Geopolitical risk is at the top of the CEO agenda, according to McKinsey’s latest survey of global economic conditions. In the face of fragmentation and uncertainty, many business leaders are responding by intensifying their focus on resilience.
For the past three decades, going global meant unlocking specialization and scale, developing markets, and creating multinational corporations. In 2021 alone, low interest rates and ample cash led US firms to spend $506 billion on foreign mergers and acquisitions.
But the orthodoxy of globalization is under strain. The latest salvo: multiple disruptions triggered by Russia’s invasion of Ukraine. The world seems to be tethered to crisis, or the threat of it. CEOs need to know whether they can still remain global players and, if so, how.
Looking ahead, the challenges are likely to only become more acute. According to the US National Intelligence Council’s Global trends 2040 report, in the next two decades, competition for global influence is likely to reach its highest level since the Cold War: “No single state is likely to dominate all regions or domains, and a broader range of actors will compete to advance their ideologies, goals, and interests.”
Amid these challenges, the value of resilience is on the rise. That is why McKinsey and the World Economic Forum launched the Resilience Consortium earlier this year. The consortium aims to convene government ministers, chief executives, and heads of international organizations to develop a common resilience framework for public- and private-sector organizations. Leveraging the principles set out in the framework, the consortium can hope to achieve more sustainable, inclusive growth amid external shocks.
To be sure, many global executives have an intuitive sense of where to focus initially to build resilience. However, most are seeking a more rigorous and analytical approach to fostering geopolitical resilience and to creating an enterprise-wide “resilience premium.”
To address the geopolitical risks of the present—and future—leaders should challenge their organizations on six key dimensions of resilience: business model, reputation, organization, operations, technology, and finance (exhibit).
1. Business model resilience
“Organizations that take a serious, systematic, and senior-driven approach to political risk management are likely to be surprised less often and recover better.”
– Condoleezza Rice and Amy Zegart, Political Risk: How Businesses and Organizations Can Anticipate Global Insecurity (Hachette, 2018)
Building business model resilience starts with the board. To exercise effective oversight and decision making, boards need to first develop an understanding of geopolitical developments that are material to the organization.
While most board members will have a “high altitude” perspective on specific risks, individual members may vary in their insight and interpretation, and the aggregate view may fluctuate as board membership evolves. To establish a benchmark for resilience, organizations should take a systematic approach to radiating insights on geopolitical developments and trends to the board and leadership team. This may take the form of analytical products, briefings, or scenario exercises—anchored not on the “what” but on the “so what” and “now what.”
Second, the sheer pace and volatility of geopolitical developments means that boards should not waiver in paying attention. They should dedicate time at each meeting to discussing relevant topics, and convene as necessary in the interim.
One way to focus and structure the board discussion is to identify priority geopolitical risks. Boards could leverage a tiered approach, with tier five denoting markets with the highest level of geopolitical risk and tier one denoting markets with localized risks that can be managed by local leadership and teams.
For many boards, the higher-tier markets are often identifiable. Questions we hear from CEOs on business model resilience in high-tier markets include:
How should I think about my corporate footprint and intellectual property amid geopolitical tensions?
Should I view my operation as a separate region that is carved off to insulate it from geopolitical tensions, or does the lack of direct control itself generate risk?
How should I view my relationship with my joint venture partner in the near, medium, and long term?
How do I manage extraterritorial and/or contradicting legal, tax, or regulatory requirements?
Is there a point where I will be forced to exit, and how I do work backward from that point?
In addition to grappling with these strategic questions in a top-tier market, boards also need to manage the longtail risk of operating across multiple tier-one markets.
To do so requires organizations to establish a mechanism to conduct regular global market scans and to assess in a scorecard fashion across internal teams—legal, security, finance, risk, and communications—the aggregate risk (versus opportunities) of operating in a particular market. These teams can provide recommendations to the board on options to recalibrate market presence or evolve the legal and financial structure of the organization. Their efforts can be coordinated by a dedicated geopolitical risk unit that may sit within an organization’s finance, government relations, legal, risk, strategy, or other teams depending on the organization’s structure.
Understanding and exercising oversight over geopolitical risk is necessary but not sufficient. The board should drive and direct the development of proactive risk-mitigation measures and crisis response with standing updates from teams on execution and material new issues.
