Over the last ten years, reports of child sexual abuse have doubled. It could be that there’s more sexual abuse, we’re finding more sexual abuse, or we’re getting worse at preventing sexual abuse.
The rise is likely caused by some combination of these three and other causes, but the data isn’t available to analyze this. Unlike the cause data, however, the data on how the consequences of not preventing sexual abuse have changed is available. The consequence changes are material; as noted below, some consequences are rising exponentially. For example, there was a recent jury award in New Mexico of $485,000,000 to an individual victim of recent sexual abuse.
If you work for a child or vulnerable adult-serving organization, not having a detailed analysis of what’s causing sexual abuse reports to rise will matter less to you than knowing you are twice as likely to have to deal with sexual abuse today than you were ten years ago. And, if sexual abuse happens, the consequences to you and your organization are now potentially extremely significant.
It’s risk management 101 that when risk causes or consequences change, risk management must adapt to address the changes, but that hasn’t happened with sexual abuse risk management. If you are like 95% of child-serving organizations, you use the “safe environment” to try to prevent sexual abuse. The “safe environment” is a rules-based approach to preventing sexual abuse first developed over twenty years ago. Whatever’s causing the rising reports, the safe environment rules haven’t been adapted to address them, and the safe environment wasn’t even designed to deal with consequences. And that hasn’t changed either.
The failure to adapt the safe environment makes no sense because, in the last twenty years, we’ve learned that there are far more effective ways to prevent, respond to, and mitigate the consequences of adverse events like sexual abuse (collectively, manage sexual abuse risk) than by using rules. For example, risk management best practices have been principles, not rules-based, for at least fifteen years.
Below, we outline the main reasons why a rules-based approach to managing sexual abuse risk cannot work, not least because the safe environment is self-evidently far too slow to adapt. We also outline the consequences for you and your organization.
We don’t discuss the consequences for children because they will depend on what’s causing the rise in report numbers. If there’s more sexual abuse or we’re getting worse at preventing it, the consequences are not good, but the opposite may be true if we are discovering more sexual abuse or discovering it earlier. In all cases, though, we need to get better at preventing sexual abuse because any amount is too much.
And that’s what this post is really about. We can’t reduce sexual abuse without adaptation and constant improvement. And we aren’t adapting and constantly improving if we’re still using an unchanged, more than twenty-year-old process.
If you work with children or vulnerable adults, we also outline how you can adopt risk management best practices. These will enable you to adapt and constantly improve not only how you protect children but also how you protect yourself and your organization.
Rules aren't appropriate for risk management.
Sexual abuse is a risk – whether you use a traditional definition (the possibility of an adverse event multiplied by its potential consequences) or the best practices definition (the effect of uncertainty on an organization’s objectives). Specific risk management tools have been developed for good reasons; to be managed well, risk must be managed in ways that acknowledge its nature. Yet we don’t use these tools for sexual abuse risk. Instead, we use rules.
Rules are helpful in the proper context. They are straightforward, easy-to-follow instructions, and you can check the boxes to confirm you have followed them with limited scope for misunderstanding. Rules are most often found in highly regulated sectors. They are also effective in environments with little change or variability. Rules aren’t ideal for risk because they can also be rigid, they make innovation difficult, and they adapt slowly to change. Also, though the content of an individual rule might be an essential ingredient of a risk management system, it doesn’t follow that a set of rules constitutes risk management.
Risk management best practice is based on principles. Principles are general guidelines based on shared values and integrity. They set a general direction but leave you to decide how to implement them. They enable flexibility to adapt to changing circumstances and the agility to innovate when necessary. It’s true that they can also be vague, requiring “comfort with the grey,” and using them requires much higher levels of judgment and discretion than rules. Principles are critical for risk management because they establish the ‘why’ and ‘how’ for people to engage with risk; managing any risk effectively without first engaging with isn’t possible.
Principles-based risk management is highly effective. Compared to organizations using traditional risk management, organizations using risk management best practice:
- have fewer adverse events like sexual abuse;
- their adverse events cost less;
- they pay less for debt and insurance;
- they are more highly valued and trusted, and
- they achieve their objectives more often.
The set of controls included in the safe environment rules form maybe 20% of the most basic form of traditional risk management and much less of risk management best practice.
Sexual abuse risk is fluid, varies significantly even between organizations in the same sector, can change rapidly, and its management requires constant adaptation and innovation to remain effective. These are the main reasons why sexual abuse risk needs to be managed using a principles-based approach. Organizations need general guidelines on how to use the best practices and to be free to decide how to implement them based on their sexual abuse risks. It’s the process of thinking through and making these decisions that ensures organizations engage with sexual abuse risk; engaging with risk is an absolute requirement for managing it successfully.
In a rules-based risk management approach, you engage with compliance, not risk.
Rules don't inspire trust because they don't meet stakeholder expectations
Being trusted with child safety is critical to every child and vulnerable adult-serving organization. If you consider the following as a parent, which of these two statements would lead you to trust an organization enough to let them care for your children?
- Our organization’s child safety objective is to ensure we always comply with the rules that cover child safety.
- Our organization’s child safety objective is to do everything possible to keep the children in our care as safe as possible.
Obviously, no organization will be quite so clear in expressing the first statement, and every organization will want to say the second because we all know “doing everything we can” sounds so much better than “we follow the rules.”
All other things being equal, most parents will discount an organization that just follows the rules. Instead, they will verify that the second, principles-based organization does what it says before trusting it.
