Cvete Koneska, Author at Global Trade Magazine

In an age of proliferating business risks, multinationals should adopt a comprehensive, joined-up approach to risk mitigation. That means interrogating corporate threats in the round – instead of in isolation – because of their tendency to impact each other, creating unforeseen operational problems and challenges.

Mitigating the possibility of such a domino effect requires companies to not only have a wider understanding of their actual and potential exposure but also a willingness and ability to act quickly to prevent one risk setting off another.

Where once firms concerned themselves primarily with the security of their staff and physical assets and financial vulnerabilities, they now must address a multiplicity of risks. These range from compliance, brand, reputation, ESG and geopolitical to those associated with less tangible assets, such as data, research, and intellectual property, especially amid the growth of commercial and state-sponsored espionage.

The widening of risk exposure has in large part been driven by the growing acknowledgement in business circles that international companies are not just vehicles for delivering profit and value for shareholders, but also global citizens with responsibilities beyond the bottom line.

Influenced increasingly by ethical considerations, investors and consumers want companies to be both conscious of their impact on the environment and society and take steps to avoid negative consequences. This is especially true of the largest among them; many now geopolitical actors, wielding significant economic, social, and political influence in their regions of operation and beyond.

Growing recognition of the expanded number of risks stems from their potential bearing on a company’s share price and competitive position in the market. In the past, these was largely dictated by quarterly results. Now business analysts will factor in a company’s performance on addressing multiple corporate risks when putting a value on the organisation.

As risks have expanded, so has their connectedness. They cannot be tackled in isolation, as one risk very often sets off others. But with a more strategic approach to risk management, the possibility of such a chain reaction can be anticipated at the outset and dealt with. Below, I set out a few examples of why such an approach is necessary.

A multinational company’s public relations might align with American backing for Israel in the Gaza war in order to enhance its standing in US markets. But as a result of its stance, it might find its brands boycotted in predominantly Muslim Asian countries, deeply concerned over Palestinian civilians caught up in the fighting between the Israeli army and Hamas.

Prior to the Ukraine war, an international bank may have onboarded prominent, politically-exposed Russian businessmen, calculating that the revenue they generate outweighed the compliance risks. However, there would be a risk of reputational damage if, once the war broke out, the businessmen’s connections with the Kremlin were exposed in media reporting. Moreover, the bank could be subject to financial penalties in the event of its clients being sanctioned.

And a tech major in India might reluctantly agree to comply with controversial data sovereignty laws to protect its trading position in what is an important emerging market. But in doing so, it may expose itself to political risk. The government could go on to demand access customer data, possibly prompting customers in India to move elsewhere out of privacy concerns.

There is a general recognition of the need to move on from the old ways of assessing risk through risk registers, essentially a spreadsheet-approach to the task. In the past, the risk assessment function’s conclusions were rarely, if at all, something that boards or executive committees were expected to address. Now the post is accorded more importance and, in most cases, reports directly to senior leadership. Yet its determination of risk often remains rather siloed, and therefore, flawed.

So, while serious risk to data or staff, for example, may now be quickly escalated, not enough thought goes into how one might affect the other and, if it does, what new risks might then arise. If you don’t understand how risks can cascade or snowball, then you can’t put together an effective mitigation strategy. What we are talking about here is the need for a change in mindset. Rather than viewing a threat as a discrete event impacting a specific area of operations, there should be an assessment of its potential to raise red flags elsewhere.

In addition to understanding corporate vulnerabilities and how they interact, the owner of the risk function in a company must also have an acute sense of its risk appetite. Indeed, for some companies, risk tolerance might be the starting point for determining vulnerabilities. What this means in practice is a company, for instance, possibly preferring to let its global reputation slip to protect earnings in a specific market. That’s seemingly what many have opted to do by retaining a presence in Russia, despite international criticism of Russia’s war in Ukraine and growing sanctions risks.

The process of corporate risk analysis may seem like multivariable calculus, but in fact it is more of an art than a science. It’s about establishing a company-wide risk culture, so staff understand both the risks their respective departments face and how these can affect other parts of the business.

Their insights and observations provide the baseline information and data on which an organisation’s risk owner draws conclusions about risk exposure and mitigation. The board then weighs them up and decides on a course of action. It should be a seamless process. Some companies have put it in place, but more should consider doing so to best navigate the increasingly complex, interconnected global risk landscape.

Cvete Koneska is Head of FiscalNote Global Intelligence Advisory services, which helps executives mitigate risk and optimize growth by providing clarity needed to make strategic decisions.

