12 FAM 420


(CT:DS-333;   06-24-2020)
(Office of Origin:  DS/IP)


(CT:DS-319;   05-13-2019)

a. Regional security officers (RSOs) report to the chief of mission (COM) or the principal officer (PO) at Foreign Service posts regarding the implementation of Department security policies and programs abroad, as established by the post’s Emergency Action Committee (EAC).

b. The RSO or post security officer (PSO) and their staff are subject to the direction of the COM and, where relevant, the PO in countries assigned, or where they are present on temporary duty (TDY).

c.  The deputy chief of mission (DCM) is the direct supervisor and designated rating officer for the senior RSO at post.  The COM is the designated reviewing officer for the senior RSO.  RSOs rate their immediate subordinates and the DCM serves as the reviewing official.  At constituent posts, RSOs report directly to and are rated by the PO.  The senior RSO in country is the reviewing officer (see 3 FAH-1 H-2813.3).

d. When reporting information to Diplomatic Security (DS) headquarters while posted overseas, RSOs report to the principal deputy assistant secretary for Diplomatic Security and director of the Diplomatic Security Service (DS/DSS) through the International Programs Directorate (DS/IP) or the High Threat Programs Directorate (DS/HTP), as assigned.


12 FAM 422.1  General

(CT:DS-319;   05-13-2019)

a. The RSO is a member of the U.S. Foreign Service and a Diplomatic Security service special agent serving abroad at an embassy or consulate, or to U.S. Mission Geneva or one of the other international organization posts.  RSOs are responsible for implementing and managing the Department’s security and law enforcement programs, other than law enforcement responsibilities under the authority of the Office of Inspector General (see 1 FAM 050), for a geographic region that includes at least one Foreign Service post.  The RSO is also responsible for implementing post security policies and programs, as ratified by the EAC.  An RSO is resident at a particular post and may have constituent posts within his or her region for which he or she is responsible.  PSOs are U.S. Foreign Service personnel whom the COM or PO designates to manage security programs at posts that do not have a resident RSO; or at posts with only one RSO who departs post temporarily, during which time responsibility is delegated to a PSO (see 12 FAM 423.5).  RSOs or PSOs are responsible for overseeing the day-to-day management of security programs at their resident and constituent posts.

b. The RSO’s responsibilities and duties are enumerated in 12 FAM 422.2 through 12 FAM 422.5.  In accordance with 2 FAM 110, the COM may reassign some specific elements to other post personnel.  If a COM changes an RSO’s duties, the RSO must notify his/her respective Office of regional directors (DS/IP/RD or DS/HTP/RD).

12 FAM 422.2  Security Directives

(CT:DS-319;   05-13-2019)

a. RSOs and PSOs must provide briefings on specific security regulations, procedures, and techniques to all personnel at post, to include third party contractors, family members, interns, or others as appropriate, falling under COM security responsibility, in order to maintain a high level of employee security awareness.  See 12 FAM 424 for types of security briefings.

b. RSOs and PSOs issue, with the approval of the COM, security directives (signed by the current COM or PO) that give detailed written instructions and/or reminders of security policies and procedures.  Required security directives include:

(1)  Access control policy;

(2)  Mission firearms policy;

(3)  Travel policy;

(4)  Transportation security (may be combined with travel policy);

(5)  Post emergency notification system (PENS) and other emergency preparedness information;

(6)  Post policies for handling and securing classified information, and post's Security Incident Program;

(7)  Walk-ins/asylum seekers;

(8)  Contact reporting policy;

(9)  Residential security policy; and

(10) Personnel recovery policy

    NOTE:  Security directives do not take the place of security notices routinely issued by the RSO or PSO and post management to address post-specific non-policy issues, such as regularly scheduled radio checks, street closings and traffic patterns, or temporary changes to access control procedures.  In coordination with post management and the consular section, RSOs assist in the preparation of security messages (see 7 FAM 050).  7 FAM 050 should not be interpreted to limit or otherwise hinder the RSO’s ability to perform the duties and responsibilities described in 12 FAM 420.

c.  Security directives that include prohibitions or required actions should describe the prohibited or required activity and the consequences of a violation (e.g., severe disciplinary action up to and including removal from the post).  See 3 FAM 4377, List of Disciplinary Offenses and Penalties, which identifies the offense of “violations of other security regulations, guidelines, or instructions” and penalties ranging from “a letter of reprimand to removal.”  Post security directives must include the consequences of violating the mandatory post security policy as they relate to 3 FAM 4377.

d. Security directives should highlight the responsibility of all supervisors to ensure full compliance.  As established in 3 FAM 4127, Personal Security Practices, supervisors and managers should ensure employees have access to useful information, Department policies, and guidance concerning their personal security responsibilities.  They must ensure they do not impose working conditions such as strict adherence to arrival and departure times that keep employees from maximizing their personal security responsibilities.

e. Security directives must instruct all members of the mission to report any known or suspected violations to the RSO or appropriate supervisor.  Post briefs all current personnel at post, to include third party contractors, family members, interns, or others as appropriate, falling under COM security responsibility, concerning their obligation to report any known or suspected violations of post security directives to the RSO, their supervisors, the DCM, or the COM.  The RSO or PSO includes this statement in his/her briefings for all incoming personnel.  Both current employees and incoming personnel must acknowledge in writing they have been briefed on their responsibility to report violations of post security directives.

f.  Security directives should outline a procedure for seeking exception to the directive.  The employee must request, in writing, the written approval of the COM for any exception to mandatory post security directives.

g. Security directives must remind all mission personnel of their personal security responsibility for their own and others' security.  Post must ensure all personnel are briefed and provided a personal security Self-Assessment Checklist.

h. Security directives must be made available to personnel under COM security responsibility both through distribution at the time of publication and by placing them on the post’s intranet site on OpenNet.

i.  Security directives must be signed by the COM/PO.  Security directives signed by previous COM/POs remain in effect until the new COM/PO rescinds, replaces, or modifies the directive.

12 FAM 422.3  Reporting Security Incidents

(CT:DS-319;   05-13-2019)

a. DS personnel and others with security responsibilities must immediately report all incidents such as threats and attacks, actual or possible demonstrations affecting U.S. interests, planned or actual kidnappings of U.S. Government personnel or other issues affecting the security of the U.S. mission, to DS/IP or DS/HTP, as assigned, and to the DS Command Center (PSOs should report to the relevant RSO).  In an emergency, RSOs and PSOs should notify the DS Command Center by telephone or email first; the DS Command Center will then notify DS/IP or DS/HTP and DS Senior Leadership on behalf of the RSO or PSO.  In such emergencies, the DS Command Center serves as a central point for receiving and disseminating information during the crisis.  After emergency telephonic or email notification to the DS Command Center, or when the situation does not warrant immediate telephonic or email notification, the DS Spot Report system is the most appropriate means for reporting preliminary information.

b. Security incidents involving the possible or actual compromise of classified information (see 12 FAM 550 and 12 FAM 590) must be reported within 24 hours of discovery to the Program Applications Division (DS/IS/APD).  Reporting a possible or actual compromise of classified information must be submitted directly via the Investigative Management System (IMS).

