banner--revista

 

Cristina Sánchez Calero

Second Lieutenant Cadet of Guardia Civil

Degree in Security Engineering

 Universidad Carlos III de Madrid

 

 

 

THE APPLICATION OF CIRAM RISK ANALYSIS FOR INTEGRATED BORDER MANAGEMENT IN GUARDIA CIVIL

 

 

 

 

 

 

THE APPLICATION OF CIRAM RISK ANALYSIS FOR INTEGRATED BORDER MANAGEMENT IN GUARDIA CIVIL

 

Summary: 1. INTRODUCTION. 2.EUROPEAN REGULATORY FRAMEWORK. 2.1. The concept of European integrated border management. 3.RISK ANALYSIS. 3.1. Concept and relevance to border management.  4. COMMON INTEGRATED RISK ANALYSIS MODEL. 4.1. Origin and evolution of CIRAM. 4.2. Border risk analysis methodology. 4.3. CIRAM applications in border security at a European level. 4.4. European risk analysis products. 5.CIRAM'S ROLE IN GUARDIA CIVIL. 5.1. Integrated border management applied at a national level. 5.2. Guardia Civil at the borders. 5.3. Particularities of implementation in Guardia Civil. 6. CONCLUSIONS. 7. BIBLIOGRAPHICAL REFERENCES. 8. REGULATIONS.

Resumen: En 2019, la Unión Europea impuso a los Estados Miembros la adopción del método CIRAM para análisis de riesgos en fronteras. Este estudio evalúa su impacto en España, particularmente en la Guardia Civil, analizando su aplicabilidad en todas las competencias fronterizas. Tras entrevistas y análisis documental, se determina que, aunque no existe una aplicación a nivel nacional de la gestión integrada de fronteras, CIRAM ya está implementado a nivel central en la Guardia Civil, pero su aplicación periférica necesita mejoras. Además, es viable implementar CIRAM en todas sus actividades fronterizas, pero no podemos confirmar que facilite la toma de decisiones y gestión de recursos ya que aún no se considera completamente en todas las unidades.

Abstract: In 2019, the European Union imposed on Member States the adoption of the CIRAM method for risk analysis at borders. This dissertation evaluates the impact of this Regulation in Spain, particularly in Guardia Civil, analysing its applicability in all border competences. After interviews and documentary analysis, it is confirmed that even if an integrated border management is not applied at national level, CIRAM is already implemented centrally in Guardia Civil, but its peripheral application needs improvement. Furthermore, it is feasible to implement CIRAM in all its border activities, but we cannot confirm that it facilitates decision-making and resource management as it is not yet fully considered completely in all the units involved in borders.

Palabras clave: Gestión integrada de fronteras, análisis de riesgos, Guardia Civil, fronteras exteriores, CIRAM.

Keywords: integrated border management, risk analysis, Guardia Civil, external borders, CIRAM.

 

ABBREVIATIONS

ARA: Annual Risk Analysis

ARA-GC: Annual Risk Analysis of Guardia Civil

CECORVIGMAR: Maritime Surveillance Coordination Centre for Coasts and Borders

CIRAM: Common Integrated Risk Analysis Model

EIBM: European Integrated Border Management

EUROSUR: European Border Surveillance System

Frontex: European Border and Coast Guard

IBM: Integrated Border Management

JO: Joint Operation

MAFRONT: Border and Maritime Police Authority

NCC: National Coordination Centre

OMA: World Customs Organization

RAU-CECORVIGMAR: Risk Analysis Unit of the Maritime Surveillance Coordination Centre for Coasts and Borders

SASEMAR: Maritime Rescue and Safety Company

SEPRONA: Nature Conservation Service

SRA: Strategic Risk Analysis

SVA: Customs Surveillance Service

TO EIBM: Technical and Operational Strategy for European Integrated Border Management

UCAIFF: Central Unit for Tax and Border Analysis and Investigation

EU: European Union

 

1. INTRODUCTION

The European Union (EU) as a political community is considered one of the global powers. The security that this union of states offers its citizens and the regime of free movement throughout the territory of the Union (as laid down in the Schengen Borders Code[1]) are an incentive to enter the European territory. The only consequence of this is not the irregular immigration that makes so many headlines, but also the trafficking of drugs, tobacco and other banned substances, or the smuggling of goods through ports and roads by illegal means to avoid taxes and other tax obligations, or the facilitation of cross-border organised crime.

Spain is considered one of the main gateways to the European Union. Protecting and safeguarding its borders is essential for two main reasons: first, due to its proximity to Africa, being only 14 km away at its closest point through the Strait of Gibraltar; and secondly, because of the importance of ports such as Barcelona, Malaga and Valencia, through which goods and merchandise of all kinds, both legal and illegal, are brought into the European Union.

Moreover, given that the Schengen Code establishes a free movement zone for citizens of the signatory states, and that the European Union is configured as an economic and social alliance between its members, everything that affects, enters or leaves a state has repercussions for its neighbours. Therefore, at a European level, setting supranational coordination measures and uniform procedures is considered necessary to address border management in an effective and comprehensive manner.

