Meetings and events remain a necessary way for people and organizations to communicate information, build relationships, and sell to customers. However, there is a degree of risk associated with meetings and events – and, along with the risk, a responsibility to mitigate it. These risks can affect the brand your organization has taken so long to build, the bottom line, and most importantly, people’s lives. This article focuses on strategic risks, defined as risks that occur at the meetings management program level. Tactical risks – such as fires, terrorist attacks, medical emergencies, etc. – occur at the meeting and event level.
A recent study by iJet International found significant gaps in the way most
organizations manage the risks associated with meetings and events. iJet found that the gaps are attributed to:
- A lack of understanding by planners and their organizations of their responsibilities, and
- Unclear ownership of the risks associated with meetings and events.
Acquis identified six primary areas of risk faced by organizations in meetings and events management, as depicted in the graphic below. We explore each of these on the following pages.
1. Duty-of-Care Lapses
Duty-of-care lapses include actions that can put employees’ safety at risk and/or compromise the organization’s brand, financial, and legal security.
In an engagement led by Acquis, consultants identified the following specific areas of risk exposure resulting from insufficient levels of duty of care:
- The safety and security of meeting attendees;
- Exposure of the brand to negative attention;
- Financial exposure through misappropriation of funds;
- Legal exposure resulting from employees caught bribing foreign government officials;
- Lawsuits of survivors, suing due to perceived or actual negligence on an employer’s part.
2. Regulatory Violations
Meetings and events can expose companies to violations of numerous
governmental regulations, which can have significant financial and legal impacts, including:
- The Foreign Corrupt Practices Act;
- Physician Payment Sunshine Act;
- Financial Industry Regulatory Authority / National Association of Securities Dealers Rules;
- EFPIA Disclosure Code;
- General Data Protection Regulation;
- UK Bribery Act;
- UK Corporate Manslaughter & Corporate Homicide Act;
- Numerous other country specific regulations.
Between 2004 and 2018, U.S. pharmaceutical companies paid penalties of $1.68 billion to the Department of Justice (DOJ) over kickbacks, bribery, and violations of the Foreign Corrupt Practices Act. These actions typically consisted of bribing foreign officials to ensure the promotion of their products2. Of the 25 prosecutions resulting in these fines, seven also resulted in Deferred Prosecution Agreements which consisted of increased DOJ scrutiny and oversight of the companies involved. Although the focus of DOJ prosecutions is often pharmaceutical and medical device companies, all companies that interact with government officials from other countries are at risk for violating the Foreign Corrupt Practices Act.
3. Signature Authority Breaches
Companies without comprehensive meetings-management programs often do not have oversight of who within their organizations is contractually committing to hotels and other meeting suppliers. Furthermore, there is little transparency in the spend associated with the signed contracts.
Before Acquis was brought on to assess the meetings program at a global
pharmaceutical client, an employee signed a venue contract for $1.2 million late one Friday afternoon. The following Monday morning, the group VP decided to move the event to another city. The employee called the hotel to cancel and was told the penalties would amount to $700,000.
In theory, signature authority levels go up along with an employee’s level in the organization. Generally, senior staff members are better informed to make decisions regarding the amount of risk a corporation is willing to take. Without the proper guidelines and procedures, breaches like this persist, putting companies at significant financial and legal risk.
4. Fiduciary Responsibility
Employees have fiduciary responsibilities to act loyally for their employer’s benefit, specifically as it relates to meetings and events. Employees have an obligation to ensure that meeting spend is optimized and that all transactions related to meetings are legitimate. These two types of fiduciary responsibilities can be summarized as:
- Ensuring that demand and spend are being managed in a responsible way so as to reduce costs and prevent waste, and
- Ensuring that organizations have adequate processes and controls in place to prevent fraud and embezzlement.
With respect to demand and spend management, many organizations are missing significant cost savings of 15%-25% by not having professionals sourcing their events. Numerous demand and savings management strategies exist, which when implemented as part of a comprehensive meetings-management program, can result in dramatic cost reductions.
Because of the large sums involved, meetings are also a prime target for abuse. Auditors in many companies have identified patterns of misappropriation of funds, such as the redirection of funds by meeting owners to family members, fraudulent use of meeting cards, acceptance of hotel rewards by meeting planners, and onsite and noncompliant upgrades by meeting attendees. These abuses are rife without proper processes, controls, and occasional internal audits.
5. Cancellation and Attrition Penalties
On average, 25% of all meetings are cancelled or rescheduled. Companies leave themselves exposed to cancellation fees that can equate to between 25% and 80% of the total cost of the event if they don’t have professional meeting planners sourcing the venues and negotiating effective contractual terms.
6. Intellectual Property and Data Theft
Cyber security professionals are warning meeting planners and attendees about threats like having personal information and organizational intellectual property data stolen and the possible exposure of trade secrets. Cyber criminals use portable equipment to intercept Bluetooth, cellular, and web-based communications, to target a variety of types of data including intellectual property and personal information.
Addressing the risks associated with meetings and events requires a number of initiatives by a variety of experts in each area. The following are high-level descriptions of strategies that companies should consider to confirm the risk profile of their meetings-management program, and mitigate their risks:
- Duty-of-Care Lapses: Review your organization’s meetings policy for duty-of-care items, and if you have one, review your meeting’s duty-of-care program across the following dimensions: safety/security/health, brand exposure, financial, and legal risks.
- Regulatory Violations: Review existing compliance procedures to the regulations that apply to your industry, and conduct an audit of the highest profile events to see if you are in compliance with regulations.
- Signature Authority Breaches: Review existing signature authority guidelines and processes as relates to your meetings program, and conduct an audit of signed contracts to see if people with inappropriate signature authorities are signing agreements.
- Fiduciary Responsibility: Review the list of savings types and definitions used by those sourcing your events, and review how the savings definitions have been operationalized.
- Cancellation and Attrition Penalties: Review your company’s current hotel contract addendum for cancellation and attrition language, and conduct an audit of cancelled events to size the problem.
- Intellectual Property and Data Theft: Develop and implement an anti-cyber theft program onsite at your meetings and events.
Failure to Mitigate Risks
If the steps above are not taken, companies face considerable exposure and
consequences. A heat map is a useful tool to illustrate the dangers these risks pose, and is based on a Likelihood and potential Impact methodology. For each risk area there is a Likelihood the risk will occur, and an associated likely Impact. The scoring methodology is shown in Table 1.
Once the areas of risk are evaluated they can be documented as shown in the following illustrative table (Table 2), and their scores plotted on the heat map as seen above.
Companies face a myriad of risks associated with meetings and events. These risks can affect a company’s bottom line as well as its intellectual property, and the safety and security of event attendees. Acquis Consulting Group is able to address the evaluation of each risk type, as well as develop and implement risk-mitigation strategies to prevent the likely impacts in each area.