Facing potentially massive financial liability from the Oct. 1, 2017, shooting, MGM Resorts International has pursued an unprecedented defense strategy.
Companies all over the country have taken notice.
The casino operator is the first company to use the 16-year-old Supporting Anti-Terrorism by Fostering Effective Technologies Act — created in the aftermath of the Sept. 11, 2001, attacks — to counter plaintiffs’ claims.
In the worst mass shooting in modern U.S. history, gunman Stephen Paddock killed 58 and injured hundreds more as he sprayed bullets onto a crowd of 22,000 concertgoers from his room on the 32nd floor of Mandalay Bay. The Las Vegas Village concert grounds and Mandalay Bay are operated by MGM Resorts.
In July, MGM sued more than 1,000 Las Vegas mass shooting victims as part of a legal move to avoid or limit liability related to the massacre. The hospitality company argues that it is protected under the SAFETY Act because Contemporary Services Corp. — which oversaw security at the concert venue — was certified by the Department of Homeland Security.
The SAFETY Act limits or eliminates a company’s liability from a terrorist attack if it developed or deployed security technology or services certified by the Department of Homeland Security.
“The MGM lawsuit has highlighted the SAFETY Act to a degree that it certainly didn’t have before,” said Dismas Locaria, who specializes in security for Washington, D.C.-based law firm Venable.
MGM’s lawsuit has spurred companies around the United States to study whether they should go through the process to gain protection under the previously obscure law, lawyers and security specialists said.
“We’ve definitely gotten an uptick in interest,” Locaria said. “I’ve previously not had any hospitality clients in this space, and I’ve gotten inquiries from several. A couple of those are looking like they’re going to move forward with at least seeing what it’s going to take to get protection.”
Locaria declined to name the hospitality companies that have reached out to him.
Representatives for Caesars Entertainment Corp. and Las Vegas Sands Corp. declined to comment on whether their properties intend to apply for SAFETY Act certification. Representatives for Wynn Resorts Ltd., Station Casinos and Boyd Gaming Corp. did not respond to the inquiry.
The Department of Homeland Security, which oversees SAFETY Act certification, said it has seen a small pickup in applications over the past year.
But companies inquiring on the back of MGM Resorts’ action probably would not have filed an application yet because it takes months to prepare the necessary documentation.
“We have seen a modest increase in overall applications submitted to the program since October 2017,” said DHS spokesman John Verrico, adding that part of the increase could be from its own outreach efforts.
“In our experience, it usually takes more time before we can discern a trend since SAFETY Act applications for venue layered security programs are substantial undertakings and take significant time to prepare.”
A representative for MGM Resorts International declined to comment on the company’s possible influence on increased interest in the act.
The SAFETY Act works as legal protection only if an event has been declared a terrorist attack by the secretary of the Department of Homeland Security.
Current DHS Secretary Kirstjen Nielsen has not yet made a decision on whether the Oct. 1, 2017, shooting was a terrorist attack.
“The matter is currently under review,” according to a statement on the agency’s website.
In the meantime, the legal system will determine whether the SAFETY Act liability protection extends to MGM.
But the secretary’s decision will have repercussions beyond this case. Declaring the Las Vegas shooting a terrorist attack could set a precedent for active-shooter situations and potentially push more companies to apply for certification, Locaria said.
Mass shootings have become more frequent and more deadly in recent years. There have been four since Oct. 1, 2017, that have left at least 10 people dead.
If Nielsen declines to declare the Mandalay Bay shooting an act of terrorism, it could derail interest and investment in SAFETY Act certification and products, said Chuck Marino, a former supervisory special agent with the U.S. Secret Service and former senior law enforcement adviser to former Department of Homeland Security Secretary Janet Napolitano.
But Marino still recommends that companies seek certification.
“From a civil liability standpoint, it is never going to hurt you. You always want to say in your defense that you went above and beyond what was required,” said Marino, who is based in California and advises Fortune 500 companies on security issues.
Brian Finch, a partner at Pillsbury, Winthrop ShawPittman in Washington, D.C., said MGM could have avoided its current legal predicament if it had its own security program certified under the SAFETY Act. Neither Mandalay Bay nor MGM Resorts security is certified under the SAFETY Act, according to the DHS website, which lists all approved technologies and companies.
Finch spoke in September in Las Vegas at the Global Security Exchange, the industry’s largest convention. It was the first time the convention, which attracts more than 20,000 security industry professionals, invited someone to speak on the SAFETY Act since 2007.
Finch told the convention audience that not using SAFETY Act approved products, security services and plans is “kind of like being uninsured.”
“Now, a lot more” hotels and entertainment venues are thinking about the SAFETY Act and ensuring their third-party security guards and equipment are SAFETY Act-certified, he said.
Marino agrees with Finch that companies should take the extra step to get themselves SAFETY Act-certified.
“The current thinking is, ‘I am good because two-thirds of my technology is SAFETY Act-covered.’ But my recommendation is that companies should include everything from technology down to their policies and procedures,” Marino said.
Marino, too, said he has seen “a recognizable increase” in companies inquiring about the SAFETY Act since the MGM Resorts defense strategy made national headlines in July.
Time and money
Companies previously had been hesitant to get SAFETY Act approved because of the time and resources it required, Marino said.
Just preparing for the application process can take months, with the entire process, including a review by the Department of Homeland Security, sometimes taking longer than a year, said Finch and Locaria.
The Department of Homeland Security requires up to 120 days to first check the application for completeness and then study the product, service or plan for its security capabilities.
Companies need to demonstrate in their application that their product, service or plan has been well-tested.
“You need to really have a track record. You can’t just go in there saying this is what we implemented yesterday,” Locaria said.
Hiring consultants and lawyers to help with the application process can cost several hundred thousand dollars. Additional investments in SAFETY Act-approved technology could be required, increasing the overall cost of certification.
Executives previously saw the process as an investment that generated no return, Marino said. That is now likely to change after the Mandalay Bay shooting.
“After this horrendous event, the conversation within companies will now shift and be about how to protect against potential loss of business, liability exposure, and brand protection,’’ Marino said.
The Review-Journal is owned by the family of Las Vegas Sands Corp. Chairman and CEO Sheldon Adelson.
For the SAFETY Act to be triggered, the secretary of the Department of Homeland Security should declare an event an act of terrorism.
Current Secretary Kirstjen Nielsen has not yet declared theOct. 1, 2017, shooting a terrorist act.
“The matter is currently under review,” according to a statement on the Department of Homeland Security website.
Professional sports leagues have been encouraging team owners for several years to get their stadiums and security plans certified under the SAFETY Act, said Dismas Locaria, who specializes in security for Washington D.C.-based law firm Venable. The New York Mets and Yankees are among teams that have their stadiums certified, according to Department of Homeland Security.
NV Energy, the state’s power company, said that it is not SAFETY Act-certified but that it “meets or exceeds all regulatory-required compliance standards that address the physical and cyber security of our assets.”
Simon Property Group, which owns Las Vegas North and South Premium Outlets, has its shopping center security policies and procedures SAFETY Act-certified.