment of the potential for violence.  TATs should also closely examine specific behaviors and patterns that may indicate an increased risk of violence, such as stalking, harassment, or threatening communications.   

Multi-Disciplinary Approach 

The planning and team composition for Threat Assessment Teams should describe the roles and responsibilities of  Threat Assessment Teams as a whole, each team member, and any associated community partners involved in the behavioral Threat Assessment process. This process involves collaboration among various disciplines and agencies, including: 

• Interagency Cooperation: Working with local law enforcement, mental health professionals, social services, and other relevant external organizations to gather information and assess threats comprehensively. 
• Expert Input: The model encourages engaging professionals from diverse fields, including intelligence analysts, contracted or staff psychiatrists/psychologists, legal counsel, HR, IT, and corporate security teams to analyze threats from multiple perspectives.  Many corporations also routinely contract services with outside experts who specialize in Threat Assessment.  

Risk Assessment 

During the behavioral Threat Assessment process, the TAT should document all relevant information gathered.  Most corporations have internalized investigative processes, but regardless of how information is collected, the purpose is to make this information easily available for team members during the assessment.  There is also an emphasis on employing a systematic risk assessment process to evaluate the severity of identified threats including: 

• Identifying Risk Factors: Evaluating factors that contribute to the likelihood of violence, such as access to weapons, history of violence, and current emotional or psychological state.   
• Prioritizing Threats: Identifying and classifying threats based on their immediacy and potential impact, which helps in allocating resources and determining the appropriate response.  Teams should consider where the subject is on the Pathway to Violence (Calhoun and Weston 2003) or an analysis of past behaviors leading up to the current issue.  Threats may develop over time but are usually only introduced to the TAT when violence has occurred or is imminent.   

Behavioral Intervention 

Once the threat is assessed, the model emphasizes intervention strategies designed to mitigate the risk of potential violence. This can include: 

• Preventive Measures: Implementing measures to reduce risk, such as increased physical security, employee safety education, managerial monitoring, direct intervention, and medical referral for individuals exhibiting concerning behaviors. 
• Crisis Management: Developing plans to address potential crises, including immediate response strategies when a threat materializes. 

Ongoing Monitoring and Evaluation 

Threat Assessment is not usually a “one-and-done” process; it requires continuous monitoring and reassessment, including: 

• Follow-Up: Regularly reviewing and updating assessments based on new information or changes in an individual’s behavior or circumstances.  It’s not uncommon for some cases to last years based on reoccurring or seasonal behavior patterns.   
• Feedback: Creating mechanisms for feedback and communication among involved managers and supporting agencies to ensure that emerging threats are identified and addressed promptly. 

Training and Awareness 

The U.S. Secret Service also places a strong emphasis on training analysts and agents in Threat Assessment techniques, including: 

• Awareness Programs: Educating personnel on recognizing warning signs of potential violence and effective Threat Assessment strategies.   
• The Association of Threat Assessment Professionals conducts bi-annual training conferences to provide industry-leading training and development for its membership.  This training, combined with core educational programs, enables practitioners to proactively share essential insights through case management and studies. 
• Community Engagement: Encouraging employee involvement and awareness to report concerning behaviors, fostering a collaborative approach to Threat Assessment.   

Documentation and Reporting 

Centralized case administration ensures standardization in initiating cases, gathering information, and managing cases over time.  The model also emphasizes the importance of thorough documentation of all steps in the Threat Assessment process including: 

• Record-Keeping: As mentioned, maintaining detailed records of assessments, interventions, and outcomes to inform future practices and improve the overall Threat Assessment framework.  Record keeping should be historical to provide the best available picture of behavior over time.   
• Reporting Mechanisms: Threat Assessment Teams must establish secure reporting mechanisms to receive reports of concerning behavior from the public.   The TAT evaluates cases for imminent threats to life or safety and responds accordingly.  Establishing clear channels for reporting threats and sharing information among stakeholders is key to enhancing situational awareness and response capabilities.  Companies can promote anonymous reporting through online web portals, dedicated email addresses, and tiplines.   

