Travel Security Perspectives – Sands Hotel, Macau – 24 June 2010

AIA.COM

Travel Security:A Corporate PerspectiveJeremy Stone, CPPDeputy Head – Group Corporate SecurityAmerican International Assurance GroupTravel Security Perspectives - Sands Hotel, Macau –24 June 2010

2

Today’s Objectives

1. Look at aspects of planning, resourcing, implementing & maintaining a corporate travel security program

2. Provide perspectives on how employers can manage travel risks & exercise a moral & legal duty of care towards distressed personnel in foreign destinations.

3

Perspectives include …

1. Defining Travel Security

2. Why we Need Travel Security?

3. Travel Security Risks

4. Why we Should Manage Travel Risks

5. Ways to Manage Travel Risks

6. Establishing a Travel Security Program

7. Getting Management Buy-in

8. Some Program Maintenance Tips

9. Q&A

4

Defining Travel Security

The preparedness, protection & preservation of travellers, their property & information from

threat

Adapted from Standards Australia. (2008, p. 8). Lexicon of key terms used in security

Aims to provide a stable, relatively predictable environment in which travellers may pursue

their ends without disruption or harm & without fear of disturbance or injury.

Adapted from Fischer, R. J., & Green, G. (2004, p. 38). Introduction to security (7th ed.). Burlington, MA: Butterworth-Heinemann

5

Why Travel Security?

• Transact business• Meet clients• Host events,• Manage projects • Oversee operationsAnd key personnel need to:• Relocate• Station• Travel • Spend time in

overseas destinations.

Because of globalization & depending on industry, strategy, structure, size, & business objectives, many Organizations need to:

Exposing them to a wide range of risks!

6

What Travel Risks?

1Rare

2Unlikely

3Possible

5Almost Certain

4Likely

3M

od

era

te4

Ma

jor

2M

ino

r5

Ca

tes

tro

ph

ic1

Min

ima

l

Likelihood

Co

nse

qu

ence

Risk Rating Colour Legend:

ExremeHighSignificantMediumLow

TERRORISMHIJACKINGAIR DISASTERTSUNAMI

CIVIL DISORDERINSURGENCY

COUPS D’ ETATMUGGINGASSAULTS

HOTEL BURGLARYLOST TRAVEL DOCS

DISEASE

TRAFFIC ACCIDENTHOTEL FIRE

TRAVEL DELAY

TYPHOONS

EARTHQUAKE

K&R

7

Why Manage Travel Risks

Protect your most valuable asset

Do the right thing – protect your employees

Duty of Care

In common law jurisdictions, an employer is obliged to

apply all prudent measures to protect employees from all

reasonably foreseeable harm.

Otherwise may be liable in tort for negligence

Avoid Criminal Liability

Criminal negligenceOHS laws

UK Corporate Manslaughter Act

Business Continuity

Prevent/minimize business disruptions & promote continuity

of operations

Corporate Reputation

Protect & maintain corporate reputation

8

Ways to Manage Travel Risks

Business Travel Insurance

Cover all employees

Protects company from economic impact

Quantify travel program – how many travellers/expats, travel

frequency, what high risk destinations, vehicle use, etc.

Identifies risk, drives insurance premiums & helps to formulate travel policies

Corporate Travel Policy

Written, communicated & reviewed

Defines who can travel, how to book & approval process

Defines risk restrictions, non-compliance consequences,

training requirements, travel & risk monitoring &

communication tools, preferred airlines & hotels, ground

transport, etc.

9

Ways to Manage Travel Risks

Travel Management Companies

Restrict No. of TMCs

Link TMCs to a travel tracking system

Do staff know how to book travel/hotels with TMCs?

Non compliance consequences

Difficult to track staff when official TMC not used

Manual update of travel tracker system

Destination Intelligence

Pre-travel info to plan trip & avoid risks

Security, health, weather, transport, local info, etc.

Risk is dynamic, situations change

Timely, accurate & actionable info before, during & after trip

How to communicate risk info?

Briefings, Email, SMS & Website

10

Ways to Manage Travel Risks

Airline Safety

EU Blacklist – inadequate airlines

Knowledge of unsafe carriers helps reduce flight risks

But knowing & failing to act can increase corporate duty of care

liability

Hotels

Preferred hotel program

Can reduce costs but can increase liability if something

goes wrong

Take security & fire/life safety issues into account

Consider local crime situationLimit Passenger Nos.

