Managing Business Travel Risk in Uncertain Times

Before joining BP in 2015 as an intelligence and response operations centre analyst, Andrew Lowe spent several years teaching military-based survival techniques across forest and coastal locations in the UK. His training focused on personal safety, disaster preparedness and business continuity—experience that now informs his role as the energy giant’s travel risk manager.

Today, Lowe oversees high-risk country approvals, evaluates airline safety ratings and provides destination guidance to support BP’s travelling workforce. Even for a seasoned safety and security professional, however, rising geopolitical tensions and persistent cyber threats are adding new layers of complexity to the role.

Lowe recently spoke with BTN executive editor Lauren Arena about how corporate approaches to traveler safety are evolving and what organizations should prioritize when building—or strengthening—their travel risk management programs. Edited excerpts follow.

Business Travel News Europe: Let’s start with your title—travel risk manager. We don’t see this often. Walk us through your responsibilities and what your role entails.

Andrew Lowe: It basically involves all aspects of travel risk management, which is a vast subject. It starts with policy—enforcing policy but also communicating the policy and the rules that are there to protect our travelers. The second part is about supporting travelers in terms of event response or just traveler queries. So we offer those two levels of support to make sure that [travelers are] ready for a business trip and we help to risk-assess those trips. At the same time, if they encounter difficulties during that trip, we also support that.

BTN Europe: How has travel risk management evolved over the past year and what are your expectations as we move further into 2026, which already has been volatile?

Lowe: I think geopolitical events of the last two years and of the coming year are helping to highlight the need for pre-emptive TRM and TRM for event response… What I’ve seen in the past year, and this is maybe just my own experience, is a real growth in the relationships between procurement, travel managers and travel risk and security. I like to think that I’m providing that bridge between the two. That has made us so much stronger as a company in terms of looking after our staff, our travelers, because we are engaging with the right people who have that knowledge and, because we all have a different view of the business, we’re able to warn each other about things that the other person might not see as a potential risk.

For me, it always starts from policy and understanding what’s happening in the world, but also making sure that you don’t let the big things distract you from other issues and responsibilities. I want to make sure that my focus is on the communication with travelers and keeping clear channels of information so there’s a logic flow they can follow to get the right information. 

BTN Europe: The ISOS 2026 Risk Outlook cited geopolitics and cybercrime among the biggest risk factors to business travel this year and ones that will move fast. What’s your take?

Lowe: Things happen really fast and there’s some days where it just feels like we’re firefighting one thing after another. The thing about travel risk compared to other types of risk management is the time criticality. A travel risk manager can help to identify those time-critical moments and jump on it.

We also need to consider geopolitical events [and] how they might have a wider impact on travel. For example, the sanctions on Russia have led to the closure of airspace for quite a few [European] airlines, which has increased traffic over Turkey. It’s created this critical air path between the Eastern and Western Hemisphere for a lot of airlines, which has impacted flight schedules. It’s impacted the cost of flying, and also the criticality of that route.

BTN Europe: What about cyber risks for business travelers. Is this part of your TRM strategy?

Lowe: Cyber risk is a big issue. Luckily we have a big cyber security team who work really hard to keep BP cyber safe. My engagement in terms of cyber risk in travel is to coordinate with our cyber specialists—most companies should hopefully have a cyber specialist of some sort because it’s one of the biggest risks in the world today. A travel risk manager should be expected to engage and coordinate with the cyber team.Coordination is important because you don’t want to duplicate what they’ve already done. Ask about existing resources, gauge their thoughts on a joint effort, which will help to strengthen overall teambuilding and the authority of a travel risk program.

BTN Europe: In a recent BTN interview, Melvin Tennant, CEO of Meet Minneapolis, said “travel is easy to politicise” when discussing the ICE occupation. He addressed how extensive media coverage has shaped perceptions regarding the city’s safety and how he plans to address that. With the constant news cycle further amplified by social media, how are you managing travelers’ perceptions of risk? Have these perceptions shifted recently?

Lowe: There are two parts to this: First of all, yes, there’s lots of reporting on events which often raises questions among travelers. [The news reports are] not always something that we identify as a risk, but we still need to address this because the question has been asked. We can’t just leave the gap. Even if it’s just to say that we are monitoring the situation or to say “no, it’s absolutely fine.” It’s important, as a travel risk manager, to be that voice of reassurance because, let’s face it, the news sometimes like to big things up. It’s important to give [travelers] some perspective and tell them how it is from an operational and an safety perspective—even if it’s just to reassure people. Not everyone gets that. 

But the second part—and you’re absolutely right—is the risk of politicization and staying well out of that. Whatever messaging you put out, you have to be incredibly careful with the wording to keep the focus on the duty of care. And it’s not just about you not saying anything political, but making sure that you don’t accidentally use wording that could be construed as political… The focus has to be on the person, on their safety.

BTN Europe: You mention duty of care. Talk about the scope of that and the travelers’ role in it. 

