Following a series of terror attacks in public spaces, including those at Manchester Arena and London Bridge, the government plans to introduce new legislation, the Protect Duty, to improve safety and security at public venues. The legislation, according to the Home Office, could affect approximately 650,000 UK businesses operating across multiple sectors. Although there is no timetable for the introduction of the Protect Duty, it is expected to become law by 2023.
Also known as Martyn’s Law in memory of Martyn Hett, a victim of the Manchester Arena attack, the legislation will introduce a statutory duty for the owners and operators of publicly accessible locations (PALs), likely to include parks and squares, to take appropriate and proportionate measures to protect the public from terrorist attack.
A public consultation on the Protect Duty ran from 26 February 2021 to 2 July 2021. In January 2022, the government published its response to the public consultation. Overall, the majority of the 2,755 responses are supportive of the government’s objectives.
“Martyn’s Law isn’t going to stop terrorism. Nothing can do that. But I do hope that if the government legislate for Martyn’s Law then it will mean simple common sense security will make it much harder to inflict mass casualties and fewer people will have to suffer what I and the parents of the 21 other bereaved families of Manchester have had to endure.”
Figen Murray, mother of Martyn Hett, a victim of the Manchester Arena Attack
The government’s response to the consultation stops short of setting out draft legislation; it presents a summary of findings that begin to establish a direction of travel for the legislation. As Scott Bolton, director at Aon Commercial Risk Solutions explains, real estate owners and managers should start to prepare for the new requirements now.
Which spaces are in scope?
At the time of writing, while this is yet to be confirmed, the three primary areas the Protect Duty will potentially apply to are:
- Public venues (e.g., entertainment and sports venues, tourist attractions, shopping centres with a capacity of 100 persons or more)
- Large organisations (e.g., retail or entertainment chains employing 250 staff or more that operate at publicly accessible locations)
- Public spaces (e.g., public parks, beaches, thoroughfares, bridges, town/city squares and pedestrianised areas). This includes event organisers using these spaces.
Local authority role
The findings of the public consultation indicated that there is an expectation local authorities will have a significant part to play in the Protect Duty, in addition to being subject to the legislation as owner/operators of Publicly Accessible Locations (PAL).
This could see local authorities become responsible for bringing together those operating public spaces to establish security partnerships, facilitate the sharing of best practice and drive compliance. Potentially, this could include ensuring that operators engage with appropriate training, risk management information and, where appropriate, invest in physical security.
Taking a coordinated, top-down approach makes sense. Doing so helps to ensure consistency between organisations and across public spaces and, through the sharing of best practice, prevents duplication and mistakes.
There are instances where responsibility for managing public safety may be far from clear-cut. For instance, an operator running a concert at an event space or a football match. These concentrate large numbers of people within a venue, but they also lead to large groups of people gathering as they approach and depart from a venue. Determining which organisations are responsible for the security of these people throughout, and ensuring any plans are coordinated, is essential.
Insurance is an important part of an organisation’s management of the risk associated with a terror attack. While the traditional focus for terrorism insurance is property damage and business interruption, in the case of the Protect Duty, the broader impact will fall upon the Casualty programme (e.g., public liability & employers’ liability) of the space affected or the entities involved in attracting the crowds to the location.
There are limited examples of insurers attempting to restrict terrorism on public liability programmes for some occupancies and larger venues may have already seen more insurer scrutiny over their approaches to risk management. As the scope of legislation around the Protect Duty becomes clear, this may lead to more emphatic action by insurers.
Review risk management plans now
Owners and/or operators of large venues should undertake regular risk assessments and have emergency response plans in place. While draft legislation for the Protect Duty has yet to be shared, it is prudent to review existing plans in anticipation, to ensure they are fit for purpose.
Organisations must ensure they understand the scope of the risk and the appropriate preparation and response management necessary to protect the public in the event of a terror attack. Requirements vary between venues and may include activity beyond the assessment of terrorism related risk:
- Training for staff to enable them to recognise and respond to a potential threat.
