The recent revelation that a contract worth $423 million dollars was awarded to a relatively untried private security company (PSC), as part of a closed-tender process that appears to have been a one-horse-race stormed onto the political agenda in the last week. Labor Senator Murray Watt was incredulous, asking “how on earth (did) this tiny unknown company with no track record ever get $423 million in contracts from the Australian taxpayer?”.

If this type of contracting is to be extended, regulatory oversight of it must be improved.

Much has been made of the fact that the company’s headquarters appear to be a beach shack on Kangaroo Island, and questions about the company dominated last week’s Senate estimates hearings and will no doubt continue to reverberate.

But in the world of private security, enormous contracts are often awarded to companies through procurement processes with minimal due diligence. The history of contracting with private security companies reveals that, at the very least, Australian authorities should have exercised caution when approaching a PSC to provide services (even non-security services) in a politically sensitive environment such as Manus Island.

The history of large contracts being awarded to PSCs without serious reviews of the background and capacity of these companies is long and grim. But it is not a clandestine issue – the details are on the public record, and ought to be front and centre for those seeking to engage PSCs. There are worrying precedents for many aspects of the Paladin case.

First, we have seen problematic companies awarded major contracts in sensitive political and strategic scenarios before. During the Iraq War, the United States gave the British company Aegis Security Services a US$293 million contract to coordinate all the PSCs working in Iraq. The decision raised eyebrows. Aegis was run by a former British soldier, Tim Spicer, who had long been embroiled in scandal. His first company, Sandline, had been awarded a large contract by the Papua New Guinean (PNG) government in the mid-1990s. The details of the contract were leaked to the public and the PNG army revolted, leading to Spicer’s arrest and incarceration. Following his release, Spicer and Aegis were involved in a complex arms and weapons sales scandal with another PSC in the Sierra Leone Civil War, sparking the “arms-to-Africa” scandal which became the subject of a British government inquiry.

Despite Spicer’s chequered past, Aegis’ contract in Iraq was renewed. This astonished observers that a company involved in not one, but two, serious scandals could be awarded such a sizable and sensitive contract. Five US senators (including Hillary Clinton and John Kerry) wrote to the then-US secretary of Defense Donald Rumsfeld expressing concern.

Second, PSCs have a history of mission creep. Companies working in one area have extended their reach beyond their initial offering of services to gain more lucrative contracts. Just as Paladin appears to have begun as a small sub-contractor on Manus, expanding to win larger contracts when other providers bowed out, PSCs in Iraq were often able to carve out larger roles and bigger contracts. Aegis eventually began compiling and organising intelligence services in Iraq as well as security services (a move which eventually drew the ire of the US House Intelligence Committee). Other companies began working in Iraq on conventional security contracts but ended up performing military interrogations.

So what lessons should the experience of private security contracting have revealed? There are two areas that all those seeking to contract with a private security provider should investigate. First, politically hazardous parts of the world often attract dodgy people. Paladin replaced a contractor, Broadspectrum, which had given its contract up due to political pressure. The problem with jobs in politically sensitive or dangerous places is that companies with higher standards of caution often do not want to do them. Not every PSC is shonky, but it should not be surprising that a company willing to work in a highly dangerous or politically sensitive environment is likely to include some unusual characters or unsavoury backgrounds. Extra diligence is a must.

Finally, private security companies, even large companies, are often not very good at performing contracts. Take, for example, G4S, the British private security contractor hired for the 2012 London Olympics. At the time, G4S employed 675,000 people in 150 countries. Even so, G4S overpromised in its tender, agreeing to provide 13,500 security personnel. Less than a month before the games, it transpired the company was 3500 people short. Military personnel had to step in.

These security contracts are complex. Qualified, suitable personnel are hard to find. But for contracts that concern the potential use of force, or the delicacy of operating in a politically fragile environment, a higher level of oversight than is applied to other contracts is essential. These contracts are not for catering or cleaning services. They must be treated with the seriousness they deserve.

Australia has been a relatively minor player in the acquisition of private security services. Compared to the US and UK, Australia entrusts significantly fewer of these sensitive activities to the private sector. Australia has used PSCs in some scenarios, such as providing security for Australian embassies and high commissions, without controversy. If this type of contracting is to be extended, regulatory oversight of it must be improved. The US learned the hard way in Iraq that poor contracting practices with PSCs result in waste, corruption, and public embarrassment. During the protracted conflict in Iraq, American legislators were scrambling to fill the legislative and regulatory holes around private security contracting.

The Paladin affair should serve as a wake-up call for Australia to consider, perhaps with more wariness, when, where, how, and whether to deal with private security services.