The most consequential determination in an Independent Security Study is whether a bona fide business-oriented security concern exists. Treasury Regulation §1.132-5(m) makes this the threshold question. If a genuine concern doesn't exist, the rest of the analysis doesn't matter - there is no qualifying program, and the security costs are compensation.
The regulation doesn't offer a checklist. It provides a standard: the concern must be genuine, it must be business-oriented (tied to the executive's role, not personal lifestyle), and it must be documented with specific facts about the specific executive at the specific company. What follows are six fact patterns that illustrate how the standard applies across real situations. They're not exhaustive. They're representative of the range an ISS typically encounters.
Pattern 1: A specific, documented threat
The clearest qualifying fact pattern is a specific threat directed at a named executive in connection with their corporate role. This includes threatening communications (written, digital, in-person), credible intelligence about planned harm, and documented stalker behavior.
When a specific threat exists, the bona fide concern analysis is relatively direct. The threat is documented, the subject is identified, and the business nexus is apparent if the threat relates to the executive's public role. The ISS confirms the threat's credibility, assesses its severity and likelihood, and builds the program around it.
What matters operationally: the documentation trail. Threats should be preserved in their original form, logged with dates and response steps, and handled through a consistent process. A threat that was reported to law enforcement and documented in writing is far more defensible than one that was "known about" and never formally recorded.
Pattern 2: Industry-pattern threat tied to role
Some executives don't have specific personal threats but operate in industries or sectors with documented patterns of executive targeting. Energy infrastructure executives in contested geopolitical regions. Financial executives whose firms have been targets of organized activist campaigns. Pharmaceutical executives involved in contentious pricing debates.
In these situations, the bona fide concern doesn't depend on a personalized threat. It depends on documented industry threat patterns combined with facts that put this executive within that pattern - their seniority, their public profile on the relevant issue, and their exposure through media or advocacy attention.
This pattern is more fact-intensive than a specific threat. The ISS needs to document the industry or sector threat landscape from credible sources, then establish a specific nexus between that landscape and the executive's circumstances. Generic industry risk without an individualized nexus won't support the exclusion.
Pattern 3: Sustained public exposure without a specific threat
High-profile executives with sustained public visibility - consumer-facing CEOs, founders with active social media presence, executives who appear regularly in news coverage - carry exposure that can support a bona fide concern even without a documented threat.
The analysis centers on measurable exposure: what level of public identification exists, through what channels, and what patterns of contact or attention have followed. Digital exposure analysis is central here. A social media following of several million, combined with documented negative sentiment and the executive's home address appearing in publicly available data broker records, creates a different risk profile than a quietly operating C-suite executive at a private company.
The regulation's language - "bona fide business-oriented security concern" - is satisfied when the documented facts establish that the concern is real and connected to the executive's corporate role. A concern that exists primarily because the executive is wealthy, rather than because they hold a specific corporate position, is harder to qualify. The business nexus matters.
Pattern 4: Geographic exposure
Executives who travel frequently to high-risk geographies present a distinct fact pattern. The concern isn't about their domestic profile - it's about the environments they enter as part of their role.
This pattern requires documentation of where the executive actually travels, the security environment in those locations, and the specific risks associated with their profile in those environments. Country risk assessments from credible sources, combined with travel records showing frequency and duration, form the factual record.
Geographic exposure typically supports a more targeted ISS - the recommended program may focus heavily on pre-travel assessments, in-country protocols, and emergency response procedures rather than residential security or domestic ground transportation. The program should match the documented concern. An ISS that recommends 24-hour residential security for an executive whose primary risk is overseas travel isn't proportionate, and a study that isn't proportionate doesn't hold up.
Pattern 5: Prior incident history
An executive who has experienced a prior security incident - attempted assault, credible confrontation, vehicle tampering, residential intrusion - has a documented baseline that typically supports a qualifying concern going forward.
Prior incidents are relevant because they establish both that the executive has been targeted and that the risk isn't hypothetical. The ISS documents the incident history, assesses whether the pattern suggests ongoing risk, and builds the program to address the specific threat vector the incidents represent.
Two things matter in this pattern: documentation and recency. Incidents that were reported, logged, and investigated at the time are far more useful than incidents reconstructed from memory. And an incident from fifteen years ago at a previous employer has less weight than one from eighteen months ago in connection with the executive's current role. Recency isn't determinative - old incidents can remain relevant if the threat dynamics haven't changed - but it affects the weight assigned.
Pattern 6: No documented basis
The sixth pattern isn't a qualifying one. It's the pattern the regulation is designed to screen out: executive security benefits provided as a perquisite without a genuine underlying concern.
This looks like residential security for an executive whose home address isn't publicly associated with their corporate role, whose company hasn't attracted any documented threats or protests, who doesn't travel to high-risk environments, and who has never experienced a security incident. The security program exists because the executive requested it, because the compensation committee approved it as part of a package, or because a peer at another company has similar arrangements.
An honest ISS conducted under these facts doesn't produce a qualifying finding. The regulation requires a bona fide concern - real, documented, and business-oriented. When the facts don't support one, the study should say so. A study that produces a qualifying conclusion anyway isn't a qualifying ISS; it's a document the IRS can challenge for producing the predetermined answer rather than the accurate one.
The reason an independent firm conducting the ISS matters so much is precisely this scenario. A firm with no financial stake in the outcome can deliver the non-qualifying finding when that's what the facts support. A firm that also sells the security program has a structural incentive not to.
What the pattern analysis means practically
For companies assessing whether to commission an ISS, the value of the pre-engagement scoping conversation is in matching the executive's actual fact pattern to the standard before any work begins. If the facts clearly support a bona fide concern, the path to a qualifying study is straightforward. If they clearly don't, the path is a non-qualifying finding and a different conversation with the compensation committee. If they're in the middle - sustained exposure, partial documentation, emerging threat environment - the ISS is where the analysis gets done.
The threshold question isn't the only thing the ISS answers, but it's the first one, and everything else follows from it.
This post is for informational purposes and does not constitute tax or legal advice. Readers should consult qualified tax and legal counsel regarding the treatment of specific programs.