(1)  Upload form OF-117, Notice of Security Incident, as it is received or initiated, and form OF-118, Record of Incident, in IMS as soon as it is fully processed by DS/IS/APD.  The RSO or PSO must inform DS/IS/APD if the form OF-118 completion date is expected to occur more than 30 days from the date of the incident (12 FAM 553); and

(2)  Cable reporting is not acceptable.  RSOs should retain the original forms at post as an OIG-inspectable item for three years.  Do not forward hardcopy documents via diplomatic pouch to DS/IS/APD.

c.  All reports must be submitted via IMS.  Refer to the DS/IS/APD Web site for detailed instructions regarding processing security incidents.

12 FAM 422.4  DS and DSX Channels—General Guidance

(CT:DS-319;   05-13-2019)

a. DS channel-captioned messages provide control over communications between DS and the RSO on highly sensitive security matters and must be used only for this purpose.  The strictest need-to-know principle applies to such communications.  The need-to-know principle does not relieve the security officer of the obligation to keep the COM or other responsible officers informed on matters of official interest, relating to personnel or operations of any post, under the authority of the COM.  The COM must be kept fully and currently informed with respect to all activities and operations of the U.S. Government within the country.  Since cable distribution is appropriately restricted to specified DS personnel, sharing such information with the COM should, when possible, be personally conveyed to preclude disclosure to others (see 5 FAH-2 H-443).

b. The DS channel is used for cables between the RSO and DS headquarters concerning:

(1)  Criminal investigations involving U.S. citizens or foreign nationals who are not U.S. Government employees;

(2)  Special protective equipment; and

(3)  Other sensitive subjects the drafter deems should be restricted to DS personnel at posts or within the Department.

c.  RSOs or PSOs must ensure Information Programs Center (IPC) distribution is in accordance with 5 FAH-2 H-443.  The Executive Director for Diplomatic Security (DS/EX) authorizes access to DS channel message traffic at the DS headquarters level.  This caption may only be used laterally in the field.  ASEC is the only TAGS used on DS channel message traffic.

d. The channel for DS very sensitive information (DSX) is used for cables between RSOs and DS headquarters concerning:

(1)  Criminal and special investigations involving U.S. citizens, U.S. Government employees, or DS staff members (including contractors);

(2)  Counterintelligence investigations;

(3)  Adverse personnel security actions;

(4)  Investigations concerning spousal or child abuse;

(5)  Confidential sources;

(6)  Undercover operations; and

(7)  Other sensitive subjects the drafter deems highly restricted.

e. RSOs must ensure IPC distribution is in accordance with 5 FAH-2 H-443.  The domestic operations directorate authorizes access to DSX channel message traffic.  This caption may be used laterally in the field.  ASEC are the only TAGS used on DSX message traffic:

(1)  Overseas:  DSX channel access is limited to the RSO, one special agent back-up (deputy regional security officers (DRSO) or senior assistant regional security officers (ARSO) and the assistant RSO-investigators (ARSO-I), where posted.  Access overseas is limited to DS special agents.

(2)  Domestically:  Access and distribution are limited to supervisory personnel in DS investigative offices and the DS Deputy Assistant Secretaries for International Programs (DS/IP, DS/HTP, and the Directorate for Threat Investigations and Analysis (DS/TIA), and limited numbers of other personnel, as approved by the DSS director or DS/DO Deputy Assistant Secretary.

(3)  More information on DSX channel, uses, and access can be found at 5 FAH-2 H-443.

12 FAM 422.5  Other Responsibilities and Duties

(CT:DS-319;   05-13-2019)

a. The RSO’s other responsibilities and duties include, but are not limited to:

(1)  Serving as the focal point at the post for programs to protect U.S. classified and sensitive information, facilities, and personnel from terrorism, weapons of mass destruction, hostile foreign intelligence activity, and criminal acts;

(2)  Monitoring and inspecting the security programs at constituent embassies, missions or consulates, and providing comprehensive training and planning guidance to RSOs and PSOs at these posts through periodic visits and exchanges of correspondence; and

(3)  Managing the regional security office, including the supervision of any assigned personnel including, but not limited to:

·         DRSO;

·         ARSO;

·         DS special agents or other personnel TDY to the RSO;

·         ARSO-I;

·         Security engineering officers (SEO) at an Engineering Services Office;

·         Security technical specialists (STS) at a Technical Security Office;

    NOTE: SEO, STS and staff at an Engineering Services Center (ESC) are supervised by the responsible SEO in charge of the ESC, not the RSO

·         Security protective specialists (SPS);

·         MSGs (see 12 FAM 430);

·         U.S. Navy Seabees;

·         Foreign Service national investigators (FSNIs) (see 12 FAM 423.7);

·         Local Guard Forces (LGFs) under a personal services agreement (PSA) (see 12 FAM 460 and 12 FAH-7);

·         Bodyguards;

·         Office management specialists (OMS);

·         Surveillance detection specialists;

·         Alarm technicians;

·         Residential security coordinators; and

·         Contract background investigators

(4)  Maintaining official liaison with host-country, third-country, and U.S. intelligence, security, and law enforcement organizations to conduct exchanges of current terrorist, counterintelligence, and criminal investigative data, and coordinate post defensive security programs and planning;

(5)  Interpreting and reporting information of security significance developed through host-country liaison activity;

(6)  Serving as a member of the embassy EAC, other pertinent committees, and the country team, providing security insight to other members based upon information received through foreign liaison and specialized knowledge of security policies or programs;

(7)  Establishing and managing, where required, a special security program for the personal protection of the COM and other U.S. officials targeted by terrorist groups, closely monitoring all available intelligence to determine the need for changes in operational protective tactics and techniques;

(8)  Arranging and providing protective security coverage, host-country security liaison, and other services for U.S. VIP visits and conferences within the region;

(9)  Developing, as the COM or PO may direct, the security portion of post's Emergency Action Plan (EAP) to address security issues including terrorist attacks, weapons of mass destruction, internal defense, riots, coups and demonstrations;

(10) As the COM or PO may direct, reporting emergency preparedness training and drills, and promoting knowledge of post's EAP;

(11) Continually assessing the vulnerability of resident and constituent posts to terrorism and hostile foreign intelligence information-gathering activities, and adjusting post's defensive counterintelligence and/or counterterrorist planning and programs;

(12) Reviewing current and near-term intelligence, post reporting, and local news reporting on political, military, security, and intelligence developments in the region to identify security concerns;

(13) Preparing and coordinating comprehensive threat assessments for use by the Department and post, including revising assessments when receiving intelligence information, significant incidents occur, or conditions in country change (e.g., a sharp increase in crime);

