Some of the complex sets of risk that impact businesses as a result of the Ukraine crisis include:
- Business Interruption – the Russo-Ukraine conflict has exacerbated the impetus for organizations to ensure that their business continuity and enterprise resiliency programs are working well to sustain critical business activities while adapting to emerging threats.
- Regulatory and legal compliance – organizations have had to engage in the largest regulatory and compliance exercise – the identification, interpretation, and adherence to the sanctions imposed on Russia.
- Supply chain disruptions – as global markets tighten, resources (e.g., certain food types) become scarce and sanctions and tariffs increase, and the ability to source products or services becomes increasingly challenging across the value chain.
- Cyber threats – the growing digitalization of the world and increased cyber activity because of the Russia-Ukraine conflict raises concerns of how cyber attacks may influence operating models.
- Human Capital concerns – businesses are looking for ways to support impacted employees in the best way possible, including having open lines of communication, focusing on mental health, and championing total rewards (including insurance cover and medical/travel reimbursements).
- ESG considerations – organizations are being scrutinized for corporate action (or inaction) around environmental and energy concerns following sanctions on Russia, helping displaced Ukrainians with basic needs, and conducting due diligence in governance when doing business in the conflict zone.
“Identifying and understanding the relevant risks, some insurable and others not, will ensure that business leaders are able to make more informed decisions to protect and grow their organizations as the conflict continues,” says Ladd Muzzy, Aon’s Enterprise Risk Management and Global Risk Consulting Director.
How can businesses codify the potential effects of risk on factors such as capital, resources, revenues, costs, and equity value?
A Framework for Action
There are specific factors to consider on how the conflict will impact organizations outside the immediate conflict area. These include the length of the conflict and the micro- and macroeconomic scale and impact of events.
In each case, risk may manifest itself in a variety of ways. The investments made by organizations to build scenarios based on these factors can be useful, regardless of whether they are immediately operational or on-hold until the need arises.
“These variables are only a few of the many considerations and decisions facing organizations today,” says Tony Adame, Aon’s Business Continuity leader. “There is also the possibility that, should things get worse, such as China’s military backing of Russia or further U.S. sanctions on Chinese companies, many of the risks will grow both in frequency and severity.”
With no guarantee as to when the conflict will end, an organization must begin to plan should it go on, or worse, escalate further. “Organizations should evaluate the length of the conflict in their decision making; for example, shorter or longer than six months,” says Muzzy. “Of course, this timeframe is somewhat arbitrary, and organizations will need to constantly evaluate and re-evaluate their actions.”
In the near term (under six months) the expectation is that things will begin to improve or largely stay the same. Sanctions against Russia have been imposed or are being considered on a variety of goods and services including:
- Financial (SWIFT access, gold sales, freezing of assets); energy (its supply and distribution),
- Commodities and minerals like aluminum and nickel (e.g., to manufacture and replace technology), and
- Other supply chain disruptions.
In the long term, the effects of new and existing sanctions may become more pronounced as governments try and do more to hold Russia accountable for its actions. There are also the add-on effects of the global economy tightening, including the potential for increasing inflation, the possible fall in demand for fossil fuels, and the near shore or onshore of supply chains.
- Scale and Impact
The scale and impact of events resulting from government policy range from minimal to none (e.g., for small U.S. organizations) to significant. However, as the web of sanctions gets more complex, monitoring and compliance obligations will increase, along with the risk of violations, regardless of how big or small an organization is.
Other risks may manifest themselves in harmful ways. Chief among them are cyber attacks, which, to date, have not been significant nor overly frequent. Macroeconomic factors, such as central banks looking to continue to tighten fiscal policy and raise interest rates to address inflation are also at play. Pandemic concerns remain, albeit much improved in the U.S., EMEA and APAC. On the other hand, some parts of the world are seeing an increase in cases, which is already affecting production and distribution of goods and services.
Framework for Strategic Considerations
Exploring scenarios through a framework can guide decision making. Considerations fall into four primary quadrants depending on the scale and impact of events and the conflict’s potential duration.
- Immediate, Multi-Facet Treatment: Perform a business model review and risk evaluation to understand how things are changing, the implications on strategies, key stakeholders, vendors, and your overall risk profile. Assess independent responses to unique risks. Understand risk relationships which may exacerbate your organization’s exposure.
- Develop real options of potential actions: As actions become possibility, there must be a consideration of capital, resources, and time across the value chain. Decisions stem from the ability to abandon or divest existing practices, processes, or relationships; further act to address unwanted exposures; or to delay activities. Develop hypotheses to prove or refute.
- Return to normal: As actions become possibility, there must be a consideration of capital, resources, and time across the value chain. Decisions stem from the ability to abandon or divest existing practices, processes, or relationships; further act to address unwanted exposures; or to delay activities. Develop hypotheses to prove or refute.
- Monitor – triggers to act: Create measures and metrics to track how things are changing and points at which your organization may need to act. Set the course of actions and decisions necessary to act quickly when things are about ready to change.
The effects of the Russo-Ukraine conflict on business and resulting organizational response will depend largely on whether they have direct or indirect business, operations, or individuals within the conflict region. “For organizations outside the conflict area, certain factors, such as employee presence, will be less pressing,” Adame, explains. “The focus instead will be on sanctions, compliance with those sanctions, and inflationary pressures, their effects on increasing costs, and continuity of the supply.”
Fortunately, organizations have a variety of options available to them to navigate through these turbulent times, including considering risk financing for the recovery of potential financial losses. “As your organization prepares for the possible outcomes, it’s best to create an even number of scenarios to avoid defaulting into the “middle” scenario,” Adame advises. “The goal is not to remediate the tails but to determine the most probable outcome given the information you have today.”
“The conflict is dynamic, changing every day,” he adds. “Your review and response should be reflective of that as well.”
Businesses should also consider exploring how scenarios may play out over the different time periods that have been identified. While the above matrix offers one possible solution, it may be more beneficial to break the time periods into smaller ones. Also, it may be beneficial to understand the potential longer-term impacts of scenarios within a year and three- to five-year periods.
“There is no doubt that the Russo-Ukraine conflict has far reaching implications for organizations around the globe,” says Muzzy. “Adopting a framework to systematically think through various scenarios will enhance decision making and allow for agile tactical risk management.”