This article aims to analyse the current legislation on border management at a European level and its consequences for Member States, in particular Spain and Guardia Civil as its border authority. Among the obligations of the most recent legislation[2] is implementing the concept of integrated border management and the use of common tools for risk analysis. The method used for this is the Common Integrated Risk Analysis Model (CIRAM). The use of this tool, which aims to homogenise the analysis products of the Member States and thereby increase the effectiveness of the measures applied, the flow of information and the cooperation and collaboration between border agencies and between EU States, will be evaluated.

2. EUROPEAN REGULATORY FRAMEWORK

2.1. The concept of European integrated border management

To understand current border legislation, in particular Regulation (EU) 2019/1896, known as the European Border and Coast Guard Regulation, it is necessary to go back to the Lisbon Treaty of 2009. This document, which amends the Treaty on European Union and the Treaty constituting the European Community, establishes the need to gradually implement what they called an "integrated management system for external borders" at a European level (Art 62 of the Lisbon Treaty). This concept of Integrated Border Management (IBM), although not explicitly developed in this treaty, can be understood if we review previous documents issued by the European Commission and the Council of the European Union, from which the following conclusions can be drawn:

- The three main pillars of IBM are a common body of legislation, operational/practical/technical cooperation between Member States and financial assistance and burden sharing between Member States.

- Its main components are:

- Border control, risk analysis and intelligence.

- Tax and customs control.

- Investigation of cross-border crime in cooperation with the law enforcement authorities of the member countries.

- Four-tier access control model: measures in third countries, cooperation with neighbouring third countries, border control and control measures in the Schengen area, including return.

- Information exchange and cooperation between States, their agencies and at an international level, including third countries.

- Coherent and coordinated activities of Member States and EU institutions and bodies.

- Quality control and solidarity mechanisms.

These concepts already paint a picture of a collaborative, shared effort between Member States to take on the workload across Europe's extensive borders. The European Border and Coast Guard, better known as Frontex, has emerged as the coordinating body at a European level. This supranational agency will, among other things, be responsible for receiving risk analyses from Member States and using this information to develop a European border risk analysis that will set out the Union's main objectives in this area. It will also be responsible for distributing substantial European funds and coordinating joint operations between different Member States.

Regulation (EU) 2016/1624 on the European Border and Coast Guard includes a simpler definition of IBM, which is quite close to the current border landscape:

The aim is to efficiently manage the crossing of external borders and to address the challenges of migration and possible future threats at these borders, thereby contributing to combating serious forms of crime with a cross-border dimension and to ensuring a high level of internal security within the Union. It is also necessary to act with respect for fundamental rights and to safeguard the free movement of persons within the Union (European Parliament, Council of the European Union, 2016).

With this definition, the legislator emphasises several key concepts for integrated border management. On one hand, it stresses the search for efficiency, which will be achieved through common tools and prioritisation in the use of resources, when combating future threats for which we must prepare (risk analysis plays an important role here). On the other hand, it underlines the need to protect external borders as a means of ensuring internal security, in line with the moral principles of the European Union and the absence of internal borders in this territory.

Moreover, it does not only refer to Member States, but includes many other entities: from now on, everyone performing border functions will have to apply this legislation and be subject to the obligations it entails. Similarly, the role of Frontex is made clear in this regulation: Member States remain primarily responsible for the management of their external borders, and Frontex functions as a support and coordinator in implementing European measures. One of these obligations for Member States is the creation of a national IBM based on the CIRAM risk analysis method that includes all actors with responsibility at borders.

In the case of Spain, which will be dealt with in greater detail in the following pages, the main bodies and corps that carry out border functions are Guardia Civil, which has the greatest border policing and tax protection powers in the State, and the National Police Force, which controls the entry and exit of persons from the national territory, although there are also non-police bodies such as Maritime Rescue and the Customs Surveillance Service, among others. These entities, in turn, report to different ministries, which must be aware of and apply the regulations in force.

The European IBM continues to evolve in Regulation (EU) 2019/1896, currently in force, which will be known as the European Border and Coast Guard Regulation or EBCG Regulation, repealing the 2016 Regulation. The 2019 regulation aims – in line with the overarching concept of European integrated border management – to improve the legal framework for asylum, return and the fight against border crime and to reform the European Border and Coast Guard as the main operational border effort.

However, the implementation of this corps with the intention of becoming the European border police is still a long way off: the funds are in place, the regulations governing it and the resources to be used are planned, but five years after the entry into force of this law, the 10,000 guards who are to form it have yet to be recruited and trained. This European Guard would serve to support Member States and strengthen cooperation with countries outside the EU. Beyond what is stipulated in the 2019 Regulation, in practice Frontex seems to be moving away from this Guard in favour of agreements with third countries negotiated directly through the Member States. In addition, for the most part, border security is reinforced through the border agencies of each state, with a large part of the European Frontex funds being used to provide resources for those agencies that meet its requirements, including a risk analysis following the CIRAM methodology (European Parliament, Council of the European Union, 2019) (European Parliament, 2019) (European Council, Council of the European Union, 2019).

