Travel Risk Management: Why it's important
The pandemic has emphasized the importance of health within organizations - especially in those where business involves travel and human contacts.
The International Standard Organization (ISO) is still working on “ISO 31030 – Risk Travel Management – Guidance for Organization” that is scheduled to be released by the end of 2021. The contingent scenario requires a structured approach to travelling and the future standard is intended to assist those managing and participating in business travel.
We must consider that Travel Risk Management is part of travel-related activities of an organization, which also includes stakeholder management. Organizations need to meet their “Duty of Care” responsibilities, comply with any relevant legal and ethical obligations related to travel (across multiple jurisdictions) and have a plan in place to care for their staff.
It is important to show employees that they are supported by their company when travelling on its behalf. Travelers, whether international or national, can be faced with unfamiliar situations and environments that have different risk profiles.. Risks such as road accidents, disease outbreaks, epidemics, natural disasters, as well as conflict, crime (including cyber and information ones), terrorism, political and socially instability and unrest, can threaten the safety, security, and health (both physical and mental health) of travelers and also affect the outcome of their business trip.
Managing travel risks in a country where an organization has no local base, requires more comprehensive controls compared to those locations where mitigations have already been established and risk profiles are well known. Nowadays, a timeliness and accuracy of intelligence, analysis and advice, including travel warnings, has increased in importance and is going to highly influence travel decisions in the future.
Due to the contingent pandemic situation, Travel Risk Management requires organizations to anticipate and assess the potential impact of events, develop mitigations and communicate anticipated risk exposures to their employees. Thus, advising and providing travelling employees with adequate medical, emergency response guidance, security, and information security precautions, has become essential.
Organizations - of any size and industry sector - need to demonstrate that travel decisions are based on the organization’s capacity to treat risk using internal resources or with external assistance. Consequently, Travel Risk Management is set to become strategic and fundamental - both in terms of business continuity and organizational resilience - since it demonstrates an organization’s compliance to Duty of Care.
Travel Risk Assessment
A Travel Risk Assessment is fundamental to comply with obligations of Duty of care. The scope of the Travel Risk Assessment is to identify any threats an employee could face during a trip. Considering the fact that travel risks are constantly evolving and, consequently, the assessment must consider all aspects, i.e., from the loss of a flight to a global pandemic.
Thanks to a Travel Risk Assessment, organizations will be able to set ad hoc policies and procedures to reduce the travel risk wherever possible. In addition, a well-executed and communicated Travel Risk Assessment reassures the employees who are travelling and contribute to safeguard their safety by knowing what to do in case of critical situations, be aware of the potential threats and implement ad hoc policies to mitigate them.
Employee route tracking
Technology has been a powerful lever for change in the business travel industry, providing route tracking programs: location tracking apps are everywhere around us, and besides sharing location with friends and family, some of them are designed to allow employers to monitor their workforce's travel journeys remotely and be able to locate them in case of danger/emergency.
After assessing all travel risks, organizations have the obligation to embed travel risk culture among its employees and train them to discern between what is and is not to be considered a risk during a business trip. Therefore, training is focused mainly on prevention and make easier to avoid a dangerous situation than to solve it. Furthermore, by training employees on how to respond and behave in awkward situations when travelling, the organization contributes to safeguard their lives.
Regulations to comply with as an employer
In this contingent scenario, international corporations employing large numbers of workers abroad must demonstrate a proper management of increased crisis and critical situations involving their employees. Therefore, it is important that organizations know:
- how to handle business travels
- how to conduct a thorough Travel Risk Assessment
- how to set a duty of care policy
otherwise, they are only putting themselves at risk.
We must take into consideration that within the context of travel, Duty of care is the legal obligation to research, plan, and implement a strategy to mitigate the risks involved with business travelling.
