Executive Protection · General Counsel & Legal Teams

Duty of Care Is a Legal Standard. Your EP Program Should Be Too.

General counsels and CLOs are increasingly the executives on the hook when a board, an insurer, or a regulator asks how mobile executives are protected. Wilson Global Protection Group works directly with legal teams to build documented, defensible executive protection programs — not just coverage, but a paper trail that holds up to scrutiny.

Liability

The GC’s Liability Exposure

When a senior executive is harmed during business travel — a carjacking in São Paulo, a violent confrontation in Lagos, an assault outside a conference hotel in Mumbai — the organization’s first legal problem is often not the incident itself. It is the documentation review that follows. Did the company assess the risk before sending the executive into that environment? Was there a written protocol? Was a vetted security provider engaged? Was the executive briefed on threat conditions?

If the answer to those questions is “no, we relied on the executive’s own judgment” or “we had a travel alert system but no formal EP program,” the organization is in a difficult position — in litigation, in front of an insurer, or in front of a board asking why this happened and what the company was doing about it beforehand.

General counsels and CLOs are not always the ones who commission executive protection programs. But they are frequently the ones who own the exposure when the program turns out to be insufficient or nonexistent. That asymmetry — owning the liability without owning the decision — is precisely why more legal leadership teams are getting ahead of this issue before an incident forces the question.

Regulatory Context

The Frameworks That Define the Standard

Duty of care in executive security is not a soft concept. It is increasingly codified in frameworks that courts, regulators, and insurers reference directly. Legal teams managing duty-of-care obligations for mobile executives should be familiar with three in particular.

UK Corporate Manslaughter Act

Applies where UK-incorporated entities or those with significant UK operations are involved. The Act creates criminal liability for organizations — not just individuals — when gross negligence in the management of health and safety causes a death. Business travel into elevated-risk environments sits squarely within scope.

ISO 31030: Travel Risk Management

The international standard for organizational travel risk management. ISO 31030 defines how organizations should identify, assess, and treat travel risk — including the selection of vetted security providers, pre-travel briefing protocols, and incident response frameworks. Insurers and enterprise procurement processes increasingly expect documented compliance.

US OSHA General Duty Clause

Section 5(a)(1) of the Occupational Safety and Health Act requires employers to provide a workplace free from recognized hazards. Regulators and courts have extended this to foreseeable risks in business travel environments, particularly in jurisdictions with elevated threat levels. Sending an executive into a known high-risk environment without documented risk mitigation is an exposure most GCs prefer not to defend.

Program Standards

What a Defensible EP Program Looks Like

A defensible executive protection program is not defined by the headcount of the detail or the vehicles deployed. It is defined by the documentation and process that demonstrate the organization took the threat seriously, retained qualified people, and followed a rational protocol. Four elements matter most in a legal context.

  • Written threat assessment: Before any principal travels to an elevated-risk environment or faces an elevated threat condition, a qualified provider conducts and documents a formal threat assessment. This document identifies specific risk factors, rates their likelihood and severity, and informs the protection posture. Without it, there is no documented basis for the decisions that followed.

  • Written protocols and procedures: The protection program operates according to documented procedures: check-in protocols, route security guidelines, escalation chains, and incident response steps. Documentation is what turns an informal arrangement into a defensible program — and it is what survives the post-incident review.

  • Vetted, credentialed provider: The organization retained a provider with documented credentials, verified operational history, and a formal scope of engagement. Provider selection is itself a due-diligence decision — the vetting process and the basis for selection should be on record.

  • Incident documentation: When incidents occur — from minor anomalies to serious events — they are logged, documented, and reviewed. This creates a continuous record of program performance and demonstrates the organization's ongoing attention to the risk environment.

Our Process

How We Structure Engagements for Legal Teams

When a general counsel or CLO commissions an engagement with Wilson Global Protection Group, the process is structured specifically for the documentation and oversight needs of a legal function — not just operational security delivery.

Step 01

Confidential Scoping Call

Kenneth Wilson leads a direct, confidential conversation with the GC or their designee. We review the principal's travel profile, threat environment, existing security measures, and any active factors — litigation, activist attention, pending M&A — that elevate the baseline risk. No intermediaries, no questionnaires.

Step 02

Written Threat Assessment Report

We deliver a formal security risk assessment that documents threat factors, rates risk severity, and establishes the factual foundation for the protection program. This document is designed to survive legal scrutiny — it is exactly the kind of deliverable that demonstrates the organization took the threat seriously before an incident occurred.

Step 03

Duty-of-Care Deliverable

We produce a written protocol document that can be presented to the board, to insurers, or in the event of regulatory inquiry. This is not a marketing summary — it is an operational document defining the program scope, provider credentials, engagement terms, and escalation procedures.

Step 04

Ongoing Operational Coverage

Protection engagements for business travel, domestic close protection, and crisis management response are delivered with the same documentation discipline — incident logs, route reports, and post-engagement summaries that feed the duty-of-care record.

Common Scenarios

The Situations That Bring GCs to Us

Duty-of-care questions rarely arise in the abstract. They arise because something has happened — or is about to happen — that puts an executive at measurably elevated risk. These are the scenarios we encounter most often in legal team conversations.

Executive travel to emerging markets

A CFO or business development leader is traveling to a portfolio company in West Africa, a deal counterparty in Central Asia, or a plant site in Latin America. The organization has no EP program, no intelligence briefing, and no protocol for what happens if the executive cannot be reached. This is the most common scenario that produces a GC-initiated engagement — and it is the clearest case for a pre-travel threat assessment and formal security protocol before the plane takes off.

Activist campaigns targeting C-suite executives

Organized activist campaigns — from investors, labor groups, or issue advocates — increasingly target named executives at the individual level. Doxxing, home demonstrations, and in-person confrontations at public events are documented patterns in high-profile campaigns. When this threat profile surfaces, general counsel often needs to act quickly: document the threat, retain qualified security, and establish a response framework before the situation escalates. Our detailed coverage of activist campaign EP considerations walks through the operational and legal dimensions of this scenario in detail.

High-profile M&A transactions

During significant M&A processes — hostile deals, contested bids, or transactions with major workforce implications — the executives leading the transaction become targets of elevated scrutiny and, in some cases, elevated physical risk. Leaked deal details create adversarial attention; workforce anxiety creates grievance dynamics; competing bidder situations can involve motivated actors with strong financial interests. A scoped protection program during the transaction window is both operationally appropriate and documentable as a duty-of-care measure.

Next Step

Schedule a Confidential Scoping Call.

The first step is a Confidential Scoping Consultation — a $500, time-limited engagement in which Kenneth Wilson personally reviews your organization’s situation, identifies the relevant duty-of-care exposure, and outlines a recommended program structure. The deliverable is a written assessment you can present to the board, your insurer, or legal team. No obligation to proceed beyond it.

Schedule a Confidential Scoping Call →

Kenneth Wilson · CPO · PPS · EPS · New York