Travel risk management teams must develop a comprehensive corporate travel risk management programme that fits their organisation's objectives.
There is no one 'out-of-the-box' solution, but all travel risk management teams need to take into account specific considerations in order to create a successful programme.
The following list is meant to highlight typical considerations but should not be taken to be all-inclusive.
1. Plan with key stakeholders
Travel risk management teams should arrange meetings with key stakeholders to determine their best course of action in the formation of a corporate risk management programme that aims to ensure duty of care.
Considerations must be given to who should be part of the team, which could include
- One, global, risk manager that acts as the organisation's primary point of contact in crisis situations. This global risk manager should have direct reporting to C-Suite executives and should be empowered to make both strategic, and sometimes, financial decisions.
- Department heads in regional locations where companies operate. This facilitates increased cross-cultural communication and provides enhanced oversight. These regional points of contact should report to the global risk manager in the programme's hierarchy in order to facilitate a centralised command structure.
- An individual that can make decisions regarding acquisition of services and insurance policies. This individual should understand the intricacies of the insurance policies (eg response providers tied into the policies, elements covered by the policies, etc.) and maintain a close relationship with an account executive from their company's insurance broker.
Also consider the roles and responsibilities fulfilled by the corporate travel risk management team members. These will change by organisation, but should take into account where each member fits on the travel risk management hierarchy to ensure effective communication flow. It should also look into which team member(s) maintain traveller accountability and those team member(s) that would disseminate pertinent information and to who.
In addition, think about where the travel risk management team will meet in emergencies, such as a conference room for emergency management and phone technology that allows remote participation in call-conferencing.
2. Assess and understand risk
Travel risk management teams should evaluate areas of operation in order to determine the risks their personnel may face.
Assessing security risks should consider
- Street crime – low-level criminality such as pickpocketing, bag-snatching, etc.
- Serious crime – violent crime that may be conducted with weapons (eg carjacking, armed robbery, etc.)
- Civil unrest – the frequency of demonstrations or protests and any violence historically associated with such events
- Kidnapping – incidence rate of traditional, express, and virtual kidnapping should be considered along with who has historically been targeted (eg foreigners, local workers, high net-worth individuals, etc.)
- Espionage – physical or electronic surveillance and the tactics utilised to achieve successful espionage. Legalities surrounding the utilisation of encrypted devices should be considered.
- State corruptibility – the frequency of bribery, fraud, business misconduct, etc.
- State impunity – the level of ethical accountability and transparency to which the government holds itself
- Regime instability – the strength of the government and how it treats opposition, media, etc. Armed conflict – ongoing and historical frequency regarding insurgencies as well as engagements between law enforcement/government agencies and criminal organisations
- Terrorism – active networks or cells of terrorist organisations as well as historical attacks or the potential for future attacks
There are medical risks to consider, such as potential diseases found in the different regions where an organisation sends travellers or has assets. There are also potential vaccinations that could mitigate exposure to disease and you need to think about the availability of food and water in emergency situations.
Understanding the potential risks should help initiate dialogue on risk monitoring, that is, how the travel risk management programme maintains situational awareness on the dynamic risk apparatus in each location. Dialogue can also start on risk appetite – the level of risk an organisation is willing to take on (this will be discussed in more detail later on).
Risk starts as small as pickpocketing. ©iStock.com/Jacob Ammentorp Lund
3. Understand the travelling population
In order to build a successful corporate travel risk programme, the team needs to understand the nuances surrounding their travelling population.
Traveller profiles may range from the daily operators to high net-worth executives. Each profile may carry a different risk just as the experience of each individual, in regards to business travel, may differ and influence their overall risk.
The travel risk management teams must understand what the routine travel destinations are, as opposed to the elevated risk destinations, and how changing threats are monitored.
Consideration must be given to the mode of transport that the company's travellers utilise when on business trips.
4. Establishment of an organisational risk appetite
There is a military sentiment that, if you don't want to have any casualties, you cannot send anybody to war. The same holds true for companies operating on a global scale. Gauge the level of risk the organisation is willing to take.
There is a certain level of risk that must be undertaken; finding that level and preparing for it is a must. Understanding the potential fallout from any of the aforementioned risks, in addition to understanding the travelling population, can help organisation's establish the appropriate risk appetite.
5. Expand policies and procedures
Once a travel risk management team has established a framework with the key stakeholders, and understands their risk appetite, they should consider expanding their policies and procedures universally, across the entire organisation. The travel risk management team should consider the following
- Establishing a travel booking policy. Many organisations acquire one or two specific travel booking provider(s) so that all travel data is captured. This empowers travel auditing as well. A safe travel policy that outlines the exact steps an employee must take in order to successfully adhere to organisational travel guidelines. To ensure compliance, many organisations refuse to reimburse travellers unless they follow the policy.
- Travel risk management teams must consider a comprehensive crisis management plan. The overall plan could include business continuity plans, evacuation plans, and threat and vulnerability studies (conducted on-site).
- Risk management programmes must stipulate who, from the travel risk management team, as well as outside the company, needs to be included in the dissemination of pertinent information. This type of plan will rely on the sufficient establishment of roles and responsibilities as previously discussed. Purchasing a third party solution that has a 24/7 operation centre that can act as a single point of contact and coordinate a response aligned with these policies is advisable.
6. The appropriate placement of insurance policies
The travel risk management team should collaborate with those pertinent parties, both internally and externally, to place appropriate insurance policies eg business travel accident, kidnap-ransom-extortion, foreign voluntary compensation etc. Although some policies may have a bit of overlap, travel risk management personnel should ensure there are sufficient policies to cover minor and major medical, security, evacuations and kidnaps.
Medical risk including vaccinations should be considered. ©iStock.com/Paolo74s
7. Increase travel awareness
A successful risk management programme will include an educational piece for their travellers. It is no longer acceptable for organisations to send their travellers abroad without properly educating the employees so they can adequately safeguard themselves while travelling. Travel awareness can be presented through
- Travel training such as online travel awareness training courses and customised, destination-specific training courses for risk mitigation
- Pre-departure awareness including the provision of general information for the destination location Acquire in-depth, personalised risk assessments that consider the dynamic nature of the security apparatus in the destination location as well as the traveller profile, so that a narrative outlining risk mitigation recommendations can be provided to the traveller as well as the travel risk management team. Risk assessments not only increase traveller awareness but also assist organisations in meeting their duty of care obligations.
- Maintaining accountability for all travellers while they are deployed and keeping them informed of any situations that could affect their safety and transportation plans is advisable. Travel risk management teams must gauge their internal ability to sufficiently monitor their travellers at all times and should consider outsourcing this capability if they cannot adequately monitor their travellers around-the-clock.
8. Establish a mechanism for incident management
The travel risk management team must consider how best they need to respond to any incident, from the routine to the extraordinary. These guidelines must consider the ability to quickly triage any situation and provide first-line support as well as coordinate an insured response utilising existing policies.
It must also be able to coordinate uninsured responses via third party relations, if needed; maintain auditable logs in respect of crisis events and also maintain, and control, 360-degrees of communication with all pertinent parties until the incident is resolved.
Summary
It is vital for organisations to have a well-formed travel risk management team that can create and implement a successful corporate travel risk management programme. The programme needs to be developed based on well-thought considerations aimed at ensuring duty of care standards. Failing in duty of care provision can leave businesses open to litigation which could damage the organisation's brand and reputation. More importantly, business travellers would be placed at risk.