to Best Practice in Travel Risk Management This e-book is part of a series of resources focussing on Travel Risk Management, including blogposts, webinars, and podcasts. These resources are created by CIBT in association with the Global Business Travel Association, following the publication of a December 2023 study entitled “Travel Risk Management (TRM) in a Post-COVID World”. Download the full report here. www.cibtvisas.com
In the wake of the COVID-19 pandemic, the corporate travel landscape has undergone a seismic shift, placing a spotlight on the critical importance of Travel Risk Management (TRM). The post-pandemic world is experiencing complex challenges and uncertainties in travel, making the implementation of robust TRM practices not just advisable but essential for organizations worldwide. This urgency is underscored by the evolving nature of travel risks, including health crises, geopolitical tensions, and environmental threats, which demand a proactive and comprehensive approach to safeguarding employees on the move. The pandemic has fundamentally altered the perception of travel risk, expanding its scope beyond conventional threats such as crime, political instability, and natural disasters to include health-related emergencies at a previously unimaginable scale. As The Global Business Travel Association expects business travel spending to reach 2019 levels in early 2024—two years sooner than previously predicted. As global business travel continues to significantly increase post-pandemic, the lessons learned from the pandemic underscore the necessity for a holistic TRM strategy that addresses the full spectrum of potential risks travelers may face. The health and safety of employees, once a given, now requires meticulous planning and preparedness to navigate the complexities of varying international health regulations, quarantine mandates, and vaccination requirements. Moreover, the pandemic has highlighted the interconnectedness of health crises and other 1 travel risks. For example, a health emergency in a particular region can quickly escalate into a security concern, affecting travel logistics, access to medical care, and the ability of travelers to return home safely. The interdependency between different types of risks necessitates a TRM approach that is flexible, dynamic, and capable of responding to multi-faceted challenges in real-time. The urgency to implement TRM practices in the post-pandemic era also stems from the heightened expectations of employees and stakeholders regarding duty of care. Employees now have a greater awareness of the risks associated with travel and they expect employers to take proactive steps to protect their well-being. This shift in expectations requires organizations to not only assess and mitigate risks but also to communicate effectively with travelers about potential dangers and the measures in place to protect them. Failure to meet these expectations can have significant repercussions, including legal liabilities, reputational damage, and a loss of trust among employees. The adoption of TRM practices that are aligned with international standards such as ISO 31030:2021 offers organizations a framework to manage travel risks systematically and effectively. This standard emphasizes the importance of continuous risk assessment, clear communication, and the need for adaptability in policies and procedures to reflect the changing risk landscape. By adhering to such standards, organizations can demonstrate their commitment to safety and duty of care, enhancing their reputation and competitiveness in the global market. The role of ISO 31030:2021 as a framework for TRM The ISO 31030:2021 standard, “Travel risk management - Guidance for organizations,” has emerged as a pivotal framework for TRM in the post-COVID era. This standard underscores the importance of a structured approach to managing travel-related risks, offering organizations comprehensive guidelines to ensure the safety, security, and well-being of their traveling employees. The adoption of ISO 31030:2021 marks a significant shift towards a more proactive and systematic management of travel risks, reflecting the lessons learned from the unprecedented challenges posed by the COVID-19 pandemic. The standard’s utility lies in its detailed guidance on assessing and mitigating risks associated with business travel. It encompasses various aspects of TRM, including pre-trip planning, risk assessment methodologies, and crisis response strategies, thereby enabling organizations to develop robust TRM policies tailored to their specific needs and risk profiles. ISO 31030:2021 also emphasizes the importance of continuous improvement, urging organizations to regularly review and update their TRM strategies to adapt to evolving travel landscapes and emerging threats. By serving as an industry-recognized benchmark for TRM best practices, ISO 31030:2021 facilitates a unified approach to managing travel risks. It not only helps organizations protect their employees but also enhances corporate responsibility and compliance with duty of care obligations. The adoption of this standard demonstrates an organization’s commitment to upholding the highest standards of safety and security for its global workforce, thus fostering a culture of resilience and preparedness in the face of travel-related challenges. Understanding ISO 31030:2021 will help organizations navigate the duty of care responsibilities they owe to their business travel populations. Robustly deploying the standard will need specific, and dedicated, attention. www.cibtvisas.com