After this brief analysis, it is easier to understand what at first appeared to be such a broad and abstract concept as the system of external border management inferred in the European IBM. On one hand, although not explicitly developed by the legislator, "integrated" is understood to include all actors at all levels and therefore in all strategic areas and at all levels. Another key concept, which is reflected in the Schengen Borders Code,[3] is border management, understood as the compilation of risk-based border control and border security measures and strategies.

Furthermore, there is a common doctrine implemented by the European Border and Coast Guard, Frontex, regarding the meaning of the terms that make up the acronym CIRAM, which can be summarised as follows:

-          "Common" refers to Frontex's close cooperation with Member States, implemented both at national and EU levels. As previously mentioned, border control and management must be approached as a shared effort.

-          "Integrated" for efforts aimed at uniform external border control in the context of European Integrated Border Management (EIBM). To this end, cooperation between law enforcement agencies and border authorities is proposed in the risk analysis.

-          "Risk Analysis" means the systematic examination of risk factors to support decision-making. In CIRAM, as will be explained in detail below, risk is defined in terms of hazard, vulnerability and impact, which will be assessed to derive a risk level.

-          "Model" refers to an analytical framework that provides a common vocabulary and structure for risk analysis in the European Border and Coast Guard community. The use of a common tool for all actors improves the flow of information, promotes uniformity and facilitates joint work between different agencies and bodies with border competences (Frontex Risk Analysis Unit, 2021).

The need to implement efficient risk management stems from a logical premise: if we do not know the threats and vulnerabilities of a system and the consequences of a particular risk materialising, we cannot make decisions and implement measures to protect ourselves. On this basis, the key role of risk analysis and risk management in legislation as a basis for the decision-making process is highlighted.

Therefore, the main idea that appears in the regulatory texts is that border management is the responsibility of each Member State, which will be materialised in a national IBM based on CIRAM risk analysis, i.e. in integrated border management strategies and plans involving all agencies and entities with border competences. In addition, there is a supranational body, Frontex, with the task of coordinating the implementation of the European IBM, in order to achieve efficient, uniform and coherent border management, striking a balance between security and freedom of movement of European citizens between its Member States.

 

3. RISK ANALYSIS

3.1. Concept and relevance to border management

The importance of risk analysis as the root of planning and integrated border management is highlighted in all the legislation previously studied. 

Within the management of the external borders of the European Union, risks are considered to be threats which, taking into account existing measures at the borders and within the European Union, may have an impact on internal security or on the functioning or security of the external borders, or which have humanitarian consequences. For this purpose, an essential tool is a risk analysis, which creates a comprehensive situation map of the border situation at a certain point in time. Following this analysis, the task of assessing the threats, vulnerabilities and impact of a certain risk on an organisation, or state, should become easier. It is therefore necessary to refer to risk management: i.e. what is important, in addition to risk analysis as we understand it, is to consider the measures to be taken to prevent threats and to minimise the impact that could occur if such a risk materialises.

The objective of conducting a border risk analysis should therefore be to facilitate decision-making for better management and as a basis for planning at all three levels: strategic, operational and tactical. At the highest, or strategic, levels, trends affecting current and future risks can be identified and the necessary strategies and plans developed to mitigate them as part of the European policy cycle. At operational and tactical levels, risk analyses are relevant to identify weaknesses and adapt service planning to improve the efficiency of operations, following the guidelines of the strategic level. For all these processes, risks, threats and vulnerabilities, the likelihood of their occurrence and the potential impact on borders should be identified, analysed and assessed.

At a European level, the strategy at the highest level is called the multi-annual strategic policy for European integrated border management. It refers to the framework or policy line that should be considered as the basis for all border security and border control measures, by creating a list of border challenges that are considered a priority for Member States and the EU together with the measures needed to mitigate the effects of these weaknesses. At this strategic level, the measures are not developed in depth; it is up to States, as those responsible for the security of their borders, to develop specific plans for their border agencies.

Within an integrated planning process, there are of three types of these plans: operational, contingency and capacity building. They are created both at a European level by Frontex and using intelligence gathered from Member States' analyses, and at the national level, to align their actions with European strategic policy. These plans must be based on a CIRAM risk analysis and using the vulnerability assessment procedures set out in Europe, or at least this is stipulated in the 2019 Regulation. In reality, many national plans and strategies still fall short of these supranational requirements.

Furthermore, in order to align the actions of all Member States, a Technical and Operational Strategy for European Integrated Border Management (TO EIBM) has also been published at a European level. Member States will adapt it to their specific characteristics, creating national integrated border management strategies at an operational level (Frontex, 2019) (European Commission, Directorate-General for Migration and Home Affairs). In these cases, border management is conditional on the supranational framework of the European Union. Spain-specific plans and documents will be assessed in later sections.

