False Sense of Security by Meeting Planners. In 2003, during the time that Kevin Iwamoto was managing corporate travel for a mulitnational company, a car bomb exploded outside a hotel in Jakarta. Iwamoto did his usual check-in with his travel management company to see whether any employees had been traveling to Indonesia that day. He got the all clear.
But then he got a call from the general manager of the Jakarta office asking about loss of life coverage and benefits for families. Iwamoto said he would get answers for the manager but then asked “Why? There was no one traveling there. We checked the list.”
Indeed there were no transient business travelers scheduled to be in the city. However, there was a corporate off-site meeting at the hotel and two employees had been killed.
“I was speechless,” Iwamoto told a roomful of corporate travel professionals at the 2016 Global Business Travel Association Convention, held this month in Denver. “I was not prepared for that. It taught me that you may have the best laid plans in the world for corporate travel, but meetings and events are a totally separate area.”
So when he moved into a meetings management role soon after, he explained, “I started asking, ‘Why are there not more duty of care practices being shared?’”
Uniqueness of Meetings
Iwamoto and Theresa Thomas, senior vice president of Powered by iJET, a new business unit at iJET International, led the GBTA education session, which laid out the current state of duty of care around meetings and events.
While these practices are well established for employees traveling the world for their companies, the same focus has not been turned on meeting attendees.
“To varying degrees, meeting organizations and suppliers do look at safety and security but there really has not been a standard established for that,” Thomas said. Planners, she said, often rely on a hotel’s security plans and procedures. “They think, ‘Our attendees are usually on property, so the hotel has us covered.’ I think that’s a risky assumption to make.”
It isn’t entirely straightforward to map existing duty of care procedures for transient travelers directly onto meeting attendees, Thomas acknowledged. For example, requiring transient business travelers to follow air booking and hotel booking procedures means having access to their passenger name records and being able to work with a travel management company to track their locations. With meeting travel, there may be both a meeting management company and a travel management company involved, and there may be multiple passengers on a single PNR.
“It’s not always an integrated or seamless process, which creates gaps that put meeting attendees at risk and/or allow different people in that chain to make assumptions about what others are doing to keep people safe.
“There are a lot of moving parts,” she said, “but it’s not impossible. It’s a little extra work, but you need to get your meeting attendees and your meeting information into a duty of care program or risk management program.”
Unique Threats to Meeting Attendees
This is particularly true, she said, because she sees attendees as unique travelers with a unique set of threats. For example:
• They work hard and play hard.
Thomas used the GBTA Convention as an example, saying that after a long day of sessions, attendees look forward to evening networking events where they can relax and maybe have a drink. “Inhibitions may be lowered and we could make choices we might not otherwise make,” she said.
• They feel too taken care of.
“When I talk to meeting attendees, they say, ‘The planners make everything so easy.’ It creates a false sense of being taken care of because planners are doing everything else for them. We need to remind attendees of their ‘duty of loyalty.’” This is the flip side of duty of care and refers to the responsibility employees have to avoid unnecessary risks when traveling on behalf of their companies.
• They participate in unusual activities.
Perhaps the company has scheduled a teambuilding event on a high ropes course or another activity that is more risky than sitting in a conference room. Planners need to have their legal teams review the coverage a teambuilding company or other vendor has to ensure it’s sufficient. In Thomas’s experience, “You’ll always want more.”
• They wear namebadges.
People waiting in line for a coach transfer, with their names, titles, and companies clearly visible on namebadges, can become targets for would-be kidnappers. Thomas suggests having attendees remove their tags when leaving the hotel.
• The hotel reveals their presence.
Any meeting signage in the hotel, including the daily schedule or poster board signs outside individual meeting rooms, is a risk, Thomas said. “This is complete exposure. Be conscious of the fact that anybody can walk into the hotel and get this information.”
Group Security Best Practices
Kevin Iwamoto, GLP, GTP, who is now a senior consultant with GoldSpring Consulting, offered four steps to better security for meeting attendees.
1. Create a Plan
• Adapt what you have.
You can’t use the same plan for meeting attendees that you have in place for business travelers. But you should review it, and figure out how to relate it to meetings. “Just by using registration technology, you can track all meetings and attendees, then give access to that information to corporate risk and security,” Iwamoto suggested. “Corporate travel departments use security firms like iJET for business travelers, so consider the same type of vetting, notification services, and advisories for meeting attendees.”
• Track travelers.
Even if some attendees are not employees (for example, spouses on an incentive trip), your company is legally responsible for anyone whose travel you are paying for. (That extends to pre- and post-conference excursions as well.) If you have third parties such as destination management companies helping you on site, be sure they have adequate coverage. “Go the extra mile when figuring out who is liable for what,” he said. “Don’t assume that someone else has it covered. Double check that it has been reviewed and set up appropriately.”
• Think beyond terrorism.
Your emergency and crisis response plan should cover a multitude of things, not just terrorist attacks. Think about hurricanes, volcanoes, military coups, anything that puts your people at risk.
• Know who to call (or text!)
Include contact information for one primary on-site coordinator, an on-site backup person, and an off-site point person if both of the on-site contacts are incapacitated. “Think it all through and practice it,” Iwamoto said. “Don’t just share numbers and email addresses.” And above all, keep it simple, so when people go into survival mode they don’t have to remember too much.
Note that email and phone service could very well be down. “The best practice right now is texting,” he said. Companies ensure that everyone has a mobile device and that all devices include a “corporate 911” contact.
2. Educate
• About the plan
Be consistent and fastidious in communicating the emergency policies and procedures, Iwamoto said. “Keep in mind that different generations absorb information differently.” You can’t just say: “Go read the policy in the employee manual.” Think sound bites.
• About the destination
Duty of care includes informing travelers about the destination they’re heading to. Give them the dos and don’ts from a safety and security perspective. (You can work with a company like iJET, which regularly updates these lists for cities and countries worldwide.)
3. Practice
“Any plan is useless unless you practice it,” Iwamoto said. A quick poll revealed that few of the session attendees had done practice runs of their emergency procedures. “You have to know it works,” he said. “Practicing exposes potential flaws and gaps. No one can afford to find out about these in the middle of the crisis.”
4. Review constantly
Revisit your plan regularly to incorporate lessons learned. “The biggest mistake I see is thinking that if you create a policy, you’re done. You’re never done,” Iwamoto said. “People change job roles and responsibilities, are affected by downsizing, etc. Keep your chain of command contact information current.”
Iwamoto added one last security plea: The next time you’re at a meeting and you’re wearing a badge with a QR code, scratch out that code and your name before recycling the badge. “All your personal data is there, and ID theft around the world today is through the roof,” he said. “Leaving your badge around is like leaving your credit card around.”