Corporate travel risk management is expanding rapidly in scope as organisations confront rising geopolitical tensions, cyber threats and shifting perceptions of safety. BP travel risk manager Andrew Lowe describes a role that spans policy design and enforcement, traveller support before and during trips, high-risk country approvals, airline safety assessments and destination guidance. He stresses that policy is the foundation for effective protection, but that it must be paired with clear communication so travellers understand rules, the logic behind them and how to access support. Collaboration between procurement, travel managers, and security has strengthened BP’s ability to identify and mitigate risks, with Lowe positioning his function as a bridge across these stakeholders.
Lowe expects global volatility to keep reinforcing the need for both pre-emptive travel risk management and robust event response. He cites the sanctions on Russia, which have led to the closure of airspace for quite a few European airlines and increased traffic over Turkey, as an example of how geopolitical events reshape flight paths, costs and critical routes. Cyber risk is treated as one of the biggest risks in the world today, with travel risk managers urged to coordinate closely with specialist cyber security teams rather than duplicate work, using joint efforts to strengthen credibility and team cohesion. At the same time, constant media coverage and social media amplification require travel risk leaders to address traveller concerns even when reported events do not meet internal risk thresholds, providing reassurance, operational context and perspective while avoiding politicisation and keeping messaging tightly focused on duty of care.
Lowe argues that duty of care must be clearly defined so travellers know what support and resources are available, as well as their own responsibilities and behavioural expectations in specific countries. Communication is described as a massive part of the role, involving steady information flows through channels such as SharePoint posts, mass emails, training modules and time-critical alerts delivered through bulk email or mass notification tools, with the principle that communications strategy should guide technology choices rather than the reverse. He warns against over customisation and chasing the latest tools, calling it the kiss of death to any technology, and instead prioritises simple, needs-driven solutions. Formal standards such as ISO 31030 and the Travel Risk Academy Level 4 Qualification are seen as pivotal in defining the scope, roles and responsibilities of travel risk managers and professionalising the discipline.
The growing adoption of Artificial Intelligence is expected to transform data analysis, cross-referencing and investigative work in travel risk management. Lowe sees significant potential for Artificial Intelligence to identify risks and efficiency opportunities and to support more tailored itinerary monitoring without invading privacy, while insisting that decisions and courses of action must remain with people. He flags the biggest risk as a lack of discipline, consistency and scrutiny in how Artificial Intelligence outputs are used, along with the danger that widespread use could create self-declared experts who lack formal grounding, underscoring the value of recognised qualifications. For organisations looking to build or strengthen a programme, he recommends starting small with proof-of-concept efforts, such as using a spreadsheet to flag travellers to high-risk countries, then using concrete travel data to engage security or health, safety and environment leaders and secure buy-in. As traditionally safe destinations become less predictable, he concludes that close engagement with the business is essential to reduce risk to a level that is as low as reasonably practical while enabling operations to continue.