From all this, one can deduce the relevance of risk analysis for the study and management of borders, especially for those in charge of decision making and drafting strategies and plans. In general, it will be used to prioritise and establish relevant measures to reduce the most serious threats. Similarly, both material and human resources, which are normally not unlimited, will be allocated according to these priorities. In addition, if the data obtained is sufficient, it will be possible to study criminal trends at borders, as well as migratory routes in the case of irregular immigration, or profiling for border police. As the tool used is the same, statistics and data comparisons can also be made between different Member States or between border agencies.

There is a clear need to address the problem of border management in a joint and integrated manner between Member States, in a coordinated effort. To this end, the cohesion of methods and tools between border agencies and bodies of different states is paramount. In particular, the EU has determined that the tool to be used in risk analysis is CIRAM.

4. COMMON INTEGRATED RISK ANALYSIS MODEL

4.1. Origin and evolution of CIRAM

The risk analysis method established at a European level is called the Common Integrated Risk Analysis Model, or CIRAM. Initially developed by Finland, it was later adapted to the specific characteristics of the European Union and adopted by the EU to create the risk analysis for border control and border management at a European level.

In 2019, with the entry into force of Regulation (EU) 2019/1896, the CIRAM method is established as the risk analysis tool to be used by all agencies, bodies, organisations and institutions involved in border management and control activities. This includes, of course, those police forces which, within the scope of their powers, carry out tasks at the internal or external borders of the Union. The purpose of homogenising methodologies in this field is, as mentioned above, to approach the security of European borders as a shared responsibility of all Member States.

Because of the variety of Member States and police forces and agencies performing functions at these borders, as well as the extensive and varied legislation at both European and national levels, it is imperative that CIRAM is flexible in its application. All these factors will determine the extent and manner in which this risk analysis methodology will be applied. However, the implementation of CIRAM is not a proposal or recommendation, it has been a legal obligation since the entry into force of Regulation (EU) 2019/1896.

4.2. Border risk analysis methodology.

In order to apply CIRAM, it is necessary to first establish the differences between data, information and intelligence. Data are those pieces of raw information: information refers to material related to a specific subject matter and can come from various sources, and finally this information is processed in an intelligence cycle to obtain intelligence, the useful material with which we carry out the analyses.

Analysts seek the necessary information to develop their risk assessments following the four-tier access control model. These levels or areas where information can be found are measures in third countries, cooperation with neighbouring third countries, border control and control measures in the Schengen area, including return. As is evident, these levels once again reflect the EU's intention to seek integrated management in all steps of its risk analysis. Border authorities operating in one or more of these areas may find these risk analyses useful (Frontex Risk Analysis Unit, 2021).

The data collected from the four-level access control model is processed in an intelligence cycle that can be divided into three steps: collection, analysis and distribution of operational information. The intelligence cycle also includes controls and reviews throughout the process, taking into account that border risks are changing, so information must be continuously updated and decisions must be made on the basis of the latest analysis. Similarly, for the products of this analysis to be optimal and effective in addressing risk, it is necessary to have specialised analysts trained specifically to work with these tools that make up CIRAM. This is where Frontex plays an important key role, providing training for border officials, in particular the heads of risk analysis units.

In the analysis step, risk is defined in terms of three components: threat, threat vulnerability and impact. These components are interrelated and should be considered together to understand the complexity of the risk (Frontex Risk Analysis Unit, 2021). Frontex defines each of these components as follows:

- Threat: the present or future force or pressure that may affect the management of the external borders. It is characterised by its magnitude and probability.

- Vulnerability: the ability of a system to reduce a threat. It is understood as factors at the borders or in the EU that may increase or decrease the magnitude or likelihood of the threat.

- Impact: the effects of a threat on the internal security of the EU or on the functioning or security of the external borders.

First, the analyst must identify the threats. In Frontex's annual risk analysis 2023–2024, they are grouped into the categories of irregular migration, secondary/return movements and cross-border crime. In the case of national risk analyses, these threats may vary, depending on the specific characteristics of each State. For example, the problem of irregular migration is addressed differently in Mediterranean countries than in Central Europe. Each threat will be assigned a level, depending on its magnitude and likelihood. The aim is to be as objective as possible, and within a fixed time frame.

In terms of vulnerability, the main factors in border management are geographical attributes of border areas, the existence of specialised bodies (police or civilian, such as the Customs Surveillance Service), the resources available and the management of migration policies. Around this, the extent to which a state is able to cope with a particular threat is determined by assigning a vulnerability level to it. The criteria for measuring these vulnerabilities are set out in Regulation (EU) 2019/1896, and are considered one of the mechanisms for monitoring CIRAM and the operational capabilities of Member States. Therefore, by setting common criteria for all states in measuring their vulnerabilities, it reiterates the idea of creating common tools and community border management.

Impact also has an associated level, according to the expected effects on a state if the threat materialises. It includes external and internal border security and humanitarian consequences.

