The short answer is: sometimes. The longer answer explains why most companies get this wrong.
Start with what the tax code assumes. Under IRC §61, income means all income from whatever source. When your company pays for an executive's bodyguard, installs a residential alarm, or puts the CEO on the corporate aircraft, the IRS treats that as compensation. It goes on the W-2. The executive pays income tax on it.
Most companies know this in theory. Fewer appreciate what it costs in practice.
Take a program running $500,000 a year. At a 37% federal rate plus applicable state income tax, the executive's additional tax bill approaches $200,000 or more depending on where they live. Most large employers pay a gross-up on taxable perquisites, which means the company writes a second check to cover the executive's tax. By the time the math works out, a $500,000 security program can cost the company north of $700,000. The executive still didn't choose the security, in many cases didn't want it, and the board required it for business reasons.
That's the default. There's an exception.
The working condition fringe benefit
IRC §132(a)(3) excludes working condition fringes from gross income. The term is defined in §132(d): something provided to an employee that the employee could have deducted as a business expense under §162 if they had paid for it themselves.
For most benefits this is straightforward. A business flight, a laptop, professional development. The employee could have deducted these; the employer provides them instead; no W-2 inclusion.
Security gets complicated. A home alarm system is ordinarily a personal expense. Commuting is non-deductible under settled law. An armored vehicle looks like a luxury car to anyone who doesn't know otherwise. The tax code doesn't automatically treat these as business expenses just because a company pays for them.
Treasury Regulation §1.132-5(m) explains when and how executive security crosses from personal expense into excludable working condition fringe. The requirements are specific, the documentation bar is high, and the failure modes are well documented in the regulation's own examples.
What has to be true for security to qualify
Two things have to exist before any exclusion is available.
First: a bona fide business-oriented security concern. The regulation defines this precisely. The facts and circumstances have to establish a specific basis for concern about the executive's safety. A generalized concern doesn't qualify. High net worth doesn't qualify on its own. The concern has to be tied to the executive's status as an employee of this particular company.
Factors the regulation points to include documented threats of death, kidnapping, or serious bodily harm against the executive or people in similar roles, and recent violent activity in areas where the executive operates that would actually reach this person. The list is illustrative, not exhaustive. Digital targeting, public vilification tied to specific business decisions, contentious litigation where the executive is personally identified, labor actions that generated documented hostility, industry characteristics that attract physical threats — all of these can contribute to a specific, documented concern.
The key word is specific. A company whose CEO has received credible, documented threats is in a very different position than one whose board is simply uncomfortable with the executive's public profile. Both are reasonable human reactions. Only one satisfies the regulation.
Second: an overall security program. Even with a documented concern, the exclusion only applies if the company has established what the regulation calls an overall security program. In its standard form, that program covers the executive 24 hours a day across residence, commute, workplace, and all travel. It includes a bodyguard/chauffeur trained in evasive driving, a specially equipped vehicle, access controls at the residence and workplace, and in appropriate cases employer aircraft for personal travel.
That's a serious and expensive program. Most executives don't need all of it. Most boards won't approve all of it.
The practical path: the Independent Security Study
This is where Treasury's regulation does something genuinely useful. It provides a way to get the same tax treatment with a less extensive program, provided the company follows a specific process.
An Independent Security Study (ISS) is a report prepared by an outside firm. If the study is conducted independently, objectively, and in accordance with the regulation's requirements, and if the company actually implements the recommendations, the narrower security program the study recommends is treated as if it were a full overall security program. The working condition fringe exclusion applies to everything the study recommends.
The math is significant. That $500,000 program that otherwise produces a $700,000+ cost including gross-ups instead costs the company $500,000 (plus the study fee). The executive pays no income tax on the security. The company deducts the full cost as a business expense.
What specifically qualifies
Given a qualifying ISS or a full overall security program, here's how the specific cost categories work.
Residential security is excludable when the study recommends it as part of the program. Alarm systems, monitoring contracts, residential cameras, and vendor verification procedures can all qualify. The measure has to be in the study and it has to actually be implemented.
Bodyguard/chauffeur services are fully excludable if the individual is trained in evasive driving techniques and the executive wouldn't have had a driver but for the security concern. The training requirement is specific and must be documented. A personal-convenience driver who isn't trained in evasive techniques doesn't qualify under this provision. The entire value of the bodyguard/chauffeur's services is excludable when the requirements are met, not just the security-related portion.
Company vehicles require separating the security features from the underlying vehicle value. The special security features (armor, ballistic glass, run-flat tires) can be excluded. The baseline vehicle value cannot. If an armored vehicle costs $80,000 and a comparable unarmored version costs $45,000, the $35,000 difference is the excludable amount.
Personal flights on company aircraft require the executive to include a safe harbor airfare amount in income. That amount is 200% of the non-commercial flight valuation rate under §1.61-21(g), multiplied by miles flown, plus the applicable terminal charge. The excess above that safe harbor is excluded as a working condition fringe. For a CEO whose board requires private aircraft for all personal travel on security grounds, this calculation can convert hundreds of thousands of dollars from taxable compensation to excluded fringe benefit.
Commuting in a company-provided vehicle is ordinarily taxable. The value of the commute can be excluded when the overall security program or ISS requirements are met and the study specifically recommends commuting security as part of the program.
Digital security services, including data broker removal, personal information suppression, and exposure monitoring, can qualify when the study recommends them. This category has grown significantly as digital targeting has become a more common precursor to physical threats.
Where companies go wrong
The most common failure isn't an honest disagreement about whether a concern exists. It's a gap between what the study says and what the company actually does.
The regulation's Example 5 spells this out plainly. A company commissions a study recommending both workplace security and ground transportation security. The company provides only the commuting piece. The recommendations weren't consistently applied. No overall security program is deemed to exist. The commuting value is taxable. Multiple years of exclusions collapse on audit.
That pattern happens because security and tax compliance live in different parts of the organization. The security team implements what the budget supports. The tax team assumes the full study is being applied. Nobody checks. An audit years later surfaces the gap.
The second failure mode is a study that doesn't have a genuine bona fide concern behind it. Some ISS providers will produce a study for any executive at any company, regardless of whether the facts actually support a documented threat. A study like that doesn't just fail to provide the tax benefit. It creates affirmative audit risk because the company took a position that wasn't supportable.
A third failure is retroactive justification. A company has been providing executive security for years, excluding it from the W-2, and has never commissioned a study. When an audit arrives, they ask a firm to produce something. The answer is no. The study has to precede or be contemporaneous with the program. A study created in response to an audit letter won't support historical exclusions.
The question to answer first
Before engaging an ISS firm, the question worth asking is whether the facts actually support a bona fide concern.
For many executives, the answer is clearly yes. For others, it isn't. An honest ISS firm will tell you which situation you're in during an initial conversation, before any engagement begins. That scoping call saves everyone time and sets up a study that will hold up rather than one that creates exposure.
If you're working through the tax treatment of your company's executive security program, we're happy to talk through the specifics. No engagement required.
This post is for informational purposes and does not constitute tax or legal advice. Readers should consult qualified tax counsel regarding the treatment of specific programs.