(14) Performing defensive counterintelligence and insider threat training and awareness functions and coordinating activities involving U.S. officials or FSN staff who are targeted by hostile intelligence services;

(15) Maintaining current knowledge of tactics and techniques used locally by hostile intelligence services;

(16) Participating in the post counterintelligence working group (CIWG);

(17) Conducting, when directed by DS headquarters or the COM, investigations of allegations or occurrences involving violations of U.S. criminal law or U.S. Government regulations by Government employees, in accordance with 12 FAM 220;

(18) Conducting background investigations, under the standards set forth under the Federal Investigative Standards and DS policy, of all applicants for third-country national and FSN staff positions within the limits imposed by existing liaison agreements with the host government and as local conditions permit.  This includes making maximum use of host-country investigative records or resources, when possible, to ensure the fullest development of investigative leads and evaluating all information developed as a basis for the issuance or denial of a security certification for employment (see 3 FAM 7222);

(19) Conducting background investigations, under the standards set forth under the Federal Investigative Standards and DS policy, of all contract employees, within the limits imposed by existing liaison agreements with the host government and as local conditions permit, and/or reviewing suitability investigations conducted by contractors on their employees; evaluating all information developed as a basis for the issuance or denial of a security certification for employment (see 3 FAM 7222);

(20) Conducting background reinvestigations on all FSN staff and contract employees, under the standards set forth under the Federal Investigative Standards and DS policy, within the limits imposed by existing liaison agreements with the host government and as local conditions permit on a 5-year cycle and evaluating the results for the purpose of issuing or denying a security recertification for employment (see 3 FAM 7222 and 12 FAH-7 H-136 and H-137);

(21) Conducting security surveys of U.S. Government-owned/leased facilities at resident and constituent posts to include mission office buildings and residences used by COM personnel and their dependents and, as necessary, identifying vulnerabilities/deficiencies (if any) and recommending physical and/or technical security changes or improvements revealed by such surveys, to the COM as necessary; coordinating the implementation of all approved and proposed projects until completed; and modifying internal defense planning concepts, as necessary, to incorporate improved physical and/or technical security features;

(22) Designing, implementing, and managing post’s Local Guard Program (LGP) (see 12 FAM 460);

(23) Implementing, and managing post’s Residential Security Program (RSP) (see 12 FAM 470);

(24) Providing professional security advice to all personnel of U.S. country team elements at post, whether permanently assigned or sent abroad on a temporary duty (TDY) basis, who are under COM security responsibility, their accompanying eligible family members (EFMs), and members of household (MOHs).  In conjunction with 12 FAM 424.3, the RSO should develop and make available general security handout information including, but not limited to:

(a)  RSO contact information;

(b)  Personal protective measures;

(c)  Crime statistics;

(d)  Terrorist threats;

(e)  Traffic accident procedures;

(f)   Safeguarding sensitive and classified material (see 12 FAM 424.5); and

(g)  Counterintelligence threat and security reporting requirements as appropriate and within applicable security clearances (see 12 FAM 260 and 12 FAM 270).

(25) Formulating and conducting education and training programs pertinent to the conduct of post information security programs and ensuring adherence to Foreign Service and other pertinent U.S. Government security regulations;

(26) Investigating and reporting to DS/IS/APD all instances of possible information and cyber security incidents (see 12 FAM 550 and 12 FAM 590);

(27) Serving as the mission focal point for the general oversight and coordination of special security programs managed by DS offices;

(28) Coordinating the conduct of technical surveillance countermeasures inspections at posts with the Office of Security Technology (DS/C/ST), the regional engineering services center (ESC), and, if resident, the post SEO;

(29) Establishing, supporting, and managing country councils for the Overseas Security Advisory Council (OSAC);

(30) Coordinating the passage of threat information to the U.S. private sector on issues affecting the safety and security of U.S. businesses, non-governmental organizations, faith-based organizations, and academic institutions at a level commensurate with host-country threat conditions;

(31) Providing professional security advice and unclassified security threat briefings to administrators of schools that enroll dependents of U.S. Government direct-hire employees;

(32) Where appropriate at the post, serving as the contracting officer’s representative (COR) for LGs and residential security contracts;

(33) Designing, implementing and managing post’s Surveillance Detection Program (SDP) (see 12 FAM 480 and the Surveillance Detection Management and Operations Field Guide, Version 2, dated 2002);

(34) Creating, updating, and distributing appropriate emergency contact information to all personnel of U.S. country team elements at the post, whether permanently assigned or sent abroad on a TDY basis, who are under COM security responsibility; and their accompanying EFMs and MOHs.  At a minimum, emergency contact information should include local police, fire and ambulance, Post One, the RSO, embassy duty officer (if available) and embassy operator phone numbers.  This information should be distributed in a durable and convenient method such as a laminated reference card or similar method.  In addition, in coordination with the General Services Office (GSO), the RSO must provide guidance and information on immediate actions in case of a vehicular/traffic accident (translated where appropriate).  This information must also be distributed in a durable and convenient method.

(35) Conducting background investigation leads on all employees, applicants and contractors at the direction of the Office of Personnel Security and Suitability (DS/SI/PSS) and within the limits imposed by existing liaison agreements with the host government; and

(36) Performing additional duties as directed by a COM or DS headquarters.

12 FAM 422.6  Use of the Polygraph in Vetting Foreign National Staff at  Posts

(CT:DS-319;   05-13-2019)

Refer to 12 FAM 251 for guidance on use of the polygraph in vetting locally employed staff (LE staff).

12 FAM 422.7  RSO and PSO Systems Security Responsibilities

(CT:DS-319;   05-13-2019)

a. RSOs and PSOs work closely with the information systems security officer (ISSO) at post (see 12 FAM 613) on systems security issues and have specific responsibilities for:

(1)  Ensuring all personnel with access to an unclassified/SBU or classified system have an appropriate background investigation (See 12 FAH-10 H-282.2-1 and 12 FAM 631.2-2);

(2)  Coordinating post-specific briefings with the ISSO for system users upon their arrival at the post and annually thereafter, concerning the security considerations of unclassified/Sensitive But Unclassified and classified information systems, including risks specific to the local environment (See 12 FAH-6 H-541.5-8, 12 FAH-6 H-542.5-8, and 12 FAH-10 H-212.1-3(1));

(3)  Issuing form OF-117, Notice of Security Incident, for security incidents on the system based upon either the RSO’s or ISSO’s investigation;

(4)  Periodically checking alarm systems that protect computer equipment to ensure proper functioning; and

(5)  Upon receipt, conducting or verifying the security clearances of local vendor personnel who service system components.

b. Pursuant to their role as the overall manager for security at the post, RSOs or PSOs must also provide the ISSO with guidance and/or information regarding:

(1)  Department prohibition on processing classified security information on an unclassified system;

(2)  Physical and equipment security measures;

(3)  Security processing for staff and maintenance employees with access to an automated information system;

(4)  Identification of a secure storage area for backup copies of system data files and software;

(5)  Reporting of suspected or reported cyber security incidents to DS/CIRT (See 12 FAH-10 H-242.5-3);

(6)  Suspected incidents of fraud, misuse, or manipulation of data on a system, the unauthorized disclosure or the destruction of data, unauthorized access attempts, or the personal use of system resources (See 12 FAM 632.1-7 and 12 FAH-10 H242.5-4); and

(7)  Coordination and monitoring of the conduct of periodic security indoctrination and training sessions for personnel assigned to the post.


