Travel risk managers are in a unique position to help safeguard employees during business travel. Yet in today’s complicated world, how exactly do they go about doing that? It’s not just disruptions they must worry about; it’s compliance, budgets, training, education, sometimes even tax codes. Suffice it to say, travel managers need a straightforward framework to create a travel risk management policy. Otherwise, they run the risk of being overwhelmed and the TRM program becoming ineffective.

At the baseline, a sound TRM program must have two equally significant components: A duty of care policy – which focuses on prevention – and a crisis management plan. Duty of Care encompasses what “reasonable care” and responsibilities the company may assume to protect its travelers from harm; that is, it defines a moral and legal obligation to ensure the safety and well-being of travelers.

Duty of Care is a proactive strategy that can cover disruptions such as natural disasters and terrorist attacks, but also components of a traveler’s physical health or mental well-being, as well as other mishaps such as laptop theft or passport loss. Business accident and security policies, travel safety intelligence, traveler tracking, the utilization of an in-house security team or an outsourced risk vendor, all fall under Duty of Care.

Duty of Care and Risk Management

A good TRM program should also reduce psychological cost to organizations. “Part of this prevention capability is the ability for travelers to reach out for assistance 24/7,” explains Tim Daniel, senior advisor for business innovation and strategy at International SOS in Philadelphia. “While many smaller companies don’t house an operational center, they still need to know exactly who will respond to requests for assistance, and how.”

A crisis management plan is what goes into action when the traveler is exposed to threats or potentially put in harm’s way. This can include evacuation plans, medical assistance, translation services, repatriation and possibly the provision of safe havens and/or private transportation.

“We have seen a change in terrorist activity levels in what would normally seem to be low threat environments. For this reason, we recommend that the company also run a few table top scenarios ahead of time to ensure there are no gaps within the program,” says Charlie LeBlanc, vice president, global risk and client management at UnitedHealthcare Global Risk (UHCGR).

Essential Building Blocks 
“Travel is a large and still growing part of every business,” notes Doug Anderson, SVP, travel product at SAP Concur, a leading provider of travel, expense and invoice management solutions headquartered in Bellevue, WA. “This industry is being projected to hit $1.6 trillion by 2020 according to the GBTA. The globalization of economies and the increasing need to travel, coupled with larger media coverage of geopolitical uncertainties and events, has turned the moral compass for companies to Duty of Care.”

A recent GBTA Foundation report on risk management found that during a crisis, 71 percent of travel managers are still responsible for locating travelers and 63 percent are responsible for providing incident reports on impacted travelers. While Duty of Care compels companies to keep employees safe in a preventive way, do travel managers have the right preparation to truly support their travelers? According to the report:
• Three in five travel managers rely on their travelers to contact them during times of crisis and uncertainty.
• Meanwhile, 58 percent of travelers say they would contact their supervisor, not a travel manager, if in need of support or assistance due to an emergency or security situation.
• Three in ten travel managers flat out do not support travelers who book outside corporate programs. Another 29 percent do not know how long it would take to confirm the safety of every employee after an incident.
Until travel managers are made part of the effort to create and sustain an effective TRM policy, concerns like these may continue to spread.

“The foundational elements that travel managers should know about when creating a travel risk management program include policies and procedures, training, and having a process to notify internal stakeholders when issues arise,” according to Bruce McIndoe, president of Annapolis-based iJET, a provider of integrated risk management solutions. “Other important areas that are essential are data management to collect and maintain traveler itineraries, profiles, etc., and a program communication strategy around expectations with stakeholders and employees.”

However at the outset, self-assessment is the first tool travel managers need to exercise. Until you know where you stand, you can’t create programs to move forward. Whether the TRM policy is in its infancy or is advanced, tools such as the TRM3 Self-Assessment – co-created by iJET and GBTA – can help. This tool is useful to identify the maturity of the organization based on ten key process areas that are required to implement and support a successful travel risk management program.

The ten areas outlined in the TRM3 tool are policy and procedures; education and training; the assessment, disclosure, mitigation and monitoring of risk; response and recovery; data management; notification and program communication.

The Fine Print
 Once travel managers have delved into the fundamentals and know where they stand in the evolution of their own programs, it’s time to explore deeper nuances.