Introduction The COVID-19 pandemic has heightened awareness around duty of care and the importance of TRM in practically every organization. Travel managers are now more committed to ensuring the safety and wellbeing of their traveling employees, incorporating rigorous health and safety protocols into their travel policies. As business travel resumes, it is likely to be more purposeful, with a greater emphasis on health, safety, and sustainability. The pandemic has not only disrupted business travel in the short term but also sparked a paradigm shift in how and why we travel for business, heralding a new era of more conscientious, efficient, and adaptable corporate travel practices. Companies are now more likely to scrutinize the purpose of each trip, weighing its benefits against health risks and environmental costs. TRM: A critical component of corporate risk management strategies TRM has become an indispensable component of corporate risk management strategies, particularly in the wake of global challenges such as the COVID-19 pandemic and war in Ukraine. TRM encompasses the policies, procedures, and practices designed to protect employees from risks associated with business travel, ranging from health and safety threats to geopolitical instability and natural disasters. As businesses operate in an increasingly globalized world, the need to ensure the safety and well-being of traveling employees has never been more critical. The integration of TRM into broader corporate risk management strategies allows organizations to proactively identify, assess, and mitigate travelrelated risks. This proactive approach not only safeguards employees but also supports business continuity by minimizing the potential for disruption caused by travel-related incidents. Effective TRM involves continuous monitoring of global events, real-time communication with travelers, and the development of contingency plans to respond to emergencies. Moreover, TRM is integral to fulfilling a company’s duty of care obligations, demonstrating a commitment to the health and safety of employees. It also plays a crucial role in maintaining corporate reputation, as mishandling travel risks can lead to negative publicity and legal repercussions. In summary, TRM is a vital element of comprehensive risk management, enabling organizations to navigate the complexities of global business travel while upholding their ethical and legal responsibilities to their employees. The COVID-19 pandemic introduced unprecedented complexities and challenges in the realm of corporate travel, fundamentally altering the landscape and imposing new demands on organizations. Travel restrictions, quarantine mandates, health and safety concerns, and fluctuating global entry requirements created a labyrinth of logistical hurdles. These challenges necessitated a dynamic approach to TRM as traditional travel policies were rendered inadequate in the face of the pandemic’s rapid evolution. For organizations without robust TRM strategies, the pandemic highlighted significant vulnerabilities. Firstly, the inability to swiftly locate and communicate with employees abroad at the onset of travel bans and lockdowns exposed employees to travel disruption and organizations to operational and reputational risks. This situation underscored the importance of having a comprehensive traveler tracking system and a reliable communication framework as part of a TRM plan. Secondly, the health and safety aspect of TRM took center stage. Organizations lacking in pre-established health protocols found themselves scrambling to implement measures to protect their employees and move them around the globe. This included ensuring access to personal protective equipment, health care, and repatriation if necessary. The absence of such measures not only put employees at risk but also raised legal and ethical concerns, highlighting the company’s duty of care responsibilities. Additionally, the pandemic’s economic impact brought to light the financial implications of not having a flexible TRM strategy. Companies faced significant financial losses due to non-refundable travel expenses and were forced to reevaluate their travel spend and approval processes. This situation revealed the need for agile TRM policies that can adapt to changing circumstances, allowing organizations to manage costs effectively while prioritizing employee safety. The pandemic also accelerated the adoption of digital technologies, pushing organizations to explore virtual alternatives to in-person meetings. Those without the technological infrastructure or culture to support remote work and virtual collaboration faced greater challenges in maintaining business continuity. Which of the Following Best Describes Your Organization’s Travel Risk Management Policies? Organizations without robust TRM strategies must recognize the critical role of TRM in corporate risk management. The pandemic has shown that effective TRM goes beyond mere travel logistics; it encompasses employee health and safety, legal compliance, financial management, and technological adaptability. As corporate travel gradually resumes, the lessons learned during the pandemic will undoubtedly shape future TRM strategies, emphasizing resilience, employee wellbeing, and operational flexibility. We address TRM in multiple policies We do not have formal TRM policies We have a standalone travel risk management (TRM) policy 30% 17% 14% 22% 14% We address TRM in another risk-related policy (e.g., our company-wide duty of care policy We address TRM in our regular travel policy — but do not have a standalone TRM policy Not sure Other 4 www.cibtvisas.com
