Geopolitical Risk: The Uncommon Skill of Knowing What’s Knowable
Victor Meyer || Supply Wisdom
The Uncommon Skill of Knowing What’s Knowable
I recently had two conversations with senior business leaders that reminded me of the British General Reginald Victor Jones, the father of modern scientific intelligence, who was arguably more responsible than any one person for the stunning victory over Nazi Germany in the Battle of Britain. When asked about this in the broader context of the war, the famously self-effacing General Jones said, “I need to know what I need to know before I can believe what I want to believe.” It’s advice that I have tried to apply to my own view of risks for which it is difficult to assign an objective probability, and in particular geopolitical risk. But these two conversations tested that view to destruction.
The first was with a senior risk executive at a major American financial services firm about geopolitical risk. I asked her who in the firm was responsible for analyzing and reporting on its potential for business disruption and what tools that they were using to achieve that on a day-to-day basis.
There was a long pause. Finally, she answered, dodging the question. But what she told me was even more revealing. “Well, it’s kind of the ‘flyover state’ of risks,” she said. “I look down and can see it, but I’ve never been there, and I can’t really do anything about it. I mean, it’s kind of a nation state problem, isn’t it?”
To make the point that this phenomenon is more prevalent than just the financial services industry, the second conversation was with a former member of Prime Minister Theresa May’s government. “Although pandemic was the number one risk on the UK’s risk register business leaders didn’t want to talk about it,” he lamented. “They simply said that there was nothing that they could do about it.” It would stretch credibility to argue that the supply chains and work force of UK companies were unaffected by COVID-19.
This kind thinking leads to a kind of cognitive dissonance, where decision makers express alarm at how unstable the world is becoming while making business decisions as if the inverse were true. Query them and you’ll likely get a list of reassuring metrics by which to assess the impact of event: “Corporate debt markets are stable, commodities have not spiked, currencies are flat and oil prices are down, US Treasuries haven’t attracted an undue number of “safe haven” buyers. Another cup of tea?” The wars between Israel and Hamas and Russia and Ukraine are a problem, but they’re not a problem for us.
This point of view is so pervasive that it’s worth exploring to make the case that geopolitical risk can and should be identified, assessed, measured, managed, communicated, and reported just like any other risk. There are several tangible arguments why managing geopolitical risk, is both achievable and necessary.
1. Geographic factors are responsible for a large percentage of business disruptions – and when they do occur they tend to be severe – Not long ago a major globally systemically important financial services firm was closing its books at the end of the year. The Finance Team back office in Manila was working around the clock. Unfortunately, on the 23rd of December a major submarine earthquake struck in the South China Sea severing the three fiber optic cables which provide Manila with its internet connectivity. A planeload of Finance team analysts was on a plane taxiing for takeoff to Singapore on Christmas Eve when connectivity was re-established. The information about the Philippines earthquake exposure and the fiber optic network dependencies were both knowable, but the firm had never connected the dots or contemplated the concentration risk. Furthermore, as Prof. Dutch Leonard at Harvard Business School says, “Whatever you think you know about a catastrophe is only partially true.”
2. It must be understood and appreciated both in terms of near-term events, and longer-term trends – In a phrase attributed to Lenin, “There are decades where nothing happens; and then there are weeks where decades happen.” But like the “boiling frog,” locations’ risk profiles seldom collapse overnight. Disciplined risk management requires monitoring alerts of disruptive events in real time while at the same time carefully monitoring for the deterioration of a location’s risk profile over time and across numerous risk categories, financial and non-financial.
3. Not to assess and quantify the risk is a tacit risk acceptance – Just because you are unaware of the risk exposure does not mean that it is immaterial or irrelevant. Seneca once said, “The only inexcusable thing that a leader can say is ‘I did not think that would happen.’” Have you accepted risk on behalf of the firm for risk that are known but ignored? Is the Board aware that these risks have been accepted on their behalf?
4. Ask yourself, “What would shareholders’ expectations be at the next Annual General Meeting when the issue comes up?” Which response to a question about the firm’s geopolitical risk awareness would resonate better with shareholders? “We think that the risk of such an event is low,” or “While we believe the risk of such an event is low, it is statistically significant. As such we have taken the following measures to ensure that our staff, premises, supply chain, and balance sheet are resilient to the severe but plausible scenarios for which we have stress tested our risk exposures.”
5. It’s worth doing if you want to compete more successfully – Managing risk for competitive advantage requires that firms operationalize risk management in their decision making. A recent Bloomberg article pointed out that 39 of the world’s 50 most polluted cities are in India. Yet the number of firms that enshrine insights like this in their Business Process Outsourcing (BPO) decisions is decidedly in the minority. A small, private, Dallas-based Oil and Gas firm operated for decades in some of the riskiest areas of Iraq and Yemen where no one else dared and did so safely and profitably. The firm was able to do this because they understood the risk, their own risk appetite, and they put in place control measures commensurate with both.
In their seminal work on Operational Resilience Sutcliffe and Weiss observed "The ability to deal with a crisis situation is largely dependent on structures that have been developed before chaos arrives.” This is not easy, but technology has placed tools within our grasp that could only have existed in General Jones’ wildest fantasies. The alternative for business leaders is a two-phase strategy…1. Show up and 2. See what happens. Ask yourself “Which approach do my stakeholders expect and deserve?”