Ukraine crisis and political risk demands change in risk management mindset, says security expert

Risk managers must think big and take a more holistic approach to risk management to best deal with the many risks thrown up by the Russia-Ukraine war that are simply not black and white, advises Cvete Koneska, head of advisory at security intelligence firm Dragonfly.

She believes companies need to both think and feel their way through the crisis, keeping ethical behaviour front of mind, and feels risk managers are well placed to take a leading role in crucial decision-making processes.

Koneska told Commercial Risk that in her experience, many of the big multinationals have learnt risk management lessons from Covid-19 and have the risk management frameworks in place to cope well the threats thrown up by the conflict. But she said there is always room for improvement and the best organisations must adapt plans to the new risk scenario.

The security expert said the risks facing companies from Russia’s invasion of Ukraine will vary by company and sector.

“The risks depend on the physical footprint companies have in Russia or Ukraine, how many people they have, their data or revenue. There is so much to consider, to determine individual company risks. But I think the bottom line is it is never going to be one single risk. There will always be more than one, especially in a complex conflict such as this one,” she said.

The big challenge for risk managers, said Koneska, is getting the risk mix right and understanding how risks interact with each other and impact objectives, before deciding on the best management and mitigation tools.

But crucially, she advised taking a high-level, holistic approach to risk rather than focusing on individual threats, which could result in other issues being missed.

“That really should be the highest priority now for risk managers. Rather than approaching things piecemeal risk by risk, they need to take a more comprehensive approach and find the right balance of measures that can reduce those risks. That will depend a lot on your sector, your exposure and so on,” said the security expert.

“I am not saying ignore the individual risks, but that piecemeal approach may cause you to miss some dependencies and some of the mitigation for one risk can also reduce another. If you evacuate a lot of your people from Ukraine, you are obviously reducing your security risk but you might also reduce risk to data and equipment. It’s about getting into that mindset to think comprehensively about the risks. This is the exact sort of scenario when you really need to think big,” she added.

As well as thinking of the big picture, Koneska urged companies and their risk managers to think fluidly and beyond pure financial numbers in order to deal with many of the political risks thrown up by the crisis. This requires a change in mindset and there is room for improvement, she added.

“The legal risk from sanctions or security risks if you have people in Ukraine are not black and white. So many of the decisions facing companies are a bit less clear cut than in some other risk areas,” she said.

“There is a little bit more grey here. I think to be able to navigate that grey space, businesses and risk managers require a bit more fluency in the language of politics and geopolitics and what that means for businesses. Business are very good at numbers and profits but not many so far have been aware as actors in the political space. I think this crisis is really bringing that to the fore, especially for the large multinationals,” continued the political risk adviser.

She said it is no longer possible or sustainable for businesses to only care about numbers and they must increasingly consider ethical behaviour when making decisions. This lesson is being brought home loud and clear by the Russia-Ukraine crisis, she added.

“That is where I see a need for improvement and that is where a lot of people come to us for advice. But the fact they have come to us means they have identified that gap and the fact they have potentially not been equipped well enough to navigate that language and space, and have now found themselves in a situation where they need to. So, these are slightly more complex decisions to make,” said Koneska.

And because ethics are as much a consideration as financials in several of the issues arising from the conflict, reputational risk is a big threat facing multinationals.

It is a big risk and a lot of the big multinationals are struggling to make a decision and consider all the reputational fallout, said Koneska.

For example, it is not a matter of just complying with sanctions, it’s about your values and what you stand for, she added. And Koneska believes risk managers should be involved in these discussions.

“Brands nowadays can very quickly suffer reputational damage. These are board-level decisions but I think risk managers have a role to play. They need to be able to outline clearly the risks of different scenarios and courses of actions, and be able to present the decision-makers with as realistic an image as possible of the risk landscape out there,” said Koneska.

“Risk managers need to be part of this conversation about how companies comply with sanctions. Risk is integral to the compliance conversation. Risk managers will be able to see the effect that risks that impact the different levels of compliance will have on the different parts of the business, whether it’s profit, people, market share or competition. So they have a big part to play in making organisations more resilient to sanctions risk,” she added.

“There is very little precedent here and you need to think and feel your way through this,” she advised risk managers.

Risk managers are also critical to the wider crisis response, according to Koneska. And from what she sees, organisations are well prepared and have learnt lessons from Covid-19. But as ever, the best companies and risk managers will be able to adapt their plans to new scenarios.

“Organisations with a mature risk management framework ideally should have arrived at this point well prepared, with the right tools and organisational setup to enable risk managers to play that critical role by pulling critical resources from across the organisation, rolling out the right risk management measures and so on,” said Koneska.

“It is still early days but from what I see, I think a lot of organisations came to this well prepared. I think Covid was a good crisis exercise. Those organisations that really invested in their risk management and crisis management should be in a good position to respond to this latest crisis, with the internal resources and tools to do their job properly now,” she said.

However, while you can learn from other crises, the best organisations and risk managers will be flexible and adapt plans to account for the individual situation,” she added.

Back to top button