Article by Mark Lowe
Is there a direct link between Environmental, social, and governance (ESG), Travel Risk Management (TRM) and Supplier Due Diligence?
Pyramid Temi Group CEO Roger Warwick believes that the answer is a firm ‘yes’: “While a number of people are ascribing the ever greater interest in ESG as a fad, I believe that the integration of environmental, social, and governance criteria into an organisation’s culture and operations represents a step forward of great importance. For too many years there has been a focus on resolving problems and carrying forwards an organisation’s interests, while perfectly understandable, a focus on objectives has left a door open to issues that might not be exactly what management, the Board and investors really want to be involved with. By adopting strong oversight measures, all organisations can eliminate these risks and better not only their performance but also the direct and indirect effects of their activities on third-parties.”
To better understand Warwick’s opinion I sat down with him and asked a few questions on why he believes that ESG, TRM and Due Diligence are interlinked.
What is the fil rouge between these three quite distinct concepts and activities?
“It’s quite simple really but before we examine the links between them let’s begin by asking ourselves some very important questions: Who are we, how do we wish to be perceived, and what can we do to improve the environment in which we live and work in? The answer to the first question is quite simple, we’re organisations with responsibilities that go beyond simply reaching our objectives. There are direct and indirect consequences to everything that we do and we have to be aware of them and assure that they are always positive consequences.
As regards the second question, we wish to be perceived as ethical organisations that make a contribution to development and by this I intend both locally and globally. Let me be clearer, while on the one hand I want my company to grow and employ more people, on the other I want our activities to benefit those in the various countries that we work in. This means employing the services of local companies and local people.
This leads us to the third question, how can we improve the environment in which we work and live in? To this my answer is by working in an ethical manner with companies and individuals that we can place our trust in. People and organisations that share our beliefs and who will help us to implement measures that others will benefit from.
So getting back to your original question regarding the fil rouge, the answer is that as part of our ESG effort we conduct due diligence on potential suppliers and partners before working with them on travel risk management services.”
How do you conduct this due diligence?
“One example is working with organisations that are International Code of Conduct Association (ICoCA) certified. The certifications process is robust and reliable and I firmly believe that any company that has embraced the ICoCA model has done so because they believe in it rather than because they see it as a shortcut to credibility.
ICoCA certification, like ISO certification, is a means via which clients can assess if potential suppliers share their commitment to quality. This is essential as every part of a supply chain has an impact on an organisation’s goals and reputation.
To this end the ICoCA certification process is extremely valuable because it is a process that you have to commit to both in terms of achieving and maintaining certification. Before beginning the certification process your procedures have already to be of the highest level and during certification they will be put to the test, no bad thing as this allows you to evaluate and improve your procedures according to the highest level of standards.
We’ve been through the process and Pyramid Temi Group have achieved full ICoCA certification so we’ve progressed from being a founding member of ICoCA to being the only Italian company to have achieved full certification status. Was it easy, most certainly not. Was it worth it, most certainly so.”
Is ICoCA certification sufficient to evaluate a supplier?
“It’s an excellent starting point and on top of this you build in your own audit of a potential supplier, you want to be looking closely at their experience and past history, how they train their personnel, for example in terms of understanding and respecting human rights. As a security company we are very aware of and respectful of human rights and we encourage everyone else that we have dealing with to do the same.
I have to say that it’s not difficult to find common ground on this issue, however, I would like to see a greater effort on the part of organisations, especially government organisations, to promote the concept of respecting human rights and doing the right thing being essential prerequisites for all security companies. We’re going in the right direction but there is always some extra effort that can be made.
Just for the sake of clarity, although reputation is a very important issue, the bottom line is promoting a commitment to standards rather than conducting due diligence simply to protect reputation. Again, we are certainly moving forward on this and the fact further convinces me that ESG is not a fad at all.
You cannot define a concept that so many organisations are taking seriously as a fad, quite the opposite.
This leads us back to ESG and how supplier evaluation has to be part of the process. What other considerations would you make on this?
“We can and we should link ESG to last year’s publication of the long awaited UNI ISO31030 Travel Risk Management guidelines. There are two immediate considerations, one is how an organisation protects its own employees and secondly how their suppliers or subcontractors protect theirs. To be quite blunt I’ll put it this way, why would a company that refuses dealings with a supplier that runs a factory without any safety or security certification work with a company that does not protect its travelling workforce? If I was to evaluate a supplier, let’s say a company that’s providing machinery or equipment to a project that I’m running, I’d look very carefully at their Duty of Care procedures. I don’t want to be working with a company that isn’t compliant.”
And is UNI ISO 31030 compliance what you would be looking for?
“At the very least I’d be looking for evidence of an organisation that has closely studied the guidelines and is intent on reaching compliance with what is the only existing international standard on Travel Risk Management. I’d want to be sure that I’m working with an organisation that is committed to Duty of Care. I’d not want to be working with an organisation that exposes its employees to unnecessary risks or that doesn’t do its utmost to protect them.”
How do organisations reach UNI ISO 31030 compliance?
“They can begin by looking very carefully at what they do, where they do it, how they do it, and who does it for them. This will help them achieve a greater awareness of the risks that they face and therefore how to address them successfully. Naturally this requires expertise and this is why we are fully behind the certification of Travel Security Managers. When UNI backed the development of the new standard they realised that to implement the guidelines correctly competent managers would be required and to this end we worked with them as of day one to define a completely new professional figure, the Travel Security Manager. This new professional figure was immediately recognised by Confindustria Emilia as an initiative that they should back and promote and this led to the creation of a certificate course, the “Masterclass Travel Security Manager” organised in collaboration with the Fondazione Aldini Valeriani (FAV). Pyramid Temi Group were responsible for the development of the course structure, the course contents and the identification of the lecturers.
Because of our experience, the fact that we were one of the founding members of the UNI ISO 31030 working group, and one of the first backers of UNI’s new professional figure, we were able to put what was required together. The end result is that the first group have already been through the course and have been certified which means that a number of organisations are already benefiting considerably from their knowledge. As in any profession the bottom line is competency, do your people have the necessary skills, are they part of a wider circle of experience and can they answer the challenges that your organisation faces? These are the questions that the course answers.
Where did the experience come from, who were the lecturers?
“This is a very good question and at the risk of appearing a little arrogant, allow me to say that we identified and involved the most experienced and competent professionals in Italy including ICoCA’s Monitoring Officer, Giuseppe Scirocco. So we had a lot of experience delivered over a total of 100 hours with results that I am very pleased with.”
In conclusion, what are your key messages?
“Bad question to ask me because I could go on for hours! But on a more serious note, my key message is that organisations have to start by adopting compliance to the UNI ISO 31030 Travel Risk Management guidelines. Once they have begun that process, and part of it is directly connected to the auditing of suppliers be they security providers or technology providers, they need to understand how robust their supply chain is in terms of ethics, compliance, and adherence to the concepts of Duty of Care.
You don’t have to reject organisations that don’t meet your standards, you need to help them if they are committed but they lack experience. In the same way that we can all learn from others, we can all teach and assist others.
Study ICoCA’s policies and objectives carefully and add their certification to your list of security provider prerequisites. This might not always be possible but at the very least you should be looking for concrete guarantees that any security provider aims to achieve full ICoCA status.
If your own procedures are in place and are robust, if your suppliers are approved in accordance to strict criteria and you are willing to work towards creating an overall security culture, then par of your ESG responsibilities are already in place.”