Taking care of security risks
, October 14, 2012
By Mark Lazell
As global organisations extend their reach into the Middle East and North Africa, the security arrangements of expatriate staff and business travellers have become more sophisticated.
The most important step is for organisations to prepare their employees before travel to minimise their exposure to avoidable risks., says regional security expert Julian Moro in an interview. Excerpts:
What are the main regional security risks?
Clients are exposed to specific risks such as political crime, terrorism, kidnap, natural disasters, conflict, war, unlawful detention, cultural missteps and piracy, as well as generic risks such as road traffic accidents and infectious diseases, which can have significant security implications in certain jurisdictions. The most important step is for organisations to prepare their employees before travel to minimise their exposure to avoidable risks.
How do you define risk?
We apply one of four risk rating categories for locations: Low, Medium, High and Extreme, which take account of specific travel risk factors. A huge amount of work underpins these ratings, from considerations such as the likelihood of something happening through to the impact if it does, and the ability to mitigate some risks locally (e g quality of law, emergency services and infrastructure and our ability to offer assistance via our global network of accredited security and logistics providers). In Syria at the moment, for example, because it is a conflict zone there is a deteriorated capability to render assistance to our clients, making it an Extreme risk location with a corresponding recommendation to defer business travel and evacuate staff. Within each country there are also different rating zones. Yemen is rated High overall but has two Extreme risk zones. This approach provides a level of granularity that enables organisations to better understand their risks and continue business. Somalia, Iraq, Afghanistan and Syria are considered Extreme risk.
How do you ensure information integrity?
Information and risk analysis underpins everything we do and is the basis upon which we give advice to our clients. Timeliness and veracity of information is critical, and this is provided by a team of analysts, including regional experts in eight locations around the world, who monitor the environment 24x7. All information is corroborated before publishing, because our analysis and advice can have a potentially major impact on our clients. For example, a client may read a report and decide to postpone a business trip, thereby potentially incurring opportunity risk. Our main aim is to ensure where possible that we inform our clients’ decision making to allow them to continue to do business and manage their security risks while doing so. To give you an example of the way this works: there was an attack [last month] on the US embassy in Sanaa [Yemen]; we became aware of it, then corroborated via the International SOS Sanaa branch manager. Control Risks have a number of security managers embedded with clients, so our information analysis team were able to reach out to them to help develop a deeper understanding of the specific situation. We were able to provide clients with informed analysis and advice rather than ‘news’ which is published via open source media. Our reporting is not just what has happened – it includes our analysis of what it means and advice on a given situation. It is a pragmatic view which cuts through media hype – we have no agenda when reporting other than making sure our clients are aware of the situation and can mitigate their risk.
How has the Arab Spring affected organisations’ security needs?
Organisations cannot bury their heads in the sand. In the past, few had contingency plans for country-level evacuations. It was not given the attention it deserved because it hadn’t happened frequently. That said, since 2003 globally we have evacuated over 6,600 individuals for security incidents, including 3,500 during the Arab Spring. There is a direct correlation between the Arab Spring events and our membership levels. A lot of organisations want to make sure their expatriate employees and business travellers at least have access to evacuation and information services. We also help develop and implement detailed evacuation contingency plans which builds on an organisation’s risk tolerance, its profile (based on the company’s national origins, the nationality of the staff, type of business) and link that in to our global assistance platform. There is now a much more proactive, balanced and risk-based approach to doing business – companies are now making sure employees are properly educated, so there is a huge mindset change on awareness. From a regional perspective, there is much less of a driver from a legal standpoint, duty of care, from a regulatory perspective – people have come to realise that interventions are costly. Investing in preparedness is therefore a worthwhile return on investment. A lot of global players think about their obligations – regional players are pragmatic and believe having membership and preparations is a way of proactively making sure people are aware of the risks.
Have security budgets been trimmed due to the economic downturn?
Globally, organisations are looking to tighten belts. But because of the downturn, companies have to look further afield to new and emerging markets for business, such as in this region. The focus is now on client-facing business travel which means very senior people are travelling to new environments, so their risk exposure is greatly increasing. The desire for organisations to penetrate EEMEA markets suggests continued regional growth in demand for our services. The security and risk dynamics in the region are not likely to change in the near term.
What is your typical client profile?
In this region, much of our focus is on global organisations with ambitions in this part of the world to do business. We have 70 per cent penetration of Fortune 500 firms and an even greater penetration of Fortune 100. Within those and other organisations the core constituents are international assignees and their dependents, and business travellers – from CEO to technical specialist, from a cross-section of business – engineering, mining, infrastructure, maritime, aircraft and airlines, government, scholastic, banks and consulting firms.
* Julian Moro is the regional security director in the MENA region for International SOS. He heads up a joint venture between International SOS and Control Risks. The above interview appears in The Gulf, our sister publication.