It is clear that these three components are nothing more than different views of the same risk. By establishing a level for each component, a risk level is determined, which will serve as a prioritisation tool for the decision-maker. The result is a CIRAM matrix that includes levels of threat, vulnerability, impact and risk, which are colour-coded for ease of understanding. In each specific analysis, it should be specified what is considered a high, medium or low level, or even if it is considered necessary to add further levels such as extreme or negligible, for example. An example of a CIRAM matrix is shown below. Risk level information serves as an aid to decision making.

Figure 1

Example of a CIRAM matrix.

RISK

THREAT

VULNERABILITY

IMPACT

RISK LEVEL

Risk 1

HIGH

LOW

LOW

LOW

Risk 2

LOW

MEDIUM

HIGH

HIGH

Risk 3

HIGH

HIGH

LOW

MEDIUM

These analyses are distributed to the relevant authorities, most of which are in line with the four-tier access control model: third countries, neighbouring third countries, national border control authorities in the Member States and other authorities in the Schengen area.

Finally, it should be emphasised that risk analysis is a basis for decision-making, but it is not the only tool available to make decisions. After all, border security and border management decisions have an important political component and are governed by a multitude of legislation that must be taken into account, as well as limited resources. Therefore, the ultimate decision on what measures to take to address border risks and threats cannot be based solely on a CIRAM risk analysis, but it is possible for decision-makers to rely on it to set priorities and better understand the situation at a given point in time.

4.3. CIRAM applications in border security at a European level

The main use of risk analysis is in decision-making, setting priorities for action. Consequently, as state resources are not unlimited, these priorities will determine their efficient distribution.

On the other hand, it will be used for intelligence-led profiling, which is used at a European level to strengthen passenger and freight border controls. Thanks to risk profiling, it is possible to select specific people and cargo to be thoroughly searched by border authorities, causing minimal interference in transit, especially at airports and seaports with a large influx of cargo and passengers. The data needed to obtain this profile is mainly selected through indicators, which are harmonised for all Schengen countries, and are grouped into different categories, such as institutional, economic and socio-political. This makes it easier to identify the threat and to monitor changes in risk levels.

Information exchange will also be essential, both between Member States and between Member States and Frontex, and will be based on risk analysis. In Europe, it is embodied in projects such as EUROSUR, the European Border Surveillance System. In this project, each state has a National Coordination Centre (NCC) that exchanges information with the border control authorities of its own state, Frontex and other NCCs. With the information gathered through the NCCs, EUROSUR creates information documents on the situation at the external and internal borders available to Member States (Publications Office of the European Union, 2014). In Spain, the role of NCC is carried out by Guardia Civil, from the CECORVIGMAR or Centre for the Coordination of Maritime Surveillance of Coasts and Borders.

Operationally, the role of Joint Operations (JO), which is carried out between Frontex and one or more Member States, or with third countries that have signed agreements with the European Commission, is also of interest. These operations are coordinated by Frontex, which provides financial support and material and human resources. This requires a CIRAM risk analysis as well as an assessment of the measures to be implemented and the necessary means. That is, the implementation of risk management that follows its methods. In Spain, the main ones are JO Indalo, led by Guardia Civil in the Strait of Gibraltar and the Alboran Sea, and JO Minerva, which is activated in the summer months as a reinforcement in response to the increase of irregular immigrants in the Canary Islands.

Another support offered by Europe to Member States is financial funding. In the area of border security, it is essential to provide states with state-of-the-art technology for the effective implementation of the IBM. To qualify, states must develop a CIRAM risk analysis to justify their needs and requests, highlighting the measures to be implemented, and an assessment of vulnerabilities. Frontex will assess which are the most urgent or priority ones, and will allocate the necessary funds to mitigate the impact of these risks. By establishing CIRAM as one of the requirements to access the European funding process, it becomes an incentive for the adoption of European border policies and the implementation of their procedures.

4.4. European risk analysis products

Frontex risk analysis is applied at all levels of decision making, and can be strategic, operational or third country related. At the highest level is the Strategic Risk Analysis (SRA), in line with the European multi-annual strategic policy. This SRAs is published every two years, and provides an in-depth development of trends and evolution in different risks, as well as a ten-year forecast of their effects on European borders.

On the other hand, through operational analysis, Annual Risk Analyses (ARA) are developed, which identify risks and the regions they affect according to different themes: irregular migration, secondary movements/returns and cross-border crime, including terrorism. On the basis of this study, joint border operations can be initiated between the states concerned, the JO mentioned above.

Third country analysis aims to promote and maintain long-term relations between the EU and the territories where border risks and threats originate. As a result, bilateral agreements and pacts between affected countries emerge, and policies to be implemented in source or transit countries are discussed. Relevant examples in Spain include the migration agreements with Senegal and the Islamic Republic of Mauritania.

Therefore, risk analysis has, in addition to an operational facet, political consequences, as it affects decisions at the highest level, and the directives to be implemented by Member States are based on these decisions.