12 FAM 423.1  Post Staffing Needs

(CT:DS-319;   05-13-2019)

a. Posts are encouraged to identify breaks in security personnel staffing that may require temporary duty (TDY) coverage.  Posts must direct their requests for TDY security personnel to DS/IP/RD or DS/HTP/RD via the TDY Support Request Site on the RSO-Security Management Console (SMC).  RSOs must report any planned or emergency absences to their respective DS/IP or DS/HTP regional director as soon as possible.

b. DS/IP and DS/HTP do NOT provide TDY RSO support for RSO personnel who need to take home leave, military leave, annual leave, or R&R.  Exceptions to this policy are considered solely on a case-by-case basis for posts experiencing unique and ongoing hardships/circumstances and unanticipated emergencies or contingency situations.

c.  DS may, on a case-by-case basis, consider TDY RSO support to cover gaps in excess of 30 days if:

(1)  An unmanageable staffing gap emerges in connection with a permanent change of station (PCS) transfer to a priority staffing post (PSP);

(2)  Prolonged medical leave is required;

(3)  There is no other DS special agent or trained PSO at post.  Site security managers (SSMs) directly support the Bureau of Overseas Buildings Operations (OBO) and should not serve as a back-up RSO;

(4)  There are current, significant and ongoing threats or crime conditions at post;

(5)  The request is received with sufficient lead time to permit an orderly selection and briefing of the TDY replacement; and

(6)  Sufficient funding for the TDY RSO is available.

d. DS/IP or DS/HTP must notify the Counterintelligence Division (DS/ICI/CI) of significant breaks in security personnel staffing at critical human intelligence (HUMINT) threat posts, and coordinate requests for TDY support from those posts with DS/ICI/CI (see 1 FAM 260).

12 FAM 423.2  Deputy Regional Security Officer (DRSO)

(CT:DS-319;   05-13-2019)

a. For some RSOs, DS/IP/RD or DS/HTP/RD may approve (with the concurrence of DS/DSS) the establishment of a DRSO position.  The DRSO is DS special agent with prior overseas RSO or ARSO experience and reports to the RSO.

b. DRSO responsibilities and duties are similar to those of an RSO.  DRSOs are usually assigned to posts with a large (three or more) number of DS special agents (excluding ARSO-I positions) and serve as their rating officer.

c.  In the absence of the RSO, the DRSO assumes the position of acting RSO.

12 FAM 423.3  DS Special Agent (SA)/Assistant Regional Security Officer (ARSO)

(CT:DS-319;   05-13-2019)

The ARSO is a DS special agent and supports the RSO and the DRSO in managing all elements of the post’s security programs (all duties and responsibilities identified in 12 FAM 422 – Special Agent).  The ARSO reports directly to the RSO or the DRSO (if such a position is established at the post).  An ARSO may serve as acting RSO when the RSO and DRSO are absent from post.

12 FAM 423.4  Assistant Regional Security Officer Investigator (ARSO-I)

(CT:DS-319;   05-13-2019)

a. ARSO-Is, operating in concert with the Overseas Criminal Investigations Division (DS/ICI/OCI), work together with the consular section to protect the integrity of the international passport and visa system, and disrupt criminal and terrorist mobility by working with host nation law enforcement to combat the production and use of fraudulent travel and identity documents.  ARSO-Is may spend up to 20 percent of their time performing RSO programmatic duties (see 12 FAM 223.2).

b. ARSO-Is conduct criminal investigations relating to passport and visa fraud at U.S. missions by:

(1)  Maintaining effective liaison with the consular section’s management and staff;

(2)  Establishing and maintaining effective liaison with U.S. Government law enforcement agencies at post;

(3)  Establishing and maintaining effective liaison with local police, immigration, airline, and other travel officials;

(4)  Informing DS/ICI/OCI of investigative activities through spot reports, investigative incident reports, and regular monthly status reports (MSRs);

(5)  Conducting regular fraud prevention and other relevant training sessions and briefings for consular officers, FSN staff and local authorities in support of Department and DS strategic goals; and

(6)  Developing and sharing fraud trends and vulnerabilities with consular staff and DS/ICI/OCI intelligence.

12 FAM 423.5  Post Security Officer (PSO)

(CT:DS-319;   05-13-2019)

a. Most tasks assigned to PSOs are similar to those assigned to RSOs, but are limited in scope because PSOs are not DSS special agents, and do not have law enforcement authority.

b. The COM must designate each PSO in writing and send a copy of the memorandum to the RSO who has regional responsibility for the post.

c.  When determining whom to designate as the PSO, the COM should consider what other duties FSOs at post may be required to do during emergency events as part of their core assignment duties and which FSOs are best positioned in the course of their regular assignment to take on the additional tasks listed below.

d. PSOs should successfully complete the DS PSO training before they are assigned to PSO positions.

e. PSO duties consist of:

(1)  Administering post security policies and procedures;

(2)  Relaying all correspondence relating to the post’s security programs to the responsible RSO as well as DS/IP/RD or DS/HTP/RD, as assigned;

(3)  Administering the security incident program;

(4)  Providing arrival and departure briefings to all U.S. employees and their dependents;

(5)  Reporting threats and other post security situations to the RSO;

(6)  Conducting special investigations as requested and directed by the RSO;

(7)  Coordinating investigations of LE Staff applicants in accordance with existing liaison agreements with the host government and submitting results to the RSO;

(8)  Serving as the contracting officer's representative (COR) for local guard and residential security contracts, when assigned;

(9)  Managing the LGP and supervising local guards hired under personal services agreements;

(10) Managing the post bodyguard program;

(11) Maintaining liaison with host-country officials and post officials;

(12) Formulating and coordinating emergency plans and conducting drills as designated by the EAC;

(13) Conducting physical security and residential security surveys on proposed new-lease or purchased residential and/or official building properties, as directed by the RSO; and

(14) Managing and supervising post’s surveillance detection program; and

(15) Supervising the local guard force coordinator, residential security coordinator and Foreign Service national investigators.