“One of the main things travel managers should know is that it takes multiple views,” says ISOS’s Daniel. “For example, while we need basic data such as the number of trips, unique travelers and destinations, organizations range in size and contain many different profiles of travelers. Alongside those varied profiles are risks of every kind. If an organization is sending a small number of employees on travel in a risky destination, this creates a different risk profile than for the organization that isn’t sending folks to a risky destination but deals with large numbers of travelers.”

For example, Daniel explains, “we’ve seen this dynamic with travel to India and China. Some companies are comfortable sending relatively inexperienced travelers there, but only to major cities. Once travel is mandated to rural or outlying areas, the nature of the risk changes and companies prefer to send more seasoned travelers to these places. When we have the specifics of travelers – i.e., their functions and destinations – not only can we track them over time, but we can also customize travel and mitigation strategies.”

It’s important to build out from these basics and launch a more sophisticated program, while being prepared to engage with multiple players. In fact, successful TRM programs involve more than just the travel manager. Typically, in smaller organizations travel is the go-to department; in big organizations travel risk often lies with security and safety. “Even if you don’t have a travel risk steering committee, you need at least two to three people,” Daniel cautions. “In other words, a TRM policy isn’t created in a vacuum.”

Technology Trumps All? 
Concur’s Anderson agrees. “The challenge of the future for travel managers is to understand that Duty of Care is a team effort and company-level problem, not a departmental problem. Unfortunately, the reality is that most employers don’t even know where their employees are; there is a huge gap between knowing who is in the office and who is traveling. In fact, there is only 60 percent visibility coming from aggregated data from TMC’s, which is then reported to the employer.”

According to a recent GBTA report, 42 percent of travelers prefer to book directly on a supplier’s website, potentially leaving a significant number unaccounted for during a crisis. Technology is useful to fix the problem. For example, Concur Locate and Active Monitoring is a tool that draws from the industry’s most comprehensive data set including, travel and expense data, itineraries booked direct captured through TripLink and TripIt, supplier e-receipts and more, closing the Duty of Care gap.

“Our aim is to turn clients away from this legacy-driven, outdated report scenario, into a data driven, real time, Duty of Care scenario, leveraging multiple artifacts,” says Anderson. “In this way a location awareness is created. Once you know where they are, you can contact them.”

The second piece to an effective risk management program is consolidating a traveler’s profile data. As Anderson explains, “When an employee is booking a flight on United Airlines, let’s say, and putting in a loyalty rewards number, he is often asked to associate the business account with a business e-mail, but he puts in his personal e-mail. Or he is asked to put in his business number and address, but that ‘desk’ address is of no use when the traveler is on the go. When travelers only use their corporate profiles as data, it becomes increasingly difficult to locate them. However with our applications, where we integrate traveler data with a number of sources, we can reach travelers through so many ways, going from one contactable data point to six.”

Putting People First 
At the end of the day, people are always the most important asset. “A travel security team needs to work in their areas of specialty, keeping the traveler in the center of the risk management model while ensuring the privacy of the traveler’s information, itinerary and threat profile,” notes LeBlanc. “A comprehensive model works within a concentric circle methodology and has the ability to give the program the flexibility and capability to respond to a variety of threat locations, health challenges, medical emergencies, natural disasters and political instability,” he adds.

“Travel security programs today can be more robust due to enhancements in technology, and the enhancements of communication tools including social media and the advancement of tracking tools. This allows companies to better respond to employees’ needs regardless of threat level and location,” LeBlanc says.

“More and more we see mobile apps with location services popping up, augmenting the itinerary with actual location,” iJET’s McIndoe says. “I would caution though, that the mobile app should just be one interface into a client’s program – just as a hotline or e-mail is. The fundamentals are important to establish first, while mobile apps come later. And while it is true that many companies are deploying travel apps as a next generation method of engaging and communicating with travelers, this only comes about with the natural maturity and evolution of a program,” he advises.

“For these reasons, it’s important to move the conversation from purely travel risk to people risk,” McIndoe continues. “We are working to educate the industry on not just TRM but on PRM – people risk management. This trend is important for travel managers to know, so they can help their company protect people beyond just when they are traveling. The idea that people are the assets and travel is the modality is worked into a PRM Maturity Model, as companies now widen the table and invite multiple players who care about people to collaborate.”