constant evolution Major global incidents influenced TRM practices well before COVID-19 TRM best practices: The essential strategic elements The evolution of TRM reflects the broader shifts in global business practices, technological advancements, and changing geopolitical landscapes. Historically, TRM was primarily concerned with logistical support and emergency evacuations, focusing on ensuring that business travelers had the necessary arrangements for their trips and could be extracted from dangerous situations if needed. This approach was largely reactive, with organizations stepping in after a crisis had already occurred. Before COVID-19, global incidents such as natural disasters, terrorist attacks, and political unrest significantly influenced the development and refinement of TRM practices. Organizations learned to monitor global events closely, develop crisis response strategies, and implement pre-travel risk assessments to mitigate potential threats to their traveling employees. These incidents underscored the necessity of having a proactive TRM framework that could adapt to rapidly changing global conditions, leading to the integration of real-time traveler tracking systems and emergency communication protocols. Managing the risks associated with employee travel has become an important concern for organizations worldwide. The following section is a guide for corporations looking to safeguard their employees and ensure business continuity in the face of travelrelated challenges. This compilation of TRM best practices is the result of an extensive consultation process, drawing on the insights and experiences of travel and mobility managers, and can be adopted by organizations across various sectors. The late 20th and early 21st centuries saw significant changes in the global business environment, including increased globalization, the rise of international terrorism, and the spread of infectious diseases like SARS and H1N1. These developments necessitated a more proactive and comprehensive approach to TRM, incorporating risk assessments, pre-travel health advisories, and crisis management into standard travel policies. The advent of digital technology further transformed TRM by enabling real-time tracking of travelers, instant communication, and access to up-to-the-minute information on global threats. This technological leap enhanced the ability of organizations to anticipate risks and take preventive measures. 5 From the terrorist attacks of 9/11 to the SARs outbreak of 2002-2004 and the Icelandic ash-cloud in 2010, there have been significant risk events that impacted travel ona. Global scale. 9/11 significantly shifted travel security protocols. The ash-cloud prompted permanent changes in aviation science and consumer rights. The economic impact of SARs in Southeast Asia was catastrophic. But Covid was the first time the whole world essentially shut down (rather than airspace, or certain countries restricting entry to certain nationalities only) The COVID-19 pandemic, however, marked a watershed moment for TRM, profoundly altering its scope and focus. The unprecedented global scale and impact of the pandemic, coupled with the complexity of navigating constantly shifting travel restrictions and health guidelines, pushed organizations to reevaluate and significantly enhance their TRM practices. This was the first time since the dawn of the jet age that international travel essentially shut down. 7 Strategic Elemements of TRM Strategy Health and safety, previously one component of TRM, became its cornerstone, with organizations prioritizing the implementation of comprehensive health protocols, including pre-travel health screenings, quarantine measures, and support for mental health. Moreover, the pandemic accelerated the digital transformation of TRM, with an increased reliance on technology for remote work, virtual meetings, and digital health verification, thereby reducing the need for travel. Post-COVID-19, TRM practices now emphasize greater flexibility, resilience, and a more holistic approach to employee well-being, reflecting the lessons learned during the pandemic and preparing organizations for future global incidents with potentially similar disruptive impacts. 1) Utilize ISO31030, 2) Incident Preparation, 3) Booking & Data Management, 4) Communications Protocols, 5) Passport & Visa Processing, 6) Program Design & Review, 7) Risk-Related Policies. Utilize ISO 31030:2021 ISO 31030:2021 (Travel Risk Management–Guidance for Organizations) sets forth a comprehensive framework for managing travel risks in an organized and consistent manner. This standard is particularly significant as it helps organizations of all sizes and types to understand, evaluate, and mitigate the risks associated with travel, ensuring the safety and security of their travelers. 1. Risk Assessment One of the core components of ISO 31030:2021 is the emphasis on conducting thorough risk assessments. Organizations are encouraged to evaluate the potential risks associated with each travel itinerary, considering factors such as destination, nature of the travel, and the traveler’s profile. This proactive approach helps in identifying potential hazards and implementing measures to mitigate these risks before travel commences. 