12 FAM 423.6  RSO Office Management Specialist (OMS)

(CT:DS-319;   05-13-2019)

U.S. direct hire employees may be assigned as RSO office management specialists (OMS) at posts where there is a resident RSO.  OMS personnel perform many specialized tasks not typically performed by other OMSs and are knowledgeable about security policies and procedures.  In addition to having requisite office management skills, RSO OMSs are also responsible for:

(1)  Typing specialized reports such as the security survey reports, investigative reports, and security incident reports;

(2)  Organizing briefings and recording required attendance;

(3)  Tracking and maintaining records pertaining to security infractions and violations;

(4)  Assisting with access control programs to include badging;

(5)  Disseminating threat information and information regarding policy changes; and

(6)  Answering questions and resolving minor security problems in the RSO’s absence.

12 FAM 423.7  Locally Hired FSNI

(CT:DS-319;   05-13-2019)

a. FSNIs work in the security office and perform a variety of tasks that support the entire security program abroad primarily by:

(1)  Providing expertise concerning the language, culture, and customs of the host country;

(2)  Maintaining contacts with police and other host-government authorities;

(3)  Assisting in the protection of post and visiting U.S. Government officials;

(4)  Obtaining information concerning potential security threats to the post, and terrorist related incidents such as attacks or host government counter-terrorism operations; and

(5)  In accordance with 12 FAM 220, conducting investigations as assigned by the RSO, PSO or the ARSO-I to include background/security investigations, investigations for other Department bureaus and offices, investigations for other U.S. Government departments or agencies and assisting in criminal investigations abroad including crimes against post personnel.

b. The RSO traditionally serves as the FSNI's primary supervisor.  However, in instances where post does not have an RSO, or he/she delegates the responsibility, DRSOs, ARSOs, ARSO-Is or PSOs may serve in this capacity.  He or she controls the FSNI’s access to information pertaining to U.S. citizens, and minimizes the use of FSNIs in investigations involving U.S. citizens.  FSNIs are prohibited from accessing the security files of U.S. citizens and their access to the investigative files of other Foreign Nationals is controlled on a need-to-know basis.  FSNIs may not interview U.S. sources or review U.S. citizen-controlled post files.

c.  When determined to be necessary, and in accordance with post's Mission Firearms Policy, FSNIs may be authorized to carry firearms.

d. RSOs must ensure for all posts under their regional responsibility that all prospective FSNIs enroll and successfully complete Diplomatic Security Training Center’s (DSTC) Basic Foreign Service National Investigator’s course.  FSNIs should successfully enroll and complete training prior to employment, or as soon as possible after employment, preferably before the expiration of the employees' probationary period, to allow the RSO time to evaluate performance potential.

e. FSNIs working for the ARSO-I office are also expected to complete the ARSO-I criminal fraud investigator (CFI) course at DSTC and take part in regional training exercises as specified by the Overseas Criminal Investigation Division (DS/ICI/OCI).

f.  The RSO must ensure each FSNI enrolls and successfully completes DSTC’s advanced FSNI course every five years following his or her initial training.

12 FAM 423.8  Locally Hired (CFI)

(CT:DS-319;   05-13-2019)

a. CFIs work in the Regional Security Office’s Overseas Criminal Investigations program and perform a variety of tasks that support the security and consular fraud prevention programs abroad primarily by:

(1)  Providing expertise concerning the language, culture, and customs of the host country;

(2)  Maintaining contacts with police, immigration officials, airline officials, prosecutors and other host-government authorities;

(3)  Obtaining information concerning travel document fraud schemes that facilitate transnational organized crimes such as human smuggling and human trafficking;

(4)  In accordance with 12 FAM 220, conducting investigations of the fraudulent issuance or use of U.S. and foreign passports, visas and other travel documents, as assigned by the ARSO-I.  Additionally, fulfilment of leads for other U.S. Government departments or agencies, and assisting in criminal investigations abroad including crimes against post personnel;

(5)  Drafting criminal complaints for the ARSO-I’s review, approval and submission to host country police to facilitate investigations and arrests.  Testify in host country court proceedings when the request is made via a diplomatic note;

(6)  Planning and conducting training including, but not limited to travel document security features, fraud detection methods, imposter detection, suspect traveler profiles, case studies and in-briefing new consular employees;

(7)  Liaison with the consular section’s FSN staff, FSN staff in other sections in the Embassy or Consulate, and representatives from other foreign Embassies and Consulates; and

(8)  Assisting in the protection of post and visiting U.S. Government officials;

b. The ARSO-I is the CFI’s rater.  He or she controls the CFI’s access to information pertaining to U.S. citizens, and minimizes the use of CFIs in investigations involving U.S. citizens.  CFIs must follow the relevant FAM guidance, which governs the use and sharing of U.S. visa information.

c.  When determined to be necessary, and in accordance with post's Mission Firearms Policy, CFIs may be authorized to carry firearms.

d. Required training: ARSO-Is must ensure their CFIs complete DSTC Basic Foreign Service National Investigator’s course, which includes the Basic Criminal Fraud Investigator course, preferably before the expiration of the employees’ probation period to allow the ARSO-I time to evaluate the performance potential.  Additionally, CFIs should complete any required online training required by the Bureau of Consular Affairs (CA), DS, or the Department.


12 FAM 424.1  New Arrival Briefings

(CT:DS-319;   05-13-2019)

a. The RSO or PSO must provide a mandatory comprehensive security briefing to U.S. Government personnel under COM security responsibility, to include third party contractors, family members, interns, or others as appropriate, falling under COM security responsibility, shortly after their arrival in country.  The briefing must acquaint newly arrived personnel with post’s security situation and the total security environment, including the general security requirements and procedures in effect.  The briefing must also highlight the importance of attention to personal security and include a Personal Security Self-Assessment Checklist.

b. Routine arrival briefings must include general counter-terrorism and counter-intelligence policies and procedures relating to the post and country of assignment.  As threat situations change, the RSO or PSO must provide briefings for senior post officials and other U.S. Government personnel under COM security responsibility.

c.  The RSO or PSO must use an outline at each briefing to ensure all required subjects are covered.  The new arrival security briefing should be posted to post’s intranet OpenNet site so U.S. Government personnel under COM security responsibility can review it following the actual new arrival security brief and to make it available to TDY personnel in advance of their travel to post.  The RSO or PSO must maintain a record of all briefings, including the dates and identities of all individuals briefed, and must establish procedures for ensuring participation by all those required to participate.  Each participant must sign a statement that he or she has been briefed, has received a copy of the checklist, and understands the material covered.  The statement must also indicate topics covered during the briefing.

d. The RSO or PSO must make available to TDY personnel, who are unable to attend the normal RSO/PSO new arrival briefing, a written or oral security briefing covering the topics listed in 12 FAM 424.2 below and provide them with a copy of the Personal Security Self-Assessment Checklist.  TDY personnel will sign an acknowledgement form of the briefing and topics covered and receipt of the Personal Security Self-Assessment Checklist.  The RSO/PSO will maintain this briefing acknowledgement form in the post security office files.

