BOKRIM Thinking

Sexual Abuse and Misconduct (SAM) Risk: Three Reasons to Supplement a Compliance Approach

If you are using the most common approach to managing sexual abuse and misconduct (SAM) risk, you should consider changing what you are doing.   

The main cause of SAM risk is that a child or vulnerable adult is sexually abused.  The top three reasons to change how you manage SAM risk are to:

  1. Protect children better – the most common approach isn’t preventing rising incidents and reports of sexual abuse
  2. Start protecting yourself and your organization – the most common approach doesn’t protect you or your organization from the consequences of SAM
  3. Save time and money

All three possibilities apply if you are one of the 95% of organizations using the most common approach – the “Safes” approach – to managing SAM risk.

The “Safes” are the compliance-based approaches to managing SAM risk that require criminal background checks, training, one-to-one interaction rules, and mandatory reporting.  They are called the Safes because they are derived from the Catholic Safe Environment programs put together when the abuse crisis first broke twenty years ago and/or they are overseen by entities like SafeSport.  

To be clear, the Safes include important controls. The Safes contribute to child safety, and we are not suggesting their requirements should not be followed. 

So, by “change,” we mean “supplement”, mainly because the Safes are minimum standards, as most compliance standards are.  Each of the four controls has deficiencies, but they fall far short of risk management best practices even when combined.  

Is risk management best practice a fair reference point?  We think so because:

  • Children and vulnerable adults should be protected with nothing less than best practices, and risk management, not compliance, is the best practice for preventing the worst negative events. 
  • The scale and scope of SAM risk have become so significant that organizations need to use risk management best practices to manage it effectively.

Further, the Safes are:

  1. not enough on their own to protect children as well as most people want to protect children.  Child sexual abuse is rising and the Safes haven’t changed in twenty years, even though we now know much more about SAM and how to manage risk.  Can you think of anything else that hasn’t changed in the last twenty years?  
  2. designed to protect children, not the people and organizations trying to protect children.  If you are only using the Safes, you (individually and as an organization) have no protection from the rising (reputation, disruption, and financial) costs of SAM risk.  Each of these costs is exponentially higher now than they were ten years ago, and these rising costs are the main reason the insurance industry is withdrawing coverage for SAM.  
  3. more time-consuming and result in higher short and long-term costs than risk management best practices.  It is typically more difficult and time-consuming to perform a series of independent tasks (the Safes approach) than taking a systematic approach.  Risk management best practice is systematic.  The Safes typically cost more financially than best practices because of the lower insurance costs of organizations using best practices.  But the most damaging costs – reputation and disruption – are not covered by insurance and are much higher with the Safes than with best practices because the Safes don’t address either reputation or disruption.

The bottom line is that if you want to protect children as well as possible, and you want to do so systematically, and therefore easily and effectively, you must supplement the Safes.  Where the Safes really fall short, however, is in the absence of protection that robust risk management provides you and/or your organization, including for personally significant costs that are not covered by insurance.  

So, for most people we talk to, the decision isn’t whether to supplement the Safes but how to do so; which risk management practices to adopt, and how to implement them.

SAM risk management best practice is a system that includes:

  1. Understanding how much SAM risk you have, where it is concentrated, and who it impacts the most;
  2. Customizing your own SAM Risk Management System – which incorporates your compliance requirements – but mainly ensures you manage SAM risk as well as your resources will allow; and
  3. Managing SAM risk in a way that ensures you adapt to change and constantly improve the protection provided, as well as the efficiency and cost of your system.

The good news is that these SAM risk management best practices are attainable for any organization, regardless of size, sector, resources, or risk management experience.

Please contact us if you would like to learn more. 


Tim Jaggs, BOKRIM Founder


T: +1 (925) 450 6540

Leave a comment

Like this article?