Lowe: We absolutely have a duty of care to our corporate travelers. So it’s key that we define that duty of care, that they understand we are there to look after them and we provide them with the guidance they need, the resources they need to stay safe, but also the channels where they can raise concerns. It’s important that travelers feel safe—not just that they are made safe, but also feel safe. Part of that is reminding them of their responsibilities—outlining “here’s what we expect you to do in this country and here’s what you absolutely can’t do in this country.” It’s all explaining “here’s what we’re going to do to keep you safe. And here’s what we expect you to do to help us keep you safe.”

BTN Europe: How should TRM be communicated and ‘activated’ across an organization? 

Lowe: Communication is a massive part of the TRM role. It’s important to communicate to travelers the policy, the rules and restrictions and their purpose. There should be a steady flow [of information] through various channels—whether it’s putting out posts on a SharePoint page, or sending out mass emails to specific travelers. There’s also training modules which you would want to communicate to make sure people do proper briefings. 

On top of that, when an incident occurs that may impact travel—even if there’s no direct impact—there may still be a lot of uncertainty. And that’s where you can send out time-critical mass communications. You can do it with bulk emails if you know who the travelers are. But there’s also mass communication tools out there that you can use where you can upload the traveler information and send it out. The important thing is to keep the communication leadership ahead of the tools. The tools don’t guide the comms, the comms guide how you use the tools. 

The same goes for [data management] tools. Don’t fall into the trap of getting the latest gadgets. Identify the problem first and always keep [the tools] focused on your needs… over customization is the kiss of death to any technology, so it’s about keeping it simple. 

BTN Europe: You were recently awarded the Travel Risk Academy’s Level 4 Qualification in Travel Risk Management—and you were also the first person to achieve this qualification, which is accredited by ATHE and aligned with the ISO 31030 standard. Why is this qualification important?

Lowe: The TRA Level 4 Qualification, as well as ISO 31030 before that, are both helping to define the scope of travel risk management, which ties in nicely to your early question. What do I do? It helps define the roles and responsibilities for a travel risk manager, and it’s doing so in the form of an official qualification from a regulated body. This is really important because before these things came along, it was quite easy for people in charge of TRM to tailor it to what suited them, often tailoring it based on their own past experience. … This new level 4 qualification helps establish a clear baseline of what it means to be a travel risk manager and what should be expected as part of that role.

The fact that this is an official qualification helps to give authority to my knowledge as a travel risk manager, and this in turn reflects the growing professionalisation of TRM. It’s no longer just an offshoot of security or risk management, it’s becoming its own area of expertise and the qualification is key in helping to establish that.

BTN Europe: How do you foresee increased AI adoption enhancing travel risk management—and does it pose risks?

Lowe: The potential for data analysis—increased data analysis and cross-referencing between disparate sources—is immense. AI could do a lot of the investigative work and risk identification that most teams just don’t have the time to do, while also potentially identifying opportunities for efficiencies. So, there’s a lot of very exciting opportunities on that front in terms of enhancing TRM. It’s not replacing people. TRM still has to start with a person making a decision and determining a course of action. AI can then support that. For example, it may support how travel itineraries are monitored. At the moment, we can’t monitor every single traveler that we have individually. We can just look at locations where something occurs and see who we have in country. But there might be more potential for AI to do tailored monitoring without invading privacy. 

The biggest risk, in my opinion, is the lack of discipline and consistency in how AI technology is applied and used, including lack of scrutiny in checking the outputs, especially initially…  There’s also a risk that everyone using AI might become their own self-declared expert, which funnily enough brings us nicely back to the idea of the travel risk management qualification.

BTN Europe: What strategies would you recommend to corporates or travel management professionals looking to get a TRM program off the ground? 

Lowe: My advice is start small and build it up. … If you try to throw money at it and build a full program and impose it onto your organization, it won’t matter how much discovery work you initially did with stakeholders, there will always be mismatches between your expectation and their needs. It is then much harder to undo what you’ve already built, which can also then create distrust when you start again or have your next idea. Start with a proof of concept—even if it’s just a spreadsheet. Look at your travel data, identify if travelers are going to high-risk countries. You can then flag those travelers and ensure they are properly informed so that their trips can be risk assessed. And if you do that, you’ve already achieved a big thing to keeping those travelers safe.

Your first port of call should be the security manager or health, safety and environment manager. Ask questions like: “What are your concerns? What do you need from a travel risk program?” If they say, “we don’t need anything,” you’re allowed to raise an eyebrow and start providing travel stats, such as the number of people traveling to a destination that you perceive as high risk. You can get buy-in by making it relevant for them—and that’s where data can help to engage those conversations.

BTN Europe: The challenge today is that destinations traditionally considered as safe, are now perhaps no longer so…

Lowe: Yes. And that’s where engagement with the business is important because the business still has its operations. So it’s about determining what can we do to keep our people safe and get the risk as low as reasonably practical.