The travel risk management policy: When employees go global
Year 3 - Week 12
ISSN 2603 - 9931
Globalization meant a change in the organizational structure of companies. As a phenomenon based on technological changes applied to transport and communications, globalization allowed the expansion of markets from local to international and from bilateral to globalized relations, and it has brought a consequence: companies area of action has become also globalized thanks on the one hand to new technologies of communication and on the other to the capability of deploying employees in short or long term basis on what is commonly referred as business travels. And even though they are one of the engines in the company’s expansionism, these deployments of workforce –frequently in different countries from where the company is set- represent a new range of risks that the employee may suffer and that the company has to deal with, going from compliance industrial requirements to the protection of the employees’ safety in the so-called principle of duty of care. Travel Risk Management Policies are a tool to provide a response to these new challenges and mitigating the risks to acceptable levels for the business goals and continuity in matter of competitiveness, response and recovery, adapting to governmental regulations and industrials standards of care.
Travel Risk Management is not just a policy or program, but a comprehensive discipline of work that companies have to internalize. Threats may come from multiple points and many of them are not that dramatic: from terrorist attacks on critical infrastructures of transport as airports (Brussels, 2016), trains (Madrid, 2004) or underground (London, 2005 and Brussels, 2016), hostage taking situations (Dubrovka theatre, Moscow, 2002), commando terrorist operations in hotels (Mumbai, 2008; Soussa resort, Tunisia, 2015), or devastating natural catastrophes (the Indic tsunami in 2004, Mexico earthquake in September, 2017), to pandemics as the influenza A(H1N1) virus or strikes, demonstrations and civil unrest. These elements may increase in millions of dollars the company’s budget for respond and recovery. In all these scenarios, the asset to protect is the employee travelling outside the office facilities to represent the company with commercial purposes, locally or abroad. If the business travel is a long-term one, we can talk about expatriate assignees or expats, whose risk profile is significantly higher than short-term business travelers, since they face more potential threats on ongoing basis. The mission of the Travel Risk Management program is to mitigate these threats so they are no longer a risk.
A Travel Risk Management program, thus, should be perceived more as a process than just as a one-time program. It involves prevention, management, reaction and feedback, all the elements organized in a systemic –that is, adaptive- way. Attending to these three steps, we may define:
Preventive stage. It is clearly proactive, that is, the organization has to take different steps without being required in order to prevent undesired future situation.
Travel risk assessment. It is the process of identifying relevant threat present in each environment of action, evaluate threats in relation to the traveler’s profile and determine what level of risk is acceptable for the organization and the employee depending on the organizational goals and implementing mitigation organizations to reduce these threats to the acceptable level. Both monitoring and response to incidents would be also part of the whole program in a synchronized way. The company, as part of the Duty of Care principle, has also the “duty to disclose” potential detected risks or incidents to its travelers –i.e, a demonstration may not represent per se a threat, but the traffic hold-ups may mean to miss the meetings scheduled and consequently to fail in accomplishing the organization’s goals.
Planning. It integrates the organizational goals, so it has to consider local crisis management plans and business emergency plans. It is the most preventive step, since it looks for being ready to react faster and in a more effective way later. It is focused on giving an adapted response to the risks pointed out in the previous step.
Training in order to develop employees’ skills to respond effectively to ongoing incidents during their staying outside while performing efficiently their organizational roles. These training should include not only patterns of response in hostile environments or unstable situations, but also health and safety guidelines adapted to the travel destiny such as drinking only bottled water or to watch out for pickpocketing.
Monitoring 24/7. Organizations must dedicate systems, staff and budget to provide real-time monitoring of potential threats to business travelers worldwide. Mass alert notifications are a developing tool of great usefulness to reach travelers and expats of both sudden changes and increments in the level of threat in high-risk environments or assignments, so they may act consequently in mitigating the threat and taking the necessary steps to guarantee or improve their safety.
Reactive stage: incident response. It is based on the inclusion of the TRM system in the Operating Risk Management program every company must count on. The ORM should include a single emergency hotline service for any emergency impacting the company including travel issues. In this sense it would be useful to integrate in the organization a command and control post under the direction of a crisis management team to manage the different alert systems for multiple agents, vendors and employees and provide a response around the clock.
Feedback. Finally, it is in this sense of utmost importance to record every detail along the process so it may be included in the feedback loop and thus in the preventive process of assessment – planning –training – monitoring. The After Action Review or feedback report should answer questions such as if the incident could have been somehow prevented, and otherwise if it could have been handled more effectively. If both answers are affirmative then a modification of existing policies and procedures of risk mitigation must be introduced. The data collection may be carried about using a standardize survey to every traveler after the trip, in addition to the information gathered along the travel and the data recorded from the command and control post during the monitoring and/or incident response.
Even more compelling may be the compliance of all the attached legal obligations. The violation of the principle of duty of care as the legal responsibility of an organization to do everything reasonably possible to protect the health and safety of its employees may represent a flaw in terms of corporate responsibility and to increase the incident management cost and represent event a threat to business continuity and a reputational damage.
We can conclude remarking the importance of systematic –and systemic- travel risk management programs so they can provide an integrated multilayered security response both for the company and the travel, guaranteeing the safety of the organization’s members as well as the continuity of the business.
*Black Swan ts is the Travel Security division of GrupoDC Solutions