12 FAM 424.2  Locally Employed Staff Briefings

(CT:DS-319;   05-13-2019)

a. Unclassified briefings are required for all new locally employed/hired and incumbent LE Staff) personnel (see 3 FAM 7120).  The RSO will present an appropriate briefing for locally hired Americans who receive a security clearance.  RSOs may delegate this duty, as appropriate.

b. Periodic unclassified briefings should be a requirement of LE Staff security updates and recertification.

c.  At a minimum, unclassified briefings will cover:

(1)  Access controls, escort requirements;

(2)  Protection of identification media;

(3)  Handling and protection of sensitive information;

(4)  Computer security;

(5)  Respecting and avoiding restricted areas;

(6)  Procedural security including wearing of identification (ID) badges, cell phone restrictions, screening and walk-through metal detectors (WTMD) procedures, after-hours inspections, e.g., MSGs, and requirement to not lock desks;

(7)  RSO information, including components (MSG, (SEO), FSNI, LGF, Surveillance Detection Team, if appropriate, etc.);

(8)  Emergency procedures including the emergency action plan, communication and radio procedures, participation in drills, terrorism, and the threat against American diplomatic missions;

(9)  Threats related to their employment;

(10) Personal security practices;

(11) Surveillance awareness;

(12) Defensive counter-intelligence and insider threat awareness briefings;

(13) How to report incidents and threats – provide emergency and after hours contact info;

(14) Penalties and consequences for not abiding by mission security procedures/policies;

(15) Signing acknowledgement of briefing and topics covered; and

(16) Exit briefing upon end of U.S. Government employment.

12 FAM 424.3  Spouse and Dependent Briefings

(CT:DS-319;   05-13-2019)

a. The RSO or PSO must make unclassified security briefings available for all adult EFMs, as defined in 14 FAM 511, as soon as possible after their arrival at the post.  Regularly scheduled post orientations may be used for this purpose.  However, if a post does not have a formal orientation program, the RSO or PSO should arrange with the post’s community liaison office (CLO) to establish a dependent briefing program that would include all adult EFMs.

b. The CLO can assist in the subsequent dissemination of general security information to EFMs.  The RSO or PSO and CLO should jointly work out such a mechanism that possibly includes having the RSO or PSO participate in scheduled CLO dependent or community briefings.

c.  The briefing must address all threats and dangers to individuals under COM security responsibility, and other related issues.  The following are suggested topics of discussion for such briefings:

(1)  Local criminal activity affecting personal and residential security;

(2)  High-crime areas of the city and country;

(3)  An overview of narcotics available in the country and in the U.S. community, as well as local law enforcement and judicial action;

(4)  An unclassified discussion concerning terrorist activity in the country directed against the host country, the diplomatic community, and U.S. interests;

(5)  Unclassified defensive counter-intelligence briefing;

(6)  An unclassified discussion of the post’s EAP with emphasis on the warden system, actions to take during civil disorders, emergency plans for dependent schools, etc.;

(7)  The post’s specific environment, notable cultural differences, and sensitivity to host-country customs and attitudes;

(8)  Methods by which dependents can obtain information concerning the security situation; and

(9)  Emergency telephone numbers including local police, fire departments and medical resources, and post security elements.

12 FAM 424.4  Re-briefing or Refresher Briefing

(CT:DS-319;   05-13-2019)

a. The RSO or PSO must provide an annual refresher briefing to all U.S. Government personnel under COM security responsibility at posts rated critical for terrorism or HUMINT.  All other posts are encouraged to offer refresher briefings when there is a significant change in post’s security environment.  The RSO or PSO should make refresher briefings available to adult EFMs on a voluntary basis, regardless of the security environment.

b. Updating and restating procedural details helps to keep personnel and EFMs apprised of evolving terrorism and counterintelligence threats.  Re-briefing or refresher briefings must highlight the importance of personal security and provide employees with a Personal Security Self-Assessment Checklist and must reiterate the information provided in the new arrival briefing.

c.  The RSO or PSO must maintain a record of all refresher briefings, including the dates and names of all individuals briefed, and must establish procedures for ensuring employee participation.  Each participant must sign a statement that he or she has been briefed, has received a copy of the checklist, and understands the material covered.  The statement must also indicate topics covered during the refresher briefing.

12 FAM 424.5  Security Incident Program

(CT:DS-319;   05-13-2019)

a. The RSO or PSO must brief all U.S. Government personnel under COM security responsibility upon their arrival on the safeguarding of classified and sensitive information.  This briefing underscores the importance of properly handling classified material and helps to prevent security incidents.  National security-cleared EFMs, local hires, and interns who have not received clearance prior to arriving at post, must read and sign form SF-312, Classified Information Nondisclosure Agreement, after receiving this briefing and before gaining access to classified information.  The RSO or PSO must forward a copy of the form to the DS/IS/APD training section.

b. RSOs and PSOs must also brief each employee who receives a security incident report, and sign as a witness to the employee’s signature acknowledging receipt of the notification packet.  The briefing must include the reason for the incident report, corrective steps, and the type of disciplinary action the employee may receive for further infractions or violations (see 12 FAM 557).

12 FAM 424.6  Special Travel Briefings

(CT:DS-319;   05-13-2019)

Special travel briefings cover the counterintelligence regulations pertaining to employee travel to critical HUMINT threat posts (see 12 FAM 264).

12 FAM 424.7  Departure Debriefings

(CT:DS-319;   05-13-2019)

a. The RSO or PSO is required to have an exit interview with all U.S. Direct Hires and LE Staff before their permanent departure from post.  The RSO or PSO must interview separately each departing employee and give him or her opportunity to comment on any aspect of the post security program including:

(1)  Any significant contacts with foreign nationals of designated countries;

(2)  International travel during their tour of duty; and

(3)  Any security problems encountered.

b. RSO or PSO must debrief these personnel upon termination of post employment, document the debriefing on the SF-312 and forward a copy to DS/IS/APD.

c.  The RSO or PSO must make a record of the exit interview, including any security-related comments received from the employee, and maintain such records in the post security office files.

12 FAM 424.8  Separating Employees

(CT:DS-333;   06-24-2020)

a. In accordance with 5 FAM 414.7 the RSO or PSO must give a security debriefing to personnel terminating their employment abroad and not returning to the United States, or who will otherwise be separated for a continuous period of 60 days or more.  The debriefing is mandatory to ensure that separating personnel are aware of the requirement to return all classified material and of a continuing responsibility to safeguard their knowledge of any classified information.

b. The employee must sign form DS-109, Separation Statement (RET) for records management purposes.  RSOs and PSOs must forward the completed form to the bureau GTM office separating the employee.

c.  The employee must also sign the security debriefing acknowledgement section of the SF-312 Nondisclosure Agreement form found in the employee's eOPF for security purposes.  RSOs and PSOs must forward the completed SF-312 to the Bureau of Human Resources, Records and Information Management Division (GTM/EX/RIM).