As multinationals look to diversify their supply chains to avoid a repetition of the disruption they experienced during the pandemic, they are facing a further set of challenges. Regulators and investors are putting pressure on boards to ensure that new and existing suppliers, often spread across multiple jurisdictions, conform to ESG standards.

Once largely voluntary, compliance is becoming obligatory in many parts of the world – the US and several other countries already have supply chain due diligence legislation in place. America last year passed the Uyghur Forced Labor Prevention Act with the New York State Fashion Sustainability and Social Accountability Act in the pipeline. Other authorities, notably the European Union, are planning such laws. For corporates, the reputational and financial costs of not complying will only mount.

Getting suppliers to sign codes of conduct may have been sufficient in the past. No more. Regulators are requiring multinationals to report on the due diligence they have conducted to ensure that sourcing companies across all tiers of their entire supply chains are sustainable or, at a minimum, taking active steps to being so.

For many boards, this will be a huge undertaking, not least because reporting will have to be carried out on a regular basis, not just at the beginning of a business relationship.

Clearly, the investment required to facilitate continual supply chain monitoring will be substantial, but new compliance technology and, more broadly, a well-thought-out approach to due diligence will secure efficiency savings and limit vulnerability to financial penalties. Moreover, a conscientious multinational will maintain investor confidence and a competitive edge in the marketplace, where sustainability credentials increasingly determine or influence purchasing preferences.

For corporates, maintaining high levels of scrutiny over their supply chains is necessary due to the patchy governance record of many sourcing companies in emerging markets. Multinationals withdrawing partly – or completely – from China post pandemic may reduce the risk of future disruption, yet they take on ESG risks by shifting sourcing operations to some favoured supply chain relocation destinations, such as Vietnam and Mexico.

Both countries are attractive because they are low-cost and politically and economically stable, but their corruption and human rights records are a concern. Without robust due diligence, there’s a danger that the very clear logistical benefits they offer might be undercut by sustainability shortcomings. Equally, wider geopolitical factors may raise questions about the suitability of a country as a supply chain hub. Moscow’s allies, for instance, might face sanctions or receive goods from sanctioned entities in Russia that find their way into products exported to Western firms. Similarly, countries close to China could be drawn into the trade war between Washington and Beijing.

Given the emerging complexity of supply chains, the need to have a high level of visibility over them, coupled with the manpower this requires, means corporates will invariably need to prioritize compliance efforts. This will likely involve the use of technology to identity and target the highest-risk sourcing countries, where due diligence should be focused. The compliance burden will probably be eased by regional and international certification bodies to which multinationals will signal their adherence to ESG standards, with the former then delegating the latter monitoring, auditing recertification tasks.

Moreover, regulators, such as the EU, in the process of finalizing a major new corporate sustainability due diligence directive, will take into consideration the enormous effort required to monitor the length and breadth of supply chain networks. As with similar directives, it will likely urge multinationals to report what they can at the outset, which might amount to just 10 per cent of its suppliers. Critically, though, boards will need to demonstrate progress over time which, in the regulators’ eyes, will be more important than base-level starting points.

In terms of where companies initially concentrate their due diligence efforts, there are two possible options. They might start in low-risk jurisdictions where it is easiest to conduct checks and data is readily available, so that they learn and develop processes that equip them to proceed to more difficult territories. Alternatively, they could begin where compliance is most important, which would be, as I suggested earlier, the highest-risk sourcing countries. There are arguments in favor of either approach, although, I would say, it makes sense to start with the most challenging suppliers or countries.

Of course, should multinationals find weaknesses in suppliers’ ESG adherence, they would be best advised to incentivize – not pressure – them into being more compliant. Ultimately, though, corporates must ask themselves whether they are comfortable about the level of risk they have identified. Reporting for regulators like the EU will not be about declaring there is very low, insignificant risk across your supply chain. Nobody expects that. Nor is that the goal. Rather, it’s about understanding and monitoring risk to decide whether it can be carried, or an alternative supplier needs to be considered.

Increasingly, ESG credentials will become as, if not more important, than cost when corporates select suppliers because of the growing compliance monitoring bill and the possibility of hefty fines for non-compliance. Boards will never be able to eradicate risk in their supply chains, however a strategic approach to mitigating and managing it will enable them to stay on the right side of regulators and investors.

Cvete Koneska is head of advisory services at the geopolitical and security intelligence service Dragonfly.

Why Companies should Ditch Siloed Approaches to Risk

most viewed today