Recent Trends in Hotel Violence, Insurance, and Legal Liabilities

“A hotel has a duty to adopt reasonable security measures to protect guests from foreseeable harm. Foreseeability can be established from past circumstances that are likely to be repeated.”

Judge Karen Morris, “Hotel security requires vigilant attention,” Hotel Management, 19 August 2019.

In this brief, Jeff M. Moore, PhD, will discuss recent trends in hotel violence from terrorism, physical and sexual assaults, and human trafficking, and the corresponding legal and financial and/or insurance impacts.

There were two spectacular terrorist attacks against hotels in the first half of 2019. One happened in Kenya, and the other in Sri Lanka. Both incorporated terrible casualties, plausible negligence, sizable insurance claims, and high financial damages.

The dusitD2 Nairobi Attack
On 15 January 2019, a squad of five gunmen from the al Shabaab terror group raided the 5-star dusitD2 hotel and associated business complex in Nairobi, Kenya. The attack killed 21 and wounded 28. The hotel stayed closed for 197 days and reopened after considerable reconstruction, remodeling, and rebranding.

dusitD2 Attack Legal Issues
While no legal actions have been reported in the press regarding this attack, there are plausible negligence issues here that can serve as warnings to other hotels. Specifically, while the exact time and place of this attack were not foreseeable (based on current reporting), the totality of circumstances under which it occurred – the target selection, the tactics applied, and the group that did it – were all certainly foreseeable. Three compelling data points demonstrate this point:

  1. Al Shabaab had been conducting operations in northern Kenya for years, a de facto low intensity conflict zone (LIC), and occasional attacks in urban areas, including Nairobi, had also occurred.
  2. Targeting for these attacks included a shopping mall, multiple hotels and hostels, a university (where a massacre happened), buses full of civilians, villages, and various government targets.
  3. Al Shabaab had active networks in Kenya, and this was known to the public by way of well publicized terror attacks over a span of more than five years.

Accordingly, as long as this type of violent activity was (and still is) ongoing – which constitutes totality of circumstances – no responsible business in Kenya, especially such a posh, high profile compound like the Dusit, should have had low or medium threat security. It was reasonable to apply higher grade security in this environment. The fact that the hotel and business complex increased security in the aftermath of this attack proves that security could have been better beforehand. This type of inattention opens hotels up to negligence lawsuits.

dusitD2 Attack Insurance and/or Financial Issues
Kenya-based GA Insurance was the Dusit hotel and business compound insurer. Damage estimates for both was 400 million Kenyan Shillings ($3,886,020.00 USD). Since the hotel sustained serious damages and underwent significant renovations as part of a brand facelift, it is reasonable to assume the hotel required at least $1.8 million of these funds.

As an aside, this payout, along with other property damage claims GA is covering elsewhere in the region, takes GA’s property insurance payouts to nearly Sh1 billion [$9,715,050.00 USD].1 This is a heavy burden for GA.

The dusitD2’s RevPAR losses for 197 days closure might reach $2,319,212.50. Total costs for the dusitD2, then, could conservatively be $4,119,212.50. Losses from brand damage and low RevPAR due to tourists avoiding Kenya over its terrorism risk could easily add another $2 million to this figure. Additionally, if the dusitD2 had spent a fraction of this loss amount on security before the attack, and if GA Insurance had used actuarial intelligence data on regional terrorism and hotel attacks to calibrate underwriting and policy writing, the financial damages sustained by both parties might have been much lower, or they might not have occurred at all.

The Sri Lanka Hotel Attacks (Plus 3 Churches)
On 21 April 2019, Easter Sunday, an ISIS terror cell in Sri Lanka exploded at least 11 bombs, mostly in Colombo, against law enforcement targets, three churches, and four hotels. Casualties for all attacks combined were 258 killed and 500 wounded. It was one of ISIS’ highest casualty-causing operations outside of its Syria-Iraq home base area.
The hotel targets were:

• The Cinnamon Grand Colombo
• The Shangri-La
• The Kingsbury Colombo-Sri Lanka
• The Tropical Inn Guest House

At each hotel, except for the Tropical Inn, ISIS suicide bombers targeted the Easter brunch buffet lines with the intention of causing mass human casualties. The restaurants at each property suffered incredible physical damage, and the Shangri-La was closed for 52 days. The small Tropical Inn Guest House was practically leveled, said press reports.

