Multi-Agency Public Protection Arrangements (MAPPA): national guidance

4. The Assessment and Management of Risk

4.1 This chapter identifies the three levels at which risk can be managed for individuals subject to MAPPA and outlines the risk assessment and management framework.

4.2 As detailed in Chapter 1, this guidance relates to the operation of the provisions for the following three categories of individuals in Scotland:

(a) Individuals subject to the Sex Offender Notification Requirements (SONR), who are more commonly referred to as Registered Sex Offenders (RSOs) – further information on this category of individual and how this category operates within MAPPA can be found in Chapter 5 of this guidance;

(b) Restricted Patients – further information on this category of individual and how this category operates within MAPPA can be found in Chapter 10 of this guidance; and

(c) Other Risk of Serious Harm individuals – further information on this category of individual and how this category operates within MAPPA can be found in Chapter 9 of this guidance.

Risk Management

4.3 Within MAPPA there are three risk management levels. These are:

• Level 1: Routine Risk Management;
• Level 2: Multi-Agency Risk Management; and
• Level 3: Multi Agency Public Protection Panels (MAPPP).

4.4 Using these three management levels nationally enables a consistent approach to be taken under MAPPA across Scotland. Each area has discretion in deciding which level cases should be managed at based on the most current risk assessment, analysis of risk of serious harm and the Risk Management Plan (RMP). This is key to informing the necessary depth and content to the assessment and management of risk required. The RMP template can be found within MAPPA document set of this guidance.

4.5 The risk management structure is based on the principle that individuals should be managed at the lowest MAPPA level proportionate with delivering a defensible RMP designed to address the risk of serious harm posed by them. (This also links directly to human rights and diversity – see Chapter 1 – at para 1.8.)

4.6 Risk of serious harm is defined as:^[6] the likelihood of harmful behaviour of a violent or sexual nature which is life threatening and/or traumatic, and from which recovery, whether physical or psychological, may reasonably be expected to be difficult or impossible.

4.7 For MAPPA purposes the imminence and likelihood of risk of serious harm is classified as follows:

• Very High: there is an imminent risk of serious harm. The potential event is more likely than not to happen imminently and the impact would be serious;
• High: there are identifiable indicators of risk of serious harm. The potential event could happen at any time and the impact would be serious;
• Medium: there are identifiable indicators of serious harm. The individual has the potential to cause such harm, but is unlikely to do so unless there is a change in circumstances, for example failure to take medication, loss of accommodation, relationship breakdown, drug or alcohol misuse; and
• Low: current evidence does not indicate likelihood of causing serious harm.

4.8 The Standards and Guidelines for Risk Management (RMA) apply to the management of individuals who are a subject to an Order for Lifelong Restriction (OLR).

4.9 In addition, these standards and guidelines apply to the management of other individuals who pose a risk of serious harm.

Trauma Informed Practice

4.10 The Scottish Government's Mental Health Strategy (2017-2027) acknowledges the need to ensure that interventions for people involved in the justice system are informed by an understanding of the impact of trauma.

4.11 The Scottish Government have produced the Trauma-informed practice: toolkit (2021) as part of the National Trauma Training Programme, to support all sectors of the workforce (including justice agencies) in planning, developing, and delivering trauma-informed services. This helps ensure that services are delivered in ways that reduce barriers and prevent further harm or re-traumatisation for those who have experienced psychological trauma or adversity at any stage in their lives (both in relation to the needs of individuals accused or convicted of offences, and victims). This toolkit, along with NHS Education Scotland's Transforming Psychological Trauma framework, should be taken into account when working with individuals in the justice system.

