Riskology by Infortal Episode 7: Geopolitical Risk at The Board Level

Companies operating in today's global economy really need to get an understanding of the international geopolitical risk landscape. At Infortal worldwide, we work with our clients on Solving Risk Before it Starts™.  Welcome to the Riskology podcast, where we're looking at managing business risk globally and really understanding the geopolitical risk landscape. 

Ian Oxnevad:

Good afternoon, evening and night, depending on your time zone. Welcome to another episode of Riskology by Infortal™. 

Riskology is the place where we combine the worlds of business, economics and intelligence to help you understand how geopolitics affect your bottom line. 

We often divorce the worlds of theory and practice. We kind of see them as different domains. Occasionally, however, you do meet the rare expert who is both. And that brings us to our guest today. Today we have with us Andrea Bonham Blanc, who is a scholar practitioner. If you look at her resume, she's incredible. Her publications are awesome. 

She is the CEO and founder of GEC Risk advisory and global governance, has expertise in ESG, ethics, cybersecurity issues, and is a crisis strategist. She's been on multiple boards and spent decades in the C suite. She holds a PhD. She's multilingual, she's lived abroad. Some of her books are actually pretty incredible. I was looking these up. She's written about Spain's transition to democracy artificial intelligence back in 2018, before chat, GPT was a household name. She's written on transforming risk into intelligence and value, and reputation crisis management. So with that, let's welcome Andrea. How are you today? 

Andrea Bonime-Blanc:

I'm great, and thank you so much for that lovely introduction. I hope I can live up to expectation now. 

Ian Oxnevad:

Oh, it's incredible. Your citations and your books are really interesting. I've actually ordered a couple. It's awesome. So we're kind of at the end of 2023, hopefully, it's going to be an uneventful rest of the year. 

Ian Oxnevad:

Based on the way things are going, how does the geopolitical risk outlook seem right now at the end of 2023 and at the cusp of the beginning of 2024? 

Andrea Bonime-Blanc:

Wow. I don't have a crystal ball, but I pretend to have one on tv, so to speak. But we're in a very, very turbulent and changing time. In some of my work, I've called this period a time of geopolitical tectonic shifts crystallizing. 

And what I meant by that this past year that I wrote about this, I meant that the world has sort of large tectonic blocks and developments which are moving in ways that are starting to become more clear, I think, than they have been in the last decade, let's say.  With China and the US becoming more rivals than collaborators, with Russia invading Ukraine, now with the Middle east becoming a huge focal point, again, with comments about the global south versus the global north, which I don't completely buy into, but there's definitely that the COP 28 results are coming out maybe a little bit more optimistic than when people went in, with a lot of caveats. 

And then we have this undercurrent of democracy versus autocracy, which, again, is a very simplistic way of saying it. But there are definitely declines in democracy that have been happening for a couple of decades now, and a rise in authoritarianism. 

All of it tied into, I think, as well, the idea that technology is starting to dominate our lives in ways that never did before. Maybe we thought it did with the Internet and social media, but now we have things that promote and turbocharge disinformation, which feeds right into the decline of democracy or the difficulties and challenges to democracy that we hadn't had before. So this is a very long winded way of saying that there are some big geopolitical, political, domestic trends and megatrends that are kind of settling in a little bit. But when you least expect it, something new will happen. 

And that's what I'm concerned about. We've had the big shock of the Middle east situation in the last couple of months. I wouldn't be surprised that the next big shock would be something that has to do with technology triggering some geopolitical events that we don't expect; a big cyberattack that closes down the country or something. We've seen lots of pieces of this, but we haven't seen the big one yet. 

And so from a geopolitical risk standpoint and a tectonic shift standpoint, I think it's becoming a little clearer, but it's also becoming more dangerous and more concerning what could happen. And I'll just stop talking with the word generative AI. Generative AI is turbocharging all of this. And so the uncertainty, I think, is greater than it ever has been in terms of what could happen. 

Ian Oxnevad:

You're right. You bring up an interesting point how the way that these tectonics work, whether it be in the business world or the geopolitical world, or journalists, or the way they talk to populations, generative AI kind of throws a wrench into this in the sense that you have now this, to draw a metaphor from folklore, kind of this Loki potential that could just be misused by others. Or God forbid, it turns into some sort of decision making entity on its own, where it decides that this country is a risk. So it's going to do a preemptive launch of some sort. That's a real possibility. 

This is not science fiction anymore. At the same time, we have new characters that were in previous stories, thanks to our own creation. It's fascinating. 

Andrea Bonime-Blanc:

I'll just add a thought to what you just said, which is, I'm less worried about the autonomous sentient AI, which may happen one day, but I'm much less worried about that. Much more worried about the, shall we say, destructive humans that can deploy these things in an asymmetric way, so the criminals, the terrorists, the rogue nations that can deploy this stuff to do some really bad harm to cities, to locations, to nations, to infrastructure. And the asymmetric nature of this power now is a very concerning development because it basically puts weapons of mass destruction in very small hands that can't be found easily. 

