Companies, their management, and the boards that oversee them are no strangers to emerging risks. In recent years, they have had to navigate such threats as supply chain disruption, foreign corruption, and all manner of technology-fueled threats and cyber-disruptions.

All of that may have been good training for some of the biggest challenges they have yet to confront.

Geopolitical risk is certainty nothing new. It is a broad definition, applied globally, to such threats and disruptions as taxes, tariffs, trade battles, financial and supplier uncertainty, commodity supplies, corruption, political swings, and declarations of war.

What is changing, these days, is the nature and severity of these risks and a cloud of uncertainty that surrounds them. There is an ever-swaying pendulum between regulation and deregulation; a global shift to populism and nativism; developing trade wars; international unrest; ever-shifting sanctions; and increasingly tense relationships with allies even as olive branches are extended to traditional enemies.

“Historically, the U.S. has been viewed more as a unifier that was in lock step with our allies. Obviously, the current administration has changed that and taken a more nationalistic approach, particularly as it relates to trade imbalances. That’s causing disruption, uncertainty, and confusion.”

Jon Shames, Leader of the Geostrategic Business Group, EY

Among the upcoming events to watch: the aftermath of a U.S. summit with North Korea; Russian sanctions; disruptions in oil prices and production; the Iranian nuclear deal; Brexit; three-way trade battles between the U.S., Canada, and Mexico; and the election of a Mexican president. Any combination of these events could be a boon or disaster for individual companies.

Ground Zero of these geopolitical shifts is the United States under the current presidential administration. Once a steady rock in an unstable world, America is now a catalyst for much of the world’s uncertainty.

Nearly all companies need to ask: What’s their exposure to geopolitical risk, and how can they both prepare for present problems and predict what will vex them in the future?

EY’s Center for Board Matters has done considerable research on anticipating and planning for geopolitical and regulatory changes.

Boards, it says, must understand, prepare, and respond to geopolitical forces with “a deep understanding of the company’s strategy” and swiftly pivot from current strategy when necessary.

“Historically, the U.S. has been viewed more as a unifier that was in lock step with our allies,” says Jon Shames, leader of EY’s Geostrategic Business Group. “Obviously, the current administration has changed that and taken a more nationalistic approach, particularly as it relates to trade imbalances. That’s causing disruption, uncertainty, and confusion.”

“A lot of companies are taking a step back and trying to figure out how much of this is negotiation, versus how much of this is a view that is going to last long term and be more permanent,” he adds. “It is causing a lot of uncertainty, which also plays into the other issue we are hearing in the boardroom from institutional investors on the need for creating long-term value. It is awfully hard to place long-term investments when you have this level of uncertainty.”

Questions for the board to consider


The following is from the EY report “Anticipating and planning for geopolitical and regulatory changes.”


Are geopolitical and regulatory opportunities and risks considered as part of the strategy setting process and embedded into the company’s risk management process and controls?


Does the management team utilize a robust framework to identify and assess relevant geopolitical and regulatory factors?


Does the board have complete visibility around the potential geopolitical and regulatory impacts that the company faces?


Is the company approaching such impacts only from an “event” lens or as part of a broader sociopolitical analysis that is updated with dynamic, holistic monitoring?


Does the board understand management’s process for mitigating geopolitical and regulatory risk through scenario analysis and stress testing?


If shifting geopolitical or regulatory risks challenges management’s critical risk assumptions, is the company prepared to effect a strategic pivot? And has the board reviewed and provided input?


For operations in high-risk jurisdictions, does the organization have robust processes and controls to protect against bribery and corruption? And does management have sufficient understanding of the geopolitical and psychological drivers and enablers of corrupt behaviors as well as controls to prevent and mitigate such behaviors?


Does the board have the right directors, committee structure and access to information to oversee key geopolitical and regulatory risks—and to challenge management?


Source: EY

One of the most important things companies can do is evaluate their current board’s expertise, says Steve Klemash, Americas leader for EY’s Center for Board Management.

