Hi, Michael. Can you please share with us a bit about your background?
Yes, I came originally from the UK, from a police background. The Metropolitan Police in London and then the Royal Hong Kong Police. So I did 13 years in the police service, most of those in detective duties, so crime and investigation. I was the head of CID at HK airport, then later I specialised in commercial crime and fraud. I was with the Commercial Crime Bureau, which is like the HK fraud squad.
Once I left the police in 1997, on the day of the handover to China, I then went into risk management consultancy, originally in the UK, in London. Later I also worked in Malaysia and Singapore, for about 20 years. So I have headed a number of risk management groups in regional and global roles. I was the head of Control Risk for 7 years, so, I headed their operations in South Asia and Southeast Asia, so I ran the offices in Singapore, Jakarta, Mumbai, and investigative work in the Philippines. I then set up my own group which was Risk Asia, and later became Risk Worldwide for 8 years. Then, I sold that group to Red24 which was a listed company on the London stock exchange. And since that, I’ve been in other risk management roles.
So what made you set up Risk Group in 2011?
Originally it was actually after Control Risk – that was 2007 – actually when I set it up, I was the only person in it, it was a start-up, under the umbrella of another group which was in existence called Risk Group. And I really wanted to, like I think everybody has a lock that they want to try on their own one day, to see what they can do on their own, so that’s how it started.
After 4 years as Risk Asia it sort of became a bigger business, and I was doing work worldwide. So clients were then putting some pressure on to say ‘well, its not just Asia’. I was doing stuff in Africa, and South America, that’s when I changed it to Risk Worldwide. In total I ran that group for 8 years, then I sold it to Red24 which was a listed company on the London stock exchange but doing the same type of work.
And with the worldwide pandemic situation today, what are the main security challenges now, for professionals? In your opinion.
I think one of the biggest problems, definitely for risk management and consultancy groups, and for multinationals generally, is that people cant travel. Within that category, you’ve also got people that cant respond. So operationally, its no longer possible to send people from and to other places. The critical factors then become: How strong are your local networks? Are you able to respond in each country? Are you able to respond with the same degree of professionalism?
So: If you’ve got an issue in Cambodia, you’re not going to be able to send people to Cambodia, so who do you know on the ground that’s reliable? And obviously the other side of that is that you’ve got duty of care to people. You can’t send people to dangerous places or get them to break the rules or potentially infect them. In the old days, the big groups were able to send people from a regional hub like London or New York or Hong Kong, and now you cant. So it really depends on how good your network is, and how reliable it is.
Also: Within that, the sort of admin side of it. You have to also make sure that they have contracts in place, that you have confidentiality agreements in place. Because if you’re going to give it to another provider they’re not going to operate with the same level of professionalism, and you put clients at risk. So there could be some contractual issues around it as well.
I think another really important thing about the pandemic is that even if some countries are managing it quite well, like Singapore, New Zealand as examples, Australia outside of Victoria. The problems is that the rest of the world is not in the same situation. Therefore, although its crucial to open borders, the problem is you cant let it back in again, because then you’ll have another spike. So, even though in a place like Singapore the actual situation on the ground is pretty good, there are very few cases in the community, as soon as you open borders up and send someone to Indonesia, Malaysia, or the Philippines, then obviously the risks are still there. To some extent there is pressure to open but at the same time, you cant let it back again otherwise you’ll have to impose another lockdown.
What are your views/comments on the current situation in France and Austria, in light of the recent terrorist attacks?
Obviously in the French case you have two terrorist attacks there within a short period of time. Obviously you have the Samuel Paty case, the history teacher who was beheaded. That was only in October and now, you have the Notre Dame Basilica in Nice, stabbings there. On the Austrian side, you have a very low risk target, obviously people think of Vienna as a very safe city. There are similarities between the cases, but the main difference is the backdrop.
