What a Vetting Process Should Actually Produce: The BS7858 Failure.

For the average security role or associate position, BS7858 seems perfectly valid. But in the UHNW adjacent world, nothing is average.

BS7858 is the industry standard for vetting staff. So standard that almost every service provider operating in the UHNW space attains to its level. Just prior to writing this article I looked at no less than five UHNW agencies and firms, all proudly stating they hold their staff to this standard. So what is so robust about these checks that firm after firm swears by their validity?

The BS7858 contains a strict compliance list. Five years of employment verification. A six year credit search. Proof of identity and UK right to work. Proof of address. A valid SIA licence or basic disclosure. Coverage of any employment gap exceeding 31 days.

While this might seem thorough, it is exactly as it states. Compliance. It checks for the presence of these things. Nothing more. If an issue is identified, it falls to the hiring firm to determine what to do about it. But the standard itself leaves a significant amount to the imagination.

Proof of address is easily forged in a world of artificial intelligence. Anyone can provide an employment reference. And what does coverage of an employment gap actually mean in practice? These are questions the BS7858 framework was never designed to answer, because it was never designed for environments where the stakes of getting it wrong are this high.

Consider what a principal is actually granting when they bring a member of staff into their household. Access to the physical layout of the property. Knowledge of daily routines, travel patterns, and security arrangements. Familiarity with the family's schedule, relationships, and vulnerabilities. Trust at a level that no corporate environment would ever extend to someone whose background had only been checked to a compliance standard.

A database search tells you who a person was on the day the search was run. It tells you nothing about who they have become, what financial pressures have accumulated since, what affiliations they hold, or what they might do when circumstances change. The BS7858 framework was built for volume hiring in environments where the consequences of a poor appointment are manageable. A private household is not that environment.

The methodology we use at Praetorian Advisory is benchmarked against UK Security Vetting standards at Security Check level. That is the same framework applied to individuals requiring access to SECRET classified government information. The difference in depth between that standard and BS7858 is not incremental. It is categorical.

What that process actually examines goes significantly beyond a compliance checklist. Financial pressure is one of the most reliable indicators of insider risk, and a six year credit search does not tell you whether someone is currently under financial duress, whether they have undisclosed liabilities, or whether their circumstances have changed materially in the past twelve months. We look at the current picture, not the historical record.

Employment history verification at compliance level means confirming that a person worked where they say they worked. At sovereign standard it means understanding why they left, what the nature of their departure was, and whether the pattern of their career tells a story that a reference call would never surface. People rarely disclose the real reason they left a role. A structured analytical approach to that history will find it.

Digital signature analysis is entirely absent from the BS7858 framework. A person's online presence, including presence they believe to be private or anonymous, is one of the richest sources of behavioural intelligence available. Affiliations, attitudes, financial indicators, and relational networks are all visible to a trained analyst with the right methodology. None of that appears on a database check.

The employment gap question is the most revealing weakness of all. BS7858 requires coverage of gaps exceeding 31 days. Coverage means an explanation. It does not mean verification. It does not mean analysis. A person can account for a gap with a narrative that satisfies the compliance requirement and reveals nothing about what actually occurred during that period. We treat unexplained or inadequately explained gaps as the starting point of an investigation, not the end of one.

None of this is intended as a criticism of the agencies and firms operating to BS7858 standard. That standard exists for a reason and serves its purpose in the environments it was designed for. The issue is not that these firms are doing something wrong. The issue is that the product they are using was not built for the environment their clients occupy.

A principal who has spent decades building a legacy, a family, and an estate is not an average client. The people they bring into their inner circle are not average appointments. The consequences of a failure in that circle are not average consequences. Pattern leakage, financial exposure, reputational damage, and physical risk are all live possibilities when the wrong person is given the wrong level of access.

The question is not whether BS7858 is a valid standard. It is. The question is whether a valid standard is a sufficient one when the environment demands something categorically different. For principals and the advisors who serve them, the answer to that question is the conversation worth having.

If that conversation is relevant to your practice or your principal position, you can reach us here.