“There is a lot of discussion around board composition, board committee structure, and who has responsibility for risk management,” he says. “What’s not discussed, as much, is how management is addressing these issues. Are they addressing geopolitical risk in a comprehensive fashion? What is their comprehensive approach around strategic implications, and financial reporting and compliance implications? What analysis tools are they using? Are they comfortable relative to what management is doing about these risks?”

Klemash routinely hears from boards that they are spending so much time dealing with regulatory burdens they are not getting to explore strategic opportunities and look at opportunities to position themselves for the long term. They are also consumed with putting out “fires” that pop up on an almost daily basis.

“They get paralyzed at times by the headline news,” he says, explaining that responses are often event-driven, rather than created with a big picture, longer-term view. Companies should be developing geopolitical scenario plans and stress testing against them. Consequently, they “run the risk that they are off chasing their tail over one-off things as announcements come out, instead of building a comprehensive framework around these risks.”

Because geopolitical issues are complex and often unpredictable, it is tempting to view them as impossible to prepare and plan for or control. A recent EY report, however, makes the case that geopolitics are not a problem to solve, but an external business force that must be understood and managed.

The board, it says, should set the tone for confronting this challenge by understanding management’s framework for analyzing and managing geopolitical threats and opportunities. At its core, management’s approach should involve a process for “understanding, preparing, and acting.”

Companies also need to make sure they have the right people in the boardroom to effectively oversee geopolitical developments, EY says. For some boards, that may mean having a director with specific regulatory or public policy expertise, or expertise relevant to volatile markets where the company operates or plans on operating in the future.

“I think board members get this. I just don’t think they always know what to do,” Shames says. “This is an emerging science.”

“Companies are very focused on digital disruption, but we think geopolitical disruption is just as important,” he says. “Companies get it; they just don’t have the tools and the processes to be able to figure out what to do. They have a long way to go. We are at the beginning of a learning curve, but we are going to see better and better actions.”

Companies should consider potential impacts to their supply chain (for example, how trade agreements or military conflicts could impact operations), human capital (how immigration laws may affect the ability to attract and retain talent), corporate functions, and stakeholders.

Among the tools companies can turn to for these assessments and analysis is a PESTLE (political, economic, social, technological, legal, and environmental) analysis, a framework adapted from COSO’s 2017 ERM update as an approach for analyzing the external business environment.

Coupled with a comprehensive ERM framework, it can help steer companies toward identifying the geopolitical threats and opportunities most relevant to their strategy, or operations, the EY report says.

The results of the PESTLE analysis can then be used to determine the threats and opportunities that can then be incorporated into a SWOT (strengths, weaknesses, opportunities, and threats) analysis to further help organizations assess their internal capabilities relative to external opportunities and threats.

Geopolitical considerations




What are the critical political factors and developments? What are the expected changes and implications from pending elections or electoral results?


What is the nature and extent of government intervention and influence?


Developments to consider include: governmental stability, taxes and taxation policies, intergovernmental cooperation, government expenditure levels, foreign trade relations (balance of trade between countries, trade restrictions, tariffs).




What is the current and projected economic environment?


Would market diversification offer stability in the company’s growth and performance?


Are there significant barriers to entry?


Developments to consider include: monetary policy (interest rates), fiscal policy, inflation, foreign exchange rates, availability of credit, GDP growth, growth of developing economies, unemployment rates, labor supply and wage rates.




What cultural aspects, demographic and consumer trends are important and how are they evolving?


Developments to consider include: customer needs or expectations, population demographics (age, education levels, distribution of wealth), changes in lifestyles and trends.




What technological innovations are emerging and how will these impact the company and society at large?


Is the company able to sustain quality in its product or service delivery?


Are there opportunities to enhance the company’s management systems to better support various business processes?


Developments to consider include: R&D activity, automation and technology incentives, rate of technological change or disruption, speed of transfer, innovation.




What current, impending and proposed legislation could impact the company and its industry?


Is the rule of law enforced?