In this sense, risk analysis is seen as a fundamental tool in understanding migration flows and trends, as well as in identifying challenges at external borders. A proper assessment of present and future threats allows risks to be monitored and managed in order to reduce their impact on Member States and the European Union itself. Risk analysis can therefore be used to support policy decision-making and the development of the necessary capacities to deal with these risks. To this end, it is imperative that Member States and Frontex establish structures for interoperable information exchange and cooperation to ensure more effective use of data and resources. As mentioned above, a common risk analysis methodology for all Member States and the Agency is established for this purpose: CIRAM (Sánchez Calero, 2024).

5. CIRAM'S ROLE IN GUARDIA CIVIL

5.1. Integrated border management applied at a national level

In line with the obligations of European legislation, each Member State must develop integrated border management (IBM) at a national level, adapted to its specific capacities and characteristics. Frontex, as coordinator of the European IBM, urges States to follow the same line, in order to unify all information and develop analyses at EU level. Member States must then transpose these European policies into their territories.

It is therefore questionable whether Spain is making these efforts to adapt to the 2019 Regulation. Shortly after the entry into force of this document, the Directorate General for International Relations and Foreigners and the Secretary of State for Security developed a draft of IBM, which years later is still at the review stage. The same is true for the National Capability Development Plan, which has been drafted but not approved.

However, mentions of border security and management appear in various national documents. The National Security Strategy, the most recent of which dates from 2021, includes two lines of action dedicated to borders and a chapter on integrated strategic planning. In addition, the Department of Homeland Security's structure includes the Specialised Committee on Immigration and the National Maritime Security Council, both of which are related to border security.

Consequently, while there is no single body or single document that develops integrated border management policies, there is evidence of the importance of this issue at the highest levels of policy-making. It follows the basic premise of the IBM: to address border management with a national and integrated approach, where decision-making is based on risk analysis and collaboration and coordination between border agencies and bodies.

On the other hand, border efforts are mostly implemented through Guardia Civil and National Police units. Both police forces report organically to the Ministry of Home Affairs, so the strategies and plans developed here will have a considerable impact on national management. In Spain there are also state bodies outside the structure of the Ministry of Home Affairs that carry out border functions, including the Customs Surveillance Service (SVA) and the Maritime Rescue and Security Society (SASEMAR), but they are not considered to be border authorities, so this study will not focus on them.

If we go back to the documents mentioned in the first point of this article, the development of integrated border management requires guidelines at strategic, operational and tactical levels, as well as integrated planning that develops them into operational, capability development and contingency plans. For all of them, according to the 2019 Regulation, the tools that Frontex has established at European level, including CIRAM, must be used. Border authorities should also follow these specifications in their area of responsibility.

In particular, Guardia Civil is developing different institutional documents for this purpose: the Institutional Strategy, at the strategic level, which is developed operationally in Guardia Civil Strategic Plan. Specifically for its border competences gathered in the Border and Maritime Police Authority (MAFRONT), Guardia Civil Strategy for Border Management has been developed. This is where Guardia Civil's effort to align with European and national strategies is reflected: the 2023 document already uses all the indications of the 2019 Regulation and the TO EIBM, in particular the concept of integrated planning and the use of the CIRAM method, although a specific IBM has not yet been approved at a national level.

5.2. Guardia Civil at the borders

Spanish legislation, especially Organic Law 2/1986, on Security Forces and Corps, affords Guardia Civil the tasks of tax and customs police, maritime and border police, public security in ports and airports, as well as exclusive competence in the territorial sea, making this corps the main border authority in Spain, both in volume of tasks and in personnel (it has some 10,000 border specialists) and material assigned to these services. This means that Guardia Civil is exclusively responsible for border surveillance, i.e. for controlling the crossing of people through unauthorised channels, such as irregular migration or cross-border crime through these channels. The National Police, on the other hand, control the flow of people and their documentation at the established border posts.[4] In addition, Guardia Civil has exclusive competence in matters of State tax protection, both customs control and tax fraud and the prosecution of smuggling, with the power to inspect the means of transport and luggage of those crossing the borders.

All in all, border control functions can be summarised as the sum of border inspection, carried out by Guardia Civil and the National Police in accordance with their competences, and border surveillance, which is the exclusive responsibility of Guardia Civil.

Many of the above competencies correspond to the activities carried out by the MAFRONT units. However, other units of Guardia Civil carry out their services at borders, such as the Nature Protection Service (SEPRONA), or the Information or Judicial Police Headquarters, and are therefore also understood to be agents with competence at borders. The MAFRONT has two headquarters: the Tax and Border Police Headquarters and the Coastal and Maritime Police Headquarters.

The Central Unit for Tax and Border Analysis and Investigation (UCAIFF), among others, is located in the Tax and Border Headquarters. One of its missions is to conduct border risk analysis in support of authority decisions. In particular, these analyses concern cross-border crime (including tax and customs) and physical security at ports and airports. In addition, they develop the Annual Risk Analysis of Guardia Civil (ARA-GC), compiling the analyses of all relevant units into a single product. Following the impositions of the 2019 Regulation, this will be developed through the CIRAM method, and in line with European policies and strategies (E. Delgado, interview, 12 February 2024).