2. Reputational resilience
“While there is a rising call for business to be more engaged in geopolitics, the call also extends to CEOs, who are expected to not only be the face of the new geopolitical corporation but they are also expected to shape policy on societal and geopolitical issues.”
– 2022 Edelman Trust Barometer special report: The geopolitical business
A first step to building reputational resilience is to strive for internal alignment around operations connected with geopolitically sensitive markets. In short, organizations need to know what they stand for (and what they are against).
Not every geopolitical crisis will comprise as sharp an inflection point as Russia’s invasion of Ukraine, in response to which many organizations have chosen to curtail or halt their Russia operations. In many cases, decisions will be less cut and dried. Therefore, organizations need to step back and parse out their stance on individual situations. One way to do that is to create market-specific assessments, or “compacts,” that fuse corporate strategy and risk management. These compacts should be clear in the organization’s priorities in high-risk markets and the criteria on which organizations assess and manage risks. They should also set out how to deploy the criteria in a way that is aligned with operational and performance goals. The risks could come in many guises, including financial, health and safety, legal, political, or reputational—for example, working with the public sector in countries governed by authoritarian regimes.
A clear stance is a prerequisite for the next step in building reputational resilience: developing a coherent values-driven narrative. Indeed, many organizations today are grappling with how to explain not just their stance but their core identity, notably around their presence in markets governed by authoritarian regimes. There is a recognition that the old arguments pegged to globalization and wandel durch handel (change through trade) have dimmed.
Based on our benchmarking of US-based multinational companies, we see three potential postures: proactive—for example, engagement is important for US competitiveness and leadership; reactive—for example, principled engagement with close attention to supply chain integrity; or silent—meaning generally avoiding public statements.
Whichever narrative an organization chooses, it needs to bear in mind that, in the age of instant information, the story told in one market won’t stay there. And a narrative that works in one place could inhibit market opportunities in another, or create sensitivities internally and among regions. In short, there is no silver bullet.
With a clear stance on the core of the narrative, the third step in bolstering reputational resilience is a robust government and public-affairs capability to communicate the narrative to key stakeholders. While the ultimate responsibility of articulating stance and narrative falls on the CEO, government and public-affairs professionals situated across key markets are critical to managing stakeholder relations, cultivating “air cover” in sensitive markets, and providing an escalation mechanism for CEO and leadership-level engagement.
3. Organizational resilience
“Geopolitical tensions are rising, leaving business in the line of fire. Suddenly companies’, and executives’, nationalities matter again. . . . Can we have peace in the company when the world is in turmoil?”
— Financial Times (May 16, 2021)
External geopolitical pressures are increasingly triggering internal pressures. The days of the borderless executive are receding. Indeed, nationality and cultural relativism are coming to the fore in discussions around stance, narrative, strategy, and risk appetite. These discussions can take place on multiple levels: between leadership and teams, regional and local offices, or global headquarters.
Points of internal debate cited by executives include:
- Are we a global organization headquartered in the United States, or are we an American company that is global in its outlook?
- To what extent should assessing the reputational risk around a particular project be indexed to a potential response from Western governments and media outlets in a multipolar era?
- How do we keep a “neutral stance” amid geopolitical tensions? Can a company have no “citizenship”?
- What kind of diversity of geographical cultural norms and standards is feasible and desirable in a global company when stakeholders (including media and even governments) in many countries increasingly challenge the norms and standards applied in other geographies?
- How should we reconcile perceived “double standards” around how leadership responds to different social and humanitarian crises across markets, from messaging to charitable giving?
In this context, developing organizational resilience is no longer just about maintaining cultural cohesion. It is also about sustaining a global ethos amid powerful centrifugal forces.
Three approaches can be taken to build organization resilience. First, organizations need to ensure they have inclusive governance structures, from the board to risk committees. These must reflect diverse geographic viewpoints and nationalities. If colleagues do not feel they are part of the discussion on shaping direction, or view discussions as indexed to a particular lens, the struggle for retaining global hearts and minds will be lost.
Second, leaders, starting with the CEO, need to have open and honest dialogues in appropriate fora. These should acknowledge global stresses and the ways they are felt internally, empower colleagues to air their views on stance and risk appetite, and create a common sense of purpose. For example, a critical message from corporate leaders amid Russia’s invasion of Ukraine is to differentiate condemnation of the Russian government’s actions from support for Russian colleagues.
