Access denied? Managing security risks for development in fragile states

Imagine working on a large infrastructure project in a highly fragile setting. As you read the news about clashes between armed groups, communities, and defense forces, you begin to worry: How will growing insecurity impact the project outcomes? Could the poorest and most vulnerable people suffer serious harm? And how will you know what is truly going on if you cannot visit your work site? 

These tough questions are becoming increasingly common among development specialists in countries impacted by fragility and conflict.  Take Burkina Faso, Mali, and Niger: just this year, nearly 900 violent incidents resulting in 3,800 deaths have been recorded, many in the tri-border area of Liptako-Gourma. In such volatile settings, standard implementation support methods will almost certainly fall short. Not surprisingly, the World Bank Group’s recently released Strategy for Fragility, Conflict, and Violence (FCV)  calls for operations to factor in security issues into all phases of an operation . 

Faced with this challenge, the World Bank’s social development team in West Africa is piloting a new tool: operational security risk assessments (SRAs). Operational SRAs help project teams and decision-makers  think in a structured way about security threats, vulnerabilities, and risks – and their impact on project development objectives and sustainability. They also provide a playbook for implementation support and adaptative risk management in complex situations. We look at how three key features of operational SRAs support projects in high-risk environments.  

1. Granularity: Mapping security actors, incidents, and project risks 

Country-wide conflict assessments or systematic country diagnostics are  the World Bank’s traditional starting point for understanding the links between the root causes of FCV and poverty. But while such detailed analyses explain why violence has occurred, they usually say little about how security actors operate in places where development projects will be implemented.    

Moreover, these analyses tend to be generally retrospective: they seek to explain the present by understanding the past, rather than explore specific risk scenarios for the future. By contrast, an operational SRA aims to understand how security risks can manifest today, but also across the project timeline. 

Deploying open-source intelligence analysis and social risk due diligence, the SRA seeks to grasp the interplay between competing security actors in a specific territory, the resulting security incidents, and the likely impacts on project implementation. For example, the Sahel is a site of active conflict between violent extremist groups, community self-defense militias, and a plethora of security forces. A project SRA explores questions such as:  Where do these actors operate, and how? How do they relate to local communities? What do we know about their motivations and interests? Could battles or attacks against civilians threaten project beneficiaries, assets, and activities? Are women, refugees, or displaced persons likely to suffer more? 

These questions will almost never have simple “yes/no” answers. But if the ongoing COVID-19 pandemic has taught us anything, it is that a rich imagination can save lives by helping decision makers prepare for the worst outcomes. The same goes for security risk management in FCV settings. Data may be scarce or inconclusive, but good sources still exist to help us make good-enough judgments about what can go wrong.  They range from threat assessments shared by UN peacekeepers, to insights gathered in consultations with NGOs or faith-based groups. Technology can also help, with crisis mapping platforms such as ACLED providing sufficient data to get a sense of the baseline levels of insecurity:
 

 
Source: ACLED

Project criticality: Defining acceptable levels of risk 

In all countries, aid agencies make explicit and implicit calculations about the risks worth taking to help the poor. In fragile and conflict settings though, violence complicates the trade-offs between greater exposure to security risks and expected development gains from a given project . As a result, defining  acceptable risk thresholds – also known as project criticality – has important implications for success. First, because it can help keep project costs under control. Project criticality can influence decisions on hiring expensive third-party monitors to report on progress in violence hotspots. Second, project criticality can help prepare emergency standard operating procedures, such as temporary or permanent suspension of activities. This is a fascinating conversation that often leads to a more profound understanding of risk tolerance, and the implicit assumptions under which we operate. 

2. Bring security issues into country dialogue

In the final analysis, governments are ultimately responsible for the safety of their citizens. But for development projects to do no harm, security risks should become a topic of country engagement. According to its Environmental and Social Framework, the World Bank must now incorporate the reality of threats to human security as part of project due diligence. Furthermore, the Environmental and Social Standards (especially ESS4) require governments to produce their own security risk assessments, as well as accompanying security risk management plans. These cover issues such as protecting project beneficiaries, vetting security personnel, and ensuring quick incident reporting. An operational SRA can help drive country dialogue on these crucial aspects related to community safety.  

Operational security risk assessments can put bad news about insecurity to good use. They bring a new level of granularity to projects, helping teams and decision-makers navigate high-risk settings.  They can also bring security issues to the forefront of country dialogue. In so doing, they ensure that the safety of the poor and vulnerable remains at the heart of development.