How can security professionals meet their duty of care obligations for employee security when they have individuals operating overseas? writes Rupert Reid, Director Security & Crisis Management, at insurers Collinson Group.
Business travellers aren’t only being asked to go to what we might call the ‘vanilla locations’ and these days are travelling to far-flung, and arguably more risky, territories in pursuit of new and emerging markets. Such assignments present employers with the increasingly challenging task of fulfilling their duty of care obligations to travelling staff.
Historically the subject of travel security has touched on more headline-grabbing, high-impact events such as kidnap or terrorism. However, these tend to be lower frequency events and while employers of course need to take all reasonable steps to protect employees in these circumstances, they also need to help safeguard them against higher frequency security risks, including street robberies, sexual assaults and road traffic accidents.
Budget cuts
Since the credit crunch, corporate travel budgets have been slashed and travel policies have become stricter in terms of the benefits available to business travellers; consequently, employees often have lower daily ‘stipends’ and expense rates. This can encourage them to take short cuts in terms of security, such as walking to the office rather than taking a cab, or staying in less salubrious hotels in higher risk neighbourhoods. Ironically, as corporate travel budgets shrink, so the demand for employees to travel further afield and explore new, often riskier, global markets is increasing. There is, therefore, a growing ‘tension’ between security, safety and cost.
Another key factor in business travel risk is the growing number of temporary contract staff. As businesses cut overheads and the associated head-count, so the numbers of temporary contract staff increase exponentially. This means that duty of care simply cannot be met at the same high level: a consultant on a temporary contract may never have visited the commissioning company’s head office for a briefing by its HR or security team before heading off on an assignment, thereby rendering this particular category of travelling staff more susceptible to risk.
Security culture
Large, established multi-nationals working in industries such as oil and gas exploration and extraction are well-versed in minimising the security risks faced by staff and contractors alike operating in higher risk territories. They understand the importance of comprehensive employee briefings, travel risk audits and on-the-ground personal assistance and protection. In contrast, many mid-market companies have insufficient resources to employ their own on-ground support and may therefore rely on local partners to handle employee assistance and security. This can lead to additional levels of complexity in the communication and operational process which can cause a unique set of problems. These companies are increasingly looking at joint ventures with local market operators to establish a bulkhead in an overseas territory; this often means duty of care responsibility is ‘delegated’ to a third party when an employee travels overseas.
Local management teams may have a very different perception of the security risks facing overseas travellers to their joint venture partner in the UK. For instance, best practice dictates that a lone female employee sent to Johannesburg should be collected at the airport and accompanied by a security-trained driver whenever travelling between the hotel and all meetings or site visits. However, the local company operation may perceive the risk faced differently and think it sufficient for the employee to be picked up by a local taxi firm or navigate the local public transport system on their own. They may be collected by a driver who has received no security training and who doesn’t realise the potential for a corporate traveller to be viewed as a potential target, thus skewing the perception of risk and vulnerability.
Communicating risk
When we look at the business of assessing travel security risk, we need to take a good look at how we communicate our findings to what the journalists now call the ‘Snapchat’ generation. The middle-manager of today who probably grew up taking two foreign holidays a year with their parents, spending their gap years in places like Vietnam and Ecuador is unlikely to plough through reams of weighty security risk information put together by a former soldier or policeman. So we need to understand that our target audience may be somewhat inured to travel risk as we know it, and structure our communication accordingly.
Frailty of technical ‘solutions’
The industry has, for some time, been wooed by technical solutions such as Travel Tracking. Unfortunately, the more the security culture and dynamics change, the less effective such technical ‘solutions’ become: if a temporary contact worker steps outside the corporate travel booking system or the intrepid mid-market entrepreneur ignores the travel risk briefing, no amount of technical measures will make them ‘visible’.
These days companies need to build both qualitative and quantitative risk management into their travel risk policies, catering for the temporary nature of certain sectors of the employee base; the growing ‘de-sensitising’ of the younger generation of travellers to risk; and the effect that tighter budgetary controls are having on their travel risk profiles. They need to separate their lower risk programmes from their higher risk exposures, adopting a ‘light touch’ approach to the former; and a more interactive qualitative approach to those they send to the higher risk locations.
Case study
The MD of a manufacturing company based in the West Midlands was due to fly out to Paris in November 2015 to attend a conference, just before the terrorist attacks. As is often the case with business travel, people use these trips to catch up with international acquaintances and the MD decided to stay with friends in the city the night before his conference. This alone could have thrown up problems. From a business and security perspective it would be sensible to share the hosts’ contact details, but on a personal level people often feel uncomfortable sharing contact information for friends or family who are unrelated to their business. This is a common issue when social niceties come into potential conflict with security necessities.
In this instance the MD’s wife fell ill and he asked his finance director to take his place on the trip. As he only found out he was travelling less than 24 hours before departure, the FD booked his flight direct with the airline and his hotel through Expedia. As is often the case with last-minute bookings, people will often have travel itineraries sent to their personal email, or smart phones, which makes it difficult for colleagues to access. Even when colleagues have access to email it can be difficult to find specific travel or hotel details if no one knows the website or agent the travel was booked through.
When the Paris terrorist attacks happened, no-one could find the FD as communications had been cut off by the emergency services. As he had ‘self-booked’ no-one could establish where he had been staying. He spent the night under his bed in his hotel room (on the advice of the hotel) and was not able to contact his family until the morning after. Obviously this was an immensely traumatic experience for the FD, his family, friends and colleagues. It highlights that, even in developed countries, when an incident occurs the channels of communication we all rely upon can become fractured. Situations such as these reinforce the need to have corporate travel policies with clear guidelines establishing procedures for when people travel abroad, even at short notice. It also demonstrates the value of travel tracking – albeit as a passive solution– for offering a modicum of peace of mind in these situations for loved ones back home.
While there are many instances where travellers are victims of actual attacks, there are many, many more caught up in the periphery of such incidents. It is here that unnecessary trauma can be avoided by having the most basic of contingency plans in place.