Parents’ expectations and what makes them trust an organization are the same as yours and mine. We all expect every organization to do everything possible to keep children as safe as possible, and we trust the organizations that can prove they are doing that.
That means we trust organizations that use a principles-based approach.
Rules harm organizations and their ability to help children and vulnerable adults.
The main reason all the costs of failing to prevent sexual abuse are rising so fast is that people, particularly juries, are getting frustrated that children aren’t as safe as the rules are meant to make them, yet we persist with the same, deficient approach to protecting them. In the recent New Mexico trial noted above, statements after the award explained how angry the jury was that sexual abuse continues to happen and that the award was designed to send the message that reform is overdue.
It’s inevitable that the longer something keeps happening that infuriates people (sexual abuse reports have been rising steadily for at least ten years), the more pressure accumulates for reform. In the case of sexual abuse, the growing reform pressure takes several forms, including:
- extensions, suspensions, and eliminations of statutes of limitation for sexual abuse suits;
- far harsher public scorn for people and organizations perceived not to care enough to protect children well;
- increasing blame being directed at organizations like SafeSport that try to help other organizations prevent sexual abuse, though it’s the rules, not the organizations, that are the problem;
- the rapidly rising cost and falling availability and scope of sexual abuse insurance coverage; and
- exponentially rising civil legal liabilities – the New Mexico $485,000,000 award is a hitherto unthinkably high number.
So, even if organizations have, up to now, been understandably concerned with following the rules, just following the rules is becoming dangerous. It’s likely that rules-only organizations are less able to prevent sexual abuse, but there’s no doubt that following the rules alone doesn’t meet stakeholder expectations. This makes it much more difficult for rules-only organizations to protect themselves legally or protect their reputations if sexual abuse happens.
These rising costs (particularly of insurance) and risks have started to impair organizations’ ability to deliver the services children and vulnerable adults rely on. The same risks also apply to the people working for those organizations, and some are beginning to question if they should continue to work in a field that exposes them to so much risk.
Rules don't protect organizations or the people working for them.
The rules-based safe environment was designed to ensure organizations protect children. As such, it didn’t contemplate protecting the people or organizations caring for children in case prevention failed.
No prevention system is foolproof. So, not protecting the people and organizations caring for children was a significant, if deliberate, omission. The significance of the omission has been transformed by the rise in the consequences of not preventing sexual abuse.
One of the core justifications for a rules-based approach to sexual abuse prevention is that it ensures every child has at least minimum protection. Thinking in terms of sticks and carrots, however, rules are all stick and no carrot, and sticks only motivate to the extent people believe they will be wielded. However, compliance verification is rare, and there are limited if any, consequences for non-compliance. Further, sexual abuse is even rarer, so even with the increased consequences, the stick isn’t a significant motivator for some. While most people don’t need motivation to protect children, there are always outliers. We think this is why we still see sexual abuse insurance claims where prevention is poor or functionally non-existent.
On the other hand, a principles-based approach is almost all carrot. The better an organization tries to prevent sexual abuse, the better it and the people working for it are also protected from all the consequences. Insurance is also less expensive and more effective because prevention and defensibility, if prevention still fails, are more effective.
What Can You Do to Protect Children and Vulnerable Adults Better?
How Can you Help Yourself and Your Organization?
Organizations must follow rules, even when the rules don’t protect children well enough, are counterproductive for effective risk management, don’t meet stakeholder expectations, are dangerous for youth-serving organizations, and don’t protect the organizations or the people working for them.
To solve the problem of how to follow the rules and address all the rules’ deficiencies, the solution is to surround the rules with a principles-based sexual abuse risk management system.
After determining what your sexual abuse risk management principles will be (this can be as simple as “we will do everything we reasonably can to protect the children in our care…”), there are three steps you take to support such a principles-oriented solution.
- Because the safe environment controls are far from comprehensive, you explore all the ways the children and vulnerable adults in your care are potentially at risk of sexual abuse. Then, you verify you have controls addressing all the vulnerabilities, “doing everything you can” to fill the gaps in your rules-based protection.
- Next, you think about what you would say if a parent asked you, “How are you protecting my children from sexual abuse?” Parents don’t just want to hear that you have controls that address all potential vulnerabilities. They want to hear your principles and that you have systems in place to ensure your controls are effective so that you can deliver on your principles. Safe environment rules don’t require systems, so this may be new territory for you.
- Last, think about what you would ideally like to be able to produce if you or your organization were accused of not doing enough to prevent sexual abuse. How would you convince yourself and others, potentially including a jury, that although you weren’t able to prevent sexual abuse, you had lived up to your principles? It may be difficult to prevent sexual abuse, but it’s far more difficult to explain why you didn’t do enough to try to keep children and vulnerable adults safe.
Last, constantly improving sexual abuse prevention is critical. We won’t stop sexual abuse from rising until we get better at preventing it, and we won’t start reducing it until we get much better. Constantly improving child sexual abuse prevention is a data challenge. Collecting and analyzing the right data requires collaboration. A subsequent step might, therefore, be to ask whoever requires you and your peers to use the safe environment to collect and analyze your and your peers’ sexual abuse risk management performance data. After appropriate analysis, they should be able to provide you and your peers with the information you all need to maintain and constantly improve your principles-based child and vulnerable adult protection.
Please call, email, message, or text us to learn more about how we can help you with each of these steps and supplement your safe environment rules with principles-based sexual abuse risk management.