Identification Process – Lead Authority

4.12 It is important to identify the Lead Authority responsible for the potential management of the individual at the outset, applying the following criteria:

• Individual in custody who will be subject to MAPPA on release (and including during periods of home leave, hospital visits, work placements) – Scottish Prison Service;
• Restricted Patient subject to MAPPA– NHS in the local area, where Mental Health Officer is provided refer to the Memorandum of Procedure on Restricted Patients and CEL19 (2008);
• Individual who will be subject to MAPPA with a Community Disposal or Supervision or other Order (excluding Sexual Offences Prevention Orders and Risk of Sexual Harm Orders) following release from custody – Local Authority (for duration of order and/or supervision);
• Individual subject to Sex Offender Notification Requirements and receiving a Community Disposal but where there is no statutory responsibility for the management or supervision by Justice Social Work services (JSW) – Police Scotland; and
• Transfer of MAPPA individuals in the community – refer to Annex 7 of this guidance.

Lead Authority Responsibilities

4.13 It is important to recognise that whilst a Lead Authority for each individual is identified for MAPPA purposes, this does not remove any statutory or other recognised responsibility of those other agencies that are, or may from time to time be involved with an individual. They have an on-going responsibility to consider and share information with relevant partners while the individual is managed or potentially to be managed under MAPPA.

4.14 The Lead Authority is responsible for completion of the MAPPA notifications and MAPPA referrals.

Individuals subject to MAPPA - assessed and managed at Level 1 Routine Risk Management

4.15 The largest proportion of all individuals subject to MAPPA are assessed and managed at Level 1.

4.16 This level of routine risk management is only used in cases where the outcome of the risk of serious harm assessment does not indicate that multi-agency active and alert^[7] risk management is required. This does not mean that other agencies would not be involved, only that it is not considered necessary to refer the individual to a Level 2 or 3 MAPPA meeting based on the risk of serious harm. The lead Responsible Authority has an on-going responsibility to consider and share information with relevant partners while the individual is managed under MAPPA.

4.17 Please note that Level 1 routine risk management is not applicable to Category 3 individuals (Other Risk of Serious Harm), as this category requires active multi-agency management at MAPPA Levels 2 and 3.

4.18 MAPPA Strategic Oversight Groups (SOGs) should ensure that MAPPA Level 1 processes and the minimum practice standards as agreed by the MAPPA National Strategic Group are in place within their area(s) and followed by each Responsible Authority. A statement of the minimum practice standards for the management of Level 1 individuals can be found at page 31.

4.19 The Level 1 process should take account of each individual agency's organisational guidelines and The Framework for Risk Assessment, Management and Evaluation (FRAME).

• Police Scotland – Standard Operating Procedures and Police Risk Practice Model;
• Local Authority - Justice Social Work National Outcomes and Standards for Social Work Services in JSW;
• Scottish Prison Service –Risk Management, Progression & Temporary Release Guidance; and
• Heath Boards – Memorandum of Procedure on Restricted Patients.

4.20 It is essential for effective Level 1 risk management that each agency has in place processes to ensure information sharing takes place, disclosure is considered (see Chapter 13 for further information on disclosure), and there are discussions with Duty To Co-operate (DTC) agencies as necessary. (Refer to Chapter 3 for further information on DTC). Details of information shared and decisions made should be recorded on the Violent and Sex Offenders Register (ViSOR) by the lead agency.

4.21 Whilst the management of an individual at Level 1 is a "routine" operational matter for the Responsible Authorities, they should have arrangements in place to review the case and to (if still appropriate) confirm that the risk management arrangements remain defensible. The timing of this review should be based on the risks posed by the individual. For further information about planning and responding to change, refer to Standard 2 in the Standards and Guidelines for Risk Management (RMA).

4.22 For example, a case relating to an individual subject to the Sex Offender Notification Requirements (SONR) being managed at Level 1 may require a multi-agency meeting to share information. The purpose of this information sharing is to ensure that all the risk factors are identified and the risks are being effectively managed. The lead Responsible Authority managing the case should identify when a meeting is necessary and should co-ordinate it, recording the information shared and decisions made through the updating and completion of the individual's management plan, recording on the relevant case management records and ViSOR. It is likely that individuals will be managed at different levels throughout their period of notification or supervision. Therefore, if it is considered that the identified risks require more complex active and alert multi-agency management then the individual should be referred to Level 2 or Level 3 along with an RMP to inform that decision and the management of the person.

