
Editor’s note: NeuGroup’s online communities provide members a forum to pose questions and give answers. Talking Shop shares valuable insights from these exchanges, anonymously. Send us your responses: [email protected].
Context: Wars in Eastern Europe and the Middle East as well as increasingly strained ties between the U.S. and China are key reasons geopolitical risks rank high on the list of threats facing multinational corporations. In the NeuGroup 2024 Finance and Treasury Agenda Survey, respondents named geopolitical conditions their fourth biggest risk, behind interest rates, cyber risk and the economy. Few of us will be surprised if geopolitics jumps a spot or two in the 2025 survey—depending, in part, on the outcome of the U.S. presidential election in November.
A recent article by consultants at WTW addressed the value of applying an enterprise risk management (ERM) framework that brings an adaptive and resilient strategy to geopolitical risks. Contrast that with what the authors say has traditionally been a siloed and reactive approach that does not adequately consider long-term strategic implications. Managing geopolitical risk through an ERM lens allows companies “to view potential threats holistically, ensuring your response is coordinated across your entire organization,” they write.
The question below is from a member of NeuGroup for Enterprise Risk Management, led by NeuGroup director Ted Howard. The topic of geopolitical risk has come up regularly in group discussions as the frequency and severity of those risks has risen in recent years, going beyond supply chain disruptions, Mr. Howard said.
- “Companies have started to analyze more of their global operations and their exposures,” he added. “They’re looking more closely at how all the emerging risks could merge and cause chaos.”
Member question: “Is geopolitical risk an ERM risk for your company? Historically, we have incorporated it into our other ERM risks. During our annual ERM program review with the executive team, we were asked to break out geopolitical risk into its own risk category. I’m curious how others handle this risk within their programs.
- “Is geopolitical risk a separate ERM risk?
- “How do you structure it to avoid overlap of risks such as public policy?”
The member told NeuGroup Insights that part of the discussion about whether to break out geopolitical risk involved “how we would monitor and manage the mitigations processes for geopolitical; this is still being discussed.”
- She also provided this context: “We have 20 ERM risks and we work to ensure the definition of each risk has minimal overlap. Overlap can easily occur if you are not cognizant of it. For example, trade sanctions are often thought of when discussing geopolitical risks. In our program, they are in public policy risk along with other regulatory/policy risks.”
Peer answer 1: “Yes, we have had geopolitical risk as a separate risk for a couple of years now. It focuses on things like political relations at the government level, impact of global elections, impact of political polarization, security concerns, etc. We have a separate regulation risk that focuses on public policy topics such as federal and state legislation, judicial rulings, impact of regulatory bodies, etc.”
Peer answer 2: “Here’s how we have approached it: Annually, we do a ‘macro risk scan’ where we assess top broad risk trends, by analyzing thought leader reports. One of those trends has been geopolitical risk. So in that report we list geopolitical risk as a risk trend, and we outline the implications for our business and how we are managing them.
- “However, for us, it is not listed as a formal enterprise risk. Those tend to be more squarely linked to our strategy, competitive environment, specific regulatory issues for our industry, and critical internal initiatives.”
Follow-up question: “Thanks for sharing. Do you align your formal enterprise risks under the macro risks/trends or are they just addressed in parallel with each other?”
Follow-up answer: “I would say in parallel, but in sequence. We do the macro risk analysis at the front end of the strategy process to lay out trends, but the formal enterprise risks stand on their own at the end of the strategic planning process.”
Peer answer 3: “Geopolitical risks (as a category) are front and center of our risk universe. We have two major risks/threats: changes to export regulations that would cut us off from our major markets; and, as a consequence, fragmentation of our global industry.
- “Our risk review committee (RRC) reviews the former quarterly, and the latter as part of a quarterly horizon-scan on the basis it hasn’t happened yet and we are trying to spot the signs.”
Follow-up question: “Thanks for sharing how you use geopolitical risk as a category. Under your two majority risks/categories, do you have a defined subset of risks or do you focus specifically on those top two?”
Follow-up answer: “We don’t use ‘risk categories’ as, for us, it wouldn’t add value. We have a relatively small number of what we call ‘Class-1’ risks that the RRC monitors. We describe each risk using bowtie methodology, listing causes and impacts. The causes are usually uncertain, but we don’t drill down to make those into full risks.”
NeuGroup Insights asked the member who posed the question what value the peer answers provided. “Hearing from others helped to confirm that we would be aligned with other corporations in breaking out geopolitical risk as an individual risk,” they said.