With the majority of respondents to the consultation supportive of tougher security measures, Protect Duty legislation is expected by 2023. Scott Bolton, director at Aon Commercial Risk Solutions, and Andrew Millard, public sector practice leader for the North at Aon, explain how organisations can start their preparations now.
Following a series of terror attacks in public spaces, including those at Manchester Arena and London Bridge, the government is committed to introducing new legislation, the Protect Duty, to improve safety and security at public venues. The legislation, which is also known as Martyn’s Law, will introduce a statutory duty for the owners and operators of publicly accessible locations (PALs) to take appropriate and proportionate measures to protect the public from terrorist attack.
Protect Duty consultation
The government’s response to the Protect Duty public consultation gives a good indication of the shape legislation is likely to take. Overall, the majority of the 2,755 responses are supportive of the government’s objectives, with seven out of 10 agreeing that those responsible for PALs should take appropriate and proportionate measures to protect the public from attacks, including preparing staff to respond in the event of a terrorist attack.
The response also gives an indication of how the new requirements would be overseen. Just over 50 percent of respondents are in favour of an inspectorate to support improvements in security culture and practices within organisations. The same proportion also support the use of civil penalties to ensure compliance.
Public sector role
Public sector organisations are likely to have a significant part to play in the Protect Duty, in addition to being subject to the legislation as owner/operators of PALs. Local authorities were the number one choice in the consultation, receiving three times as many nominations as the next most popular choice, the emergency services.
This could see local authorities responsible for bringing together those operating public spaces to establish security partnerships, facilitate the sharing of best practice and drive compliance. Potentially, this could include ensuring that operators engage with appropriate training, risk management information and, where appropriate, invest in physical security.
Taking a coordinated, top-down approach makes sense, helping to ensure consistency and prevent duplication and mistakes. It’s also beneficial as responsibility for public safety is not always clearcut.
As an example, take an operator running a football match or a concert at an event space. Within the venue, responsibility lies with the operator, but what about when large groups gather together as they approach and leave the event? Determining which organisations are responsible for the security of these people throughout, and ensuring any plans are coordinated, is essential.
Organisations must ensure they understand the scope of the risk and the appropriate preparation and response management necessary to protect the public in the event of a terror attack. Requirements vary between venues and may include training for staff to enable them to recognise and respond to a potential threat; first aid resources; shelter in place and evacuation plans; physical security to limit the freedom of movement of an attacker; or technology solutions that support the identification of potential threat, limit the opportunity for an attack and coordinate a response in the event of an attack.
When undertaking this exercise, it can be helpful to consider that an organisation can be found to have failed either by failing to recognise the potential for and prepare for an attack, or by responding inappropriately, where the response fails to contain the situation or makes it worse. It’s important to note that between the start of an attack and the police arriving on site to neutralise the attacker, the response can only come from the owner-operator of a site. Therefore, ensuring adequate training and investment to deliver an appropriate response is essential.
Local authorities will already have undertaken risk assessments and drawn up critical incident response plans for terror attacks. It’s prudent to review these and ensure they are fit for purpose ahead of draft Protect Duty legislation.
Insurance is an important part of an organisation’s management of the risk associated with a terror attack. While the traditional focus for terrorism insurance is property damage and business interruption, in the case of the Protect Duty, the broader impact will fall upon the casualty programme of those affected; the markets’ interpretation of the potential for liability, post-attack.
Demonstrating your organisation is taking appropriate steps to manage the risk of terror attacks and protect the public will become increasingly important when securing cover, especially for the most exposed occupancies.
There are limited examples of insurers attempting to restrict terrorism on public liability programmes for some occupancies, and larger venues may have already seen more insurer scrutiny over their approaches to risk management. As the scope of legislation around the Protect Duty becomes clear, this may lead to more emphatic action by markets.
Taking steps now to be able to articulate the quality of your terrorism risk management – from risk assessment through to security investment and training and response implementation – will build resilience into your organisation in preparation for when the Protect Duty legislation does come into force.
Aon has many years’ experience and expertise of supporting organisations’ work around terrorism risk, We can provide advice on terrorism risk governance; illustrating the strength of an existing risk management programme to insurers; and securing best fit casualty and stand-alone terrorism liability programmes.
Speak to your account manager or contact Scott Bolton at [email protected] or Andrew Millard at [email protected] for more information.