Statistically speaking, the odds are on the side of those 30 staff members: air travel is the safest mode of transportation per mile traveled
, reports Reuters. The US Federal Aviation Administration notes the probability of a single passenger being killed on a flight is eight million to one. However, this weekend’s crash over Russia, the Air France crash off the coast of Brazil in June 2009 that killed 228 people, and the 9-11 terrorist attacks show that like all risks, low probability events such as airplane crashes can and do occur. Moreover, the resulting losses and reputational scarring are so potentially damaging that advance planning and mitigation efforts are a necessity.
Based on numerous conversations with corporate security and health/safety department heads, the conventional wisdom states that no more than 25 percent of the management board, 30 percent of management, and 50 percent of staff below the management level should travel together on a single mode of transportation. This will suffice as a generic travel concentration risk policy for larger firms. However, it is possible to save money over time by deciding exactly what constitutes travel concentration risk for your firm in particular, a process that only your management and risk professionals can determine. These recommendations can jump-start that discussion:
1. Get buy-in from the board early, and bring them options. If your management board understands the potential impact from a sudden loss of life and schedules their travel accordingly, they will set the tone for the organization. Presenting the board with a range of options for alternative means of travel to work around travel concentration risk, which can include private jets for executives and anything from connecting flights for staff to improved video teleconferencing capabilities, will show that the policy is possible with a modest effort from the business and the travel department. Bring the board a waiver policy for those travel situations where it’s impractical to separate staff, and consult with your insurance provider on the language for the waiver and the insurance implications for travelers if it’s signed.
2. Understand your business’s management structure and the roles played at each level of the organization. While it may seem obvious, risk and security teams must clearly understand the hierarchical structure of each business, as well as the work performed at each level of the organization. Simply implementing a policy that states that ten managing directors cannot travel together on an airplane does not mitigate continuity risks if the business is tactically run at the vice president level. Similarly, a business may decide that a combination of mid-level front and back office staff—for example, sales, production and operations, and accounting—are key to the running of the business. Meeting with the business to understand single points of failure, structural vulnerabilities, and the mix of essential personnel is key to a good travel concentration risk policy. The goal of these meetings with individual business lines should be a company-wide travel concentration risk policy that takes the business's structures into account. The policy should be general enough so that your travel department can adopt it relatively easily by knowing staffers' seniority and/or their function, both of which can almost always be gleaned by their title.
3. Prepare crisis scenarios and tabletop exercises for the company to help it run through the impact to sales, research, production, and customer service in the event of a sudden loss of critical staff. Scheduling a crisis management tabletop exercise based on the Poland tragedy can increase understanding about risks and ensure that the company has prepared thoughtful responses to your queries about travel concentration risk. Asking the business to respond to a scenario in which multiple staff or management are incapacitated is applicable to a number of potential crises and allows both your risk and security teams as well as the business lines to prepare accordingly, based on the exercise’s results. Many firms did this after the Mumbai terrorist attacks of 2008.
4. Communicate the policy through your travel and events teams, not just your security/risk teams. A risk policy is only as good as the degree it’s understood and accepted by staff. Once the policy has been approved by the board, both your travel team and your events team (if your firm is large enough to have either/both of these) should communicate the policy implications alongside your security and risk teams. Event planners, who in larger companies organize most off-sites and conferences, should address the travel concentration risk policy when events are first discussed. If a manager hears that there is only one direct flight per day from Milan into Marrakech, he or she may choose to host the conference in a location with more travel options. Generally, routes with multiple flights per day also tend to be cheaper.
5. Work with your travel team to identify low-cost options to direct flights. A solid travel concentration risk policy is executed and maintained by your travel team. Once the policy is developed, the travel team should either inform your security team if a flight has been booked over policy, or, if your travel structure allows, not permit bookings over the policy’s stated numbers. In many cases, mitigating concentration risk may mean that some staff stay at headquarters and link through video teleconference—also a cost-saver—or that not all staff stay for the whole event. Your travel team should be prepared to list a full set of options that will keep travelers in line with the travel concentration risk policy and also ensure that the business achieves its travel aims.
Firms came together after the Mumbai attacks in 2008 to discuss, plan, and inform their staff of the risks of terrorism using a real-world tragedy with direct impact on and implications for the private sector. Poland’s tragedy must also be understood in that light: it serves as a teachable moment for firms with high volumes of global travel.
is formerly the deputy global head of the Protective Intelligence Group at Deutsche Bank AG, and is now an independent consultant on security, risk, and intelligence issues in the Washington, D.C., area. Her views are solely her own and are not representative of any organization. She can be reached for comments or questions at firstname.lastname@example.org
or on LinkedIn
♦ Photo by Maire/WikiMediaCommons