I love my career as an analyst; I research the challenges organizations face in the context of governance, risk management, and compliance (GRC) and how they solve those challenges with strategy, process, and technology. However, if I could redo my career, I would want to be a geopolitical risk management (honestly, that would be my second choice after being a vicar in a small English parish in an idealized 1950s setting solving mysteries, think Grantchester).
Consider the following . . .
“Organizations that take a serious, systematic, and senior-driven approach to political risk management are likely to be surprised less often and recover better.”Condoleezza Rice and Amy Zegart, Political Risk: How Businesses and Organizations Can Anticipate Global Insecurity (Hachette, 2018)
Geopolitical risk management is an increasingly crucial aspect of an organization’s Governance, Risk Management, and Compliance (GRC) or Enterprise Risk Management (ERM) program. The global landscape constantly shifts due to political instability, economic changes, and social upheaval. These changes can significantly impact an organization’s objectives, operations, and supply chains across the extended enterprise. Understanding and managing these risks is essential for sustainable growth and resilience.
Geopolitical risks refer to the potential impact that political decisions, events, or conditions in one or several countries can have on an organization’s operational and financial performance. These risks can emerge from various sources, including government policies, regulatory changes, political instability, elections, economic sanctions, trade wars, and terrorism. Natural disasters and other conditions, of course, intersect and play into and influence these as well. The goal is to orchestrate and integrate geopolitical risk management into the organization’s strategy, operations, and decisions to minimize surprises in achieving the organization’s objectives.
Incorporating geo-political risk into an organization’s GRC/ERM program involves several steps:
- Risk Identification. Identify geo-political risks specific to the organization’s objectives, strategy, operations, markets, and supply chains.
- Risk Assessment. Evaluate the likelihood, velocity, and potential impact of these risks on the organization and its objectives.
- Risk Mitigation. Develop strategies to leverage geopolitical risk to the organization’s advantage and objectives while mitigating these risks’ negative exposure.
- Risk Monitoring and Review. Continuously monitor the geo-political landscape and adjust the organization’s objectives and risk management strategies accordingly.
Geo-political risks can have a direct impact on an organization’s strategic objectives. For example, changes in trade policies can affect market access, while political instability can disrupt operations in a specific region. Economic sanctions can limit business opportunities or increase operational costs.
Operational impacts include:
- Disruption of Supply Chains. Political unrest or border closures can disrupt supply chains, leading to delays or increased costs. We have seen this extensively with the war in Ukraine and the disruption in supply chains during COVID lockdowns.
- Regulatory Compliance. Changes in regulations can require operational adjustments to remain compliant.
- Political Changes. The UK’s decision to leave the EU brought about regulatory and trade changes, impacting European businesses and others worldwide.
- Market Volatility. Political decisions can lead to market uncertainty, affecting investments and financial stability. The U.S.-China trade war significantly impacts global trade, affecting companies with supply chains or markets in these countries.
In my opinion, any good Chief Risk Officer role today (or those in other risk roles like third-party/supply chain risk management) will be an avid reader of The Economist and similar publications. This includes taking int geopolitical risk feeds of developments worldwide daily (GRC 20/20 tracks a variety of these feeds that can plug into GRC/ERM/third-party risk systems to give continuous updates on geopolitical risk across the extended enterprise). This is also a key point of discussion at next week’s Third Party Risk Management by Design Workshop in London. Organizations must integrate geopolitical risk management into their GRC/ERM framework by:
- Enhance Geopolitical Risk Intelligence Capabilities. Invest in geopolitical risk intelligence feeds and analytics to understand potential geo-political disruptions.
- Scenario Planning. Develop scenarios for possible geopolitical events and their potential organizational impact on its objectives.
- Diversify Operations. Reduce dependence on politically unstable regions by diversifying markets and supply chains.
- Stakeholder Engagement. Engage with governments, NGOs, and other stakeholders to understand and influence the geo-political landscape.
Geopolitical risk management is no longer an optional part of an organization’s risk management strategy; it is a necessity. The dynamic nature of global politics requires organizations to be proactive, agile, and well-informed. By effectively integrating geopolitical risk management into their GRC/ERM programs, organizations can protect themselves from potential threats and identify new opportunities in an ever-changing global landscape.