Sri Lanka Hotel Attack Legal Issues
As far as legal actions are concerned, as of September 2019, Sri Lanka’s Supreme Court was considering, “12 fundamental rights petitions filed against former Defense Secretary Hemasiri Fernando and IGP [Inspector General of Police] Pujith Jayasundera over their failure to prevent the terrorist attacks,” this according to the Colombo Page online newspaper.2 But was there possible negligence on behalf of the hotels as well? Yes. In particular, there were scores of local threat warnings and indicators in Sri Lanka’s press that clearly demonstrated profuse Islamist jihadist activities and direct threats by ISIS, all of which impacted the civilian population. These included:

  1. Long running Islamist jihadist attacks on moderate Muslims.
  2. Multiple audacious Islamist jihadist attacks on Buddhist communities and shrines.
  3. The discovery of an active ISIS training camp that housed 200 pounds of TATP high explosives.

These open source data points exhibited a distinct pattern of attack activity by Islamists jihadists that has occurred in scores of other terror-stricken nations around the world such as Kenya, Nigeria, Somalia, Thailand, France, the Philippines, and Egypt. Accordingly, a clear and present danger to the public was demonstrated, and, more specifically, a clear and present danger to hotels was demonstrated as well. This latter point is valid because Islamist jihadist have spent nearly two decades attacking hotels all over the world. Their hotel attack tally since September 11th, 2001, is well over 200. These have included high, medium, low, and even no casualty events. Hotels are part of the Islamist jihadist standard targeting regimen. It is therefore logical to presume that hotels in locales with ongoing Islamist jihadist activities would adhere to their duty of care, monitor threat issues, and take practical steps to provide a reasonably safe environment for their guests and staffs. The threat in Sri Lanka constituted totality of circumstances, and a compelling case of negligence can be made.

Sri Lanka Hotel Attack Insurance and/or Financial Issues
Best’s Review said of the Dusit attack, “Major insured losses from the bombings are estimated to come from hotels. Total insured losses caused by this event are anticipated to be less than 1 billion Sri Lankan rupees (US $5.8 million).”3 It is reasonable to figure that each of the three upscale hotels might have received just over $1 million for restaurant repairs and remodeling. The Shangri La might have received approximately $2 million because two suicide bombers detonated there, and damages were substantial.

The Shangri-La is insured by Sri Lanka-based Ceylinco General Insurance along with Chubb. They paid the Shangri-La $1 million within days of the attack so it could begin recovery as soon as possible.

Sri Lanka’s state insurance company, the National Insurance Trust Fund Board (NITF), provided coverage for the Cinnamon Grand and Kingsbury hotels. Specifically, this was SRCC&T coverage, or “strikes, riots, civil commotion, and terrorism.” Each hotel had a policy that was capped at Rs. 250 million (USD $3,579,125.00), where the deductible was 10%. NITF Chairman Manjula de Silva said, “This means the client has to bear the balance cost of Rs. 25 million once the 10% is deducted.” De Silva did not think damages at these two hotels would be more than Rs. 500 million (US $7,158,250.00), meaning that each property might have sustained damages reaching the capped amount.4

Aside from the high costs of physical damages, because the Shangri La hotel was closed for just over seven weeks for repairs, its RevPAR losses were not paltry. With 541 rooms at approximately $170 a night, RevPAR losses might total $4,690,470. Food and beverage losses would add to this figure. Looking forward, RevPAR losses for all three hotels will most likely rise $ millions more as Sri Lanka’s tourist arrivals as of summer 2019 were down as much as 70%, and overall tourist losses were estimated to be over $1 billion.5
As with the dusitD2 and GA Insurance, if these upscale Sri Lankan hotels and their insurers had processed more advanced risk data on threat warnings and indicators, they might have blunted or prevented these attacks, and the corresponding negative human and financial fallout could have been less, or maybe even non-existent.

