Implementing a Travel Risk Management (TRM) program is critical to the success of any company and is rapidly becoming a regulated and required security discipline within corporate security operations. Many countries have already developed and adopted international standards to ensure commercial and nonprofit organizations are acting responsibly towards their employees as they travel. Companies that regard their reputation should be on the forefront leading the initiative to provide a secure, safe and healthy work environment wherever they operate.
Much like the Occupational Safety and Health Act (OSHA) of 1970 has regulated safety over the past forty-five years within the United States, a global health and safety standard is rapidly evolving for business travelers. The general duty standard established by OSHA states that "Each employer shall furnish to each of his employee's employment and a place of employment which is free from recognized hazards that are causing or are likely to cause death or serious physical harm to employees." Although OSHA may not have jurisdiction globally, the set standard is one of responsibility and should be applied to business travel.
Pinpointing travel risk has proven to be difficult for many organizations. Unlike measuring financial risk or organization security risk, travel risk is a little more complicated, and many organizations are using the wrong data points to measure and provide effective mitigation. Operations managers are depending on their security personnel to measure travel risk. Global security managers are used to physical security assessments and measuring country or regional threats, typically at a more strategic level and without considering organizational vulnerability. This method of using threat data only, and excluding vulnerability data, has caused travelers to be put in harm's way as well as facilitate missed opportunities for organizations.
The mitigation of common threats and the minimization of traveler vulnerability is essential for global organizations who wish to continue to operate and grow abroad. Employees are beginning to look to their managers for risk-mitigating services like protective security and informative mobile applications. As access to information increases and media outlets perpetuate the narrative that the world is more dangerous, operations managers can expect an increase in employees refusing to travel as well as more requests for risk-mitigating services.
Healthcare abroad is one of the most daunting tasks global operations managers may have to take on. Privacy concerns aside, there are extreme differences in medical standards all over the world. Is it possible to adhere to the labor and health regulations of the organizations home country that do not coincide with the standard of care employees receive abroad? How does a manager prepare employees without scaring the desire to travel out of them?
“two hundred and thirty-one million business travelers will experience some sort of medical crisis while traveling”
According to the Center for Disease Control (CDC), approximately fifty percent of all travelers will experience a medical issue while traveling abroad. In 2017, there were two billion, four hundred twenty-eight million trips departing from the United States. Out of those trips, four hundred and sixty-two million were business related. Based on this information, approximately two hundred and thirty-one million business travelers will experience some sort of medical crisis while traveling. These statistics point toward one conclusion. Almost all organizations that send employees to travel on their behalf will incur costs associated with providing health care in a foreign location. The question is, how much of that cost can be avoided or reduced, keeping in mind the wellbeing of the employee and the reputation of the organization?
Closely following the threat of a medical incident abroad, in probability and severity, are vehicle accidents and crime. Although global terrorism and geopolitics seem to dominate international headlines, a traveler is much more likely to be in an automobile accident or the victim of a scam, robbery or assault. There must be a balance of preparation, personal and corporate responsibility and global response capabilities in order to ensure employee safety, business continuity and reputation protection.
A TRM program can be implemented through the following prioritized goals;
Obtain Senior leader buy-in.
Identify a clear chain of command to include a Travel Risk Manager, Crisis Management Team Leaders, and Regional Intelligence/Security Analysts.
Initiate the development of a comprehensive TRM policy covering; risk mitigation, traveler tracking, global crisis response, company wide communication, traveler aftercare and traveler training.
Clearly define the mission of the TRM program and write the policy.
Develop an employee training program that implements online training, classroom training, and scenario-based training exercises dependent on traveler vulnerability and location threat levels.
Implement a company wide communication tool.
Implement a policy dissemination plan through lines of business by internal marketing and customer outreach.
Develop or procure an internal traveler tracking platform that integrates with crisis response tools.
Grow travel and security vendor network globally and contract services through vetted, preferred local vendors (ensure Key Performance Indicators (KPI) and an evaluation process is in your policy).
Periodically evaluate the policy through customer surveys, debriefs and policy recommendation.
The main key to implementing a comprehensive TRM Program is senior leader buy-in. Responsibility for the program must be assumed by a security practitioner that understands the unique challenges that come with training, tracking and responding to crisis situations globally. The Travel Risk Manager must also understand commercial organizations and growth goals. There should be a balance between risk taking and risk mitigation. Corporate Security is often looked at as a growth blocker and rightfully so, as often the knee-jerk response to travel risk is the removal of the vulnerable traveler without looking for ways to simply decrease that traveler’s vulnerability and continue with the mission.
TRM requires operations managers to shoulder an enormous amount of risk, based on an inherent lack of control over the actions of employees, who are unsupervised, in an uncontrolled environment, and halfway around the world. Where traditional industrial security would implement physical access control or onsite response measures, travel security cannot impose such controls and must trust the employee to follow the training, instruction and most importantly, written policy provided by the organization.
Without specific TRM policies, operations managers are leaving employees to react to extremely volatile situations on their own. The same level of care and safety policy compliance extended to personnel on a factory floor should be extended to travelers. Managers would likely never send an employee, guest or vendor onto a factory floor without a verbal briefing and posted instructions on where the emergency exits, and evacuation route locations are. Why should travelers receive less resources to do the same abroad?