People are any company’s most valuable asset and as such protecting them at work should be a prime objective; this is perhaps more so when companies send their people travelling on company business where the threats and risks to their wellbeing are exacerbated. During my time in the corporate world supporting security at hotels globally, I was shocked at the number of companies who used our hotels that did not have a formal Travel Risk Management program. Still today I hear of some well-known companies that have yet to implement such essential programs, leaving their people vulnerable to travel risks and potentially exposing themselves to litigation should harm come to their travellers.
There is little doubt that all responsible companies want to do as much as they reasonably can to do the right thing by their travellers.
The reasons for not having a formal Travel Risk Management program are varied, I have heard reasons including ‘it is complicated’, I am not sure where to start’, ‘never really thought about it’, ‘we have not got around to it’ and ‘I have no budget’. Other companies employ Travel Risk Management Consultancies, but some tend to over-rely on or over delegate to these consultancies using their engagement as a tick box exercise. Many of these consultancies offer excellent services but should ideally be used to support a company’s Travel Risk Management programs; consultancies cannot set travel risk appetite, do not have the authority to promulgate travel policies, authorise travel or enforce compliance for instance. Travel risk ownership cannot be delegated or transferred to a Travel Risk consultancy. As the travel risk owner, companies using Travel Risk Consultancies need to be in the ‘driving’ seat and have a clear idea of the Travel Risk Management program requirements and understand how the consultancy can plug-in and support the company’s program.
Travel risk consultancies cannot set travel risk appetite, do not have the authority to promulgate travel policies, and cannot authorise travel or enforce compliance.
6 Aspects of Travel Risk Management
1 Traveller – The traveller should understand that they have a responsibility for their safety in so much that they comply with all travel risk policies, travel clearance/authorisations and procedures and that whilst travelling they act responsibly; avoiding activities that make them vulnerable to threats and risks. It should also be ensured that travellers undergo Travel Risk Training. Travellers to high-risk countries should undergo enhanced training appropriate to the destination threat environment. All travellers regardless of seniority or position must adhere to travel risk management requirements.
2 Destination – Companies must understand the threats and risks that their travellers may face in the destinations to which they are being sent. This relies on the collection and analysis of destination threat and risks; some consultancies are offering some excellent travel threat and risk intelligence; over-reliance on Government Travel Advice sites is not advised because they rarely give enough granular information. This intelligence will guide travel risk training requirements, clearance requirements and risk mitigation measures etc.
3 Carrier – Carriers, such as airlines, are highly regulated and therefore levels of security and safety are high. This said it is important that companies only use airlines approved by a reliable authority such as the US, EU, or UK for instance. Particular attention needs to be paid to local airlines in some regions where safety regulations and enforcement may be weaker.
4 Transfer – Transfers in certain destinations can be a time of vulnerability; the traveller may be in a new or strange environment, could be tired or disoriented. Careful consideration should be given to transfers, particularly in high-risk areas.
5 Hotel/Accommodation – Internationally branded hotels should have well-developed security and safety programs; regardless, companies should seek details and validation of these programs to ensure that they meet the company’s security and safety expectations. It is always a good idea to confirm when the hotel was subjected to a security and safety audit and the results. Where female travellers are to be accommodated, it wise to use hotels that make provision for vulnerable travellers. Some Travel Risk Consultancies offer hotel screening services, but these are based on perfunctory visits to hotels by consultants who have very little insight into hotel security and safety operations; often they will not engage hotels for discovery. Such consultants are more likely to provide insights into the hotel’s local reputation with regards to criminality – drugs prostitution etc.
6 Off-Site Activities – Travellers are often most at risk during social activities conducted away from accommodation sites; risks emanating from criminal threats, poor traveller behaviour and/or a lack of situational awareness. Pre-trip research and good Security Risk Training should go a long way to mitigating these risks.
Accounting for Leisure Travel
‘Bleisure’ – Pre-Covid, there was a trend towards ‘Bleisure’ where business travellers combine their business travel with leisure travel. Travel Risk Management policies should take this into account and take a position on its permissibility, any restrictions and insurance issues.
So, these are some of the areas of travel that need to be considered when building a Travel Risk Management program, but what specific elements are required?
9 Required Travel Risk Components
- Senior Management ‘buy-in’ and program sponsorship.
- A Security Travel Risk Policy signed off by Senior Management.
- Assignment of responsibilities and accountabilities, for program management and compliance.
- An authorisation and booking tracking system, ideally a system that automatically blocks bookings with appropriate authorisation, records trip itineraries and relevant traveller details such as contact numbers, passport number etc.
- Appropriate corporate travel insurance program
- Restrictions on senior management travelling together.
- Traveller training programs appropriate to the threat environment, for instance, basic training for all travellers, enhanced for travellers to high-risk destinations and advanced for travellers to very high threat destination, that latter usually being a face-to-face course run by a suitable consultancy.
- A travel tracking system recording who is travel where, when, by what means and return dates.
- Traveller incident response plans.
And where appropriate, depending on destinations, circumstances, privacy considerations and risk appetite:
- Traveller locating and alarm devices/apps.
- Emergency evacuation retained services.
Those companies who have colleagues that travel on business and that do not have a formal Travel Risk Management program should seriously consider establishing one if this is meeting their duty of care to their travellers. Companies who have programs should constantly keep them under review to ensure that they meet the challenges of the evolving travel risk environment.
Questions for Consideration:
- How do you fulfil your duty of care to your travellers?
- Do you have a formal Travel Risk Management program?