Annual General Meeting Security | CloseProtectionHire

Annual general meetings used to be procedural formalities. For many listed companies, they still are. For others – energy firms, banks, pharmaceutical manufacturers, technology platforms – the AGM has become a contested public event carrying real physical security risk.

That shift is not theoretical. In May 2024, activist shareholders disrupted Shell’s AGM in London, with protesters occupying the front of the room before being removed by security. In May 2023, Barclays executives were targeted with paint thrown by Just Stop Oil activists as they arrived for the bank’s AGM. In 2022 and 2023, groups affiliated with Extinction Rebellion disrupted multiple FTSE 100 annual meetings. ShareAction, the responsible investment NGO, coordinated shareholder blocks at HSBC, Barclays, and Legal and General across successive years – working within the legal framework, but applying organised pressure that shapes the atmosphere of the meeting.

Security planning for AGMs needs to account for this changed environment.

The Legal Framework Governing AGM Security

The Companies Act 2006 Sections 301 to 307 set out the statutory requirements for AGMs: notice periods, quorum, resolutions, and the right of members to appoint proxies. Section 284 gives every member the right to attend and vote at a general meeting. You cannot exclude a shareholder simply because you know they intend to ask difficult questions.

What you can do is impose conditions of entry that apply equally to all attendees. Venue security searches are lawful if they are clearly notified in advance and applied consistently. A shareholder who refuses to submit to a reasonable security search can be refused entry on that basis, provided the condition was clearly communicated in the AGM notice. Legal counsel should draft any such condition language before it appears in any notice or invitation.

An individual can be removed from a meeting already in progress if their conduct is disrupting proceedings. The test is proportionality. Removal should be a last resort, not a first response to awkward questions, and the decision to ask someone to leave should always involve a senior company representative and legal counsel, not solely the security team.

Pre-emptive exclusion based on activist affiliation is a different matter entirely. Denying entry to a registered shareholder because you believe they intend to disrupt, without specific evidence of planned criminal conduct, exposes the company to a legal claim and will almost certainly be filmed and published. The reputational cost of physically blocking a climate campaigner outside an AGM venue often exceeds whatever disruption they would have caused inside.

What Activist Disruption Actually Looks Like

The most common form of AGM disruption from activist groups falls into three categories.

The first is lawful protest outside the venue. Organised by groups such as Extinction Rebellion, Just Stop Oil, Global Justice Now, or the Network for a Victim Donors organisation, this involves demonstrations on public land adjacent to the venue. Protesters may target arriving executives and board members. Under the Public Order Act 1986, police can impose conditions on such assemblies under Section 14, including specifying location and duration. A trained protest liaison officer on the company’s side can work with police and protest organisers to channel this activity and reduce the risk of physical confrontation.

The second is inside disruption by activist shareholders. Under Companies Act rights, any registered shareholder can attend and raise questions or resolutions. Coordinated activist shareholder groups have become significantly more sophisticated since 2020. ShareAction, for instance, works with institutional investors to file formal resolutions and coordinates blocks of retail shareholders to attend and ask scripted questions. This is entirely lawful and the appropriate response is procedural management, not security escalation.

The third category is external criminal disruption: paint attacks, gluing, blocking entrances, or entering the venue without authorisation. This is where the security team has a clearer operational role. Advance intelligence gathering on planned actions – through open-source monitoring of activist group social media, liaison with police intelligence, and monitoring protest group websites – allows the security plan to address specific known threats rather than generic risk.

Access Control: What Works

Effective AGM access control starts well before the meeting day.

Shareholder authentication should be built into the registration process. Every attendee – whether attending in person as a registered shareholder, a proxy, or a corporate representative – should present proof of their entitlement to attend. The company’s share registrar can produce attendance credentials. In practice, this means a unique reference number and either a physical credential or a QR code that is checked against the share register at the door.

Venue entry points should be minimised. A single controlled entrance reduces the management burden significantly. Any secondary or service entrances should be secured against unauthorised access on meeting day. CCTV coverage of all entry points should be reviewed and tested in the advance survey.

Physical searches can be implemented as a condition of entry if communicated in advance. The legal framework does not give the company a right to search – it gives it a right to impose a condition of entry. The practical effect is the same, provided it is applied consistently and the security team is properly briefed on what is and is not permitted under that condition.

Martyn’s Law creates a new statutory layer for large AGM venues. The Terrorism (Protection of Premises) Act 2024 received Royal Assent on 3 April 2024. For venues with a capacity of 200 to 799 people, the Standard duty requires the responsible person to ensure reasonable and proportionate measures are in place, and that staff are trained to implement them. For venues of 800 or more, the Enhanced duty requires a formal security management plan, a nominated senior responsible person, and ACT Awareness training for all staff. The SIA is the regulator. Many FTSE 100 AGM venues – ExCeL London, ICC Birmingham, the QEII Centre – fall within the Enhanced duty threshold.

The Protest Liaison Function

The protest liaison officer role is consistently undervalued in corporate event security planning. A skilled protest liaison – typically a security professional with police or public order background – operates in the space between the company’s legal rights and the protesters’ legal rights to demonstrate.