Hotel Physical and Sexual Assaults
Physical and sexual assaults at hotels around the world are not uncommon. Aside from the heinous nature of these crimes, they can trigger damaging lawsuits. Nowhere has this been more recently apparent than in the Caribbean.

The State Department’s Overseas Security Advisory Council (OSAC) revealed disturbing trends regarding rapes and sexual assaults in late 2018 via its Jamaica 2018 Crime and Safety Report.6 It said 12 US citizens visiting Jamaica were raped or sexually assaulted in 2017 alone. Half of these were done by hotel/resort employees. The Chicago Tribune cited other State Department Statistics that said from 2011-17, 78 US citizens were raped in Jamaica. Statistically, that is nearly one a month for a six-year timeframe, or 13 a year.7 This is an astounding and compelling figure.

In one recent case from September 2018, two women were raped at gunpoint by an employee of the Hotel Riu Reggae in Montego. One of the victims, however, managed to secure the rapist’s gun and open fire, striking him in the arm. He fled, but the police tracked him down and arrested him shortly thereafter. It was then discovered he had a criminal record and was wanted by the police for sexual assault. The hotel claimed no culpability and said it followed thorough employee vetting and background check processes. Clearly, however, their process failed.8 As an aside, the Riu also owned the Imperial Marhaba hotel in Sousse, Tunisia, which was attacked by an ISIS gunman who killed 58 and wounded 59 in June 2015. This attack also occurred in a demonstrated violent environment.

In another case from January 2019, a Delaware woman staying at the Majestic Elegance Punta Cana resort in the Dominican Republic claims she was attacked from behind by a man wearing a Majestic Elegance uniform, taken to a secluded room or closet in the resort, and severely beaten and choked on and off for a prolonged period of time. She said she intermittently lost consciousness and was not sure if she was sexually assaulted or not. A rape examination was performed by Dominican Republic medical personnel, but it was supposedly two days later, and it was reportedly cursory in nature. The victim complained to the resort and police, but their responses were perceived as standoffish or lackadaisical. The resort said it attempted but failed at an out of court settlement. The resort’s insurance company (yet named) said since the victim was unable to identify her attacker as an employee of the property, the Majestic Elegance bore no responsibility to the victim.9

Thereafter, the victim went on offense, taking her story to the press and social media. She then sued the hotel for $3 million. Pictures of the victim from a hospital bed showed the woman with extreme bruising on her face, gouges in her cheek and forehead, ligature marks around her neck, mouth/dental damage, and caked, dried blood around her mouth and nose.

The Majestic Elegance told the press the woman’s story was suspect, indicating the attack might have been staged. No CCTV coverage of the incident was made available. Reporting has said the resort’s CCTV was inoperable at the time of the attack, and/or there was no CCTV coverage of the location of the assault. All of this happened against a backdrop of over 30 deaths of tourists in the Dominican Republic in a 12-month timeframe.10 US law enforcement has considered scores of these deaths as suspicious.

Hotel Physical and Sexual Assaults Legal Issues
Lawsuits over such attacks in the Caribbean are building, though not all have been made public. “There has been considerable growth in the number of lawsuits that have been filed against Jamaican-based hospitality industry resorts in the United States Federal Court,” said Jamaican-American attorney-at-law Michel Morgan at a recent lawsuit seminar in Jamaica. Morgan said there were advantages to US citizens filing suits against Caribbean resorts from US courts as opposed to Caribbean countries. These include high plaintiffs’ awards, contingency-fee agreements, and faster case conclusion times.11