Another unit specifically dedicated to risk analysis, called RAU-CECORVIGMAR, which stands for Risk Analysis Unit of CECORVIGMAR, is located in the Coastal and Maritime Police Headquarters. It carries out its risk analyses in relation to irregular migration incidents on the Spanish coasts and in the territorial sea, and also sends this information to the UCAIFF for the development of the ARA-GC. In addition, RAU-CECORVIGMAR is also Spain's NCC liaison point with the European Border Surveillance System EUROSUR.

These two units have received CIRAM training courses provided by Frontex. It is clear that for the correct implementation of CIRAM at all levels of border management, it is necessary that all agents have sufficient knowledge of this tool, and that the purpose of this change of method is known. However, it is impossible for everyone to receive this Frontex training first hand. The solution has been found in directing these courses to certain members of the central risk analysis units (UCAIFF and RAU-CECORVIGMAR), and having them disseminate the knowledge to the rest of the units. As a result, UCAIFF has already developed a Trainer of trainers cycle courses in order to transfer knowledge to MAFRONT's peripheral units. Unfortunately, the effort that this entails for the headquarters is significant, and it will take a few years before all border agents can receive this basic training in CIRAM (E. Delgado, interview, 12 February 2024).

In addition to the Border and Maritime Police Authority, other authorities are part of the response to border problems. We highlight the Operations Authority, as support for the coordination, planning and promotion of operational units and their capacity to investigate cross-border crime through the Information and Judicial Police Headquarters; the Support Authority for the acquisition and maintenance of resources and the development of capabilities; and the Personnel Authority for the education and training of agents specialised in border management. These three authorities must act in line with MAFRONT, as they are all obliged to comply with European border legislation, in particular the 2019 Regulation, and the operational response of Guardia Civil cannot be carried out from a single authority, but must be joint.

All this is reflected in different institutional documents, such as the Civil Guard's Strategy for Border Management or its Border Risk Analysis. Even so, there are deficits in knowledge about the specific obligations and consequences of the correct implementation of integrated border management, especially in units outside the Border and Maritime Police Authority.

5.3. Particularities of implementation in Guardia Civil

Guardia Civil has competences in the pursuit of cross-border crime, irregular migration and secondary and return movements, which are the three threat categories that Frontex assesses in its risk analysis. For all of them, CIRAM is used by the MAFRONT units involved in risk analysis (UCAIFF and RAU-CECORVIGMAR). However, Guardia Civil is also the tax guard of the State, and therefore tax and customs police, and has physical security powers in ports and airports. These two areas should also be considered in the creation of Guardia Civil's risk analyses because of their close relationship with border security and management, although they do not appear explicitly in the Frontex ARAs.

In the case of customs, more extensive legislation applies than has been studied so far. Primarily, Regulation (EU) 952/2013, which establishes the Union Customs Code, and Regulation (EU) 2016/399, which establishes the Schengen Borders Code. These documents also emphasise the importance of risk analysis in decision-making and establish a link with the World Customs Organization (WCO) for customs and tax controls.

As Frontex does with CIRAM, this organisation develops standardised procedures for risk analysis in customs, using the same language for all states. OMA indicators are created to determine the likelihood of a particular risk occurring and its impact, with a three-level scale: low, medium and high, very similar to CIRAM.

In order to introduce these indicators, which are an obligation from the WCO, the risk analysis of Guardia Civil CIRAM is amended to include them. After several interviews in the UCAIFF unit, it was confirmed that the joint implementation of CIRAM and WCO indicators is carried out satisfactorily, and does not affect the implementation of CIRAM in other border areas.

With regard to physical security at ports and airports, their importance is determined in the National Security Strategy 2021, in which they are referred to as critical infrastructure, and their protection is established in Guardia Civil Strategy for Border Management 2023. These facilities are particularly vulnerable to sabotage and terrorist attacks of all kinds, in addition to the increasingly recurrent appearance of unmanned aerial vehicles or drones in airspace, causing serious security problems. On the other hand, ports and airports can sometimes be another gateway for irregular migrants, for committing cross-border crimes or for smuggling contraband. Therefore, a proper risk analysis and the implementation of adequate and efficient measures is essential, taking into account the massive volume of goods and people passing through these facilities on a daily basis.

6. CONCLUSIONS

After studying European legislation, its transposition to member countries and, in particular, the regulatory development in Spain, it was determined that the use of CIRAM as a risk analysis tool is not optional, but rather an obligation for the Member States of the European Union. Regulation (EU) 2019/1896 is directly applicable in Spain, which entails the creation of a national IBM, based on the CIRAM risk analysis.

In this country, drafts of the documents that would constitute the IBM have been developed, but have not yet been approved, so it is determined that the national IBM required by the European Union does not exist. However, the importance of addressing border risks is underlined in various national security documents at strategic and political levels, such as the National Security Strategy 2021.