Finally, organizations need to consider a range of targeted initiatives to promote connectivity and cohesion, from rotating colleagues in and out of geopolitically sensitive markets to sharing views (particularly as COVID-19-related travel restrictions ease), while also ensuring that screening and “insider threat” mechanisms are sufficiently robust.
4. Operational resilience
The aggregation of trade protectionism, the COVID-19 pandemic, supply chain crunches, and geopolitical flash points are stress-testing the operational resilience of organizations across the globe.
A priority area of focus has been and must remain protecting and pivoting supply chains. Supply chain operations should consider a range of resilience measures. In the near to medium term, these include creating a nerve center for the supply chain, simulating and planning for extreme disruptions, revaluating just-in-time strategies, and assessing the resilience of one’s suppliers’ suppliers as part of a full look-through approach. Efforts to diversify and build redundancy in supply chains must critically factor in the political risks of entering any new market through a detailed assessment across multiple risk indicators.
To achieve long-term structural resilience, however, organizations should consider measures such as constructing a “digital twin” of the most critical parts of the supply chain, creating and testing what-if scenarios, and ring-fencing a small part of the supply team to focus on building long-term resilience instead of day-to-day supply chain issues.
Supply chain security must be complemented by the physical security of one’s people. From Ukraine and Russia to Ethiopia to Myanmar, organizations in the past 18 months alone have had to secure and evacuate colleagues globally. Considerations range from maintaining redundancy in communication channels, aligning with security vendors on the ground, and keeping a low profile to mitigate any risk of retaliation should an organization decide to exit. As future flash points arise, investing in early-warning systems and extraction plans is essential.
5. Technological resilience
Organizations today are also confronting the strategic challenge of maintaining the global networks of yesteryear amid geopolitical fragmentation. Building technological resilience in this context requires accelerating planning and taking concrete steps in four key areas.
The first is navigating the “splinternet.” Geopolitical tensions, notably between the United States and China, are resulting in the internet splintering into regional variants and technology stacks. Companies need to balance segmenting their networks and differentiated use of laptops and devices across markets with maintaining consistent cross-connectivity and user experience.
Complying with data localization requirements is another area testing global IT architectures, as companies need to think through regulatory and other considerations.
A third area is managing data access. Organizations need to ensure appropriate compartmentalization of data as well as manage external cyber intrusions.
Paying close attention to ensuring resiliency against diverse crises is also essential. This includes the ability to effectively respond to cyberattacks, from recovering data to deploying new technological equipment across markets with speed as required.
6. Financial resilience
At the intersection of geopolitical risk and financial resilience are a number of issues that organizations need to carefully manage on an ongoing basis. These range from long-standing foreign exchange (and expropriation) risks to evolving sanctions risks.
Foreign exchange risks are, of course, well known to many organizations. From a rapid devaluation of currency in Sri Lanka amid the country’s worst economic crisis to controls on withdrawing funds in Myanmar following a military coup, companies have had to and must be prepared to deal with a range of constrictions, from paying their employees to moving funds. With the global economy roiled by inflationary and other shocks, these challenges may continue to manifest. Thinking through crisis protocols in advance and building out an early warning system around macroeconomic challenges are key resilience measures to consider.
Global sanctions and regulatory risks, however, are rapidly evolving and testing organizations, since the escalating application of sanctions and counter-sanctions across multiple jurisdictions is today at the core of geopolitical risk. These measures can be existential in terms of a company’s ability to operate in a market. Compliance with one jurisdiction’s laws can risk running afoul of another’s. Resilience in the face of the growing global weaponization of trade and investment requires not just having a precise understanding of ever-shifting regulatory regimes and a robust compliance capability but also driving a culture of compliance with the organization itself on an issue with no room for error.
“We are more conscious of the risks but don’t have a lot of good ideas.”
For many organizations, this observation by the global head of government affairs of a Fortune 500 company rings true. Yet every organization faces a unique set of circumstances. With that in mind, the above framework is offered as a starting point for internal discussions on how to develop appropriate solutions. The new normal requires a new CEO mindset. That means making geopolitical resilience a strategic priority that will both protect the organization and lay the foundations for long-term competitive advantage.