Christopher Mason:

Yeah, that's so true. And one of the themes that you hit on earlier in terms of disinformation, when you think of disinformation as it has existed historically, now, once you put it through the supercharger of AI, which isn't as sophisticated as it might seem, once you have the apparatus and the tool set up, it really only takes a small group of people, and the impact can be significant. 

We've seen some sort of hoaxes recently where it's actually had an impact to the S&P 500. Just think about that. You've got nation states who are sort of obviously angling around the different conflicts that are occurring worldwide. 

And in this next year, I can't remember what the total count is, but there are numerous elections during each month of 2024. And so we've seen some of that influence in the past in elections here. Now with this new technology, I just don't even think we know what's possible yet. I think 2024 is going to be a pivotal year. As you mentioned, Andrea, to see sort of what some of the true risks are in this technology. I know you focus a lot on AI, and you're in a lot of those circles. 

Are these types of things being talked about at the right level, would you say? 

Andrea Bonime-Blanc:

They're definitely being talked about. There's no question that this has captured everybody's attention from the boardroom to the front lines of companies, if we're talking about a business organization. 

I think what is still lacking and concerning is how equipped are the management and the board of companies generally with thinking about this, not as a marginalized or sort of siloed kind of topic, but something that really permeates the business outlook. And I will say that I think I've seen a lot more discussion, concern, inclusion of these topics in the boardroom and in the management or the C suite. But I think there's still a real gap between thinking about it and worrying about it, and having the right tools and equipment and people doing something about it. Integrating it into business strategy, integrating it into supply chain planning, integrating it into protection of people, employees, populations, contractors that are working for you in various parts of the world. 

You started this whole thing about theory and practice. I think there's a lot of theoretical discussion, but I'm not sure that the practical translation has really taken place yet. And it really has to. 

Ian Oxnevad:

You raise an interesting point there, in the sense that you're dealing with the future, something that we don't really have a precedent for. We're kind of forced to rely on theory in that sense because we don't have that ability to look at previous cases of anything like this. 

Andrea Bonime-Blanc:

Yeah, although I think we have some precedents. I've heard some of the experts in, say, AI and a few others talk about, let's not let this whole generative AI explosion take us in the same way that social media did and the Internet did, in terms of not having the proper guardrails, governance risk, ethics considerations around them. 

And so I think we have more sensitization, perhaps. Whether we have the ability to really do something about it properly and in a way that doesn't disrupt and destroy innovation is really, I think, the big question. Right?

The business world, especially the technology world, is just making incredible leaps and bounds in terms of innovation, new products, new services, things that they can do. And it's moving at the speed of light. 

Meanwhile, the people who do the governance thinking and the risk management and AI ethics and things like that, they're not always included in that discussion. They're not always part of that business development. That's the mentality of the Silicon Valley innovators versus the GRC (governance, risk & compliance) crowd who are always left behind? 

And I think we have to stop thinking about those as separate things, and we have to. Board members and management especially needs to think about those are teams of people that have to be interconnected and integrated at the inception, not after the fact, when something has happened that needs crisis attention or what have you. 

Ian Oxnevad:

Right. So geopolitical risk is kind of the rage right now. If you've seen the headlines, of course, we know that it's a much older phenomenon, and in terms of the business world, grasping this in terms of strategic planning and supply chains and things like that. But have you seen some of the large firms, how they adapted to geopolitical risk versus small and medium sized enterprises? 

Andrea Bonime-Blanc:

The larger firms have always had better enterprise risk management generally, let's say, even though I have seen larger firms not having good enterprise risk management in place.  But assuming that the bigger firms, the international multinationals, what have you, regional multinationals, have a reasonably good risk management system in place, hopefully, they have been thinking about the political risk and the geopolitical risk pieces and integrating them into their analysis and consideration of emerging and or existing risks and then dealing with them. 

What I would say is, unless there's a major crisis, like we have had in the last couple of years with Ukraine, Russia, and now with the Middle east, it kind of falls off the radar, and it comes back when there's that crisis. Also, I should mention U. S. China tensions, I think, have created a real focal point for especially US businesses, but international businesses in general, thinking about, have we put too many eggs in a basket of China? Do we have too much manufacturing there? Is our supply chain secure? How do the human rights issues factor in if we have facilities or subcontractors working in the Uyghur area, Xinjiang of China? 

All of those things are important, especially to European based companies that have very stringent ESG regulations and other kinds of human rights issues, but also to the US, because US companies also do business in Europe. 

And so we're all kind of dealing with sort of many layers of regulations and requirements, both government issued and also self reporting kinds of regimes. 

And so not just US - China, but China in general. Those kinds of issues have really brought geopolitics into the conversation, not necessarily permanently, and I'm trying to make the point in some of my writings and some of my work, that this is a permanent risk that we have to have included in our register of risks, whether it's through enterprise risk management or risk management generally.  

