Keeping Parades and Events Safe for Businesses and Employees


Holiday parades will be marching down many U.S. city streets during the next six weeks, with millions of revelers expected to attend. And while these are historically joyous occasions, safety is a top concern for businesses located near the festivities—especially considering the high-profile violence that has recently dominated headlines. Rezwan Ali, risk solutions group head of security at Falck Global Assistance, which advises companies about security, safety and travel risks, spoke about the challenges and best practices faced by businesses and employees located near parade routes.

Risk Management Monitor: How are companies responding to the rise in low-tech terrorism and violence?

Rezwan Ali: Companies have become more aware of the need for crisis management. Recent terror events in cities such as Paris, London, Las Vegas and New York have shown companies that duty of care is much more than just health and safety – it is knowing where your employees are traveling and aiding them if affected by terror or violent events. As companies become more globally oriented, their employees are required to travel more, which expands the company’s duty of care responsibility and creates a need for travel risk management. In recent years, there has been an increase in the demand for travel risk management, which originates in a company’s acknowledgement of providing duty of care services to travelling employees to mitigate the possible impact of attacks on the business, its reputation and employees.

RMM: What steps can businesses take to prevent disruption?

RA: The best way to mitigate disruption caused by terrorism is to be prepared at both the business and individual level. On a business level, companies should implement a crisis management process and a contingency plan. A crisis management process includes appointing a crisis management team and training the organization using various scenarios. The contingency plan provides guidelines on how to maintain business as usual when a crisis occurs and works in parallel with the crisis management process. On an individual level, training can provide employees with tools to cope with stressful situations and alleviate the impact of an incident. When employees know how to manage demanding situations, the effect on the company will also be minimized.

RMM: How can businesses located near a parade route or major event protect their employees?

RA: All businesses should have emergency and evacuation plans, which can be applied in the event of emergency. These plans should cover procedures for evacuating the office, safe areas and roles and responsibilities. Businesses located in areas identified as potential targets for terror attacks should incorporate specific emergency measures related to terrorism into their plans. They should also ensure that all employees know and understand that the emergency plans exist. These plans could include guidelines for what to do should a terror attack take place outside the office, as well how to react in the event of an active shooter. It is crucial that these plans and procedures are trained, exercised and tested.

Having an office in an area prone to various incidents requires the company to be informed of relevant developments. Sound intelligence can alert the company of an event, enabling quick initiation of applicable plans. Many companies use their network to provide intelligence or rely on local media to provide alerts. Regardless of the information, it is important to use trustworthy sources to ensure validity. The company can choose to develop a trigger system that determines whether the alert should activate any emergency procedures.

RMM: How likely is it that someone will be a victim of terrorism or violence during a large event?

RA: Although terrorism has severe consequences, the likelihood of being a victim of terror is low when compared to other risks such as traffic accidents and illness. The impact of a traffic accident on the individual can still be high, while the impact on the business will be minimal, in most cases. What makes terror so dangerous is not likelihood, but the fear of it happening. Terror literally means “fear,” and it is the uncertainty and severity of terror that is pivotal for how we perceive it. Employees may express a somewhat irrational fear that must be addressed and taken seriously by the company, as it affects the employee and his/her work.

Insurance Industry Responds to House Approval of NFIP Renewal

Insurance industry trade groups lauded the U.S. House of Representatives’ vote on Nov. 14, reauthorizing the National Flood Insurance Program (NFIP). The 21st Century Flood Reform Act (H.R. 2874) would reauthorize the program for five years and enact operational changes. Advocates from RIMS, the risk management society, the Property Casualty Insurers Association of America, and SmarterSafer.org also asked that the Senate waste no time in passing its version of the measure before its expiration on Dec. 8.

On Sept. 8, President Trump signed legislation passed by both houses to extend NFIP authorization until Dec. 8, which previously had been set to expire Sept. 30.