When evaluating threats, Threat Assessment teams must consider the “totality of the circumstances” regarding the communicated or implied threat, the individual making the threat, and the circumstances surrounding the threat. Teams use the TAT model for evaluation but require timely notification and response to address threats as efficiently and accurately as possible.  In a very short period, TATs must determine how potentially serious a threat scenario may be. Teams must also carefully balance the implementation of proactive safety measures and responses while avoiding overreaction through biases to the problem.  In most cases, a TAT does not have all the information it would like before making a decision but adjusts responses as more information is developed.     

One method to overcome this information vacuum is to interview the subject of interest.  While there are many methods for completing subject interviews, an established industry best practice is the use of the WAVR-21 interview method (Stephen G. White, Ph.D. and J. Reid Meloy, Ph.D.).  This interviewing method is a 21-item coded interviewing instrument for the assessment of workplace violence.  While WAVR-21 is a good baseline for conducting interviews, the TAT should consider other factors that may contribute to the likelihood of targeted violence.   

Contributing Factors to Targeted Violence 

While there are numerous models for the attack cycle, there is no exact science as to the probability of an attack.  There are too many variables that exist to predict all human behavior accurately.  TATs examine and carefully consider influencing factors that have statistically contributed to known incidents of targeted violence, including: 

Context Themes in Threat Assessment 

• Stressors: 49% of mass shooting subjects had problematic financial issues before their attack (Source: FBI).  Various stressors in an individual’s life can contribute to heightened risk factors, including work pressures, financial difficulties, relationship problems, and significant life changes. Understanding these stressors is important in assessing an individual’s potential for violent behavior or other harmful actions.  Practitioners should evaluate the life circumstances of the subject with Maslow’s Hierarchy of Needs to identify key social deficiencies that may contribute to a violent act.      
• Home Life: An individual’s home environment has a significant impact on their overall well-being. A chaotic or abusive home life can exacerbate existing mental health issues and lead to maladaptive behaviors. Assessing the dynamics of a person’s home life is essential for understanding their behavior and potential risks.   
• Mental Health Issues: 62% of mass shooting subjects exhibited or were diagnosed with mental health issues (Source: FBI).  I would argue that anyone who participates in a mass shooting is mentally ill. Still, mental health concerns, such as depression, anxiety, or personality disorders, can significantly influence an individual’s behavior.  A history of untreated or poorly managed mental health issues may increase vulnerability to engaging in violence or other harmful behaviors. While mental health issues may have historical roots, they can also develop rapidly without warning and progress quickly if not recognized early.   Teams who conduct interviews with employees who are exhibiting mental health issues should be extremely cautious and should always have significant training and experience.    
• Criminal History: The best indicator of future behavior is past behavior.  An individual’s past criminal behavior, particularly related to violence, serves as a critical indicator of future risk. Understanding the nature and context of any criminal history can provide valuable insights into potential threats. 
• Interpersonal Difficulties: Challenges in relationships with family, friends, or colleagues can lead to frustration and isolation. Individuals struggling with interpersonal difficulties may be more prone to express aggression or engage in harmful behaviors.   
• Lack of Consequences: A history of negative behaviors that have gone unpunished can reinforce future negative actions. When individuals do not face the consequences of their actions, they may feel emboldened to escalate their behavior, leading to increased risks of violence or destructive behavior. 

