by Andrew Koch

On the 16th of January 2013, employees from the In Amenas gas facility piled into a bus on their way to the local town. They never got there. A few short minutes into their drive, terrorists came out of the desert and began firing on the bus; terrorists who, through the capture of the facility and its personnel, would create one of the worst terrorist attacks on an oil and gas facility in the history of the industry. In the end, the attack on the facility resulted in hundreds of Algerian and foreign workers enduring four days of capture and the deaths of thirty-seven foreign nationals from eight countries.

While oil and gas facilities had been targeted in the past, there had never been a crisis on this scale: hundreds of hostages were taken and the facility itself was captured. Because of the size of the event and the actors involved—major multinational oil and gas firms BP and Statoil, as well as the local Algerian giant Sonatrach—analyzing the attack can provide us with a broad understanding of the interactions between governments and corporations during isolated corporate security crises. This is also an opportunity to identify potential best practices for firms as they interact with governments before, during, and after isolated corporate security crisis situations. This is vitally important because corporations, which have long been targets during times of war, will likely be increasingly targeted as global terrorism continues to fragment and grow.

In the only publically available, comprehensive report on the event, the Statoil investigators identified several recommendations that should be adopted by Statoil in any of its future risky operations. By expanding on these suggestions and drawing on the specifics of the In Amenas crisis, we can define three primary best practices for companies operating in risky environments.

First, integration between the host country government and the company operating within the country needs to be stronger. During the In Amenas crisis there was no way for either BP or Statoil to connect directly with the government. Instead the two companies were forced to go through their home country government or Sonatrach for information. This caused both companies to act on hearsay intelligence from employees trapped in the compound and also restricted the companies’ abilityto pass meaningful information onto the Algerian government as it planned its military operations. In order to avoid this problematic situation in the future, any company with major operations in a risky country should set as a precondition of investment that there will be one primary point person or office located in the government’s ministry of foreign affairs or military to ensure direct communication between the corporation and the government in the event of a crisis.

Second, corporations need to continue strengthening their relationships with their home countries, both at home and through the home country embassy in the host country. During the In Amenas crisis we saw the importance of this connection. BP and Statoil had strong relationships with their home country governments both in Norway and the United Kingdom and at their respective embassies in Algiers. These relationships allowed them greater access to information and indirect access to the host country government. Relationships between corporations and home country governments are critical because they allow the home governments to not only provide risk reports to their companies, but also, to leverage their connections to other parts of the host government. Some countries have been forward-leaning on this issue. For example, the U.S. State Department set up the Overseas Security Advisory Council (OSAC), which was designed to help promote security cooperation between American corporations and the State Department worldwide. While this is a good start, companies around the world should push for increased connections.

Finally, companies need to make a concerted effort to effectively conduct a political and security risk assessment before entering into a risky environment and to continue to perform these assessments frequently. While more companies are realizing the importance of these assessments, many still rely on the host government to provide security and risk reporting. The In Amenas crisis provides a perfect example of overreliance on host country security risk reporting. Statoil and BP were both relying on the information being fed to them by the Algerian military, which provided no indication that there was any threat against the facility. While many times the host government is in the best position to provide this information, independent research and analysis will help a company avoid strategic surprise. Companies can either bring these assessment capabilities in-house—often a more expensive and less efficient option—or hire one of the many political and security risk firms that are now populating the market. Understanding the security environment throughout the life of a corporate program is key to preventing attacks.

Over the last few months the world has seen bold and shocking lone wolf attacks on civilian targets around the globe. While these attacks have created fear in many Western capitals, we must not forget the threats that still remain from coordinated terror attacks such as In Amenas. All corporations operating in risky environments should consider implementing the above best practices to help ensure that they are not caught off guard when the next attack comes.

About the Author