The War in Ukraine, Multinationals and Risk Management


By Paul Bracken

While media attention focuses on the military and humanitarian aspects of the war in Ukraine the huge implications for multinational corporations get very little attention.

Two major themes stand out here.

First, many companies will be swept up in the impassioned media stories of the war and overlook the more fundamental need for a disciplined assessment of political and social risks. Most companies want to do the right thing. But without a careful evaluation they will be sucked into the emotional and political hysteria that often comes with political and social conflict.

The second theme is the precedent that companies pulling out of Russia has established. Getting out of Russia is pretty much of a clear cut case.

It’s an easy call for many reasons. Future political and social risks won’t be so stark. They’ll be a lot more complicated.

Should multinationals come clean on their ties in China?

What about Hungary?


What about African nations?

Outside critics argue that pressuring companies to get out of Russia shows that shaming businesses is a high profile tactic for their other political and social projects.

In the face of these major points we can look to one of the lessons of the Cold War, a lesson that’s still useful today. It’s the need to think through the dynamics of crises before they happen.

Who exactly is in charge?

Have they prepared beforehand by gaining relevant knowledge?

What is the checklist of things to consider while in a crisis?

How to recover reputation after the crisis is over?

In the middle of a crisis these questions won’t get the attention they need. There’s too much emotion, fear, and even panic. Companies need to think through how they assess political and social risks before they occur – that is the overwhelming lesson, not just from many crisis post-mortems, and also from academic and business school studies.

These problems aren’t going away after the Ukraine war is over.

They’re going to become more important as anyone who looks at today’s corporate environment can see. The Ukraine war is, likely, a rare, one-off event.

But the increasing frequency and intensity of social and political conflicts isn’t. Whether it’s the NBA or Apple in China, or a U.S. tech giant threatened with costly new regulations in the EU, companies need a systematic approach to deal with political and social conflict.

Politics can be a fractious place. Moreover, politicians are better at this game than most CEOs will ever be. After all, they do it for a living. And there are plenty of people who would love to mobilize a company’s good name and reputation for their cause. Or to advance some wedge issue to take out a company for their own personal agenda.

Game theory teaches that while it takes years to build a reputation, it can be lost in a single day by the mismanagement of some high profile risk. Look at Credit Agricole. This French investment bank had a good brand and solid reputation. It built this over many years.

But in 2015 they were caught running $ 32 billion of payments from Sudan, Cuba, and others through their New York office. They wound up paying nearly $ 800 million in fines to regulators, with a huge hit to their brand. Perhaps of equal importance, they got on the U.S. and New York State regulators’ radar screen.

As a result they had to dial back their risk appetite over a wide range of unrelated deals for fear of being accused of breaking the law a second time. Other financial institutions hesitated to do deal with them for fear of getting extra intense regulatory attention.

So what does a multinational corporation do in a world of growing political and social conflict?

Companies should start with asking themselves a basic question “Do we really know what we’re doing in this very different game?” Having worked with many companies it’s amazing to me that this question is rarely asked. There’s an unfounded feeling that political and social risks will somehow be dealt with, by someone, somehow.

This absence of forethought leads to a set of harmful, but predictable, decision patterns. One is that it lands on the CEO’s desk – largely because it doesn’t belong to any other department. Call this the “CEO risk” approach. Yet the vast majority of CEOs have little background or knowledge of political and social conflicts. But they need to appear like leaders. So they “wing it,” without any framework or staff work behind their decision.

In the CEO approach to risk management the long run consequences of a decision are subsumed to the immediate gut feeling of a single person. While this instinct may be a good one, and it may even be correct, it bets the future of the company on a hunch, a feel, for the situation.

A capital expenditure of any size would get far more staff review.

Yet the potential billions lost in making the wrong call in a fast moving crisis, in shareholder value, reputation, and heightened regulatory scrutiny dwarfs almost any bad capital expenditure.

Military officers would look at this situation with an immediate reaction: “Sir, you need to staff this out.” Some review process to look at the issue free of emotion, and to examine various “What if” branchpoints is needed. Going with your gut in war means lost lives. In business it can mean billions of dollars of destroyed value.

Absent a disciplined emotion free process the CEO is making a huge bet on something he or she probably hasn’t thought very much about. A CEO knows a lot about marketing, finance, HR, and operations. But about the way political and social conflict could impact the company?

Probably not. Too often, this CEO risk approach leads to aping whatever frame of reference the headlines are screaming. The result is overly hasty decisions without regard for their strategic consequences. In some cases it leads to panic.

There are scale changes in the risk environment that bear on managing political and social conflict. The huge sanctions put on Russia by the United States has expanded the apparatus for monitoring compliance with sanctions, technology sales, and cross-border money flows. Collection of information about these activities is mushrooming.