4.23 As indicated at 4.16 the management of a Level 1 individual is not the sole preserve of the lead agency; there may still be a role for the other Responsible Authorities to be involved. Where those Responsible Authorities become aware of information that relates to the risk or change in circumstances of the Level 1 individual they should report changes to the respective lead agency as soon as possible, once they become aware of them.

4.24 In order to consider any potential need for referral to MAPPA Level 2 or 3 or otherwise, the lead agency requires to liaise with those other agencies who have or should reasonably be expected to have involvement with the individual in order to gather all relevant information pertaining to that person. This should assist in determining the most appropriate and defensible MAPPA management level and is essential to effective risk assessment and risk management by all the agencies involved.

4.25 Where a significant change in risk or circumstances has been identified, notified to, and discussed with the lead agency at the earliest opportunity. The lead agency is required to consider, in conjunction with those other agencies involved, whether any change is required to the on-going assessment and management of that individual and/or whether a referral to MAPPA Level 2 or 3 requires to be submitted for consideration by the MAPPA Co-ordinator.

4.26 The lead agency should have a process in place to ensure that the decision regarding Level 1 management is kept under review based on the risk posed by the individual.

Effective Information Sharing

4.27 Information sharing between agencies is a critical part of this process with reviews being aligned to risk level to ensure that any new information relating to risk assessment is captured and where required reflected in the risk assessment and management paperwork for a Level 1 case. This is particularly important with Third Sector providers and agencies where the risk has increased and they are supporting the victim(s), particularly where the offence involved domestic abuse, stalking or sexual offending. A trauma informed approach should be taken when considering how the victim should be informed and by whom.

4.28 For a new MAPPA Level 1 individual, the rationale and defensible decisions for either progressing or not progressing to a meeting should be recorded.

4.29 The means by which information is shared in relation to MAPPA Level 1 managed individuals can include: face to face contact; telephone or e-mail contact; ViSOR updates through to informal meetings and formalised and minuted Level 1 Review Meetings. An important factor in this information exchange is that both the provider and the recipient record what has been shared appropriately.

4.30 The method of seeking and sharing information should be determined by local arrangements and in accordance with national guidance, such arrangements being determined and kept under review by the SOG.

4.31 The lead agency is responsible for administration tasks such as sending out requests for information and collation of information.

4.32 Information to be included on ViSOR (including shared information, MAPPA minutes, recorded decisions, risk assessments and Level 1 case management plans) is the responsibility of the lead agency. However, the responsibility for ensuring that ViSOR reflects the most up-to-date information on an individual is shared by all agencies involved with that specific case in that whichever agency receives new pertinent information about an individual should update ViSOR accordingly.

Review Frequency

4.33 Based on the risk and any significant change in circumstances relating to the individual (where relevant), the lead agency should identify when a meeting/request for information sharing is required. They should co-ordinate this to inform their management and facilitate activity. The key outcome being that information is effectively shared commensurate with risk and significant change, to inform risk management.

4.34 The lead agency responsible for management of the case should have a process in place to ensure that the decision regarding Level 1 management is kept under review based on the risk posed by the individual.

4.35 The lead agency and partners should use appropriate risk assessment tools^[8] within the structured risk assessment process in order to evaluate the level of risk and relevant risk factors.

4.36 If the lead agency review, based on the risk of serious harm and the associated management to the mitigated risk posed, indicates that management at Level 2 or 3 is required to manage the risks or needs of the case, the case should be referred to the MAPPA Co-ordinator using the MAPPA Referral form and draft RMP.

Management of Level 1 individuals should involve:

Practice Standard / Standard Statement

Partnership working and Information sharing

• The appropriate agencies will work together in the assessment and management of risk.
• The degree of communication, co-ordination and collaboration will be commensurate to the risk and complexities of the case.
• Information will be shared responsibly, in a timely manner, and in a way that is meaningful to all involved, including Duty to Co-operate Agencies.
• All live ViSOR records will be actively and accurately maintained and updated by Record Managers and relevant partners.
• Information sharing will be at a level which is mindful of each individual's rights to privacy and confidentiality.
• The SOG shall establish an effective and continual information sharing process to consider and manage individual's risk. All individuals subject to MAPPA must be managed by an identified MAPPA Lead Authority.

