INTRODUCTION TO TRAVEL RISK MANAGEMENT
Implementing a Travel Risk Management (TRM) Program is critical to the success of any company (refers to commercial and nonprofits throughout the document) and is rapidly becoming a regulated and required security discipline within corporate security operations. Many countries have already developed and adopted international standards to ensure employers are acting responsibly towards their employees as they travel. Businesses that regard their reputation should be on the forefront, leading the initiative to provide a secure, safe and healthy work environment wherever they operate.
Much like the Occupational Safety and Health Act (OSHA) of 1970 has regulated safety over the past forty-nine years within the United States (U.S.), a global health and safety standard is rapidly evolving for business travelers. The general duty standard established by OSHA states that "Each employer shall furnish to each of his employee's employment and a place of employment which is free from recognized hazards that are causing or are likely to cause death or serious physical harm to employees." Although OSHA may not have jurisdiction globally, the set standard is one of responsibility and should be applied to business travel.
Pinpointing travel risk has proven to be difficult for many organizations. Unlike measuring financial risk or organization security risk, travel risk is a little more complicated, and many analysts are using the wrong data points to measure and provide effective mitigation. Operations managers are depending on their security personnel to measure travel risk. Global security managers are used to physical security assessments and measuring country or regional threats, typically at a more strategic level and without considering organizational vulnerability. This method of using threat data only, and excluding vulnerability data, has caused travelers to be put in harm's way as well as facilitate missed opportunities for organizational growth.
The mitigation of common threats and the minimization of traveler vulnerability is essential for global businesses that wish to continue to operate and grow abroad. Employees are beginning to look to their employers for risk-mitigating services like protective security and informative mobile applications. As access to information increases and media outlets perpetuate the narrative that the world is more dangerous, operations managers can expect an increase in employees refusing to travel, as well as more requests for risk-mitigating services.
Health care abroad is one of the most daunting tasks global operations managers may have to take on. Privacy concerns aside, there are extreme differences in medical standards all over the world. Is it possible to adhere to the labor and health regulations of the company's home country that do not coincide with the standard of care employees receive abroad? Is it possible for employers to instill confidence in their employees and at the same time, provide accurate location information?
According to the Center for Disease Control (CDC), approximately fifty percent of all travelers will experience a medical issue while traveling abroad. In 2017, there were two billion, four hundred twenty-eight million trips departing from the United States.
Out of those trips, four hundred and sixty-two million were business related. Based on this information, approximately two hundred and thirty-one million business travelers will experience some sort of medical crisis while traveling.
These statistics point toward one conclusion. Almost all organizations that send employees to travel on their behalf, will incur costs associated with receiving health care in a foreign location. The question is, how much of that cost can be avoided or reduced, keeping in mind the well being of the employee and the reputation of the organization?
Closely following the threat of a medical incident abroad, in probability and severity, are vehicle accidents and crime. Although global terrorism and geopolitics seem to dominate international headlines, a traveler is much more likely to be in an automobile accident or the victim of a scam, robbery or assault. There must be a balance of preparation, personal and corporate responsibility and global response capabilities in order to ensure business continuity and reputation protection.
A TRM Program can be implemented through the following prioritized goals;
Obtain organization leadership approval.
Clearly define the mission of the TRM Program.
Identify the TRM Program chain of command.
Initiate the development of a comprehensive TRM policy.
Implement a policy dissemination plan.
Develop an employee training program.
Develop or procure an internal traveler tracking platform.
Grow travel and security vendor network globally.
Periodically evaluate the policy.
The main key to implementing a comprehensive TRM Program is senior leader buy-in. Responsibility for the program must be assumed by a security practitioner that understands the unique challenges that come with training employees, tracking and avoiding crisis events, and responding to crisis situations globally.
The TRM Program leader must also understand commercial organizations and growth goals. There must be a balance between risk taking and risk mitigation. Corporate security is often looked at as a growth blocker and rightfully so, as often the knee-jerk response to travel risk is the cancellation of travel without looking for ways to simply decrease the traveler’s vulnerability, and continue with the mission.
TRM requires operations managers to shoulder an enormous amount of risk, based on an inherent lack of control over the actions of employees, who are unsupervised, in an uncontrolled environment, and halfway around the world. Where traditional industrial security would implement physical access controls or on-site response measures, travel security cannot impose such controls and must trust the employee to follow the training, instruction and most importantly, written policy provided by the organization.
Without specific TRM policies, managers are leaving employees to react to extremely volatile situations on their own. The same level of care extended to personnel on a factory floor should be extended to travelers. Managers would likely never send an employee, guest or vendor onto a factory floor without a verbal briefing and posted instructions on where the emergency exits, and evacuation route locations are. Why should travelers receive less resources to do the same abroad?