If your vessel is routed through a piracy or armed-robbery hotspot, Best Management Practices (BMP) is the single most important piece of guidance you will use. BMP is the maritime industry's consolidated playbook for deterring piracy and protecting crews, and it tells operators, masters and Company Security Officers exactly how to plan a transit, harden the ship, register with the right naval reporting centre and respond if an attack develops. This guide explains what BMP is, the principles that sit underneath it, the reporting centres you must know, and how to turn the guidance into a workable transit plan.
What BMP is, and what changed in 2025
BMP began as a region-specific response to Somali piracy in the Gulf of Aden and the wider Indian Ocean. For most of the last decade the working reference was BMP5: Best Management Practices to Deter Piracy and Enhance Maritime Security in the Red Sea, Gulf of Aden, Indian Ocean and Arabian Sea. Alongside it sat BMP West Africa, covering the Gulf of Guinea, and a separate Global BMP.
In March 2025 the industry associations BIMCO, the International Chamber of Shipping (ICS), the International Marine Contractors Association (IMCA), INTERCARGO, INTERTANKO and the Oil Companies International Marine Forum (OCIMF), supported by more than forty maritime stakeholders, withdrew those separate documents and replaced them with a single publication: Best Management Practices for Maritime Security, usually shortened to BMP Maritime Security or BMP MS. The consolidated edition applies to all regions and to both non-state threats, such as piracy and armed robbery, and state-level threats, such as missile and drone activity in the Red Sea. If your safety management system still references BMP5 by name, the underlying guidance now lives in BMP Maritime Security.
BMP MS is supported by the Maritime Industry Security Threat Overview (MISTO), a threat picture refreshed every three to six months that feeds the risk assessment at the heart of the guidance.
The core principles
BMP is built around a small number of plain ideas. Get these right and the detailed measures follow logically.
- Be aware. Understand the threat before you sail. Use current intelligence and threat overviews to judge what could attack you, where, and how, then drive every later decision from that assessment rather than from habit.
- Be prepared. Conduct a ship and voyage-specific risk assessment, brief the crew, rehearse drills, and decide in advance how the ship will behave if approached.
- Report and register. Make contact with the relevant naval reporting centre before you enter a high-risk or voluntary reporting area, send the routine reports it asks for, and report any suspicious approach or incident immediately.
- Harden the ship. Apply self-protection measures so the vessel is harder to board, slower to be boarded, and able to delay attackers long enough for a naval response.
- Cooperate. Work with naval forces, other shipping and your company ashore, because a coordinated maritime community is the most effective deterrent of all.
These map onto BMP's older shorthand of plan, detect, avoid, deter, delay and report, and onto the three long-standing fundamentals: register with the relevant centre, report to it, and implement ship protection measures.
The reporting centres you must know
Registration and reporting only work if you contact the centre that owns your sea area. Three matter most.
| Centre | Area of responsibility | What operators do |
|---|---|---|
| UK Maritime Trade Operations (UKMTO) | Red Sea, Gulf of Aden, Indian Ocean, Arabian Sea and wider Middle East waters | Primary point of contact between merchant ships and military forces. Register on entering the Voluntary Reporting Area, send initial, daily and final position reports, and report suspicious activity. |
| Maritime Security Centre, Horn of Africa (MSCHOA) | Counter-piracy coordination for the Horn of Africa region, run under EU naval forces | Register transits so naval planners can track and protect merchant traffic and issue self-protection advice. |
| Maritime Domain Awareness for Trade, Gulf of Guinea (MDAT-GoG) | Gulf of Guinea and West African waters, operated by the French and UK navies | Register before entering the Voluntary Reporting Area and report piracy, armed robbery and suspicious activity. The 24-hour watch can be reached by email or, in emergency, by telephone. |
The Voluntary Reporting Area boundaries are printed on maritime security charts, so the bridge team can see precisely where reporting obligations begin and end. Registration is voluntary in name only: an unregistered ship is invisible to the naval forces that would come to its aid.
How operators apply BMP on a transit
BMP is a process, not a checklist to sign and file. A sound application runs roughly as follows.
- Threat and risk assessment. Before fixing the route, assess the current threat for the specific transit using up-to-date intelligence. The output sets the protection level, not a generic template.
- Voyage planning. Route to keep clear of the highest-risk waters where commercially possible, factor in naval transit corridors and group transit schemes, and plan speed and timing to reduce exposure.
- Register and report. Make contact with the relevant centre, file the initial report on entering the reporting area, and maintain routine reporting throughout.
- Harden the ship. Implement self-protection measures proportionate to the assessed threat: enhanced lookouts and radar watch, lighting and alarm readiness, physical barriers such as razor wire, secured access points and a hardened citadel where appropriate.
- Brief and drill the crew. Every member should know the muster signal, the citadel procedure and the actions on approach. Rehearse before entering the area, not during an attack.
- Detect, deter, delay, report. Maintain vigilance, react early to a suspicious approach, use ship manoeuvring and protection measures to buy time, and report immediately so naval assets can respond.
- Review after transit. Capture what worked, update the safety management system, and feed lessons back into the next assessment.
Run well, BMP makes a vessel a harder, slower and noisier target than the ship alongside it, and that relative difference is often what turns an attack away.
Where Verihelm helps
BMP is only as good as the threat picture it rests on, and that picture changes daily. Verihelm is Dryad Global's analyst-verified intelligence platform, built so that the "be aware" and "be prepared" stages of BMP draw on current, human-checked maritime intelligence rather than stale assumptions. It surfaces incident reporting, threat assessments and area-specific guidance for the Red Sea, Gulf of Aden, Indian Ocean and Gulf of Guinea, so masters and Company Security Officers can route, harden and report with confidence. To see how Verihelm supports the full BMP cycle from planning to post-transit review, explore our voyage and transit risk assessment capability.