In contrast, a Canadian-based lawyer said she advised Canadian rape and sexual assault clients to seek local, Caribbean legal help because of jurisdiction issues. This can indeed be a sticking point, but if the hotel or resort in question has assets in another country such as the US or the UK, then the case might be heard in the country where those assets are located. This is precisely what happened in the December 2013 Will Pike lawsuit against the Tata Group – owners of Mumbai’s Taj Mahal hotel. Pike was a guest at the Taj Mahal in 2008 when terrorists from the Pakistan-based, Lashkar-e-Taiba terror group attacked it, along with several other targets in the city, including the Oberoi and Trident hotels. Pike’s lawyers won the right to sue the Tata Group in the UK because Tata had considerable financial holdings in London. This jurisdiction ruling caused the Tata Group to quickly settle the Pike case out of court for an undisclosed sum.12 The same strategy can be applied in other cases, such as the many sexual assaults in the Caribbean.

Additionally, because of the high sexual assault and rape count at hotels and resorts in the Caribbean, and because of the unusually high and mysterious death count, there is a negligence case to be made in situations such as these regarding totality of circumstances. It is reasonable to expect the unusually high rate of physical violence at Caribbean resorts to cause resorts there to, firstly, recognize the problem, and, secondly, mitigate the problem in order to protect their guests.

Hotel Physical and Sexual Assault Insurance and Financial Issues
Financial losses from sexual assault cases can be high. Aside from settlements and awards that can easily rage from $3-6 million per injured party, business losses can mount. For example, the damning media exposure of the alleged beating at the Majestic Elegance compounded by the multiple mysterious deaths in the Dominican Republic caused such a stir that this resort had to shut down in August 2019 because of a lack of guests and revenues. It aims to reopen on 7 November. The closure will cost the resort approximately $8,525,160 in RevPAR losses. This does not include brand damage that might carry over after 7 November, or brand damage suffered by the Majestic corporation’s other properties in the Dominican Republic or other, regional locales.13

As a final note of interest, in July 2019, the US State Department removed its Jamaica report from the Internet.14

Hotel Human Trafficking
Like physical and sexual assaults at hotels, human sex trafficking happens all over the world – including in the US – and much of it happens in hotels. While Tu Rinsche, Marriott’s Director of Social Impact and Global Responsibility, rightly points out that plentiful and accurate data on trafficking is lacking, the International Labor Organization says approximately 4.8 million people suffer from forced sexual slavery at any given time, globally. Adding to this, Prince William County (Virginia) Police Detective Robyn Hyatt told the press, “One trafficker with three victims [and a] customer every 15 minutes can make $2.19 million in one year.” This makes sex trafficking more profitable than drug trafficking, says Detective Hyatt, and it draws the participation of local, regional, and international criminal networks, including MS-13, among others.15

Examples are many. In May 2019 in Washington state, a man was charged with sex trafficking a female to as many as 20 men a day at the Motel 6 Seattle Sea-Tac Airport South, which is directly across from Sea-Tac’s city hall. Additionally, this particular hotel had a reputation for being a hotbed of trouble. Since 1 January 2016, sheriff’s deputies had been called to the property just under 2,000 times to respond to 9-11 calls and for “area checks” regarding suspicious activities. Statistically, this is about four times a day for a three-year timeframe. Eight of those calls were for prostitution. The press reported that the hotel did have security, and it also kept a list of people not to rent to, but neither of these measures was enough to mitigate the criminal issues happening there, including human trafficking.16

In another recent case, four women said they were forced into sexual slavery by a gang that operated out of four hotels in Georgia and one in Louisiana from 2010-2016. The properties identified in the press were:

  • Red Roof Inn, Smyrna, Georgia
  • suburban Extended Stay (now a Hometown Studios), Chamblee, Georgia
  • La Quinta Inn, Alpharetta, Georgia
  • Extended Stay America, Atlanta, Georgia
  • Extended Stay America, Baton Rouge, Louisiana

Two women were reportedly underage at the time of the crimes. On occasion, the women would service 10-20 men a day. The women said the trafficking gang put hotel staffs on their payroll to serve as lookouts and to help mask these illegal activities. One trafficking victim, in an apparent effort to escape her plight, told a hotel employee she was being trafficked, and the employee then told the gang, who then beat the victim to enforce the secrecy of their trafficking operation. In military and intelligence terms, the activities by these hotel staffers is known as “operational security” (OPSEC), and it requires training in communications, how to spot law enforcement (or anyone hostile to an ongoing operation), and other assorted techniques akin to spy tradecraft. As evidenced by the woman who was beaten, OPSEC also sometimes requires ruthlessness. The hotel employees that were recruited by this trafficking gang excelled at operational security. They managed to help this enterprise elude law enforcement for six years. They were an integrated part of this criminal enterprise.

