Following weeks of ominous intelligence reports, the world once again finds itself grappling with a destabilizing geopolitical event – this time on the European continent itself. When Russian forces rolled into Ukraine on Feb. 24, it was not totally unexpected. Yet, when 2022 risk assessments were being compiled in recent months, this was a risk few saw coming. The World Economic Forum’s 2022 Global Risk Report, published a little over six weeks ago, acknowledged increased tensions but did not include armed conflict between nation states or geoeconomic confrontation among its top 10 global risks in the next two years. And geoeconomic confrontation barely made the top 10 list for the decade ahead.

Russia’s invasion has already dealt a devastating toll on the people of Ukraine, and has rocked global financial markets, threatening to fuel an already worrisome inflationary environment in the United States and other developed economies around the world. Companies with a global footprint are scrambling to assess the business impact of developments in Europe – particularly on their supply chains and revenue. Even companies whose business models don’t extend beyond their nation’s shores are recognizing that the European conflict may impact their fortunes.

While events of the past two weeks may have caught us by surprise, the important question is: Should they have? From my experience, geopolitical risks are rarely given the level of attention they deserve until it is too late. A recent article from Global Risk Insights (GRI) highlighted several geopolitical risks facing the world in the year ahead. As GRI noted:

“Geopolitical risk is about relations between nations – at the political, economic, military, and cultural/ideological level. Risk conventionally occurs when status quos are threatened. Risks are not just a big deal for states, however. They also matter for non-state actors, especially in the private sector, as developments impact corporate and investment decisions, supply chains, consumer spending, client strategies and how much a pint is on that holiday you have been saving up for.”

I have long advocated that geopolitical risks are an important element in the risk portfolio of many companies and they must be monitored as part of an effective approach to risk management. In a 2007 article for PwC, I cautioned:

“When companies operate abroad in unfamiliar political environments, they are often exposed to new types of risks and complexities that can threaten business performance as well as mask new opportunities.”

As with many unexpected events, geopolitical risk assessments too often don’t happen until an event such as the Ukrainian invasion has already occurred. However, with a proactive approach to assessing geopolitical risks, a company can:

• Protect new and existing global investments and improve business performance
• Make better and more timely decisions about international operations
• Anticipate the business-risk implications of geopolitical change or instability
• Identify opportunities as well as risks stemming from geopolitical shifts
• Take steps to mitigate risks and protect against unwanted surprises
• Improve measurements using risk-adjusted evaluation of international performance
• Exit unstable markets

A recent Forbes article made a strong case for assessing and monitoring geopolitical risks before it is too late:

“Despite considerable focus on the pandemic, talent shortages, and climate events, future-focused leaders understand that today’s growing and interconnected geopolitical risks also encompass broader issues, including war, terrorism, and cyber threats. For example, supply chains can be disrupted by disputes between countries, especially when it comes to raw materials and perishables, technology components (e.g., microchips) or energy (e.g., petroleum, natural gas, electricity). They also know cyber-attacks and geopolitical instability are linked, with significant potential damage to digital and financial assets, supply chain and reputation.”

So, where do risk managers, internal auditors and others begin when assessing geopolitical risks? I have shared several suggestions over the years for companies to effectively manage geopolitical risks, including:

• Integrate geopolitical risk management into a systematic process embedded within the company’s other business processes.

• Apply enterprise risk management (ERM) principles to geopolitical risk management.
• Take a portfolio view of risks to better understand the implications and interdependencies between geopolitical risks and other risk considerations. Although geopolitical risks are commonly viewed as an external risk factor, they can have a significant impact on internal risk factors.
• Obtain geopolitical intelligence relevant to long-term challenges and opportunities
• Conduct a baseline assessment of geopolitical risks affecting business operations.
• Ensure that updated, accurate assessments of geopolitical risks are routinely integrated into business development and operational decision-making across the company
• Monitor geopolitical and other key risk factors on an ongoing basis, using the information gained to make more informed investment decisions and to put changing geopolitical risk scenarios into perspective.
• Understand the potential business consequences of geopolitical risks.

The global consulting firm McKinsey & Company offers a “five-pronged approach to managing geopolitical risks:”

1. Start with the board: Boards should regularly set aside time to review analysis and response strategies for relevant geopolitical risks.
2. Use a trifocal lens to assess potential risks:
   1. Short-term actions. For example, “establish a crisis-response unit to take the lead on identifying potential risks” and formulating proposed mitigation strategies.
   2. Midterm actions. Regularly brief the company’s board and senior leaders on relevant geopolitical risks.
   3. Long-term actions. For example, conduct exercises to assess potential responses to alternative scenarios.
3. Think critically about the corporate narrative. Recognize that the company narrative “could create conflicts with external or internal stakeholders,” and consider what the potential remedies could be.
4. Deploy refreshed risk frameworks and guidelines. If your company operates in markets where political instability is high, develop market-specific risk assessments “that fuse corporate strategy and risk management.”
5. Secure stakeholders’ hearts and minds. As McKinsey notes:

“Geopolitics is personal. A large organization is likely to have stakeholders with differing cultural reference points and opinions on issues such as human rights and privacy. And differences can dissolve into disagreements about risk and strategy. People may worry that a company will hold itself to different standards in different regions. In a world where nationalistic sentiments are on the rise, no country dominates, and regulations and standards are fragmenting, such situations are bound to accelerate.”

I recognize that much of this blog has been directed at geopolitical risks from the perspective of a company with global operations. However, as I noted earlier, a geopolitical event such as the Russian invasion of Ukraine has a ripple effect that creates or exacerbates risks across the portfolio for organizations in every sector and industry. For those of you whose organizations are not global, I would still urge that, as part of your continuous risk assessment/monitoring, you closely examine how the events in Europe may impact your organization, such as through increased fuel costs, heightened cybersecurity threats, and even more aggressive macroeconomic inflationary pressures.