By Joseph McMahon
In 2004 in the Ivory Coast an employee of a major multinational was physically assaulted while waiting in a car as her partner was withdrawing money from an ATM.
When she got back to France, she sued the company that had sent her to Abidjan. The French government filed in her favour (in 2011, after a hard fought legal battle) and issued a fine to the company. Whilst there had been two previous laws regarding corporate awareness of risk and passage of information to its employees, now for the first time it meant that all French companies were responsible for the security of their travellers and expatriate workers when abroad.
The reason that the company had failed so dramatically was that the employee had repeatedly alerted them to the increased danger faced by French nationals in Abidjan and had asked to be repatriated to France. The company hadn’t acted on the request, and the assault ensued.
Incidents do happen – many can be prevented
I heard about this case when I worked with Control Risks in Dubai a good few years ago now. At the time, just starting out in the private security world, I thought that this type of company behaviour would be fairly unusual. But over the years, I’ve been quite staggered at the fact that this type of behaviour is fairly common. It’s not necessarily a refusal to repatriate an employee but there is often a complete lack of a travel risk management culture in organisations. Don’t get me wrong - many companies are excellent, but many fall short. It is also often the case that the security manager is tearing their hair out to make a change but is not getting the buy-in and support to make a difference.
I’ve seen Danish engineers sent to Najaf, Iraq with no security whatsoever in a location where my close protection team hated getting out of their armoured vehicles because it was so dangerous. I’ve seen an Italian man stabbed in Lomé, Togo, because he hadn’t been told that it was dangerous to wander out of his hotel during the night. I’ve met a Japanese senior executive that had a harrowing experience when he travelled to Guatemala. At the airport arrival area his prearranged driver held a sign with his name, title and company name (I.e. what not to do). A crafty baddie copied the sign with a black marker and met the executive further inside the airport, in the baggage area, made sure the executive didn’t see his real driver’s sign, drove him out into the jungle and promptly mugged him and left him out in the middle of nowhere. He was lucky he wasn’t kidnapped or murdered.
Travel security management is difficult
These are obvious mistakes, but companies struggle with numerous wider problems when it comes to travel security, simply knowing where your people are during a natural hazard or a terrorist attack can be extremely difficult in a decentralised multinational system with numerous travel agents around the world. There are big grey areas when it comes to the duty of care of a company’s travellers, such as locally-sourced foreign employees travelling within their own countries, or the company's responsibility for third parties and subcontractors (above and beyond a contract transferring any responsibility), or even atypical travelling groups slipping through the net of the travel security system. I remember a case where call centre managers from North Africa came for training in Paris and failed to appear because they didn’t have a pickup at the airport, and their credit cards and phones didn’t work.
The new ISO 31030 standard makes travel security easier
To create and maintain a travel management system that works takes considerable thought, effort, and crucially - senior management buy-in.
That is why I’m delighted with the new ISO 31030 that came out earlier this year.
Don’t be put off by its fairy dry presentation (I’m looking forward to the day when we include some graphic design into these types of documents) because it achieves a number of key objectives:
Firstly, it is very clearly set out, follows a clear sequence and includes a useful four staged checklist in Annex A (that you can use if you haven’t got the capability or intent to read the whole document!).
Secondly, it provides a clear set of guidelines that you can hold in your hand when you walk into the CEO’s office and say ‘look this is the standard, this is what we should be implementing.’ This makes it easier to gain that all-important senior management engagement as it provides a clear benchmark for performance.
I’ve set up a number of travel security systems for multinationals over the years as a security manager and consultant, and this document would have been a great help in convincing senior management. I’m very happy it’s here now.
Preparing for the future
As a final comment and looking towards the future, I’m particularly interested in the emergence of the hybrid workplace and its implications for business travel, both domestic and international.
According to the Harvard Business Review, 72% of corporate leaders plan to offer a hybrid workspace model in the coming months and years (1). This will change the way employees travel and use companies’ real estate which will be a challenge for us security managers as it will push us to be more open and dynamic. Gone are the days of rigid systems, this is all about flexible, scalable systems that vary according to the operational need and threat on a daily - if not hourly - basis.
There’s a real blend here of security domains; the physical security space as our real estate becomes more open and dynamic; the travel security arena as our patterns of domestic and international travel adapt to the new reality; and the cyber security space, which is made more vulnerable by changes in the other two.
It’s an interesting time as our duty to ‘promote a culture where travel-related risk is taken seriously, resourced adequately, and managed effectively’ is going to continue to be more and more dynamic. It’s certainly going to be a challenge, but these guidelines help us forge a path!