Martyn’s Law: The Protect Duty and the impact on your organisation

On 22 May 2017 an Islamist extremist suicide bomber, Salman Abedi, detonated a homemade shrapnel bomb as people were leaving an Ariana Grande concert at Manchester Arena. 22 people were killed and over 1,000 were injured during this attack.

One of the young people killed in the attack was Martyn Hett. Around a year after the bombing, his mother, Figen Murray, attended a concert in Manchester and was shocked by the lack of security at the venue. Figen did not have to show her ticket and there was no bag search.

Figen started lobbying for a change in legislation to improve security measures at such venues. The campaign became known as ‘Martyn’s Law’ and received backing from all the main parties. As a result, a new piece of legislation is expected to be passed called ‘The Protect Duty’.

Purpose of The Protect Duty

This legislation will impose a duty on the public and private sector to assess and take steps to mitigate the risk of terror attacks. Its aim is to protect the public from the risk of further attacks and is a significant change to the UK risk landscape.

Requirements under the Act

The Act will apply to the following:

• Any venue with a capacity exceeding 100 people.
• Any company which employs more than 250 people (even if not working from the same site).
• Outdoor and public spaces where people may congregate, such as parks and beaches.

There are expected to be some exemptions under the Act, although to what extent is not yet clear. Local Authorities are expected to have a key role in working with organisations to bring together resource.

The Act will impose the following duties:

1. The risk of a terrorist attack occurring must be assessed.
2. Measures must be implemented to reduce the risk of a terrorist attack, ‘as far as reasonably practicable’.
3. Robust plans must be in place to respond to a terror attack.

How organisations can meet this duty

The expectation under the Act is that larger organisations will be required to demonstrate higher levels of compliance than smaller ones, and quicker. There has been extensive consultation about this Act and there is unlikely to be a long lead-in time allowed for certain organisations.

It is not yet clear how adherence to this Act will be policed and monitored, but Local Authority Licensing Bodies may be required to make checks and businesses will have to prove adherence to continue trading.

What is clear however, is that organisations need to start planning now to make sure that they will be able to adhere to the new legislation. The government have made it clear they will not be providing funding for this and they should be able to deliver this at no additional cost.

This will need prioritising at board level and consideration should be given to:

• The number and types of locations the organisation has responsibility for. Exposure to adjacent properties should also be considered. Vulnerabilities need to be assessed and risks mitigated.
• Can existing resources be used more efficiently?
• Considering the use of third party resources, such as police, CTSAs (Counter Terrorism Security Advisers) and SAGs (Safety Advice Groups).
• The responsibility to monitor government advice, terror alerts, threat levels and be in a position to respond to changes.
• Looking at what training needs to be provided to staff and ensuring it is provided by a competent individual.
• The need for Risk Management plans and processes to be adapted to include adherence to the Act.

Insurance Considerations

The Duty to Protect will allow a direct cause of action for compensation through breach of statutory duty. There is an expectation under the Act that organisations will do the most they can, not the least and they will be expected to prove this.

There needs be specific responsibility at board level for adherence to this legislation and failings could lead to claims being pursued against individuals. This is likely to have an impact on Directors’ and Officers’ Liability insurance.

Currently Employers’ and Public Liability policies have terrorism cover included to a reduced limit, but consideration should be given to whether this is sufficient in the event of a terror incident. Employers’ Liability cover is limited to £5 million and Public Liability policies frequently restrict this to £2 or £5 million any one claim.

Insurers and reinsurers are likely to be concerned by the aggregation of this limit depending on proximity to others and there will be greater consideration given to this. Multiple parties could face allegations of negligence and failure to comply with statutory duty.

Greater underwriting consideration as to what the insured is doing to meet their duties under the Act will follow and could consider: Accumulation of people; adjacent exposures; venue accessibility; security measures in place; and interaction with third parties.

It is expected that insurers will start to focus their underwriting approach on this matter during 2022 – 2023 as this Act’s start date becomes clearer.