2. Policy Development Developing a robust TRM policy is another vital guideline outlined in the standard. It advocates for policies that are clear, comprehensive, and tailored to the specific needs and risk profile of the organization. These policies should cover pre-trip approvals, emergency response plans, health and safety measures, and compliance with local and international laws, ensuring a holistic approach to managing travel risks. 3. Continuous Improvement Cycle ISO 31030:2021 underscores the importance of a continuous improvement cycle in TRM practices. This involves regular review and updates of the TRM program to reflect new threats, lessons learned from past incidents, and changes in the organizational structure or travel patterns. This iterative process ensures that the TRM program remains effective and relevant over time. Incident Preparation Incident Preparation is a critical component of TRM best practices—pivotal in ensuring organizations are equipped to handle emergencies and crises effectively. This aspect of TRM encompasses the structure and training of incident/crisis management teams, as well as the execution of simulations and real-world drills, which are essential for preparing staff for potential travel-related incidents. 1. Build and Train Incident/Crisis Management Teams A well-defined incident/crisis management team structure is fundamental to effective TRM. These teams are typically composed of members from various departments, including security, human resources, legal, and travel management, ensuring a multidisciplinary approach to crisis resolution. Training for these teams involves comprehensive sessions on emergency protocols, communication strategies, and decision-making processes under pressure. Regular training ensures that team members are familiar with their roles and responsibilities, can coordinate efficiently, and are updated on the latest risk management strategies and tools. 2. Instigate Simulations and Real-World Drills Simulations and drills are vital for testing the effectiveness of the incident management plans and the readiness of the crisis management teams. These exercises, ranging from tabletop simulations to full-scale real-world drills, allow teams to practice their response to various scenarios, from natural disasters and political unrest to health emergencies and cyber-attacks. By simulating real-life conditions, organizations can identify gaps in their response plans and areas for improvement, enhancing their overall preparedness. The importance of these drills cannot be overstated. They not only bolster the confidence of the crisis management teams but also ensure that the organization’s TRM strategies are robust, responsive, and adaptive to the dynamic nature of travelrelated risks. Engaging in regular simulations and drills fosters a culture of preparedness, significantly mitigating the impact of incidents on travelers and the organization. 6 www.cibtvisas.com
Communication Protocols Passport and Visa Processing As part of any effective TRM strategy, the integration of robust booking and data management practices emerges as a key element, as is clearly underscored in our study. A compelling 92% of travel managers advocate for booking through managed corporate channels, highlighting the critical nature of this practice in pre-empting and mitigating travel risks. In the intricate TRM ecosystem, the role of communication is foundational, acting as the lifeblood that keeps a TRM strategy alert and responsive. Drawing from our extensive survey data, our analysis reveals that communication goes beyond mere information dissemination. It weaves an ecosystem of safety, readiness, and collective awareness, which is pivotal in the TRM framework. 2. Commit to Ensuring Visa Compliance Addressing passport and visa complexities is a Mastery in understanding and adhering to visa pivotal element of TRM, a domain where meticulous requirements is paramount. Border controls are management and unwavering attention to detail are nonglobally becoming more complex, and as such the negotiable. Our study illuminates the intricate challenges risks of noncompliance are being acutely felt; both and complexities involved in managing passports and as an organisation in terms of fines and sanctions, visas. It underscores automation and compliance as and as an employee being detained at the border or essential areas for advancement and optimization. refused entry. A pro-active approach to immigration compliance management for business travellers The study identified two areas in which travel and is needed now more than ever. It is essential for mobility managers should focus to ensure world-class travelers to have obtained the necessary visa passport and visa management practice. permissions before travelling overseas. 