(CT:DS-327;   09-20-2019)

a. RSOs are responsible for completing and transmitting the following reports to respective program office no later than the due date listed in the DS Security Management Console (SMC):

(1)  Annual Overseas Security Advisory Council (OSAC) Crime & Safety Report and the OSAC Country Council Assessment Survey (DS/TIA/OSAC);

(2)  Annual Crime Evaluation Questionnaire (ACEQ) Report (DS/TIA/ITA);

(3)  Annual Security Environment Profile Questionnaire (SEPQ) Report (DS/TIA/ITA);

(4)  Monthly DS Insight Verification.  Reported via DS INSIGHT. (DS/TIA/ITA);

(5)  Revised reporting requirements for DS special agent investigators:  Monthly Status Report (MSR); Investigative Incident Report; Post Transition Report (PTR); reported via DS/DO/OCI’s SharePoint site;

(6)  Annual CIWG meetings and report (medium and low); or Bi-Annual CIWG meeting and report (critical and high) (DS/ICI/CI).  Reported via cable and uploaded to DS SMC ClassNet;

(7)  Annual Major Events Coordination Unit (MECU) Survey for International Special Security Event Nominations (DS/DO/P/DP-ME);

(8)  Annual Fourth of July Function Security Report (DS/IP/RD or DS/HTP/RD);

(9)  Post Security Program Review (PSPR) Response Report (DS/IP/RD or DS/HTP/RD);

(10) Security Policy and Procedure Checklist (SPPC) - 60 days after arrival and before departure (DS/IP/RD or DS/HTP/RD);

(11) RSO Transition Report (DS/IP/RD or DS/HTP/RD)

(12) Annual Holiday Security Planning Report (DS/IP/RD or DS/HTP/RD);

(13) Post Election Tracker (DS/IP/RD or DS/HTP/RD);

(14) Annual EAC review of COM Security Detail; and EAC review of COM detail within 30 days of arrival of new COM (DS/IP/OPO).  Reported via EAC cable and uploaded to DS SMC;

(15) Annual Local Guard Force Personnel Record Review (DS/IP/OPO);

(16) Annual Marine Security Guard (MSG) Ball report (DS/SPC/MSG);

(17) Marine Security Guard (MSG) drills (DS/SPC/MSG);

(18) Annual Review of Department of Defense Annex A and Annex B Personnel (DS/IP/SPC).  Reported via cable;

(19) Post Drills coordinated by RSO.  Reported via the Post Emergency Guidance and Authoring System (PEGASYS) (DS/SPC/SPP);

(20) Physical Security surveys.  Reported via DS/PSP/PCD ClassNet Physical Security Survey tool (DS/C/PSP);

(21) Annual Residential Security Program report (DS/PSP/PCD);

(22) Special Protective Equipment Inventory (DS/PSP/DEAV);

(23) Annual EAC Review of Armored Vehicle Program (DS/PSP/DEAV).  Reported via cable and AV EAC Tracker in SMC; and

(24) Local Checks Feasibility report (DS/SI/PSS).

b. Excepted as noted above, all reporting must be via or uploaded to the DS-SMC, when available.

c.  All requests for travel funding and gratuities must be entered in the RSO SMC on an as needed basis.  All constituent post travel must also be documented on the RSO SMC.

d. All RSOs, DRSOs, and ARSOs are required to report all personal and official travel to DS/IP/RD or DS/HTP/RD, as assigned via the DS Travel Locator located on the RSO SMC.

12 FAM 426  law enforcement working group (lewg)

12 FAM 426.1  Purpose

(CT:DS-319;   05-13-2019)

a. In accordance with chief of mission (COM) responsibilities under relevant U.S. laws and Presidential Directives, the purpose of the Law Enforcement Working Group (LEWG) is to provide the COM and/or their designee with necessary information and expertise on law enforcement operations to include operations involving armed law enforcement personnel. Additionally, the LEWG is a forum to discuss law enforcement assistance programs so that the COM can ensure activities are properly coordinated and deconflicted.  In support of the COM, the LEWG will:

(1)  keep the COM fully informed of current and planned U.S. law enforcement operations to include those involving armed law enforcement  personnel, law enforcement assistance programs and key host government law enforcement issues;

(2)  constitute the primary forum at post to coordinate U.S. law enforcement operations and law enforcement assistance programs under COM authority;

(3)  assess threats and risks to U.S. law enforcement and other personnel implementing law enforcement operations and law enforcement assistance programs and programs in country; and

(4)  pursuant to 22 U.S.C. 2291(c), on request, provide advice to the COM on action related to requests by U.S. government law enforcement personnel to be present at foreign law enforcement actions. 

b. For the purpose of this section, law enforcement assistance programs include bilateral or multilateral foreign assistance programs where the intended beneficiary is a host nation law enforcement unit authorized to use force for mission accomplishment.

c.  U.S. national security intelligence activities are not part of, nor intended to be included in, the LEWG function.

12 FAM 426.2  Composition of the LEWG

(CT:DS-319;   05-13-2019)

a. The LEWG shall consist of representatives from all sections or agencies that implement and/or support law enforcement operations and/or law enforcement assistance programs in the COM’s area of responsibility.  LEWG membership will vary from post to post based on the agencies represented at post. 

(1)  Chair: The COM will chair the LEWG or delegate chair responsibilities to the deputy chief of mission (DCM).

(2)  As the principal law enforcement and security advisor to the COM, post's regional security officer (RSO) will serve as the LEWG coordinator.  If there is no RSO at post, the RSO with regional responsibility must include issues for constituent posts in their LEWG.

b. LEWG Participation:

(1)  Officers representing each law enforcement agency at post shall participate in the LEWG.  For sections that have more than one sworn law enforcement officer, the chair will determine the number of representatives on the LEWG from each office based on recommendations from the senior law enforcement officer from each section or agency and post’s priorities.

(2)  Representatives from post’s sections or agencies engaged in law enforcement or other applicable law enforcement assistance programs shall participate in the LEWG.  The chair will determine the number of representatives from each office based on recommendations from the senior office representative and post’s priorities.

(3)  When consistent with applicable legal authorities, the chair may authorize limited or expanded participation based on the topics scheduled to be discussed. 

(4)  The chair may authorize participation of other U.S. government personnel not under COM authority if responsibilities of those personnel impact or overlap with the COM’s law enforcement responsibilities.  

(5)  U.S. Missions to International Organizations:  Generally, COMs representing the United States at International Organizations (IO) overseas do not oversee law enforcement operations or programs that are independent of a bilateral COM.  As a result, LEWGs are not required at U.S. missions to IOs.