Their work begins before the event: monitoring activist group communications for planned actions, making contact with organiser groups where appropriate (this depends on the specific groups involved and the threat level), and briefing the venue security team on the likely size, character, and tactics of any protest expected.

On the day, the protest liaison works on the perimeter, not inside the venue. They maintain situational awareness of protest activity, communicate in real time with the venue security team and senior company security contact, and – where the situation allows – engage directly with protest leadership to establish agreed parameters for the demonstration.

This is not appeasement. It is practical risk management. The Metropolitan Police’s Gold-Silver-Bronze command structure for public order events provides a framework that protest liaison officers can integrate with. Under Section 12 of the Public Order Act 1986, police can impose conditions on a public procession, including specifying routes and maximum duration. Under Section 14, they can impose conditions on assemblies. A protest liaison who can coordinate with the Silver command responsible for the area can shape police resource deployment as well as protest behaviour.

Where specific intelligence indicates a planned intrusion or criminal disruption – not just protest – the response moves from liaison to operational security. This requires coordination with the police Gold commander and should not be improvised on the day.

Board and Executive Movement Security

The highest-risk moment in any AGM is the arrival and departure of the board and executive team.

Board members are identifiable, their arrival creates a predictable target window, and the presence of media means any incident will be documented. The security approach to board movement should treat the AGM the same way a close protection team would treat any high-profile principal movement.

Arrival should be staggered where operationally possible, with board members not arriving as a group at a single predictable time. The designated arrival point should use a secondary or controlled entrance, not the main public entrance. Ground transport should use vetted, security-briefed drivers and ideally a two-vehicle convoy – not executive taxis hailed on the day.

Departure is typically higher risk than arrival. The meeting may have been contentious; media and activists know the meeting is ending; the board has a known location. Departure planning should begin before the meeting starts: a designated exit route, ground transport pre-positioned, and a confirmed security team ready to move on a signal.

For FTSE companies, some have taken to departing senior executives through service routes or car parks before the meeting formally concludes. Whether this is appropriate depends on the specific threat assessment. It is worth discussing with legal counsel whether early departure by the CEO affects any voting or procedural requirements.

Digital Security for Hybrid AGMs

Many listed companies now offer a hybrid format – shareholders can attend in person or participate virtually via a meeting platform. From a security perspective, the digital component introduces risks that are distinct from the physical event.

Meeting platform disruption: “Zoom-bombing” (unauthorised participants joining and disrupting) is less common with proprietary AGM platforms (such as those offered by Computershare, Equiniti, or Link Group), which require authenticated login via shareholder reference number. But platform-level DDoS attacks are possible and have disrupted high-profile virtual events. The company’s IT team should confirm with the platform provider what their DDoS mitigation capability is, and have a tested response plan if the virtual component fails during the meeting.

Social media amplification: Any security incident at an AGM will be filmed by attendees and posted in real time. This is not a security failure – it is the operating environment. What it means is that the security team’s conduct must be beyond reproach: proportionate, professional, and not providing footage that becomes a story in itself. Post-incident communications planning is part of AGM security planning.

P1 City AGMs

For companies with operations in P1 cities, board or executive travel for in-country AGMs or shareholder events carries the standard P1 city risk profile.

In Istanbul, AGMs held at five-star Bosphorus hotels carry an elevated terrorism context under the FCDO’s current assessment. Board members arriving for a meeting in Istanbul should have a close protection plan that accounts for ground movement, hotel security, and the specific venue approach.

In Mumbai, the corporate event environment at Nariman Point and BKC is manageable for most events, but peak-hour movement between zones and the monsoon season (June to September) both require specific planning. Any event at which a contentious resolution is expected should include a ground intelligence check on any organised domestic activist presence in the weeks before the meeting.

In Lagos, corporate events at Victoria Island hotels carry the standard Lagos threat profile: movement security for executives, vetted transport, and an advance security survey of the venue that confirms emergency egress and response times. Local protest groups affiliated with community concerns around extractive industry or banking have previously targeted Lagos-based corporate events.

Integrating with Corporate Security Policy

AGM security should not be treated as a stand-alone event security project. It should sit within the company’s broader corporate security programme and reference the same threat assessment framework used for executive travel, residential security, and business continuity planning.

The corporate security director or adviser should be involved from the point at which the AGM date and venue are selected – not called in two weeks before the meeting when the location is already fixed and the access arrangements are already printed in the notice.

Early involvement means venue security can be a criterion in venue selection, not an afterthought. It means the shareholder communication about access arrangements can be drafted correctly the first time. It means the protest liaison brief is based on at least 30 days of intelligence monitoring rather than a last-minute OSINT search. And it means that if the threat assessment changes between the AGM notice date and the meeting date, there is time to adapt the plan.

For further reading on the event security planning process, see our event security planning guide. For the specific security considerations around politically charged corporate events and elections, see our guide to security for elections and political campaigns.

James Whitfield is a Senior Security Consultant with experience in corporate event security, close protection, and risk assessment across financial services and extractive industry clients.