There’s a growing cooperation between intelligence services like CIA and NSA and with regulators in Treasury and Justice. Compared to even a few years ago the Departments of Treasury and Justice have new information collection to draw on. These are highly relevant to potential violations of the Foreign Corrupt Practices Act or to reviews by the Committee on Foreign Investment in the United States.

The apparatus now in Washington (and in states like New York) is today focused on a bad actor, Russia. No one seems to mind this because Vladimir Putin’s actions are so brazen. But an important lesson of the war in Ukraine is the precedent being set. Next year this apparatus might be focused on a different actor. Maybe China, or Hungary. Or maybe the target is “amoral” multinationals “who don’t pay their fair share of taxes.”

As the United States gets more polarized the political motivation of regulators becomes more important. Sometimes there are few regulatory enforcement actions. But at other times there are spikes in the number of cases. It isn’t a random process.

Who happens to be in power in Washington has a lot to do with the targeting.

The difference now, and in the future, is that political-regulatory technology is getting a lot better. The war in Ukraine is accelerating the trend, with much more tightly linked connections between intelligence, regulation, and law enforcement. This even extends between countries, as the United States and the EU cooperate more on sanctions compliance.

Different from the CEO risk pattern is that the CEO delegates the matter to a department that seems to be the logical place for it. The legal department is the appropriate place for compliance and regulatory matters, or so it would seem.

But you cannot let your legal department own these issues. They will overlook broader strategic, political, and especially business dimensions of a crisis. Their training is in law. That’s how they think, not in terms of corporate strategy. They will stick to what they know, the narrow interpretation of the law. Key issues like the political motives of regulators, precedents getting set, and drawing unwanted scrutiny to the company will get scant attention. Here, a foreign multinational is an especially easy target.

Few people want to talk about this but a U.S. regulator can target a European or Asian company with near impunity. Likewise, the EU can go after an American technology company with an open hunting license. In both cases public opinion is likely to support it – and politicians know this. So do regulators. And both are better at the PR game than any company is likely to be. They have the links to key media organizations and reporters for news leaks hostile to a company.

I recommend that the leadership team develop a checklist of questions to put to their departments about potential violation of regulations that could arise in a crisis. Leaders also should play out different response scenarios, e.g. in terms of how certain hypothetical events could affect their reputation, employees, and how the media might handle real or perceived violations.

Here’s another idea.

During the 1962 Cuban Missile Crisis President Kennedy put together an ad hoc Executive Committee, or ExCom. It played out different scenarios of how Moscow might react to various U.S. moves. These were individuals whose judgement President Kennedy respected. Their job was to review recommendations from the Pentagon, CIA, and State Departments because JFK didn’t fully trust them to give neutral views or exercise good judgement.

A year earlier they had recommended a U.S. invasion plan to remove Fidel Castro by landing a force in Cuba, at the Bay of Pigs. This debacle led JFK to say that he would never again leave a really big decision to “the experts.”

The attraction of JFK’s ExCom was its limited scope and short lived tenure. it was stood up to handle a specific problem and then it was disbanded. This made its existence less threatening to established departments. Robert McNamara, JFK’s secretary of defense, many years later said that his biggest mistake was not setting up an ExCom to review his decision to go into Vietnam.

The range of political and social conflicts facing global companies is going to broaden. A crisis over doing business in Russia is very different from other problems of corporate social responsibility.

Just look at the current demands on business: pull out of Russia; the anti-trust breakup of technology firms; anti-fossil fuel protests; animal rights and testing; sustainable development; human rights in China. Demands from all sides for business to do something about social and economic inequality have also grown.

All of this makes corporate social responsibility a much more important, and a much broader issue. Government and public demands aren’t going away simply because a company did the right thing by quitting Russia. An important lesson business should learn is that most of these will not be as clear.

They will not be black and white. They will be gray, twilight issues of great complexity. At the same, time the media works to map complex issues onto a simple, binary choice. Stay or go from China. End fossil fuels or drown from rising ocean levels.

But to jump to the conclusion that a tradeoff is the way to deal with these twilight issues is a huge mistake. Companies need to recognize that corporate social responsibility cannot be usefully considered as taking a position along a one-dimensional profit to responsibility continuum.

If they use such an overly simplified framework they’ve lost the race at the starting gate. There’s a lot of complexities that have to be included that this framework misses.

Getting these into the leadership team’s conversations by asking better questions, scenario methods, staffing a temporary ExCom, and not delegating the future of the company to an unprepared department, can go a long way to facing the political and social storms ahead for multinational companies.

This article was published by The European Business Review on July 21, 2022 and is republished with permission of the author.

Featured photo: KYIV, UKRAINE – Feb. 25, 2022: War of Russia against Ukraine. View of a civilian building damaged following a Russian rocket attack the city of Kyiv, Ukraine. Dreamstime.