Overseas travel, particularly business travel, can be seen as glamorous by the uninitiated. In reality, it can be fraught with risk, writes Stuart Hughes, pictured, MD of Enterprise Security Risk.
For those climbing Mount Everest, risk is part of the experience, but for the average business traveller, danger should not be a part of the trip. It is clear that everybody has a different appetite and perception of risk. Equally, we all instinctively manage risk to some extent day in and day out to ensure nothing goes wrong in our daily lives. Business travel should be no different, both for the traveller and the company. For businesses not to manage risk would be remiss at best and potentially negligent at worst. Whilst business travellers should expect their companies to undertake reasonable steps to ensure they are fully prepared and aware of the risks and how to mitigate them, the business itself should reasonably expect the traveller to heed the advice and training provided.
Whilst major incidents, wherever they may occur, grab the headlines and rightly a significant amount of our collective professional attention, we must not forget the more common incidents that will also regularly impact our colleagues. The frequency of incidents such as road traffic accidents, petty crime, sexual offences, and illness or injury requiring medical attention is many times greater than those that are the focus of news reporting, as is the probability of travellers encountering such circumstances. How many people travel with prescribed medicines, and how many of those have given adequate consideration to the legality of that medicine in their destination countries or their ability whilst there to acquire the necessary health care for their conditions or replenishment of their medications.
How many employees use a hired car in a foreign country after getting off a long-haul flight? Is the person competent to drive in that country? Are they well rested? Did they drink alcohol whilst on the flight?
Duty of care is equally applicable to the health, safety, security, and well-being of employees, contractors, and other people the organisation has responsibilities toward. Across a number of countries, both the corporate entity (and in some cases, the parent company) and individuals within the company can be held accountable by the courts for duty-of-care failures. Any corporate entity is required to robustly demonstrate that it has adequately discharged its duty of care across the full range of incidents from the headline grabbing to the more common. The focus of this duty is often restricted to those employees engaged in business travel. It should not be forgotten, however, that duty of care extends also to local employees, expatriates, and potentially even to their dependents and those residing with them. All this is set against a volatile, uncertain, complex, and ambiguous world.
A notable challenge (as with any topic within a large corporation) is the “tone” from the top, without which there will be little traction. To ensure the correct level of focus, there is a requirement to have strong leadership commitment from senior management up to and including the CEO. This is particularly relevant given that travel risk management and duty of care do not sit in an isolated silo. Rather they span multiple departments within an organisation and require extensive cross-functional work. Signposting this commitment will significantly support the integration with day-to-day business processes and the focus of relevant stakeholder parties. An unambiguous tone from the top will also go some way to ensuring the requisite level of budget and resource, which is imperative to success.
There are key aspects that will support a corporation in demonstrating it is taking its duty of care seriously. These include, but are not limited to, vision, strategy, policy, clearly defined roles and responsibilities, threat identification, risk assessment, prevention and mitigation strategies, incident and crisis leadership, communications processes, and decision-making authority. Clearly the travel security management vision, strategy, and policy must support the corporate strategic direction enhancing the business’s ability to achieve its overall objectives.
Training for the travellers should be a key component of any travel risk management programme. Once adequate training is provided (and documented), any traveller can carry out threat identification as he or she identifies danger. Proactively empowering travellers by ensuring that they are well prepared and possess greater levels of awareness is an extremely effective way of clearly evidencing the duty-of-care processes.
Training will need to cover travellers in general and will also encompass different levels according to the threats and risks identified. Every traveller will need to know the basics, including the scope of the travel security and risk management provision that is in place and how to access it. At the basic level, one example is the knowledge of the telephone number of the retained travel security and medical assistance provider.
Where risk or threats are identified during travel, processes should be activated that alert and advise the traveller accordingly. It’s obviously advantageous that these processes are rehearsed and have adequate internal and external resources applied to them. Prevention and mitigation strategies should be prioritised, firstly aiming to eliminate the risk entirely. Secondly, where the risk cannot be eliminated, the resulting aim would be to minimise the risk. And where neither is possible, put in place strategies to control the risk. Any such strategies will have to take account of travel destination, travel route, travel methods, travel itinerary, and the traveller profile, thus underlining the dynamic nature of the process, as many of those aspects can be (and often are) subject to change, often at short notice. As would be expected, any mitigation or prevention measures have to be proportionate to the risks faced and the corporate risk appetite.
Incident management training should occur regularly with clear response plans that identify the responsibility and authority levels of those involved alongside escalation protocols. Where the threat and risk levels are deemed sufficiently high, the protocols should include repatriation plans covering all people the organisation has responsibilities for and who can initiate such plans. It is imperative that a communications professional be included both in incident management (IM) teams and any subsequent crisis leadership. It is clearly important that the IM team be fully aware of the organisation’s capacity to respond to any incident including any dedicated resources, local support, and external providers.
A key challenge relating to incident management is identifying where travellers are at any given time. Not knowing exactly where impacted persons are when an incident takes place can lead to unnecessary workload, missed opportunities, and increased risk.
Providing a level of traveller tracking either by phone-based app or using standalone GPS devices is one solution. However, without the correct processes, resources, and training in place, this will provide a false level of comfort. There is clearly no reward without risk. With the right preparation, planning, training, and risk mitigation, the rewards of business travel for the organisation and individual can be huge. Happy travels!
Visit https://www.enterprisesecurityrisk.com/.
