Duty of care and travel risk management are big topics in travel management. Actually, enormous. Even as a concept, the idea of coordinating all the stakeholders that touch travel—finance, procurement, legal, HR, security, communications—around such an effort is intimidating. In a workshop at the Global Business Travel Association conference in August, WorldAware's Bruce McIndoe walked a group of about 50 attendees through the 10 essential process areas that achieve a "mature" risk management program:
• Policy and procedure
• Education and training
• Risk assessment
• Risk disclosure
• Risk mitigation
• Risk monitoring
• Response and recovery
• Notification
• Data management
• Program communication
After the review, the audience, which largely represented the small and midsize enterprise travel buyer, completed self-assessments of their companies' TRM maturity levels. Overall, they were in no-man's-land, barely reaching into the first tier. The single buyer who assessed her company at a Level 2 misunderstood the assessment instructions and backtracked to Level 1 after reconsidering.
The point is: Many SMEs struggle with establishing TRM, but it doesn't have to be this way. "Fundamentally," said McIndoe, "we are trying to be proactive when sending people out on the road to make sure they are prepared for the trip and business activities they need to perform but also prepared to take care of themselves from a health, safety and security perspective. We need to look at how the company can support travelers in a consistent and systematic way."
And while it doesn't have to be complicated, he said, it does have to be more comprehensive than just deferring to traveler insurance policies to cover issues that cost money. "For companies that already work with a TMC, [the TMC] should have a risk management component of their offering; for those not working with a TMC or where there is no travel manager, which is often the case for companies with 50 or 100 travelers, you really just need someone in the organization to talk with travel suppliers and internal stakeholders to begin to pull the threads of TRM together," McIndoe said. "No one said TRM has to be automated and for many smaller companies, it never will be, but it can still be consistent."
Practical Guidance
While McIndoe trod some theoretical ground, another GBTA session brought TRM into practical focus for SMEs. J. Paul Getty Trust senior administration manager Valerie Ferraro, ZGF Architects associate Harmony Miller and Facebook global security executive services manager Benjamin Coleman, all of whom are on GBTA's Risk Committee, offered do-it-now advice for anyone overwhelmed by the idea of implementing a comprehensive TRM process, particularly SMEs.
Start Where You Are—Every company has a starting place for TRM. If a risk situation occurs, take a look at the most basic gap and fill that, said Ferraro. What if traveler insurance coverage really is all you have in place right now? It's still a place to start, she said. "If there was a situation where a traveler needed to [access emergency assistance], maybe you don't have one of the risk solution providers like ISOS but maybe you have travel insurance that covers medical. Does the traveler know who to call? Do they know which insurance carrier the company has? Do they know how to reach someone 24/7 at the travel management company? Should they call you? That all depends on what your organization is and where your travelers are going. You can teach your travelers these things in small snippets." If starting from the very beginning of TRM, a travel manager can lay the groundwork by answering basic questions and communicating those answers efficiently to travelers and the travelers' direct managers.
Leveraging the "Close-Call" Event—Travel managers won't want to wait until travel emergencies actually occur to formulate their programs and educate their travelers, though. To this end, Miller emphasized the importance of leveraging "close-call" incidents to underscore the need for TRM and to model responses. "It could be any kind of incident," she said, citing a plane that took off from an airport just before the airport was shut down for a weather emergency. "What if the plane hadn't gotten out? What recourse would the traveler have had?" Another example: Conference attendees left their company laptops in a meeting room while they went to the conference lunch. When they returned, their machines had been moved. What if they had been stolen, instead? Does the company have a protocol? Another example, from Ferraro, consider a traveler in a car accident who suffered a concussion that went unreported. What should the protocol have been for that type of incident?
Identifying close-call or unreported incidents might be a challenge. Cultivating an environment of open communication about travel issues should be a priority, whether it's encouraged by a traveler's direct manager, formalized through trip surveys, gathered via social media platforms or revealed by other feedback mechanisms. Upon consistently gathering information, Miller said, the travel manager likely will see patterns that should inform travel and risk policies and that should be disclosed to travelers. "We're collecting information from people and finding themes that [indicate that] travelers to a particular city have risk incidents or close calls pretty regularly, or at a particular hotel there are security concerns. We need to know so we can take action," she said.
The Tabletop Method—With some of the close-call or previously unreported issues in hand, travel managers can explore protocols for each situation. But they shouldn't do it alone, said Coleman. "Once you've identified the risks associated with your travelers, you'll see that it's not just a travel issue. It may involve some of the company's other departments, such as HR, IT or compliance. You definitely want to get those stakeholders connected so you are addressing all the risk [elements] and asking all the questions because each stakeholder will look at risk from their own perspective. At that point, you can assess the risks and determine the priority, who takes charge of [which parts of] the response. All the stakeholders have a part in traveler education, risk mitigation and response procedures. They will all need to provide [the travel manager] with some of those solutions and also help to implement. A lot of it will be training, as well as policy on the back end and procedures for when something does happen."
Coleman was realistic in terms of how a comprehensive TRM strategy might come together for a small or midsize company. "Trying to do the entire program at one time may prove difficult, so [establish] pieces of it and then review those pieces so stakeholders can add to it over time."
Revisit the Maturity Model—As sample incidents begin to overlap and stakeholders are engaged, response patterns should emerge that give TRM continuity. Rather than responding to specific incidents, a developing TRM strategy will become proactive, and it should become clearer how it aligns with McIndoe's maturity model.
At a beginning to intermediate level, said McIndoe, travel managers should focus their activities in three key categories: Policy and training, risk review and mitigation, and response and recovery.
Travel managers and stakeholders should consider how their own response models and trainings fit into these areas and whether there is room for improvement or additional detail. For example, has the company considered different risk levels for individual travelers when it comes to training or risk mitigation? Female travelers, for example, face heightened risk of assault when traveling, LGBTQ+ travelers are criminalized in certain countries. Is traveler and manager training in place about on-the-ground conditions for these groups, and are resources available to them? Consider that senior leadership could be more vulnerable to coordinated kidnap and ransom threats, so is on-the-ground security in place to deal with this?
On the flip side, the traveler also has responsibility toward his or her employer. While the company can put all the training, policies and response procedures in place, some onus must fall on the traveler to make responsible decisions when traveling on the company's behalf. Those requirements should be specified to all travelers.
The Most Effective Investments
Many TRM elements can be low cost or no cost for an SME, but some investment will be critical. Education is one. "Training and policy is the No. 1 return on investment for TRM," said McIndoe. "If you can teach employees to make the right decisions, you have covered a lot." The other investment is risk mitigation, "whether it's immunization, secure car-and-driver—whatever has to be put in place to protect the traveler on a given trip," he added.
Will TRM ever be 100 percent effective? That's unlikely, according to Coleman, who bluntly told the GBTA audience that sometimes people are "just in the wrong place at the wrong time." But minimizing risk on the front end is certainly preferable to responding to a crisis. If SMEs can take TRM one small step at a time, though, they can put together an effective strategy for protecting their companies from liability and their travelers from harm. Whatever steps an SME takes, should an event then occur, it is better equipped to recover.