(6)  LEWG Subgroups:  Based on recommendations from LEWG members, the chair may authorize the convening of subgroups to address sensitive or specific topics that require the participation of a subset of LEWG members.  LEWG subgroups may include:

(a)  A subgroup consisting of only those persons authorized to have access to law enforcement sensitive (LES) information may be convened for the purpose of discussing LES information.

(b)  A subgroup convened with relevant operational and programmatic offices to coordinate operational and/or programmatic overlap when necessary.  Offices with operational responsibility should participate in any discussion that takes place regarding the operation.

(c)  A subgroup to discuss and deconflict law enforcement assistance programs and initiatives.  As appropriate, including assistance providers in meetings related to operations helps the assistance providers better understand the needs and capabilities of host nation law enforcement counterparts to improve assistance program design and implementation.

c.  Frequency:  The chair will determine the frequency of LEWG meetings based upon the requirements of the particular post.  In addition to LEWG meetings set by the chair, the LEWG must convene in the following circumstances:

(1)  On a bi-annual basis to establish LEWG membership, review ongoing operations, and schedule LEWG meetings as needed; post must transmit a cable stating that this requirement has been fulfilled (see 12 FAM 426.5); and,

(2)  Prior to the COM’s approval of a specific law enforcement activity or series of activities that could affect COM foreign policy objectives, post security operations, or potentially interfere with other law enforcement activity. 

d. Exceptions: Certain sensitive information, including but not limited to compartmented information, time-sensitive information (e.g., lures, provisional arrest requests), or information that presents a conflict of interest to certain members of the LEWG, may be briefed directly to the COM.

12 FAM 426.3  Responsibilities of the LEWG

(CT:DS-319;   05-13-2019)

a. Responsibilities of the LEWG include, but are not limited to:

(1)  Assessing threats and risks to the health, safety, and security of U.S. law enforcement personnel under COM security responsibility undertaking operations or law enforcement liaison activity in country;

(2)  Reviewing operational plans, including plans related to U.S. participation in foreign police activities where U.S. direct-hire or contracted personnel may serve as advisors or mentors.  At a minimum, operational plans must address potential use of force, after action reporting, post incident reporting procedures, weapons use and carry, host nation consent, medical, legal and diplomatic immunity issues;

(3)  Pursuant to 22 U.S.C. 2291(c), on request, providing advice to the COM on action related to requests by U.S. government direct hire or contracted personnel to be present at foreign law enforcement actions. 

(3)  Assessing the host government's law enforcement capabilities, willingness, and limitations.  Among other purposes, those assessments informing the Department’s Security Environment Profile Questionnaire (SEPQ), Annual Crime Evaluation Questionnaire (ACEQ), and other reporting requirements;

(4)  Using the above assessments to ensure that post speaks with a consistent voice to the U.S.-based U.S. law enforcement community and to address agency specific reporting requirements, as well as to inform RSO briefings to U.S. embassy or consulate staff on interactions with host nation law enforcement, consular and duty officer interactions with host nation law enforcement, and agency specific briefings to incoming law enforcement personnel;

(5)  Ensuring agency specific operations do not conflict with other U.S. law enforcement operations, and that the COM is fully informed of the nature of all operations, safety of personnel, including but not limited to those under COM security responsibility, potential for the use of force, medical contingencies, risks, goals, opportunities, and diplomatic immunity status of participating U.S. personnel or contract personnel conducting U.S. government executive branch activities under COM authority;

(6)  De-conflicting investigative or operational overlap at post between different U.S. agencies so the U.S. government speaks with a single voice, and agency requirements are met to the maximum extent feasible;

(7)  In countries that receive law enforcement assistance, assessing the strengths, weaknesses, and needs of foreign law enforcement partners, and their ability to make effective use of U.S. assistance;

(8)  Ensuring that law enforcement assistance programs are complementary, taking into account Mission-wide priorities for the law enforcement sector;

(9)  Ensuring that security and law enforcement sector foreign assistance is consistent with the goals and objectives articulated in the Integrated Country Strategy and other regional and topical Administration strategies, as well as providing the foreign assistance team with expertise from U.S. law enforcement representatives at post; and

(10) Coordinating and sharing information related to law enforcement and related law enforcement assistance programs to maximize the alignment and impact of U.S. foreign assistance resources.

b. LEWG responsibilities should not duplicate or replace functions of the Emergency Action Committee, Counterintelligence Working Group, or any other post working group or committee on which LEWG members may also participate.

12 FAM 426.4  LEWG at Constituent Posts

(CT:DS-319;   05-13-2019)

a. The COM must determine if separate LEWGs will be established at constituent posts or if constituent post participants will be integrated into the mission LEWG.  This decision should be based on factors that are specific to the constituent post, including:

(1)  RSO staffing;

(2)  Number of law enforcement agencies;

(3)  Frequency of law enforcement operations;

(4)  Number of law enforcement assistance programs;

(5)  Potential for law enforcement operations or assistance programs; and

(6)  Feasibility of communication (i.e., secure video teleconferencing, distance between posts, etc.).

b. If the COM determines that a separate LEWG at a constituent post is warranted, the COM must designate the principal officer (PO) of the constituent post as the chair in writing and delegate appropriate authority to the PO to lead the LEWG.  If a particular activity at the constituent post involves extraordinarily sensitive information that the agency involved believes should not be shared with the PO, the agency may request the activity be referred to the COM-chaired LEWG.

c.  Senior RSOs who cover constituent posts or multiple missions must formally notify their respective Office of Regional Directors in the International Programs (DS/IP) or the High Threat Programs (DS/HTP) directorates of the COM’s decision regarding all post LEWG arrangements via cable.  The Senior RSO at the Mission is responsible for transmitting the LEWG cable (see 12 FAM 426.5 Reporting Requirements).

d. If a constituent post has a separate LEWG, the COM may require joint meetings of all LEWGs at the Mission.  Additionally, the COM or respective LEWG chairs may allow cross-participation of LEWG members throughout the Mission. 

e. LEWG coordinators for the main and constituent LEWGs should coordinate agendas for their respective LEWGs and, to the extent permissible by law, keep one another informed of actions and decisions that affect the other.  All disagreements must be immediately raised to the respective chairs for resolution.  If the chairs cannot reach resolution, the COM must resolve the disagreement.

12 FAM 426.5  LEWG Reporting Requirements

(CT:DS-319;   05-13-2019)

a. The RSO will send a bi-annual cable that will include the following: a summary of the composition of the LEWG; meeting frequency; and confirmation that the LEWG has reviewed this FAM and understands its mission and purpose.  In instances where an RSO covers multiple constituent posts or multiple missions, the Senior RSO is responsible for transmitting this cable.

b. The cable must not include any specifics on law enforcement operations or LEWG discussion topics.

c. RSOs should refer to the RSO Security Management Console (SMC) for drafting assistance.  Please contact your respective DS/IP or DS/HTP desk officer with any questions.