In France you’ve got the highest Muslim population in Europe, you’ve got a whole history of recent terrorist events, and going back to 2015, you have the Charlie Hebdo issue with cartoons of the Prophet Muhammad. Under Islam, you are not allowed to make any images of Muhammad, or God, so this is a very sensitive subject. The sensitivity at the moment are the trials ongoing for the Charlie Hebdo case, where 12 people were killed at these offices in Paris. And then, obviously you have President Macron coming out making some statements that upset the rest of the world. Plus on top of that, you have quite a militant population within France, willing to carry out attacks.
The worrying thing about the school case was that it showed how easily someone can be targeted. You do have to look into the history teacher case and say, ‘Was that sensible to do something so provocative during the trial of the Charlie Hebdo incident’? You have to question the sense and sensibility of actually doing that. But anyway, the way they did it was to pay some of the students 300 Euros each, two students, to identify him. They waited for him for two hours, and they actually identified him. They said they would just smack him, and didn’t say anything about beheading. But this really shows that anybody can be targeted. And I think that that was a real shock, it was just a history teacher, being beheaded outside his own school.
I think Nice, the Notre Dame Basilica case, shows that nobody is safe. Really, all 3 attacks show that it can happen any time, place, anywhere. However again, people like the woman in that case, she was 60 years old and she was nearly beheaded. And the man, about 56, he had his throat cut. And again, in all the cases, all 3, they were very young people being radicalised early. Don’t forget, when they go into these attacks, they know that they wont be coming back as the chances of them being shot, injured, or arrested are extremely high. They are radicalised enough to give up everything they’ve got.
I think in that case, the attacker was 18. So, 17, 18, and 20, the 3 attackers in the 3 cases.
The Austria case is different because it was in Vienna. That’s a ‘safe’ environment, people would consider it to be safe, but there were lots of mistakes made in intelligence around this guy. Lots of mistakes made in the way the attacker was treated there because he was 20 years old, and had already been earmarked after basically being convicted for terrorism associations. He was actually meant to be sent to prison in April 2019 for 22 months, but they released him by the end of the year, roughly 8 months later. So they already knew that he was radical.
Then – and this is where the sort of breakdown in intelligence happened – later, in July 2020 he went to Slovakia and tried to buy ammunition for AK47s. He was not able to do so because he didn’t have a license. So Slovakian authorities informed Austrian authorities that he had done that, but nobody followed up on the information. And when he was originally imprisoned, that was for basically trying to join IS forces in Syria. He was arrested in Turkey and brought back, then you know, he was given the 22 month sentence and they only made him do 8 months of that.
So you’ve got someone that had been radicalised in sort of an extreme mosque in Vienna. He has tried to go to join ISIS in Syria. He was imprisoned for it, he has already been known for terrorism association. All the warning flags were there, and this guy was only 20 years old. And ultimately, by not following up on the intelligence from Slovakian authorities, the fact that he was trying to buy ammunition for an AK47, which is a traditional weapon used in some of these terrorist attacks… the warning signs were there.
So I think what it shows though, is that in each of the cases, lone attackers were all very young, all radicalised, difficult to stop, difficult to predict. But in terms of the Austrian attack that was sort of following a sort of scorch and burn tactics which was the first in recent times. Started with the Mumbai attacks, then the 7/7 attacks in London.
We’re talking multiple sites, multiple targets, and effectively police are used to responding to single events. When you have multiple events, like in Austria, 6 different sites, they weren’t able to tell what was misinformation coming from the public. They actually thought it was 2 or 3 attackers, and it was only after looking through thousands of hours of CCTV that they realised it was only one attacker, with one automatic weapon, one pistol, and one knife. But, it took days for them to do that because there’s so much chaos, gunfire going off, and people don’t know.
Ultimately it is this scorch and burn tactic of multiple sites, quick moving, and then the police find it difficult to respond to more than one site. So they all just put a ring around it, they will cordon, and then obviously it’ll take time for it to be safe enough for them to go in and investigate. And during that time, if somebody has an automatic weapon, he can cause a lot of damage. In that case kill 4 people, 23 people injured.
The CTCB extends our gratitude to Mr. Michael Haughey for his review of events and feedback. It was great having his input on the current challenges in risk management and urban security.