Developments to consider include: laws (data protection and privacy, employment, contract, consumer, health and safety), regulations, industry standards.




What are the environmental and ethical considerations?


Developments to consider include: natural or human-caused catastrophes, ethical and fair business practices in local jurisdictions, ongoing climate change, changes in energy consumption regulations, waste disposal standards, attitudes toward the environment, other sustainability matters.


Source: EY

“Risks and opportunities identified through the PESTLE framework, however, can change rapidly, requiring a dynamic process for monitoring, communicating, and updating an organization’s risk profile, the EY report says. “Monitoring threat levels for many geopolitical- and regulatory-related risks may require deep trend analysis, tracking of complex leading or lagging indicators, and qualitative and quantitative business intelligence reporting … Key indicators should be identified and tracked to monitor for changes that could invalidate the company’s underlying strategic assumptions or that could open up new strategic opportunities or prospects.”

Once risks and opportunities have been identified and assessed, companies can respond by accepting, mitigating, eliminating, or transferring risk, or strategically pivoting to seize opportunities—all while avoiding knee-jerk reactions.

Contingency planning for geopolitical factors should focus on designing and testing responsive controls. EY suggests that these may include a range of stress-test exercises, including tabletops, quarantines, and resiliency plans.

“Look for opportunities along with risk,” Klemash advises. “What you don’t want to do is go about this in a very siloed way. In the context of strategy, you need to need to have scenarios. You need to do due diligence and stress testing, and you need to be agile.”

An evergreen complexity facing companies is keeping abreast of international sanctions regimes, a constantly moving target of people, places, and things.

“Failing to keep an eye on the implications of geopolitical events because their compliance team is too overburdened will serve as no excuse when a bank is caught flat-footed in formulating its response to new restrictions,” warns Oliver Bodmer, senior product manager at SIX’s sanctions compliance division. SIX is a global central infrastructure provider that facilitates the flow of information and money between banks, traders, merchants, investors, and service providers.

“In light of the U.S.’ recent withdrawal from the Iran nuclear deal, compliance departments are once again grappling with another bevvy of regulatory obligations,” he says. “Smart financial institutions understand that it is not enough to simply be aware of and ready to comply with potential sanctions. It is equally important to have systems and processes in place to proactively and accurately gather and translate voluminous amounts of financial data to target risky securities and safeguard client portfolios.”

Ambassador David Pressman was appointed as the U.S. ambassador to the United Nations for Special Political Affairs by President Obama and represented the U.S. on the United Nations Security Council. He has also served as the senior U.S. negotiator on international disputes and previously led U.S. negotiations with China to develop multilateral sanctions in response to nuclear activities on the Korean Peninsula.

Pressman has also served as the assistant secretary of Homeland Security. With George Clooney, Brad Pitt, and Matt Damon, he co-founded Not On Our Watch Project, a leading advocacy and grant-making organization focused on raising awareness about mass-atrocities. He is currently a partner with law firm Boies Schiller Flexner.

Geopolitical, defenses, he says, need to approach issues from multiple perspectives.

“Compliance officers don’t generally focus on or appreciate the nexus between homeland security and national security,” he says. “There is a natural focus from compliance officers on street-level bureaucrats, and I don’t use that term pejoratively, such as the Securities and Exchange Commission’s attorneys or whoever it may be that’s on the enforcement end of what they are they looking at. The real strategic challenge for those in leadership positions of complex multinational organizations and their sanctions exposure is to look beyond the immediate decision making of street-level enforcement offices within the government, and look more upstream.”

Specifically, companies must deal with day-to-day policy implications, but also understand the strategic motivations of other organizations in the government’s national security space. Where is the government devoting its security funding? The problems it is trying to address may someday be your problems.

“There is a lot more work that goes into enforcement efforts, whether they are sanctions or the Foreign Corrupt Practices Act, or whether it may be that companies are confronting,” Pressman says. “If you want to mitigate risk, you had better be including these sorts of broader considerations and strategic considerations that are shaping the actions on the blunt end of enforcement.”