Despite the absence of copious data on trafficking, law enforcement and the hospitality industry use multiple case studies to design trafficking mitigation strategies. Marriott, Hyatt, and Hilton have made anti-trafficking training for hotel staff mandatory.17 Additionally, several major hotel chains and organizations have engaged in anti-trafficking measures in earnest since 2017. The American Hotel and Lodging Association, via its “No Room for Trafficking” outreach program, and non-profits such as the Safe House Project, help spread awareness and provide training tips on countering trafficking.18

But it has not been a subject the hospitality sector has readily addressed. Marriott’s Tu Rinsche told the press, “Corporations have historically feared any association with [this] heinous crime.”19 But the human factor, brand damage, resulting profit losses, and legal liabilities have caused the hospitality sector to wake up.20 “One of the things that [Marriott International] recognized is that human trafficking unfortunately negatively impacts the industry, but also our company, so the company identified it as a salient issue for us to address,” Rinsche told Refinery 29, a women’s media outlet.21 Marriott has trained 500,000 employees to identify and report on human trafficking.

Hotel Human Trafficking Legal Issues
As with hotel sexual assault lawsuits in the Caribbean, hotel trafficking lawsuits are beginning to percolate. For example, on Monday, 29 August 2019, Georgia-based law firm Anderson, Tate and Carr filed a lawsuit in the US District Court in Atlanta on behalf of the four trafficked women mentioned above against the following hotel companies:

  • Red Roof Inns, Inc.
  • Choice Hotels International, Inc. (owns Suburban Extended Stay)
  • La Quinta Worldwide, LLC (owned by Wyndham Hotels & Resorts)
  • Extended Stay America

The filings allege the hotels were complicit as perpetrators in sex trafficking and as financial beneficiaries from sex trafficking. So, these are not negligence cases focusing on duty of care as has occurred in other violence related cases.22 These hotel operators knew what they were doing, say the plaintiffs’ attorneys. One of the lawyers on the case told the press, “When the choice comes down to leaving a room empty or renting that room to sex traffickers, the hotels in these lawsuits consistently chose to rent the room to sex traffickers.”23 The firm provided evidence of hotel collusion with the traffickers by way of a sign from one of the hotel lobbies that said, “no refunds after 15 minutes.” This, said the lawyers, was designed to keep sex trafficking consumers from demanding a room refund after a quick session.24

Hotel Human Trafficking Insurance and/or Financial Issues
It is difficult to pinpoint precise financial loss and insurance figures from human trafficking at hotels. Some hospitality companies will try to tap insurance to cover legal fees, but, depending on liability perils and exclusions, the aspect of criminality might negate this in some cases. Otherwise, losses could include RevPAR, brand damage, or losing the property itself. Maximum yearly RevPAR for the above-mentioned properties is as follows:

  • Red Roof Inn, Smyrna, Georgia, $2,829,480 a year
  • Suburban Extended Stay, Chamblee, Georgia, $2,719,250.0 a year
  • La Quinta Inn, Alpharetta, Georgia, $6,740,455.00 a year
  • Extended Stay America, Atlanta, Georgia, $3,295,950 a year
  • Extended Stay America, Baton Rouge, Louisiana, $2,396,225 a year

Collectively, this amounts to over $15 million. Additionally, each of these properties individually could be valued in the low $ millions if they were forced to sell.