1. Utilize Advanced Automation of Passport Business travellers are usually restricted in the and Visa Processes activities they can undertake, and the length of time While the current state shows that only 45% have a traveler can visit a country as a business visitor automated passport renewal notifications and 39% varies country by country. Rule changes since the have automated visa procurement, there lies a vast pandemic mean the risk of overstaying by a traveler potential for organizations to elevate efficiency and is high, particularly where there is an absence of prior compliance through state-of-the-art automation. This assessment and/or tracking of previous trips. is particularly important as many travellers will be returning to business travel in 2024 and may have let previous passports and specific country visas expire. The GBTA predict that spending will return to and exceed 2019 levels in 2024, and it is important that an expired passport or visa do not risk that all important, and business critical, overseas meeting or event. The study identified four areas in which travel and mobility managers should focus to ensure world-class booking and data management practice. 1. Mandate Managed Corporate Booking Channels Centralizing travel bookings through corporate channels or Travel Management Companies (TMCs) ensures comprehensive visibility over travelers’ itineraries—a vital component for risk mitigation and swift response in emergencies. 2. Implement a Comprehensive Traveler Tracking System 88% of surveyed managers deploy systems to pinpoint employee locations based on itinerary, expense data, or GPS check-ins, emphasizing the necessity of real-time tracking for an agile and informed crisis response framework. 3. Manually Review and Approve Trips About 80% of organizations engage in manual oversight, particularly for high-risk travel, spotlighting the need for meticulous scrutiny and proactive risk assessment to safeguard corporate travelers. 7 4. Update Traveler Profile Information Regularly While 65% of organizations diligently update traveler profiles, there exists a significant opportunity for enhancement. Ensuring that all critical information is accurate, current, and readily accessible is paramount for an efficient and responsive TRM strategy. The study identified three areas in which travel and mobility managers should focus to ensure world-class communication practice. 1. Use Advanced Automated Mass Communication Systems Employing sophisticated technology for mass communication, as practiced by 74% of the organizations surveyed, ensures the timely and widespread transmission of critical information, crucial during unforeseen emergencies. 2. Establish Well-Defined Protocols for Robust Stakeholder Communication Establishing clear channels and protocols, as we observed in 71% of firms, is indispensable for facilitating seamless internal communication among stakeholders, ensuring coherence, coordination, and collective action during crises. 3. Carry Out Comprehensive Pre-Trip Risk Briefings and Training Equipping travelers with in-depth briefings, a strategy followed by 69% of organizations, empowers them with the necessary knowledge and tools to navigate and manage potential risks effectively, a practice strongly echoed in the “TRM in a Post-COVID World” study. 8 www.cibtvisas.com
At the heart of effective TRM lies not just the operational components but the strategic design and regular review of the program. Our analysis, deeply rooted in comprehensive survey data, highlights the paramount importance of a strategic approach to TRM. It aligns the TRM framework with organizational goals and adapts to the ever-evolving risk landscape. The study identified three areas in which travel and mobility managers should focus to ensure worldclass program design and review. 1. Undertake Regular Program Reviews Consistent and thorough evaluation, as practiced by 63% of organizations, ensures that the TRM program not only remains relevant but thrives against emerging risks and challenges. 2. Conduct In-Depth Risk Profile Analysis Conducting a detailed analysis of the organization’s risk profile, a strategy followed by 56% of firms, is instrumental in customizing the TRM program to meet specific needs, vulnerabilities, and risk appetites. 3. Implement Comprehensive KPIs While currently only 42% of organizations harness KPIs for TRM, establishing and monitoring key performance indicators are critical in measuring success, guiding program enhancements, and driving strategic TRM decisions. Recommendations Implementing TRM best practices aligned with ISO 31030:2021 involves a series of structured steps designed to help organizations manage and reduce travel risks for their employees. ISO 31030:2021 provides a framework and guidance for establishing, implementing, maintaining, and improving a travel risk management system. The following step-bystep guide will align your TRM practices with this standard: 1. Understand ISO 31030:2021 Risk-Related Policies The implementation of comprehensive, wellstructured risk-related policies forms the governance backbone of any robust TRM program. Our study accentuates the significance of meticulously crafted policies in creating a structured, secure, and compliance-driven environment for business travel. 1. Outline Data Privacy Rules As adhered to by 87% of organizations, stringent data privacy rules are vital in safeguarding sensitive information within the increasingly digital travel sphere. 2. Create Restrictive Travel Policies Implementing rules that restrict specific travel behaviors, such as the simultaneous travel of key executives, enhances the organization’s resilience and readiness to respond to potential crises, a practice adopted by 71% of firms. 