Risk Assessment

• Risk assessment will involve identification of key pieces of information, analysis of their meaning in the time and context of the assessment, and evaluation against the appropriate criteria with regular reviews commensurate with risk.
• Risk assessment will be conducted in an evidence-based, structured manner, incorporating appropriate tools and professional decision making, acknowledging any limitations of the assessment.

Risk Management

• Risk management measures will be based upon and updated in response to current research evidence.
• Risk strategies, and the associated activities of monitoring, supervision, intervention and victim-safety planning, and, as appropriate, disclosure and contingency planning, which are used to manage the risk posed by offending behaviour will be tailored to the needs of the individual.
• Measures should be proportionate to the level of risk, defensible, and congruent to the remit of the responsible agencies.

Planning and responding to change

• All management plans (case management or risk management) and decisions will be based on a risk assessment which is of the appropriate level to support such a decision or plan.
• The SOG (and Responsible Authority) has in place a process for ensuring that individuals are managed and reviewed at the appropriate level.
• The actions to be taken will be clearly documented and their rationale will link explicitly to risk assessment. The risk assessment and management processes will be dynamic, with the capacity to respond to changes in risk.
• Care will be taken to maintain the dynamic link between risk assessment and planning through on-going assessment and review.
• The level and immediacy of any response to change will be proportionate to the significance of the change and risk. Reductions and increases in restrictions or interventions will be justified and supported by a suitable reassessment of risk.

Quality Assurance

• The SOG is satisfied that arrangements are in place for self- evaluation at practitioner, agency and multi-agency levels.

Individuals subject to MAPPA - assessed and managed at Level 2 Multi-Agency Risk Management

4.37 Level 2 risk management can be applied to any of the three MAPPA categories. It should be used where there are concerns that an individual presents with indicators of risk of serious harm and may require active and alert^[9] multi-agency risk management. This involves completion of the RMP. A fuller risk of serious harm assessment should be carried out (first half of RMP). The conclusion of this should offer whether the individual presents with a risk of serious harm and to what level (low, medium, high or very high). It should also offer a conclusion on whether there is a need for active and alert multi-agency risk management. If so, then the second half of the RMP is completed. This should determine the referral to Level 2 or 3.

4.38 An individual who is being managed at Level 2, may be referred for Level 1 following ratification of their RMP, where all partners agree that active and alert multi-agency risk management is no longer required. Alternatively, the likelihood and impact of an individual's risk has increased, and/or the management requirements of the case have increased requiring their risk management Level to be raised to Level 3.

4.39 It is vital to understand that risk can and will change, so the means of managing risk should be capable of reacting to and reflecting risk accordingly. It is possible for an individual subject to MAPPA to be referred to another risk management level, or exit MAPPA altogether.

4.40 Any decision regarding a change in risk Level should require agreement by all partners with the rationale for the decision being proportionate, necessary, evidence-based and recorded and highlighted in the RMP. Where an RMP is actively being used, this indicates that there is evidence that justifies active and alert multi-agency risk management.

4.41 The Responsible Authorities, through the MAPPA Co-ordinator, are responsible for convening and supporting the Level 2 arrangements. Depending upon the needs and the MAPPA category of individual, the following agencies/organisations should routinely play an active role in Level 2 management:

• Police Scotland;
• Local authority – Justice Social Work; children and families or youth justice social work teams; adult services; housing Sex Offender Liaison Officers (SOLOs) and, where appropriate, education;
• Scottish Prison Service (SPS)
• the relevant Health Board, including mental health services; and
• other agencies, e.g. Third sector providers and agencies supporting the victim(s), particularly where the offence involved domestic abuse, stalking or sexual offending.

4.42 Level 2 arrangements should involve permanent representatives from the relevant agencies, supplemented by representatives from other organisations as needed, in order to provide effective oversight of RMPs.