Conclusionary Macro Trends
Given the aforementioned case studies and scores of others just like them, the record demonstrates the following trends:

  1. Various forms of violence such as terrorism, physical and sexual assaults, and human trafficking happens at hotels on a regular basis.
  2. Repeatedly, hotels demonstrate that they are woefully unprepared to mitigate violence, and they continually express surprise that these types of activities have happened.
  3. A modern, intelligence and data-driven approach to security (employee vetting, staff training, physical security, and situational threat awareness) would have blunted or prevented violence in all cases presented here.
  4. Most of these episodes of hotel violence occur against a backdrop of clearly visible threat warnings and indicators that either suggested or directly foretold that violence was pending.
  5. Financial damages from these types of attacks – damage, RevPAR losses, physical damages, and insurance payouts – routinely are in the low- to mid- $ millions. (In more extreme cases, damages run into the tens of $ millions, and, on occasion, hundreds of $ millions – the Taj Mahal and the MGM Mandalay Bay, for example).
  6. Legally, while some hotels escape culpability for these type cases via reasonable foreseeability or jurisdiction, totality of circumstances and asset jurisdiction continue to gain traction for plaintiffs.

Possible Evolving Micro Trends
While the following have not been demonstrated as solid, wide ranging macro trends, they do demonstrate possible, evolving trends that might develop into stronger patterns moving forward.

  1. Marriott publicly stated that it was motivated to counter human trafficking because of human harm, social responsibility, fiscal losses, and liabilities. Because Marriott is a hospitality trend setter, and because the hospitality sector follows “herding” type trends, the rest of the hospitality sector might follow suit.
  2. The criminal suits pressed against hotel companies in the Georgia and Louisiana human trafficking case poses a new level of motivation for hotels to vet employees and prevent this crime.
  3. The fact that hotels and law enforcement have used human trafficking case studies to develop mitigation strategies indicates these entities see threat intelligence as central to countering hotel violence and like threat issues. If acted on by hotels and insurance companies, hotel threat data and intelligence could have helped reduce the damages sustained in these cases, and/or, it might have prevented them.

This article is part of our Conference Materials Library and has a PowerPoint counterpart that can be accessed in the Resource Libary.® provides numerous resources to all sponsors and attendees of The Hospitality Law Conference: Series 2.0 (Houston and Washington D.C.). If you have attended one of our conferences in the last 12 months you can access our Travel Risk Library, Conference Materials Library, ADA Risk Library, Electronic Journal, Rooms Chronicle and more, by creating an account. Our libraries are filled with white papers and presentations by industry leaders, hotel and restaurant experts, and hotel and restaurant lawyers. Click here to create an account or, if you already have an account, click here to login.

Jeff Moore

Jeff Moore is a threat analyst and terrorism expert. He is also CEO of Muir Analytics, which conducts threat assessments for corporations. Dr. Moore earned his PhD in counterinsurgency (COIN) strategies and tactics from the University of Exeter in the UK. Dr. Moore has supported U.S. government intelligence (J-2) and plans/policy (J-5) assets, and he was the on-site manager of a planning cell for the US Army’s Plans and Operations Division (G-3) in the Pentagon. In other roles, Moore was a full-time professor teaching counter terrorism at National Defense University, and he has worked on executive protection details for the likes of Angelina Jolie and VIPs at the London 2012 Olympics. Jeff is author of two books: "Spies for Nimitz," regarding America’s first modern joint intelligence agency and WW II in the Pacific; and "The Thai Way of Counterinsurgency," regarding irregular warfare and terrorism in Thailand. He has written more than 100 articles on defense, security, and the energy sector, and he has given briefs to the Defense Intelligence Agency, the Pentagon, the Overseas Security Advisory Council in Singapore, Thai Special Forces, the Thai National Security Council, London’s International Institute for Strategic Studies, the FBI, and others. In May 2012, at the direct request of the U.S. Army, he served as a COIN subject matter expert at a conference established to help rewrite the Army/Marine Corps COIN manual. Jeff's awards include the U.S. Army’s Distinguished Civilian Service for Bravery medal for his actions on 9-11.

Leave a Reply

Your email address will not be published. Required fields are marked *