Marathon Petroleum’s Best Practices for Corporate Travel Safety
Brian Cooke, Corporate Security Manager of International Security Operations at Marathon Petroleum, explains how organizations can build a comprehensive travel safety program that protects traveling and dispersed workers, no matter where they are.
The safety of traveling employees starts with establishing a clear corporate travel policy that incorporates risk management and cross-organizational teams.
Brian Cooke, Corporate Security Manager of International Security Operations at Marathon Petroleum, recently joined us on The Employee Safety Podcast to explain how organizations can build a comprehensive travel safety program that protects traveling and dispersed workers.
From serving the United States in the Marine Corps to his career as a Special Agent in the Diplomatic Security Service, Brian has a passion for keeping people safe. Today, as an experienced security executive, he draws on over 20 years of experience in physical security to further that passion.
Marathon Petroleum is a Fortune 25 energy company and the largest refining logistics marketing company in the United States. They have 16 refineries, about 60,000 employees, and offices and operations in six countries.
You can listen to the episode below.
Q&A With Brian Cooke, Corporate Security Manager of International Security Operations at Marathon Petroleum
Can you tell us about your career background and your responsibilities at Marathon Petroleum?
I enlisted in the Marine Corps when I was 17 and then became a special agent in the diplomatic security service for the U.S. Department of State where I spent 15 years of my career. I served as Chief of Security to various embassies and consulates worldwide and served on the Secretary of State’s protective detail under both Secretary Rice and Secretary Clinton. After 21 years of government service, I joined the private sector, where I now have the privilege of leading a great team here at Marathon Petroleum. I’m responsible for international security and business continuity for our employees, offices, assets, and operations outside of the United States. This includes everything from vessels picking up crude oil or delivering refined products all over the world to our geographically dispersed offices and employees. My team is responsible for everything outside the United States concerning keeping our people safe.
Did Marathon Petroleum have a travel policy in place when you first arrived at the organization or were you tasked with creating and implementing a policy?
MPC did have a travel policy, but it was created to optimize business value and cut costs, which is common. Rarely do companies have a travel policy that considers travel risk or travel security for employees. That was something that had to change. When I joined the company, the travel policy treated Canada and Mexico as domestic travel, so traveling to these countries required no additional approvals or reviews.
“"From natural disasters and cyber threats to regulations and common crime, travelers face so many risks that can impact safety and business continuity."”Brian Cooke Corporate Security Manager of International Security Operations at Marathon Petroleum
That’s kind of like saying that Vancouver and Calgary are the same as Ciudad Juarez or Sinoloa from a risk standpoint. This was not ideal because some places are high-risk and require more preparation and approvals. Now, we take the time to review where our employees are traveling and what they’re doing. We scrutinize their itineraries a little more based on the risk level of the destination they’re visiting, so we always have their safety in mind.
What are some of the safety challenges or threats you mitigate for your traveling workers?
First, we have common crimes (theft, burglary, vandalism, etc.), which can occur anywhere in the world. Then we have health risks. COVID, for example, is a health risk that can impact travel. But we also consider factors like altitude and air quality. For example, we have an office in Mexico City, where the elevation (almost 8000 ft above sea level) and air pollution can be a health risk to someone with respiratory disease or illness. There’s also violent crime. If we’re talking about Mexico and Latin American places, we’re often dealing with drug cartels. Although business travelers and tourists are often not targets of violent crime, they can certainly be collaterally affected by it. War can be a major threat, and many places we’ve traveled to have been active combat war zones. These are extreme environments, and we discourage travel there, but sometimes business travel can be critical, and we have to go to dangerous places to get the job done. Not every country is friendly towards foreign investment, Westerners, or Americans. Someone might see a U.S. citizen in their country as a representative of America and try to target them for political reasons.
Environmental risks include earthquakes, hurricanes, tsunamis, volcanoes, etc. And we also take into account cybersecurity and IT risks. A traveler could have proprietary information on their laptop or phone that could be compromised. And finally, we’ve got regulatory risks like the FCPA (Foreign Corrupt Practices Act) from the U.S. government. So if your travelers are going out to foreign countries, are they meeting with foreign officials? If they are, are they abiding by these regulatory rules and risks? If your people are not abiding by these regulations like FCPA, that can create a huge regulatory risk for your company. From natural disasters and cyber threats to regulations and common crime, travelers face so many risks that can impact safety and business continuity.
Travel security is a massive topic with so many moving parts. How does your team approach it?
I like to keep travel security simple and break it down into three questions. We look at who is going, where are they going, and what are they doing? Based on those three things, we can determine the risks to an employee and their trip and how to mitigate them. If we have a lower-level or mid-level executive traveling to a conference in the UK, for example, that would be very different from our CEO traveling to Ciudad Juarez for a large event where they’re speaking alongside the governor. We look at those three key factors to make an informed decision as to what a strong security profile should be. This could be anything from an email with a pre-travel advisory that includes the risks to health, safety, and crime to having armored vehicles and bodyguards transport someone everywhere they go. Of course, those are two extremes, but a properly run corporate travel program has an entire spectrum of risk mitigation.
Can you describe the process for setting up safe travel for your employees? What are the steps from an employee gaining approval for a trip through arriving home from the trip?
If you haven’t already, set up the policies and platforms to know that people are traveling. Once you have that, develop an international travel checklist for your employees to fill out that lets you know where they’re going and what they’re doing. That list should go out to all stakeholders, including your corporate security team and health services, to ensure that you have a health travel kit and any medicines or vaccinations you might need to travel. This should also go out to your legal team to ensure employees receive a briefing to mitigate any regulatory risks I mentioned earlier. Include IT to consider any cyber risks and update your phone to include an international program. Our employees appreciate being briefed by my team. Once they understand that we’re there to ensure their safety, they’re grateful that we’re following their travel—whether it’s through their itinerary or an app on their phone. They’re thankful for the information we provide, and it makes them feel protected and like the company cares about them and wants to make sure that they get home safe.
In your mind, what are the fundamentals of travel risk management that you’d recommend to any organization with traveling or dispersed workers?
A properly run travel risk management program resides on three things—people, policies, and platforms. You need experienced people that understand risk and risk management and are passionate about what they do. I know my operations coordinator doesn’t sleep until she knows that an employee traveling to a high-risk location is back home and safe. Having effective travel policies is crucial, and your company should always factor in duty of care. Finally, the right platforms provide awareness. How can you assess and mitigate risk if you don’t know your people are traveling? Using a threat intelligence platform gives you that awareness and peace of mind about where your people are and what events can potentially impact them or their travel.
How can an organization improve its travel policies or travel risk management programs?
Start by building cross-organizational teams and units. If you’re trying to build, manage, and oversee a travel risk management program all within your little corporate security world, you will fail. You need to engage all stakeholders and work cross-organizationally. This includes human resources, legal, supply chain, and all other entities that can add value to your program. When developing a travel risk management program, keep in mind that security done right is a well-tailored suit; it’s not something bought off the rack. You have to look at every traveler’s unique risks and mitigate them accordingly.