4.43 Multi-agency risk management may mean a significant caseload of individuals requiring active management and review by the Responsible Authorities. To achieve this, the Responsible Authorities should ensure that the meetings are effectively managed and supported. All decisions taken require to be proportionate, necessary, evidence-based and recorded and highlighted in the RMP.

4.44 The Responsible Authorities have a statutory role in ensuring the efficient and effective operation of MAPPA. For this reason, it is important that the Level 2 meetings are chaired by a suitably senior representative of either Police Scotland, the Local Authority, SPS or Health.

Review Frequency

4.45 The frequency of these meetings is a matter for the Lead Authority in liaison with the MAPPA Co-ordinator and partner agencies. Consideration of the frequency should be informed by the risks and any significant change relating to the individual (where relevant). This should be highlighted in the RMP. However, setting regular meetings based on risk should allow the opportunity for the systematic review of the Risk Management Plan, and in any case, Level 2 cases must be reviewed no less than once every 12 weeks. All decisions require to be recorded and evidence based.

Level 3: Multi-Agency Public Protection Panel (MAPPP)

4.46 The MAPPP is responsible for the management of individuals at Level 3. Level 3 can be applied to any of the three categories of individuals managed under MAPPA. It is recommended that each MAPPA Strategic Oversight Group (SOG) identifies at least one Level 3 Chair. The MAPPP members should possess the relevant experience and seniority to understand the requirements of Level 3 management and to commit the necessary resources to it.

4.47 The criteria for referring a case for any of the three categories to the MAPPP are where the individual:

• is assessed as presenting a high or very high risk of serious harm; and/or
• presents risks that can only be managed by a plan which requires close co-operation at a senior level. This would be due to the active and alert multi-agency involvement in the case and/or because of the unusual resource commitments required;

Or

• although not assessed as presenting a high or very high risk of serious harm, the case is exceptional because the likelihood of media scrutiny and/or public interest in the management of the case is very high and there is a need to ensure that public confidence in the criminal justice system is sustained.

4.48 With the exceptions as detailed at 4.47 individuals managed at Level 3 will have been assessed as high or very high risk of serious harm. For clarity very high and high risk of serious harm are defined in MAPPA as:

• High: there are identifiable indicators of risk of serious harm. The potential event could happen at any time and the impact would be serious; and
• Very High: there is an imminent risk of serious harm. The potential event is more likely than not to happen imminently and the impact would be serious.

4.49 While most are individuals being released from prison, or already being managed in the community, it may also include:

• an individual on discharge from detention under a hospital order (with the health board as the Responsible Authority);
• an individual arriving from overseas (whether immediately following their release from custody or not); and
• an individual in the community whose assessment of risk of serious harm was categorised as low or medium, comes to present a high or very high risk as the result of a significant change of circumstances.

4.50 Level 3 cases may be referred to Level 2 when for example, the likelihood and impact of risk has diminished or where the management requirements of the case have reduced. All decisions taken with regard to a change in Level require to be proportionate, necessary and evidence-based, recorded and highlighted in the RMP.

Representation at Level 2 and Level 3

4.51 The key to the effectiveness of Level 2 and Level 3 arrangements is identifying and ensuring the right multi-agency representation and involvement. In determining the level of the representation and the nature of that involvement the following should be considered:

• The representatives should have the necessary level of seniority and possess the authority to make decisions which commit their agency's involvement and resources, taking into account requirements to follow their own organisation's policies and guidance. This is of vital importance as deferring such decisions could impact negatively on the effectiveness of the multi-agency operation.
• The representatives require the relevant knowledge and experience in risk/needs assessment and management, as well as in partnership working.
• The effectiveness of Level 2 and Level 3 arrangements depends in large part upon establishing continuity. Multi-agency work is often complex and benefits greatly from the continuity of personnel and their professional engagement.

Review Frequency

4.52 The frequency of these meetings is a matter for the lead agency in liaison with the MAPPA Co-ordinator and partner agencies. Consideration of the frequency should be informed by the risks and any significant change in circumstances relating to the individual (where relevant). This should be highlighted in the RMP. However, setting regular meetings provides the opportunity for a systematic review of risk and management levels identified in the Risk Management Plan.