- First aid resources.
- Shelter in place and evacuation plans.
- Physical & procedural security to limit the freedom of movement of an attacker.
- Technology solutions that support the identification of potential threat, limit the opportunity for an attack and coordinate a response in the event of an attack.
When undertaking this exercise, it can be helpful to consider that in the context of liability an organisation can be found to have failed either by failing to recognise the potential for and prepare for an attack. Alternatively, by responding inappropriately, where the response fails to contain the situation or makes it worse. It’s important to note that between the start of an attack and the police arriving on site to neutralise the attacker, the response can only come from the owner or operator of a site. Therefore, ensuring adequate training and investment to deliver an appropriate response is essential.
“Understanding what the threat is, bespoke to the location, is critical in ensuring an effective and proportionate risk mitigation strategy which is proactive in either deterring an attack or minimising the effects of one. Recognising how an attack might manifest itself will shape what measures are appropriate. Some of the most effective deterrents are often the simplest and can mitigate against a multitude of other threats such as theft or violence at work, and not just terrorism.
A detailed mitigation plan that is regularly reviewed as the situation changes or threat evolves, combined with well-trained staff are, by far, the most effective measures that a business can undertake.”
Chris Medhhurst-Cocksworth, Head of Risk Consulting, Pool Re Solutions
Assessing the effectiveness of risk management
Demonstrating your organisation is taking appropriate steps to manage the risk of terror attacks and protect the public will become increasingly important when securing insurance cover, especially for the most exposed occupancies.
Assessing the likely effectiveness of a terrorism risk management policy can be challenging without ready access to terrorism risk specialists. Where external expertise is required Pool Re’s Vulnerability Self Assessment Tool (VSAT) benchmarks an organisation’s current terrorism risk management against best practice advice given by the UK police and security agencies.
A bespoke report, generated on completion of the free to use assessment will provide a “Red-Amber-Green” rating identifying those areas where improvements may be required. The report, supported by a free 1-hour virtual workshop to review the results, provides an understanding of how well an organisation is managing the threat of terrorism, supporting more informed decisions regarding security, emergency and business continuity plans considering changing terrorism threats.
Undertaking the assessment will also provide Board assurance as it demonstrates good governance and oversight. The assessment can be accessed multiple times and can be used to track risk improvement strategies as well.
The VSAT tool is only one of a number of options to benchmark current security delivery – currently it is not clear how the Government will require individual companies to demonstrate “compliance” with the new Protect Duty legislation.
One current benefit is that VSAT is free of charge to use, and for those organisations that can demonstrate the right level of security risk management, they may be eligible for up to 7.5% discount on their Pool Re Terrorism Insurance Premium.
For further information VSAT, please follow this link: https://www.poolre.co.uk/vsat-vulnerability-self-assessment-tool/
Taking steps now to be able to articulate the quality of your terrorism risk management – from risk assessment through to security investment and training and response implementation – will build resilience into your organisation in preparation for when the legislation does come into force.
At Aon, we can support your organisation’s work around terrorism risk. With many years’ experience and expertise in both terrorism mitigation and insurance, we can provide advice on terrorism risk governance, illustrating the strength of an existing risk management programme to insurers, and securing best fit Casualty and stand-alone terrorism liability programmes.
The Aon Real Estate team specialises in advising on and placing property, legal indemnity, and rights of light insurance for real estate investors. Acting for 25% of the world’s largest investors, our team of sixty insurance and risk experts provide development to disposal insurance solutions for all asset classes from residential through to logistics. Using our understanding of real estate investors’ needs we work in partnership with our colleagues specialising in Directors and Officers, Construction, Mergers and Acquisitions, Surety and Health and Benefits to aim to minimise risk and deliver solutions that empower success. For advice on any aspect of your insurance programme, please contact Emma Vigus at email@example.com or firstname.lastname@example.org