An organization’s Duty of care contains a statement of its commitment to care for its employees and how far that extends. By implementing a Travel Risk Management System, organizations can put into place an ad hoc strategy to uphold their “duty of care”. In other words, organizations fulfill their Duty of care through the implementation of travel risk management procedures.
The Travel Risk Assessment activity is fundamental and strategic in terms of safety at work and represents an exclusive, personal, and non-delegable obligation, for which the employer is responsible for its employees. Due to the contingent pandemic situation, organizations are urged to put into place a Travel Risk Management System to cope with the multiple threats potentially impacting travelling.
If an organization does not have a crisis unit that can be activated in the event of an emergency, then it will need to rely on specialized international service operators and travel security operation centers that can monitor, analyze and inform travelers or expatriated employees about what is happening around the world and provide them with “ad hoc” news and alerts to avoid any areas at risk.
Therefore, any organizations should ensure adequate monitoring of the location/country of destination in terms of:
- Political instability or unrest - this aspect can jeopardize travel or travel plans and endanger travelers since business travel to and within politically unstable areas, requires careful planning based on up-to-date advices and information by monitoring, for example, the website of the relevant governmental institutions which notify, at global level, information in terms of security, protection, and level of terrorist threat.
- Hygiene and health - although it is difficult to predict health problems, ad hoc plans should be implemented in advance and provide strategic support in terms of prevention by checking in advance:
- Health threats and illnesses: Travelers will need to complete all the vaccination treatments necessary for the country before traveling.
- Availability of healthcare: organizations should make sure their travelers know where they can get medical care in case of need.
- Food and water safety: travelers should always remember that some parts of the world may not have the same hygiene standards of their home Country; therefore, the risk of intestinal disorders should be reduced by eating safe food and avoiding street food and opting for bottled water instead of tap water.
- Accommodation security - Hotels & residences are typical targets for thieves, so it is preferable and advisable to observe some "key" tips for safety, such as:
- Know the security measures of the accommodation you are in, i.e., if the reception is open 24 hours a day, examine the surrounding area using, for example, Google Street View, etc.
- Do not book a room on the ground floor: these rooms are more susceptible to burglaries.
- Put the "do not disturb" sign on the door when you are not in the room.
- Know the emergency exit plan: as soon as you arrive in the room, take a few minutes to examine the map of the emergency exits and identify where they are.
- Third-party contractors - A company's service obligations also extend to third-party contractors and other individuals to whom the organization has responsibilities. Therefore, it is advisable to use only trusted third parties by selecting them from an approved and accredited list and carrying out the necessary intelligence investigations especially when operating abroad.
- Female employee safety - Women traveling for work are more likely to face risks than their male colleagues. According to a 2018 report published by the Global Business Travel Association (GBTA) and AIG insurance company, namely 83% of women had safety issues during business trips. Despite this, only 18% of travel policies specifically target women's safety. Therefore, organizations, in order to adequately meet their Duty of Care requirements, should ensure their female employees receive ad hoc training to address the risks they may encounter during their business trips.
Post lockdown business travel
Some lessons learned from the pandemic could be valuable and used to set travel risk management policies and procedures for the near future when the measures to contain the pandemic slowdown. Hereafter some tips to be considered:
- Be prepared for travel requirements and restrictions related to the business travel destination by monitoring institutional governmental websites providing updates of restrictions that may vary from one city to another within the same Country.
- Plan business travel by geographic region, aligning business plans with the reopening of the Country or cities of destination.
- Check whether the automated travel approval systems (where implemented) are sufficiently agile and flexible to expedite, for instance, pre-approvals without any additional bureaucracy.
- Review health and safety policies and procedures with reference to airlines, hotels, and land transport, ensuring that suppliers have clear safety and hygiene practices in place and in possession of related certifications issued by accredited health safety organizations.
- Improve employee’s trust and manage cybersecurity issues by ensuring context-specific, flexible, dynamic, and adaptable travel options within your organization's policy.
- Reassess travel expectations, such as essential travel vs. non-essential ones or the number of employees allowed to travel at any time.
