How to Handle Poison Pen Letters
THE CEO OF A LARGE INSURANCE CORPORATION received a threatening letter from an unknown individual. In the letter, which was sent to the executive’s home address, the writer expressed outrage because of delays in the settlement of claims and of unjust monetary compensation.
The writer demanded a $2.75 million settlement or the CEO’s family would be physically harmed. To underscore the threat, the writer included detailed, accurate information about the daily schedules of the CEO, her husband, and her children. That made corporate authorities take the letter seriously.
Many companies lack policies and procedures to address threatening anonymous correspondence. They tend simply to dismiss it as “nut mail” before discarding it. That’s the wrong approach. Companies should not ignore this type of correspondence. Protection agents should investigate any perceived threat and apply available assets and resources to mitigate the potential for physical harm and psychological trauma to the identified targets. And security should develop protocols for handling and analyzing these threats using a collaborative approach that brings security managers, investigators, and mental health risk experts to the same table.
Reacting to a Threat
In the case of the CEO in our example, the company did not have policies in place to address the threats. At best, any threatening correspondence sent to the company’s field offices was forwarded to the organization’s headquarters. Of those correspondences, almost all were interpreted as a low risk by security, primarily because the communiqués came from an unknown source. Most cases were never investigated, but fortunately the correspondence was not thrown out: it was stored in a closet.
When the CEO received the threatening letter that included such personal details, it finally prompted an investigation. As a result, the company discovered that the CEO’s personal assistant had kept back three harassing letters from the same writer because she did not want to upset her boss. Clearly, action needed to be taken.
The CEO and the organization’s security director began by calling local police to file a complaint. The police response was that little could be done, because the department did not have the resources to investigate an unknown threat-maker.
A decision was made to consult Mid-West Protective Service, Inc. (the authors’ security and investigation firm), to provide logistical support and threat assessment services. Based on what was known at the time, the consulting company suggested that armed security officers be deployed to the corporate headquarters and an executive protection team detailed to watch over the CEO and her family until the threat could be more fully assessed. As a precautionary measure, all of the company’s field offices were placed on alert, and a formal threat assessment was launched.
Assessing the situation. An assessment’s objective is to identify and understand the who, what, when, where, how, and why of the threat; gauge the credibility of the threat; and determine if the writer is moving toward or away from attack-related behaviors. Clinical and forensic psychiatrists and psychologists are often consulted to assist in this analysis.
Accurately understanding an unknown correspondent’s motivation is arguably the most important and difficult variable to investigate. This typically includes trying to identify any real or perceived grievance driving the writer’s behavior.
Threats may be direct, indirect, conditional, veiled, or implied. Each of these types of threats may be placed into one of two categories identified by noted forensic psychologist Dr. J. Reid Meloy—expressive or instrumental. Expressive threats can be best described as someone venting their frustration and anger as a means of regulating their emotions. In contrast, instrumental threats are intended to influence or control the behaviors of an intended target and are often based on demanding conditions—for example, “Unless you do X, I will do Y.”
Threats in either category may have various motivations, such as revenge. Sometimes, however, the threat may be rooted in delusional belief systems that may involve grandiose, persecutory, or paranoid themes as opposed to any rational motivation.
Given that the letter writer’s motivation can be wide ranging and may not have a basis in fact, it can be a significant challenge for investigators to assess what prompted the threat. For instance, it is not always the case that the target directly interacted with the correspondent leading to a perceived harm. It may be that the threat writer is reacting to a media story, a press release, or other public announcement. For example, press reports about the CEO receiving a large bonus could be a trigger for someone to send a threatening letter. In some cases, it may be the time of year that adds the extra pressure—for instance, tax season.
Looking for patterns. At the company, all of the anonymous threatening mail that had been previously received and stored at headquarters was reexamined to see if there were similarities, such as geographic origination, paper stock, penmanship, or thematic content. Common denominators were indeed identified. Twelve of the letters received during the two years before the investigation were linked to the letter that prompted the investigation, and all were determined to be from a single unknown source. These letters showed a progressive escalation in frequency and aggressive content.
Based on the findings of the linkage analysis, a systematic review was conducted for all of the company’s claimants who resided within a 300 mile radius of the company headquarters and had cases resolved during the previous 18 months. This involved, in part, reviewing any written correspondence from the claimants.
Buried deep in one client file was a discharge summary written by a therapist about a man we’ll call Smith. Smith had told the therapist that he wanted to prematurely terminate his anger management treatment. Specifically, the therapist wrote, “He does not feel the need to continue treatment because he expects to receive a large monetary settlement of $2.75 million in the near future and, once received, [Smith says that] all of his anger expression problems would be solved.” Investigators noted that the amount was the same as the dollar figure mentioned in the anonymous letter.
Other records from Smith’s file indicated that he had been diagnosed with Intermittent Explosive Disorder, Bipolar Disorder, Cocaine and Alcohol Dependence, and Antisocial Personality Disorder by five different mental health professionals during the past seven years. He had been concurrently prescribed four different psychiatric medications to deal with these issues but had frequently failed to comply with this drug regimen. Smith had also been repeatedly involuntarily hospitalized for being a risk to himself and others.
Most significantly, he had sent a former psychiatrist a threatening letter. When analyzed, this correspondence had the same geographic origination, penmanship, and identical unique threatening phrases as the letters received by the company and its CEO.
