Two years ago, the world was observing a full-blown crisis in China – a country that to many was geographically distant. In those early days, as COVID-19 spread and the crisis unfolded, many of us wondered what the impact would be and how it could affect us. Some of us prepared while others waited until the impact hit us.
The dynamic and rapidly evolving Ukraine/Russia conflict may seem a distant war in foreign lands. Many watching and reading news of this escalating conflict may not yet realise its full impact. However, it has flagged some operational issues, risks and policies that would be prudent to review, wherever in the world we either live or have a business presence. This blog examines some issues and risks to reflect on, prompted by these troubling current events:
Security
Security is fundamental. Most of us take this for granted, but if a country or region is experiencing any kind of instability or conflict – political, civil, or military – the risks are clearly higher, as we are seeing in Ukraine. For some sectors this is normal, and organisations have appropriate support in place, e.g. private security services for employees, and/or infrastructure in place for a recovery or evacuation situation. Many international organisations and companies with a presence in Ukraine have already evacuated, or are in the process of evacuating, employees and associated third parties. Evacuation plans were clearly in place. And on 15thFebruary, the Joint War Committee of London’s specialty insurance market Lloyd’s Market Association (LMA) added Ukrainian and Russian waters around the Black Sea as an ‘area of high risk’.
Any executive team or individual leading an organisation in a country where there is the potential for the security situation to change or become volatile must focus on their duty of care to employees. Review evacuation plans – particularly those that were used to re-patriate employees and clients during the early stages of the COVID-19 pandemic. Check and stress test any adjustments and resolve any areas that are not signed off. For those that remain in-country, ensure they are fully supported and provided for. Human life always takes precedence over the cost of operations, surety of investment for shareholders, and wider geopolitical dynamics. Finally, ensure your crisis communications are robust, fit for purpose, and have a backup for communication failures. People need to know exactly what to do, what to bring, and where to go – and how they can get this information.
The political regime and political climate
These are significant risk factors, as we have witnessed over the last few weeks and months with the evolving Ukraine/Russia situation. Usually, the media landscape reflects the in-country political regime. This is also an important consideration when assessing the situation on the ground. The media is a barometer of how society is informed, influenced, or oppressed, as well as of the values of the government in office. If the values gradually shift, there is a marked change in how news is reported, or there is evidence of either misinformation or disinformation, this should be considered as an indicator against political risk.
An organisation must have appropriate support in place to constantly monitor the political environment, the situation on the ground, and how it is reported. This can be done either in-house or by engaging the services of specialist risk consulting firms, media monitoring platforms, and social media listening services.
As soon as there is a detectable and consistent shift, this must be flagged, analysed, and assessed, with actionable recommendations made to key decision makers. This may include engagement with the relevant authorities to flag the emerging threats to in-country employees, assets, and operations. Misinformation and disinformation can also confuse and heighten anxiety among employees. Checks and balances should be in place to ensure only facts and correct information are passed on.
Related to this is cyber security. There have been many widespread and disruptive cyber-attacks, such as the WannaCry ransomware attack in 2017. Much has been reported and written about state-sponsored cyber-attacks, which is a modern non-lethal method of warfare. Heightened cyber vigilance and re-enforcing organisational cyber-security measures at this time is therefore essential.
Financial infrastructure and sanctions
Sanctions are the emerging go-to method of diplomatic/non-lethal responses to a failed political process that results in confrontation and conflict. This was used against Russia in the 2014 annexation of Crimea, and it was immediately deployed by the USA as soon as Russia authorised troops to cross into Luhansk and Donetsk this week.
The current crisis has shone a spotlight on this complex area of international finance. CFOs should conduct a due diligence exercise with their financial institutions and ask:
- How and when to communicate with their respective regulators for sanction interpretation and implementation guidance
- How to implement these sanctions against their impacted clients
- Which reporting mechanisms to use for both national regulators and international enforcers, e.g., UN, EU
- What action to take against those to which sanctions apply
The risk of not doing this is that any later accusations and evidence of sanctions-busting made against an institution will likely result in further actions that can have serious consequences.
Third parties
Clients, customers, investors, and suppliers are key stakeholders to any organisational success. Similarly, they can potentially pose a challenge when the status quo changes. As with financial due diligence checks, organisations should regularly review their significant third parties and stakeholders. If a situation changes, the following questions should be asked of identified stakeholders:
- Relationship, involvement, or association with the situation or risk
- Likelihood of being subject to sanctions
- Likelihood of business interruption or cash-flow fluctuations
- Likelihood of disruption to the supply chain
- Impact on investment projects and market confidence
- Values and reputation
The risk of not doing this is that any later revelations against significant stakeholders will potentially result in business interruption; cash-flow challenges; potential reputational damage by association; fines and prison sentences; restrictions on trade or operations; possible bans on investment, financing, or insurance; and eroded investor confidence and subsequent share value.
Taking time to review all or any of these at regular intervals is good standard and best practice. The current situation with Ukraine and Russia, however, is a prompt to do this now, as this is most certainly to be a long-term crisis that will have evolving and far-reaching effects, both economically and geopolitically. And that will affect everyone in some way.
Credits and References
Photo Credit: Elana Mozhvilo, UnSplash
Reuters 15 February “London marine insurer add Russian, Ukrainian waters to high risk list.
WannaCry ransomware attack May 2017