Skip to content
Menu
menu

Illustration by Security Technology; iStock

How to Design an Entrepreneur Travel Risk Management Framework in the Face of the Current VUCA World

In 2025, it is likely that we will continue to live in a challenging and dynamic world characterized by volatility, uncertainty, complexity, and ambiguity (VUCA). Geopolitical conflicts, wars, social unrest, high crime rates, extreme climate, natural disasters, and cybersecurity issues will continue to be part of the threat landscape.

Meanwhile, global business travel spending is expected to grow at an average annual rate of 7 percent, potentially surpassing $2 trillion by 2028, according to the Global Business Travel Association (GBTA).

Facing the fragmented world and the rapid increase of business travel, it is vital that multinational companies with employees that travel internationally create a comprehensive travel risk management program.

ISO 31030:2021 ‘Travel risk management—Guidance for organizations’ provides excellent guidance for international organizations on managing travel risks, covering policy development, risk assessment, prevention, and mitigation strategies to ensure traveler safety and organizational resilience.

Referring to the standard, a corporate travel risk management framework should cover the following four aspects.

1. The Objectives Setting, Coverage, and Leadership Structure for the Corporate Travel Risk Management

Objective setting. Undoubtedly, ensuring the security and safety of business travelers and maintaining business continuity are the primary objectives of corporate travel risk management.


It is key to get support and alignment from top management to build an effective program.


During objective setting, management should align these objectives with the company's values. Support from top management is very important for the successful design of a travel risk management framework.

Coverage. Define the type of travels, travelers, and travel risks that will be covered by the organization’s duty of care responsibilities. Each company may have different considerations and risk appetites for duty of care.

The top management, HR, legal, and other departments should jointly decide what will be covered according to the company’s values, applicable laws, regulations, and responsibilities.

For instance, the type of travel (from short-term to long term to bleisure, business and leisure); traveler type (employees, contractors, suppliers, visitors, and travelers’ family members); and travel risks (security, safety, medical, and mental health risks). 

Leadership structure. Establish a leadership organizational structure for the corporate travel risk management program from top to down, clarifying roles and responsibilities. It is key to get support and alignment from top management to build an effective program.

2. Basic Principles

Travel risk rating. Define the customized travel risk ratings for the organization and then rate these countries and regions which travelers frequently visit. As part of this process, consider external professional agencies’ advice, the company’s traveler exposure, business interests, and risk appetite.

Travel risk assessment. Develop a comprehensive and systematic process for assessing the travel risk that the organization and its travelers face.

Travel risk treatment. Define applicable and available travel risk treatments, such as risk avoidance, mitigation, transfer, and acceptance. Managers should know how to leverage various available treatments to manage respective travel risks.

3. Travel Risk Mitigation Measures During Pre-Trip, Mid-Trip, and Post-Trip

Pre-trip. Pre-trip risk management is the most important part of travel risk prevention, which normally includes E-travel application, journey management (route assessment, hotels and medical facilities recommendations, security protection, and logistical arrangement etc.), travel security awareness training, and emergency response plans. 

After travelers submit their travel applications via a corporate digital travel management system, line managers can clearly review travelers’ information, trip itineraries, and the risk rating on travel destinations. Then managers can assess travel risks and provide suggestions if the travel can be approved without extra travel mitigation measures.

At this point, managers have the chance to reconsider the necessity of business travel based on identified risks. If necessary, he or she might help the travelers to mitigate risks with applicable security resources, such as specifying a particular hotel that meets certain security criteria, adding a close protection team, and using armored vehicles for transportation at the destination. 

Once travel application is approved, travelers must fully understand the travel risk related to their trip. Travelers should subscribe to travel alerts through a travel service application or an alternative program, such as WeChat, and complete online or offline travel security awareness trainings before their departure. 


Pre-trip risk management is the most important part of travel risk prevention.


WeChat is the most widely used communication tool in China, with more than 1.263 billion monthly active users. WeChat mini-programs are lightweight embedded applications developed on the WeChat platform, with nearly 90 percent of users using mini-programs daily.

The latest practice in the travel risk management industry in China is to transition the common travel service app to a dedicated WeChat mini program. This innovation allows travelers using WeChat to access travel risk advice, alerts, and e-learning through the WeChat mini program without switching to another app.

In the future, travelers might even communicate directly with the artificial intelligence advisor in the WeChat mini program to swiftly obtain customized itineraries and travel risk mitigation advice.

During-trip. While employees are traveling, organizations may monitor travelers' locations as well as provide situation updates, emergency communication, and rapid response during emergencies and crises.

Soon after arriving at the travel destination, travelers can receive security or medical notifications via emails, SMS messages, or app and mini program communications. On the other hand, managers can use the digital management platform to monitor the travelers’ locations, if they’ve agreed to share them.

During crises like terrorist attacks and natural disasters, the travel management platform can issue special alerts to travelers in the affected region and then automatically trigger an emergency communication via phone call, SMS, or notification for those in the affected area (like a radius of 3 to 5 km from the incident).

Depending on the platform, managers will also likely have the option to receive an email with a contact summary report for the incident. This can assist managers with making better—and swifter—decisions on next steps for activating emergency plans to assist affected travelers.

Post-trip. Travelers who experienced an emergency while abroad might suffer potential physical and mental issues after returning home from their trips. Without timely intervention and treatment, these issues can have irreversible impacts on the travelers and endanger the health or safety of other co-workers.

To mitigate these effects, organizations should consider providing post-trip risk management to travelers in the form of health checks and psychological treatment. 

When travelers return from areas with high incidence of infectious diseases (such as malaria, dengue fever, cholera, and Ebola etc.), employers must provide thorough medical checks for these newly returned travelers. The earlier the detection and treatment, the sooner the recovery and the lower the risk that the disease spreads.

When travelers return after surviving a terrible security incident (such as war, terrorist attack, or kidnapping) or witnessed casualties involving himself or herself or their loved ones, they may be affected by post-traumatic stress disorder (PTSD). In these cases, organizations need to provide early professional psychological counseling to support their travelers. This helps identify mental health concerns as early as possible and allows organizations and travelers to implement positive countermeasures.

4. Maintenance and Improvement

At the end of travel, the company should seek travelers’ feedback and advice on its travel risk management program. At the same time, the corporate travel risk management team should continuously optimize the travel risk management framework, based on previous lessons learned, and adapt it to the changing and dynamic global travel risk landscape. 

In a VUCA world, multinational companies should design a structured, multi-layered travel risk management framework that covers the entire travel cycle (pre-trip, during trip, and post-trip) to ensure their international travelers’ security and safety, improve employee morale, avoid unnecessary legal suits, and keep the global operation resilience.

A mature travel risk management reflects not only the responsibility of the top management for duty of care, but also the overall corporate governance level.

Leon Li, CPP, PCI, PSP, is the director of risk management solutions, China, at International SOS, providing security consulting and training, crisis management, and travel security management for clients and prospects. During his tenure with International SOS, Li has worked in many high-risk countries, including Libya, Algeria, Chad, Egypt, Ethiopia, Haiti, Lebanon, Nigeria, Pakistan, South Sudan, and Sudan. He is an active member of ASIS International and formally served as the vice chair of the ASIS International Shanghai Chapter from 2022 to 2024. 

© International SOS

arrow_upward