- Up-date traveler’s data and improve data communication methods by considering that the "new normal" - in terms of business travel - will imply more complex issues to deal with, i.e., changing entry/visa requirements. Therefore, it will be strategic and fundamental for companies to be able to communicate required data timely.
Travel risks are very dynamic: they constantly change from county to country, depending on the time of year, the geo-political climate and, nowadays, the pandemic. Therefore, it is important and strategic to monitor and update Travel Risk Assessment and intercept new risks determined by the evolution of different contexts/scenarios. It urges for organizations to implement an integrated Travel Risk Management System to be able to:
- Define operational processes related to traveling.
- Carry out an in-depth risk analysis.
- Set rules and levels of security.
- Provide adequate information and training.
- Adopt specific mitigation measures.
- Guarantee operational management of stay abroad and arrange possible early return.
It will be equally strategic and fundamental to ensure ad hoc internal communication campaign in terms of "Travel Safety & Security" to adequately inform and raise the level of awareness among employees and stakeholders and train them to act proactively during a crisis.
Covid-19 has exerted a profound change in behavior on corporate travel. The safety requirements of travelling employees have increased noticeably and the employer’s Duty of care is much more important than before the pandemic.
Furthermore, prior to sending back employees on travel for business, there are several factors to consider protecting them and the business. Organizations need to evaluate challenges and potential changes while employees are traveling, as well as the threats that these potential challenges and changes can impose on business and business travelers. It is crucial to have a clear plan that identifies what useful actions can be taken to protect the workforce. Therefore, in this evolving scenario, the Duty of care and the implementation of an efficient Travel Risk Management System are set to become more important and strategical than ever to guarantee the protection of travelers and expatriated employees, thus ensuring business continuity and organizational resilience.
About the author
Business Continuity & Risk Management Consultant
In possesso della certificazione Business Continuity - AMBCI BCI, UK e Risk Management FERMA Rimap ® è consulente di Business Continuity & Risk Management. Svolge attività di diffusione e di sviluppo della cultura della resilienza presso varie istituzioni ed università.
Socia AIPSA ed UNI.
· Board del BCI Italy Chapter
· Board ANRA
· Advisory Board di LIUC-ODES Project
· Advisory Board EU SIMARGL Project
· Comitato Scientifico di CLUSIT
· Comitato CLUSIT-Artificial Intelligence/Risk Management
· Conduct Professional Committee – BCI, UK
· Judge at the International Organizational Resilience Awards
· UNI/CT 016/GL 02 "Sistemi di gestione per la qualità" (ISO/TC 176/SC 2), UNI/CT 016/GL 09 "Governance delle organizzazioni" (ISO/TC 309) e UNI/CT 016/GL 89 "Gestione dell'innovazione" (ISO/TC 279) (Commissione Tecnica UNI/CT 016 "Gestione per la qualità e metodi statistici")
Membro de: Associazione Donne 4.0 (Coordinatrice Commissione Reti) e Women for Cyber Security (Comitato Tecnico)
Docente di moduli di introduzione di: ISO 22301 - Business Continuity & Resilience (Università POLIMI–BOCCONI e Università di Verona, Università di Cagliari, Master Ambientale Università di Padova); ISO 31000 - Risk Management (Università Statale di Milano)
Relatrice e moderatrice in diversi seminari, conferenze nazionali ed internazionali.
Autrice di numerosi articoli su diverse riviste online, (i.e.: AgendaDigitale, Cybersecurity360, AI4Business, Risk Management360, EnergyUp, Blockchain4Innovation, Internet4Things, Industry4Business, ANRA - RM Magazine, ISPI online, Insurance Review, INsurzine, UNI Magazine online, The BCI Blog, Data Manager).
Partecipato, in qualità di co-autrice, alle edizioni 2020 e 2021 del Rapporto Clusit - Cyber Security.