For the 2014 Winter Olympics, a 50-person contingent from the U.S. Ski and Snowboard Association (USSA), including several members of the board of directors, spent 14 days attending various events and competitions in Sochi, Russia. For Tiger Shaw, two-time Olympian and now President and CEO of the USSA, this meant the need to call in some expert help.

Shaw contracted Global Rescue, an international security support firm, to provide two 24/7 personnel to provide medical assistance and on-the-ground intelligence for the group in Sochi. After an early risk assessment determining the level of protection needed in Sochi, the two personnel reviewed routes and venues for potential risks, planning for different scenarios. They traveled to meet executives where they landed in Istanbul and escorted them to Sochi. While the USSA has no in-house security department, many on their board of directors do, and travel with executive protection services frequently.

“We wanted to provide the same levels of protection – safeguarding our guests at their level,” says Shaw. “This service helped us stay nimble in a very fluid situation. There were always contingency plans for our contingency plans.”

According to Scott Hume, the Associate Director of Security Operations for Global Rescue, planning for the Olympics and other regularly scheduled events should be on every international enterprise’s calendar. Shaw began planning security for the trip five months in advance. Hume suggests starting with detailing the people in your contingent, any medical services they might require, hotels and other itinerary items. If possible, sending an advance team or representative to review alternative routes or locations, as well as vetting hospitals or ambulance options, is ideal. Enterprise security leaders should be able to account for everyone (including through the use of GPS monitoring, if needed), have an emergency communication plan, be aware of police and military actions and political climate, and have multiple evacuation plans in place.

The most important factor in protecting executives, either domestically or internationally, Hume says, is planning, planning, planning. Adjusting security protocols at the last minute if the region’s political climate shifts suddenly can become very expensive, and often result in sub-par service because of a lack of advanced training and information gathering.

Intelligence-Led Operations

In “complex” (not necessarily “high-threat”) environments, leading operations with intelligence, not just a show of force, is key, says Pete Dordal, Senior Vice President of GardaWorld, a Canadian private security firm. Security enterprise leaders should preface all operations with intelligence, deliver a researched threat matrix and then tailor the response to the enterprise’s threat tolerance, he says. In addition, having personnel in the destination location helps to develop more accurate, nuanced reports on routes, climate and risks, Dordal says, than reports solely developed in domestic operations centers or think-tanks.

According to Peter Martin, President and CEO for AFIMAC Global, there has been a shift in executive protection tactics over the past five years. The norm used to be a high-profile show of strength – multiple armed security officers surrounding one person, the stereotypical bodyguard approach – and now more enterprises are opting for the “blending in” tactic, focusing more on advance work and intelligence, drawing less attention to the group as more malicious actors take aim at obviously high-profile individuals for the shock value.

He recommends that enterprises look at the risks facing either a trip or a planned event, reviewing risks continually, not just in advance, as the environment can shift suddenly at any time.

“Your decisions will be scrutinized in the event of an incident,” he says. “Intelligence and performing your due diligence is the way that you will be able to wholly explain and defend your decision.” A large part of that due diligence comes when choosing how to cover executive protection services.

Duty of Care

To limit liability risks, it is imperative that enterprise security leaders fulfill their due diligence obligations when choosing a security partner for these services, even if they use in-house personnel. According to Martin, you should review references, security licenses (especially for the destination country), check the company’s website and demand they provide proof for any claims of capabilities or services rendered.

Gus Blanco, the Security Manager for the Americas branch of manufacturing and distribution company Amway’s Protection Services Group, utilizes services from AFIMAC to protect executives traveling into high-risk markets, such as Latin America and certain European countries.

“With the resources I have available, we are forced to rely on outside service providers, so we push them through a vetting process,” he says. “We were looking for a reputable company with appropriate resources. We rely on referrals and tradeshow meetings; we look at the needs of their existing client list and compare that to Amway’s needs. Once we choose a partner, we build protocols with them based on the level of executive traveling and the risk of the destination, fitting the control to the risks, bearing local budgets in mind.”

Services that Blanco contracts can be as simple as transportation needs – a safe and secure transit from points A to B, but this can require that the contracted provider have hardened vehicles available – or as complex as medical evacuation plans.

“Having a strong local partner brings value to Amway through their ability to understand what’s going on in that environment, having police contacts, seeing new risks develop, knowing alternate safe routes and directions, and even translation services,” Blanco says. He works with the Latin America Regional Council of OSAC in Miami to get feedback from other security professionals and executives receiving these services. He checks in with colleagues from other multinational companies to glean their experience with vendors, and, while U.S. Embassies and the State Department can be skeptical about making vendor references, they are often a good place to start, he says.

According to Dordal, an embassy will have a shortlist of local referrals for service providers that have been used successfully by other U.S. companies. He says that enterprises should only work with companies that have been embedded in a region for a minimum of five years (“Footprint matters,” he says) with strong reserves of resources in the area – including a tracking center, hardened vehicles, bilingual response and offices.

However, for many companies, he says, a hybrid response could be best, blending in-house personnel (who are more familiar with the enterprise, its risk appetite and its executives) and contract personnel (who know the area and the local risks). The safety difference could lie with in-house complacency, or even becoming too familiar with executives, who could then pressure security personnel to bend the rules for them. Blending in-house and contract personnel could mitigate some of these risks.

According to Will McGuire, President and CEO for Global Elite Group, training and experience are the two single most important factors when dealing with an executive protection provider. The identifying traits for these will be resourcefulness and the ability to provide consistent, continuous protection, he says. In addition, discuss previous assignments, staffing and logistics in vendor negotiations, and always ask to speak with the staff that will actually be on-site providing leadership or protection.

Crafting an Appropriate Response

Building an appropriate plan based on an enterprise’s risk and an advance threat assessment helps to maintain the right level of resources, says Michael McCann, President of McCann Protective Services and former Chief of Security for the United Nations. “Risks stay fairly constant throughout the years, but the technology and the response to risks can change,” he says. “For a board or corporation meeting, news or protest information can be shared by technology faster, so it’s worth it to be prepared for a protest or risk to emerge at any time.”

There should be no pre-packaged responses, he says. Each executive protection plan should be tailor-made for each assignment, based off of research and threat analysis.

For highly publicized events, there are no secrets, says Martin of AFIMAC. The event is in a defined location; it’s public knowledge, so security personnel have to work on hardening that facility and preparing for any eventuality that can occur there. For missions and mobile trips, tactics should shift to building fluid itineraries – if one location is suddenly a threat, your security provider or team should have several backup plans and locations in place, often as a result of advance work and a reliance on information from people in the area, not just the media.

As more CSOs position themselves as business enablers, Martin says, this sort of intelligence-gathering and involvement in international affairs will continue to grow – it’s about safety and strategy, he says.

According to Shaw, “You should go in, or send your athletes and employees in, completely and overly prepared. ‘No incidents’ this time makes it easy to get complacent and drop your guard for the next time, but there are always new threats and different possibilities. Play the Devil’s Advocate when planning, so you’ll be prepared for the worst, but happy with the best.

"With the burden of care shifting onto us for employee and athlete travelers, we can’t be too vigilant.”