As to whether Smith was capable of carrying out a threat to do physical harm, a criminal background report obtained by the investigators revealed that Smith had served almost 20 years in state prison for murder, aggravated battery, kidnapping, possession of weapons and incendiary devices, and various drug charges. Smith was affiliated with a violent white supremacy criminal organization that had used explosive devices. He was also dishonorably discharged from the U.S. military after being suspected of arson.
Smith was placed under around-the-clock surveillance by the company. This surveillance revealed that he was unemployed and living out of his vehicle. Investigators observed him consuming alcohol and visiting areas known for narcotics dealing. On two occasions he drove by the CEO’s residence and parked adjacent to her children’s school.
Threat event. If a threat of violence is expressed, investigators will want to attempt to project a time and place for the foreshadowed attack. Accurately determining this variable is considered by many to be an ambitious goal. However, it should be attempted, especially in a situation where a conditional threat is made that refers to a specific event.
For example, a threat-maker may write: “If you speak at the environmental conference in Phoenix, it will be the last speech you ever give.” In such cases, investigators have a more specified time frame on which to focus and can make appropriate adjustments to protective resources. In this case, because the letters contained escalating threats and surveillance showed the writer in close vicinity to the CEO’s children, it was determined that Smith would possibly act on this threat in the immediate future.
Mitigating the threat. Numerous intervention and management strategies were presented to the CEO and the director of security. It was ultimately decided that the insurance company would assign a claims mediator to assist in resolving Smith’s case. Because he was homeless and transient, making contact with him without raising his suspicions posed a challenge.
His last known address was identified from his original claim forms, and it was learned that his former roommate was still residing at that location. The mediator approached the roommate and asked him to forward a letter to Smith. The letter stated that he would receive an additional monetary settlement.
The CEO independently authorized increasing the payout from the original $32,000 to $50,000 in the hope that the additional money would reduce a violent response by Smith. Smith was told in the letter that the increase was due to a companywide change in policy. Two weeks passed before the scheduled meeting. During that time, it was noticed that Smith had discontinued stalking the CEO. All existing protective measures remained in place.
The mediator was coached on how best to handle the meeting, from using neutral language and explaining the rationale for the settlement to addressing a series of anticipated questions. Smith arrived on time for the meeting, somewhat disheveled and agitated, but overall he appeared stable. The meeting was kept brief, and by all accounts, he seemed satisfied with the monetary amount received.
The surveillance on Smith lasted another 15 days. At the end of that time, he moved to the West Coast to live with a sister. Periodic surveillance revealed that he found gainful employment. The CEO did not receive any further correspondence from him.
Such happy endings may not always be possible, however. In other cases, when the anonymous author is identified, the company may want to report this individual to the police, along with all the evidence, which could lead to an arrest, a restraining order, or detainment. Management should carefully review and consider all realistic intervention and management options before making a final decision about which course of action to pursue.
Policy Revision
In our client’s case, the incident was a wake-up call for the company, and management resolved to be better prepared for future cases. With that goal in mind, the organization expanded its workplace violence prevention policy to include strategies for responding to anonymous communiqués. The policy provided that all threatening communications would have to be forwarded to a central location. Existing staff were notified and given updates about this policy, while new hires learned this during their orientation.
As a part of the new policy, a threat assessment team (TAT) was formed from among existing security personnel. TAT members were charged with being the central reporting authority for threatening communications. It would be the team’s job to perform the initial screening on all questionable correspondence; they were given special training to handle this new responsibility.
Any threatening communiqués received companywide are now forwarded to the TAT—including electronic messages and any letters or packages, regardless of the means of delivery. Procedure dictates that the TAT preserve all such correspondence for future reference. It may become part of an investigation or it may serve as physical evidence in a criminal court or civil action.
Protocol also requires that the TAT maintain an appropriate chain of custody, documenting the receipt, custody, control, transfer, and analysis of all correspondence, including physical or electronic evidence. In instances where perishable items—for example, plants or food—are received, they are photographed or videotaped before being preserved or discarded.
The TAT analyzes inappropriate and threatening correspondence and assigns each one a case number and a preliminary risk potential classification of low, moderate, or high. Cases tagged as low risk remain inactive, and the evidence is archived. All correspondence classified as a moderate or high risk is forwarded to an external threat assessment consultant for analysis and management strategies.
All organizations have a vested interest in preventing or mitigating workplace violence. One element of any such prevention policy should be a standardized screening process for anonymous threatening correspondence. By having a policy in place, companies increase their chances of proactively responding to the “nut mail” rather than being forced to reactively respond to the “nut.”
Mark Brenzinger, Psy.D., is president of Midwest Behavioral Risk Management, P.C., Schaumburg, Illinois. He is a clinical and forensic psychologist concentrating in assessing and managing behavioral risk. Brenzinger is a member of ASIS International.
Timothy Flora is president of Mid-West Protective Service, Inc., and has more than 28 years of experience in law enforcement, private investigations, and security. He has worked in federal law enforcement and as an investigator and supervisor with local law enforcement. He is a member of ASIS International.
Henry Rush has more than 30 years of experience in military and public law enforcement. In the private sector, he has led executive protection teams, investigated and brought civil and criminal cases to the courts, and instituted patrol tactics for security officers in the field.