3. Maintain Blacklist Policies Maintaining blacklists for high-risk destinations or airlines, as implemented by 69% and 53% of organizations respectively, epitomizes a forwardthinking approach to mitigating exposure to travel-related risks. Familiarize Yourself with the Standard: Obtain a copy of ISO 31030:2021 and familiarize yourself with its structure, terminology, and requirements. This standard provides guidelines on travel policy, program development, and continuous improvement in travel risk management. Identify Relevant Stakeholders: Identify internal and external stakeholders who will be involved in or affected by the TRM process, including employees, management, HR, security, legal, and external travel management services. Consider health, safety, security, and environmental risks. Evaluate Risk Levels: Assess the likelihood and impact of identified risks to prioritize them. Use this information to develop mitigation strategies and allocate resources effectively. 3. Develop a Travel Risk Management Policy Draft a TRM Policy: Develop a clear and comprehensive TRM policy that outlines the organization’s commitment to managing travel risks, roles and responsibilities, risk assessment procedures, and response strategies. Align Policy with ISO 31030:2021: Ensure the policy aligns with the guidelines provided in ISO 31030:2021, including traveler support, pre-travel preparation, during travel, and post-travel procedures. 2. Assess Travel Risks Conduct a Risk Assessment: Perform a comprehensive risk assessment to identify potential hazards and threats associated with travel destinations and activities. 10 www.cibtvisas.com
Develop Mitigation Plans: For each identified risk, develop specific mitigation strategies, including pre-travel health checks, security briefings, travel insurance, and emergency response plans. Train Employees: Provide training for travelers and those involved in the TRM process to ensure they understand their roles, the risks, and how to mitigate them. 5. Monitor and Review Continuous Monitoring: Implement mechanisms for ongoing monitoring of travel risks, including changes in geopolitical situations, health alerts, and environmental conditions. 11 6. Document and Report Regular Reviews: Periodically review and update the TRM policy, risk assessments, and mitigation strategies to ensure they remain effective and relevant. Incorporate feedback from travelers and changes in organizational requirements. Maintain Documentation: Keep detailed records of risk assessments, policies, training, incident reports, and review findings to demonstrate compliance with ISO 31030:2021 and for continuous improvement. Reporting: Develop a reporting mechanism to communicate travel risks, incidents, and trends to relevant stakeholders, ensuring informed decision-making. 7. Continuous Improvement Feedback Loop: Establish a feedback loop from travelers and stakeholders to gather insights on the TRM process’s effectiveness and areas for improvement. Update TRM Practices: Use feedback and review outcomes to refine and improve TRM practices regularly, staying aligned with ISO 31030:2021 guidelines. Implementing TRM best practices aligned with ISO 31030:2021 is an ongoing process that requires commitment from all levels of the organization. By following these steps, organizations can effectively manage travel risks, ensuring the safety and well-being of their employees while meeting international standards. Conclusion As we conclude this Definitive Guide to TRM for Travel Managers, it’s important to recognize the seismic shifts in the corporate travel landscape catalyzed by the COVID-19 pandemic. This guide has laid out a framework and actionable insights derived from the extensive collaboration between CIBT and GBTA, underscoring the indispensable role of TRM in today’s business environment. The pandemic has not only redefined the contours of travel risks but has also elevated the standards for organizational preparedness, duty of care, and employee safety. The incorporation of TRM best practices, particularly those aligned with the ISO 31030:2021 standard, represents a strategic imperative for organizations aiming to navigate the complexities of postpandemic travel. This guide has highlighted the essential elements of a robust TRM strategy, from comprehensive risk assessments and policy development to the critical importance of incident preparation and the continuous improvement cycle. These practices are not merely recommendations but are the bedrock upon which organizations can build resilient, responsive, and responsible travel risk management frameworks. In closing, this guide is a roadmap toward a future where business travel is not only safer and more secure but also more aligned with the values of duty of care and employee well-being. The journey toward excellence in TRM is ongoing—it is our collective responsibility to ensure that the lessons learned, and the strategies developed, continue to evolve, adapt, and inspire. Don’t leave your travel to chance. Let CIBT secure your visa or passport with 100% accurate solutions for travelers and travel managers. Visit https://cibtvisas.com/contact-us As travel managers and corporate leaders digest the insights and strategies outlined in this guide, it’s crucial to view TRM not as a static set of protocols but as a dynamic, evolving discipline that adapts to the ever-changing global landscape. Adherence to TRM best practices can safeguard employees, fortify organizational resilience, and foster a culture of safety and preparedness. 12 www.cibtvisas.com
Fleepit Digital © 2021