4.53 The Responsible Authorities and DTC agencies have an on-going responsibility to inform the lead Responsible Authority and the MAPPA Co-ordinator of any information they receive that indicates a change in the risk of serious harm posed by an individual, in either a positive or negative manner. A meeting must be arranged to review the circumstances.

4.54 Consideration of the frequency of these meetings should be informed by the risks and any significant change in the circumstances of the individual, where relevant. The minimum standards in respect of review meetings are as follows:

• MAPPA Level 2 - to be reviewed no less than once every 12 weeks
• MAPPA Level 3 – to be reviewed no less than once every 6 weeks

Risk Assessment and Risk Management

4.55 The following information provides an initial reference point and a link to further sources of information either within this guidance or elsewhere.

4.56 Standards & Guidelines for Risk Management– Risk Management Authority (RMA) are for the active and alert^[10] risk management of those who pose a risk of serious harm.

Risk Assessment

4.57 Risk assessment should:

• involve identification of key pieces of information, analysis of their meaning in the time and context of the assessment, and evaluation against the appropriate criteria;
• be based on a wide range of available information, gathered from a variety of sources;
• be conducted in an evidence-based, structured manner, incorporating appropriate tools and professional decision-making, acknowledging any limitations of the assessment;
• be communicated responsibly to ensure that the findings of the assessment can be meaningfully understood and inform decision-making. Risk will be communicated in terms of the pattern, nature, seriousness and likelihood of offending; and
• be informed by research knowledge and grounded in the evidence base regrading effective practice.

4.58 To meet these standards an assessment underpinning a Risk Management Plan should evidence:

• a thorough review and evaluation of information gathered from interviews, file reading, chronologies, multi-agency discussion and collateral sources;
• the use of appropriate risk assessment tools to provide a sound empirical basis for the identification of risk and protective factors;
• detailed analysis of past and current offending in terms of its pattern, nature, seriousness and likelihood;
• an offence analysis that examines how, why and when offending occurs and begins to identify the relevance of risk and protective factors in episodes of offending;
• a formulation of risk that offers an understanding of the interaction and respective role of risk and protective factors in an episode of offending, and helps to identify triggers and early warning signs which may assist in recognising and responding to imminence;
• an evaluation of the current level of risk of serious harm; and
• recognition of the limitations of the risk assessment and identification of any case specific issues that may extend beyond the boundaries of professional training, qualification and expertise.

Risk Management

4.59 Risk management should ensure that:

• Risk strategies of monitoring, supervision, intervention and victim safety planning, and the associated activities which are used to manage the risk posed by offending behaviour, should be tailored to the needs of the individual;
• Measures should be proportionate to the level of risk, defensible, and consistent with the remit of the responsible agencies; and
• Risk management measures should be based upon and updated in response to current research evidence.

4.60 To meet these standards measures to manage risk of serious harm should:

• be tailored to the individual;
• comprise a balance of preventive, supportive and contingency measures;
• target the specific risks, needs and scenarios identified within the risk assessment and formulation;
• be delivered by means of the risk management strategies of monitoring, supervision, treatment or intervention and victim safety planning;
• be co-ordinated within a Risk Management Plan which is shared with key partners;
• be regularly reviewed to evaluate progress and ensure the on-going appropriateness of measures; and
• be informed by research knowledge and grounded in the evidence base regarding effective practice.

Defensible Decision Making

4.61 The Framework for Risk Assessment, Management and Evaluation (FRAME) published by the Risk Management Authority provides an outline of the agreed guiding principles of risk management. This includes a definition of defensible decision making.

4.62 In terms of FRAME a decision is deemed defensible if an objective group of professionals would consider that it meets the following criteria:

• Staff involved have appropriate levels of knowledge and skill and an investigative stance and proactive approach;
• The decision or action is based upon appropriate use of collected and thoroughly evaluated information and a risk assessment using reliable methods grounded in the evidence;
• Planning demonstrates risk management strategies matched to risks and risk level and all reasonable steps have been taken; and
• Throughout the process there is communication with relevant others, decisions are recorded, and policies and procedures followed.