Travel Risk Management – an overview of legal responsibilities in the UK

A look into the UK legal requirements when conducting business overseas…

Legal Environment

In the context of business travel as with any work activity, there are certain steps to take under the Health and Safety at work etc Act 1974 and The Management of Health and Safety at Work Regulations 1999. The relevant wording is in the red boxes below; however, the key phrase when approaching any policy or procedure is “so far as is reasonably practicable”

Health and Safety Law

In practical terms, this legalisation means an organisation has 3-main requirements: to have an acknowledged policy document; to conduct a risk assessment; and to provide employees with appropriate information and training. Micro-companies with less than five employees don’t have to write down their risk assessment or health and safety policy.

Whilst Health and Safety Law gives a more structured approach to travel risk, there is also a more general legal responsibility under the law of negligence (tort). Such that employers have a general duty of care to ensure their employees do not suffer any unreasonable harm when travelling abroad. If found to be in breach of this duty, employers are legally liable. Although a company can rely on employers’ liability insurance, the extent of any penalty will always reflect what reasonable steps could have been taken to reduce any occurring harm.

It is worth noting (as it can be misleading) that in relation to travel abroad the Corporate Manslaughter and Corporate Homicide Act 2007 has little bearing. The Act requires the death or cause of death to occur in UK territory, or territorial waters, or on a UK registered ship or aircraft or offshore installation. Therefore, for most organisations, it would not be possible for a corporate entity to be prosecuted for a death overseas under this Act as stated in Section 28.

The 3-main requirements under Health and Safety Law

1. An acknowledged policy document

Most conventional travel policies focus purely on cost – justifiably this should be a major control factor on how employees book and conduct travel. However, a good policy should allow travellers flexibility in how they travel when going to higher risk destinations – absence of such direction and awareness can create unnecessary exposure to risk.

A travel risk policy does not have to be a standalone document, for example relevant wording in relation to international travel can be a sub-section of an organisation’s operations policy or in their general travel policy. Moreover, in principle the length and detail of such a policy is unimportant, the key factors are: in some form it must exist; be accessible; be communicated; and be acknowledged by employees. An organisation can have an excellent travel risk policy but it will only be effective if they and their employees follow it and it is reviewed regularly.

As a minimum, polices/ wordings should cover: direction on travel bans and which destinations require further authorisation (generally based on travel risk ratings or government restrictions), how travel is booked (for finance and tracking purposes), direction on hotel and ground transportation providers (including self-driving), medical screening and direction on who to contact if the employee encounters an incident. Such a policy needs ownership (by someone) and reinforced from the CEO/ MD down – lack of such leadership and support is likely to lead to an ineffective policy.

2. Conducting a risk assessment

Before each business trip (like for any work activity), a risk assessment should be conducted. This risk assessment should factor in two important considerations; what is the risk at the destination and what is the risk profile of the traveller.

The law does not expect an organisation to remove all risks, but to protect employees by putting in place measures to control those risks, so far as reasonably practicable. A risk assessment only needs to include what you could reasonably be expected to know. It could be argued that extreme incidents such as terrorism are largely unforeseeable (outside rare occasions where specific intelligence suggests otherwise). Conversely, health issues, road traffic incidents, stress and petty crime are all known and common travel issues that should be addressed and communicated.

3. Provide information and training

Organisations should provide their employees with information and training on their policies/ procedures, how to conduct safe travel and who to contact in the event of an incident abroad.

By conducting travel safety training, employees are made aware of the most common risks associated with travel and how to mitigate them. Furthermore, through training employees can be directed to appropriate information such as government websites (or other 3rd party services) offering advice on the latest travel risks as well as communicating your company’s travel policies and procedures to promote compliant behaviour.


This article covers the high level UK legal requirements for business travel and while being proactive in travel risk management might tick legal boxes, this is just one benefit. Organisations should also consider travel risks and incidents in relation to reputational risk, financial risk, loss of productivity, CSR, risk to data/ equipment and the health, safety and security risks to personnel.

In reality, it is the more common, minor travel incidents that are a greater risk to organisations. International business trips are expensive, avoidable incidents such as a petty crime or travellers’ diarrhoea can disrupt a trip, the full cost of which is unlikely to be captured by insurance.

Click here to understand how you can better prepare your employees for safe travel and ensure you are fulfilling your duty of care requirements.

16 November 2017