Behavioral Themes in Threat Assessment 

• Substance Abuse: The misuse of drugs or alcohol can impair judgment, increase impulsivity, and exacerbate underlying mental health issues, significantly increasing the risk of violent behavior. 
• Domestic Violence: National statistics indicate one-third of workplace violence incidents begin as domestic violence incidents.   42% of women murdered in the workplace are killed by a domestic partner or spouse (Source: FBI).  41% of attackers had a history of domestic violence (Source: USSS).   16% of active shooters were motivated in whole or in part by a grievance related to domestic violence (Source: U.S. Secret Service Threat Assessment Center).  Patterns of domestic violence can indicate broader issues of control, aggression, and instability in a person’s life, and individuals with a history of domestic violence can always pose a threat to others. 
• Aggression, Violence, and Abuse: Observable patterns of aggressive behavior, whether verbal or physical, can serve as significant warning signs. Understanding the context and frequency of such behaviors is critical in risk assessments. 
• Inconsistency: Erratic behavior or inconsistent responses to stressors can suggest instability. Individuals who exhibit unpredictable behavior may pose a higher risk to themselves and others. 
• Interpersonal Difficulties: Persistent issues in relationships can lead to feelings of frustration and isolation, increasing the likelihood of aggressive or violent responses. 52% of attackers reported experiencing feelings of humiliation, and 69% of mass shooting subjects experienced a “humiliating interpersonal event” (Source: FBI). 
• Interest in Violence and Weapons: A fascination with weapons or violent behavior can indicate potential risk. This interest, particularly when coupled with other concerning behaviors, should always be taken seriously. 
• Concerning Communications: Threatening or alarming communications, whether verbal or written, can serve as red flags. It is essential to analyze the content, context, and frequency of such communications to assess risk. 
• Stalking, Harassing, and Bullying: Patterns of stalking or harassment can indicate an individual’s inability to respect boundaries and can escalate into more severe forms of violence. 
• Extreme Beliefs: Ideologies that promote violence or intolerance can influence behavior. Individuals with extreme beliefs may justify harmful actions against others.   
• Desperation and Despair: Feelings of hopelessness or desperation can drive individuals to engage in extreme behaviors, including violence, as a perceived means of escape or expression. 
• Isolation: In nearly every case of targeted violence recorded in the United States, the attacker indicated they feared social isolation (Source: FBI).  Social isolation can exacerbate mental health issues and increase vulnerability to engaging in harmful behaviors. Individuals who feel disconnected from others may resort to violence as a means of personal expression. 
• Planning and Final Acts: On average, active shootings by former employees occur within a two-week window following their termination.  Evidence of premeditated planning for harmful actions, such as detailed notes or purchases of weapons, is a critical indicator of potential violence. These occurrences are often reported by concerned family members.  Recognizing signs of planning can facilitate early intervention and prevention of targeted violence.   

Summative Themes in Threat Assessment 

• Motive: Understanding the underlying motives for potential violence is essential in the TAT process. Motives can range from revenge and anger to ideological beliefs or a desire for attention. 
• Elicits the Concerns of Others: When someone’s behavior change is recognized and communicated by those closest to them, it should not be dismissed and should raise alarms.  Individuals who elicit concern from peers, family, or colleagues often exhibit behaviors or statements that indicate the potential for violence.  These concerns should be taken seriously and investigated immediately.   
• Access to Weapons: Access to firearms or other weapons significantly increases the potential for violence.  This issue often comes under scrutiny in the United States; however, if firearms are not available, other weapons are used by attackers.  The use of knives in targeted attacks is regularly seen in the United Kingdom, where firearms are limited.  Assessing an individual’s access to weapons is a critical component in evaluating the risk of harm. 

Conclusion 

Being an Executive Protection Professional requires attention to both physical and communicated threats.  While physical threats can often be avoided using time and distance, other risks require collective intelligence analysis to manage developing threats.  Using the Threat Assessment Team model with the managed analysis of behavior between context, behavioral, and summative themes provides a comprehensive framework for addressing and understanding potential hazards.      

By recognizing stressors, behavioral patterns, and underlying motives, Threat Assessment Teams can better assess threats and implement appropriate interventions for preventing targeted violence while ensuring the safety of protectees, communities, and workplaces.  EP teams should integrate this valuable resource into their protective operational intelligence to mitigate identified threat behaviors directed toward executives and other employees.   

About the Author: Kevin Dye is a retired U.S. Secret Service supervisor with over 30 years of executive protection and supervisory protective operations, including assignments on the prestigious U.S. Presidential Protective Division during two Presidential administrations.  He is currently Senior Manager of Executive Protection with the Procter and Gamble Company, providing protective operational coverage in over 180 countries worldwide.