Dow Jones reports that the act’s reforms include:

  • Authorizing $1 billion to elevate, buy out or mitigate high-risk properties
  • Capping flood insurance premiums at $10,000 per year for homeowners
  • Removing hurdles to the private flood insurance market, which often offers better coverage at lower cost than the NFIP
  • Providing for community flood maps and a homeowner’s ability to appeal their flood designation
  • Better aligning NFIP rates to match a property’s true risk, particularly for in-land and lower-value properties
  • Improving the claims process for flood victims
  • Addressing repeatedly flooded properties, which account for 2% of NFIP policies but 25% of claim payments

While it applauded the U.S. House of Representatives for deciding to reauthorize the NFIP, RIMS, the risk management society, also urged the Senate to quickly follow-up before the program’s Dec. 8 expiration. Allowing the NFIP to expire would have “significant repercussions, impacting both corporate and residential property owners,” said RIMS Vice President Robert Cartwright Jr.

“Nearly five million American consumers rely on the NFIP to protect their homes, properties, and businesses,” said Nat Wienecke, senior vice president of federal government relations at the Property Casualty Insurers Association of America (PCI). “A long-term reauthorization is needed to provide consumers and markets with reliability and stability when it comes to flood insurance coverage.”

SmarterSafer.org, a coalition of taxpayer advocates, environmental groups, insurance interests, housing organizations and mitigation advocates, said in a statement that this year’s “historic hurricane season has pushed the nation’s debt-ridden flood insurance program past the point of bankruptcy once again, so we applaud the House for passing a legislative package that reforms the NFIP to ensure the program is financially sustainable for the future.” The organization also lauded the House for investing in recommended measures including “mapping and mitigation, addressing affordability and providing consumer choice in the flood insurance marketplace.”

The NFIP was created more than 50 years ago to provide affordable flood insurance as private insurers pulled out of the market. The program’s large debt led Congress to cancel $16 billion of its debt last month. NFIP now has about $6 billion to pay claims and $10 billion left that it can borrow from the Treasury Department, according to the Federal Emergency Management Agency, which manages the program.

High Performance Risk Management

LOS ANGELES—Risk managers, whose job once focused on a basic “bucket of risks,” and making decisions about which risks are transferable and which ones the company should retain, have been “migrating along an evolutionary path which is allowing us to be more strategic,” said Chris Mandel, senior vice president of strategic solutions at Sedgwick, at the RIMS ERM Conference 2017.

During the session “The Trouble with ERM,” he noted that risk managers now need to alter their focus. “The question for risk managers now is, how do we get our organizations to focus on long-term success and recognize the link between strategy and risk?” he said.

Erin Sedor, president at Black Fox Strategy, said that personal experience taught her the importance of connecting with the CEO and aligning with the company’s strategy when setting up a program. “You need to know what they are talking about and understand strategy,” she said.

Unable to find a satisfactory definition of strategy for ERM, Sedor came up with her own: “A strategic business discipline that allows an organization to manage risks and seize opportunities related to the achievement of its objectives.” She added that, unfortunately, enterprise risk is not a term that resonates with the C-suite, but strategy is.

She identified three major problems with ERM that can dampen its prospects:

  1. A limited view of the organization’s mission, growth and survival.
  2. Silos. Breaking through them is a nonstop process, no matter how a company tries to improve the situation—especially in the areas of risk management, continuity planning and strategy, which typically happen in very different parts of the company. “It is important to link risk management and continuity planning in the strategic planning process, because that will get some attention and get the program where it needs to be,” she said.
  3. Size. Because ERM programs are notoriously huge, she said, “the thought is that ERM will cost too much money, take too many resources and take too long to implement. And that by the time it’s finished, everything will have changed anyway.”

Starting the process by “saying you’re going to focus on mission-critical,” however, can help get the conversation moving. “Because as you focus on that, the lines between risk management, continuity planning and strategic planning begin to blur,” she said.

Sedor described mission-critical as any activity, asset, resource, service or system that materially impacts (positively or negatively) the organization’s ability to successfully achieve its strategic goals and objectives.

She said to find out what mission-critical means to the organization, what is the company’s appetite and tolerance for mission-critical, and the impacts of mission-critical exposures on the organization. “Risk managers will often ask this question first, but you have to come to grips with the fact that not every risk is a mission-critical risk,” she said. “And not everything in a risk management program is mission-critical.” Using that context helps in gaining perspective, she added.