Don’t put all eggs in one basket

How to enforce & monitor?

What if threshold exceeded?

Ground Transport

Road travel riskier than air

What providers used?

11

Ways to Manage Travel Risks

Hotline Assistance

Who to call if something goes wrong?

Travel, security & medical emergencies

Local assistance, evacuation & shelter-in-place

Incident escalation & response

Call trees & useful numbers

Many providers v. one stop shop?In-house v. outsource?

Linked to travel insurance provider?

Executive Protection

Monitor executive travel plans

Train & brief them

Risk assessments – consider threats, vulnerabilities, likelihoods

& consequences

Consider need for EP escorts

Train & Communicate

Staff orientation & security awareness programs

Security alerts & advisories

CM Tabletop Exercises

12

Establish a Travel Security Program

• Establish Context– Organization’s geographical

footprint– Organization’s strategic plan &

business objectives– Travelling population– Expatriate locations & family

members– Travel requirements– Consult stakeholders – HR, Legal,

Security, Travel & Risk Managers• Conduct Risk Assessment:

– Consider local security & safety risks, threats & vulnerabilities

– Quantify & prioritize raw risks in terms of likelihood & consequences

– Review adequacy of existing policies, controls & systems

– Conduct gap analysis

• Risk Treatment– Identify risk mitigation options –

measures to avoid, modify, share, retain & treat risks

– Consider organization’s risk tolerance appetitive

– Consider cost-benefits & effects on residual risk

– Communicate to management / decision makers

• Implement Treatment Plan– Budget Allocation & RFP Exercise– Project Management– Change Management– Monitor, maintain, review &

communicate

13

Aristotle: 384 BC – 322 BC

Getting Management Buy-in

Prepare Your Business Case

Apply the Art of Rhetoric:Pathos – Ethos – Logos

Highlight the Risks:Security, Safety, Legal &

Reputational

Present Case Studies:Real Incidents & Near Misses

Highlight Moral & Legal Imperatives:

Duty of Care, Right Thing to Do

Identify Gaps:Vulnerabilities & deficiencies in

existing program

Present the Solution:Your proposal

Run the Numbers:Cost-Benefits & Value

Proposition

Put Numbers in Context:Compare program cost to Snr.

Mgrs Salary.Present costs on a per capita

basis

14

Online Travel Locator System

• Captures travel itineraries:– Flight details & hotel bookings– Of business travellers.– From official travel agency

• Allows Security/Travel Managers to:– Track– Locate– Account – Communicate with business travellers

• Travel must be booked via an official travel agency.

15

Online Travel Tracker System

TRAVEL AGENT

COMPUTER RESERVATION

SYSTEMS

TRAVEL SECURITY PROVIDER SYSTEMS

BUSINESS TRAVELLERS

SECURITY& TRAVEL MGRS

DATA FEEDS

TRAVEL TRACKER

TRAVEL ADVISORY

SYSTEM

16

Traveller’s Particulars

Required Particulars Remarks

1. Traveller’s full name In <SURNAME, Forenames> formatE.g. “CHAN, Fat Sin John” or “SMITH, John James”.

2. Traveller’s Staff ID No. E.g. 12345

3. Traveller’s email address E.g. John-FS.Chan@aia.com or John.Smith@aia.com

4. Traveller’s mobile telephone number

E.g. +852 12345678

5. Traveller’s company name E.g. “AIA Hong Kong Ltd.” or “AIA Co. Ltd.”

6. Traveller’s department name E.g. “Traffic Dept.” or “Group HR”, etc.

7. VIP status E.g. VIP Status = “Yes” or VIP Status = “No”Indicates whether traveller holds an SVP (or equivalent) appointment or above to ensure compliance with policy requirement that no more than three VIPs travel on same aircraft.

Travellers (or arrangers) must pass following info to the travel agent

17

• Once hotel is booked & air ticket is ready to be issued:

– Provide Travel Agent with the FULL hotel name• If staying at more than one hotel during trip:

– Provide FULL name of ALL hotels together with CHECK-IN & CHECK-OUT dates for each hotel.

• Ensures accurate data in Travel Locator System

Hotel Booking Procedures

18

Questions?

Jeremy Stone, CPPDeputy Head – Group Corporate Security

American International Assurance Co., Ltd.AIA Building, 1 Stubbs Road, Wanchai, HK

T: +852 2832-8017 | M: +852 6277-7644Jeremy.Stone@aia.com | www.aia.com