The most important border authorities are Guardia Civil and the National Police Force, both reporting to the Ministry of Home Affairs. Although Guardia Civil has not developed a national-level IBM policy, it has begun to develop its institutional documents following the obligations of the European Regulation: the concept of integrated border management is included in its Institutional Strategy, developed in Guardia Civil's Strategic Plan, and in its Strategy for Border Management. To support decision making and to produce these documents, two border risk analysis units within MAFRONT are already implementing CIRAM: UCAIFF and RAU-CECORVIGMAR. However, to operationally develop these strategies, it is necessary to apply integrated planning consisting of three types of plans: operational, capacity building and contingency. Here, it is not only MAFRONT that acts, but it must also rely on other Guardia Civil Authorities where knowledge of European border legislation is not as extensive. To implement the 2019 Regulation as effectively as possible, and to be eligible to access European funding and other EU collaboration benefits, it is necessary that these other authorities also adhere to the specifications of the European Directives and Regulations.

As mentioned above, all these documents are based on risk analysis. CIRAM is the manifestation of the European objective to unify or homogenise procedures in the Member States, leading to an efficient European integrated border management. By establishing the use of CIRAM as a requirement to access funding or to participate in JOs, the use of this tool is strengthened. If CIRAM is understood as a decision-making aid, which is used to set priorities according to their urgency and danger to border integrity, it will become a good tool for the optimisation of resources.

Similarly, if the aim is to use the same tool throughout the EU, with its diverse geological, political, social and organisational characteristics, with different border authorities and complex threats, CIRAM must be fully flexible to adapt to the State in which it is to be applied. Similarly, risk analysis is intended to reach all levels of decision-making, from the strategic or political to the operational, and CIRAM is to be applied at all levels. Within Guardia Civil, it is applied with this intention in central units, although as this regulation is very recent, more training is needed to reach peripheral and operational units.

On the other hand, the use of the same method with a common vocabulary facilitates the exchange of information between agencies and between States: a Spanish border agent can develop and understand the documents produced by a German without the need for additional training. Consequently, international collaboration and cooperation is facilitated, which takes the form of joint operations and agreements with third countries in order to prevent risks at source.

 

7. BIBLIOGRAPHICAL REFERENCES

European Council, Council of the European Union. (2019, 8 November). European Border and Coast Guard: the Council adopts a revised regulation. Consilium. https://www.consilium.europa.eu/es/press/press-releases/2019/11/08/european-border-and-coast-guard-council-adopts-revised-regulation/

Development of a multi-annual strategic policy for European integrated border management in accordance with Article 8(4) of Regulation (EU) 2019/1896, Publications Office of the European Union. eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:52022DC0303

Frontex. (2019). Technical and operational strategy for European integrated border management. 

Publications Office of the European Union. (2014, 22 April). European Border Surveillance System (EUROSUR). https://publications.europa.eu/resource/cellar/a80accf5-ff5b-417b-92d8-c5120fe4c5dd.0007.03/DOC_1

European Parliament. (2019, 17 April). European Border and Coast Guard: 10,000-Strong standing corps in 2027. European Parliament. https://www.europarl.europa.eu/news/en/press-room/20190410IPR37530/european-border-and-coast-guard-10-000-strong-standing-corps-by-2027

Sánchez Calero, C. (2024). The European Common Integrated Risk Analysis
Methodology CIRAM applied to border control within Guardia Civil.

Frontex Risk Analysis Unit. (2021). Common integrated risk analysis model. Summary brochure. Version 2.1.

8. REGULATION

Regulation (EU) 2016/1624 of the European Parliament and of the Council of 14 September 2016 on the European Border and Coast Guard and amending Regulation (EU) 2016/399 of the European Parliament and of the Council and repealing Regulation (EC) No 863/2007 of the European Parliament and of the Council, Council Regulation (EC) No 2007/2004 and Council Decision 2005/267/EC. https://http://data.europa.eu/eli/reg/2016/1624/oj

Regulation (EU) 2019/1896 of the European Parliament and of the Council of 13 November 2019 on the European Border and Coast Guard and repealing Regulations (EU) No 1052/2013 and (EU) 2016/1624, (2019). http://data.europa.eu/eli/reg/2019/1896/oj

 


[1] Regulation (EU) 2016/399 of the European Parliament and of the Council of 9 March 2016 on a Union Code on the rules governing the movement of persons across borders (Schengen Borders Code).

[2] Regulation (EU) 2019/1896 of the European Parliament and of the Council of 13 November 2019 on the European Border and Coast Guard.

[3] Regulation (EU) 2016/399 of the European Parliament and of the Council of 9 March 2016 on a Union Code on the rules governing the movement of persons across borders (Schengen Borders Code), point 8: Border control includes not only the control of persons at border crossing points and surveillance between border crossing points, but also the analysis of internal security risks and threats that may affect the security of external borders.

[4] According to Organic Law 2/1986, the National Police is responsible for controlling the entry and exit of Spaniards and foreigners from the national territory (Art. 12.A.a), and legislation on foreigners, refuge and asylum, extradition, expulsion, emigration and immigration.