When viewing risk management, continuity planning and strategic planning from a traditional perspective, strategic planning is about capturing opportunity and mitigating threats; risk management is the identification, assessment and mitigation of risk; and business continuity planning is about planning for and mitigating catastrophic threats.

Looking at them from a different vantage, however, strategic planning is planning for growth; risk management allows you to eliminate weaknesses that will impede growth, which is why it’s important; and continuity planning will identify and mitigate the threats that impact sustainability. “That is how they work together,” she said, adding, “you are also looking at weaknesses that, when coupled with a threat, will take you out. Those are your high-priority weaknesses. Using a mission-critical context makes it all manageable.”

At this point, if a risk manager can gain enough leverage to talk to executives throughout the organization about what mission-critical means to the company, its impact, and then about tolerances and creating a more integrated program, “all of a sudden, you’ve talked about ERM and they didn’t even know it,” she said. “They thought you were talking about strategy.”

Critical Infrastructure, Security and Resilience Highlighted in November

National Critical Infrastructure Security and Resilience Month (CISRM) kicked off on Nov. 1. The month’s initiatives address risks such as extreme weather, aging infrastructure, cyber threats and acts of terrorism. Its timing is certainly appropriate, as the effects of recent hurricanes on infrastructures in southern states and Puerto Rico continue to be assessed, as well as Northern California’s devastating wildfires and the deadliest shooting massacre in modern U.S. history.

The month was created by the Obama administration and the Department of Homeland Security (DHS) hosts CISRM in an effort to promote education and awareness of the 16 critical infrastructure sectors that are vital to public safety and national security. Its page reads:

The evolving nature of the threat to critical infrastructure—as well as the maturation of our work and partnership with the private sector—has necessitated a shift from a focus on asset protection to an overarching system that builds resilience from all threats and hazards.

A CISRM toolkit provides companies with templates and drafts of newsletter articles, blogs, and other collateral material for use in outreach efforts. Activities geared toward business owners, public entities and private citizens focus on several key themes to enhance security and resilience, including:

  • Highlighting interdependencies between cyber and physical infrastructure
  • Pointing small and medium-sized businesses to the free tools and resources available to them to increase their security and resilience through Hometown Security and the four steps of “Connect, Plan, Train, and Report”
  • Promoting public-private partnerships
  • Fostering innovation and investments in infrastructure resilience

In his proclamation of CISRM earlier this week, President Trump further committed to helping businesses invest in “needed capital and research and development by reducing burdensome regulations and enacting comprehensive tax reform.” The proclamation states:

We will also renew our Nation’s focus on ensuring that the next generation has the education and training, particularly in science, technology, engineering, and math, required to meet the known and unknown threats of the future.

Overall the United States’ infrastructure is among the top 18 in the world, according to the 2017 FM Global Resilience Index, which aggregates data to help companies identify their key supply chain risks. The U.S. continued to hold high rankings among 130 countries based on drivers in three categories: economic, risk quality and supply chain factors. The U.S. is segmented into three regions to reflect disparate natural hazards exposure:

  • Region 1, encompasses much of the East Coast, is ranked #10 in the index (a one-spot upgrade from last year)
  • Region 2, primarily the Western U.S., is ranked #18 (a three-spot upgrade)
  • Region 3, which includes most of the central portion of the country, is ranked #9 (down three places)

Although the federal government is less focused on asset protection, business owners can still get involved by safeguarding workplaces. In its October 2017 edition, CLM magazine noted that another path toward resilience involves reducing property damage caused by extreme weather and natural disasters. Literally looking to the sky is one suggestion; business and property owners should pay particular attention to their roofs in order to prevent degradation and enable them to withstand high winds.

“Property owners need to have maintenance personnel adopt and implement preventative maintenance and roof inspection programs that alert them to potential and active degradation,” wrote the authors of the article, “Time For Resilience.” “Weak links such as roof detachment, corrosion, or other damage could tear off roofing during an enhanced wind event. Such risks need to be mitigated before an event occurs.”

Ready.gov provides resources on disaster planning and management, and also has this section on Business Continuity.