Not an afterthought and not something that happens because there's a crisis. It has to be part of the thinking of enterprise risk management and then of risk governance from the board standpoint.  The board, depending on your footprint globally, geographically, even if you're “in the US only”, you're not really in the US only. You have supply chains and customers all over the place, probably. 

So to me, it's really important to integrate this conversation into management and into board risk and opportunity discussions.  Because it's not just a risk. If you had a lot of your manufacturing in China and you decided it's a little bit risky to stay with 100% of my manufacturing in China, I'm going to move to Vietnam or I'm going to move to India, that might actually be a real opportunity for, who knows, greater value creation, more security, what have you. 

Ian Oxnevad:

Yeah, absolutely. So you raise a couple of interesting points, and I'm curious in terms of your experience. So when I was teaching classes on economic warfare at the UC system before I left being a professor, and just in talking with CEOs and attorneys who are not from the US, they seem to have a better grasp or understanding of the notion of geopolitical risk and how that affects business in general. And I'm curious if you've seen a). A difference between American firms versus non american firms, and also at the board level, specifically in terms of how they address these. 

Ian Oxnevad:

And also b) if American firms have the ability, or the board has the ability to translate geopolitical risk and try to seek that out in their day to day operations, whether it be contracts subcontracting corruption issues, seeking new investors, or looking for new markets, do they do a good job of integrating that, or is that something that just seems to be lacking? 

Andrea Bonime-Blanc:

I think there's a philosophical or cultural difference between US based multinationals and let's call them European based multinationals. 

There's obviously multinationals based in other parts of the world, but I'm most familiar with those two categories, I would say. And the whole governance culture in the US is very market friendly. There's not that many requirements per se on governance in the boardroom. There's clearly state law and federal laws that have to be abided by, but it's mostly case law and it's mostly Delaware dictated, and that's very business friendly. 

And so the general attitude of US companies and governance is laissez faire, market friendly, and the board kind of goes with that mentality. They're basically, boards are made up of CEOs and CFOs of companies and businesses. And so their mentality is very much market friendly and not subject to a lot of regulation or wanting to be subject to a lot of regulation. I think the European boards are quite different in that there's much more regulatory sort of overlay on especially these kinds of ESG political and some other issues. 

And so they're a little bit more sensitized to these issues, I would say, of geopolitical risk and of ESG risk. And they're subject to more of these regulations than the US counterparts. I think there's a difference in cultural outlook, and I'm over generalizing and oversimplifying because there's clearly a mix of different kinds of people and expertise and so on. That's the first piece. Geopolitical risk is also driven by where you sit. 

The US we’re the most, quote unquote powerful economically, militarily, or at least have been for a very long time. There's a bit of smugness there that we have, that we don't have to think about some of these other things because here we are in our splendid isolation and we're the bosses. Right? And I think that's a bad attitude to have, frankly, in this very interconnected world and asymmetric world that we were talking about a moment ago. There's a little bit of that hubris and a little bit of that ultra market friendly attitude, and has succeeded. And we don't have privacy laws federally in this country. 

And there's a reason for that. The business lobby and other interests have made sure that we don't go there. And the technology companies are much freer to do what they want to do in the US than they are in the EU, for example. 

There's cultural differences and there's a little bit of hubris, perhaps especially for the bigger companies, that explains a difference in attitude in the boardroom and towards the whole geopolitical risk issue. 

So I don't know if I really answered your question, but I've tried to. 

Ian Oxnevad:

Oh yeah, you have. You've touched on it; sort of understanding how companies, they take this concept of geopolitical risk and then whether or not they can translate down, okay, this risk and opportunity, these are things that I have to look out in my strategic planning, my seeking out new capital. How do I factor in interest rates, which are obviously driven by central bankers, which are politically appointed, looking at supply chains, looking at new trade treaties, things like the IMEC or the India Middle East Europe Corridor versus the BRI. Does Europe have a future? There's question marks there in terms of institutions. 

I don't think that a lot of companies seem to translate these risks and opportunities down to their transaction operation level. 

One thing that's kind of emerged over the past year is the risk of national security and how the national security factor from the US standpoint is starting to assert itself in the private sector in ways that American businesses, at least really in working memory - maybe the only thing for comparison would be the World War II era - but national security factors are starting to assert themselves in this business arena. And I want to kick it over to Chris, who knows more about this sort of emerging law, because he's got some questions for you. 

Andrea Bonime-Blanc:

Sure. 

Christopher Mason:

Yeah, definitely, Ian. So some really interesting sound bites from the DOJ recently at some of the big compliance related conferences. And one of the things that we've heard echoed, which I've said before, it's great marketing for us, but it's a case of whether or not the impact will be real. The DOJ has acknowledged that companies are on the front lines of geopolitical risk. And this comes up in the same conversation where the DOJ is also explaining that corporate crime clearly overlaps with national security. 

And so the DOJ has actually told industry that, hey, we are staffing up. We are actually now looking to enforce corporate compliance, crime or corporate failures, through the national security division. And I think they've hired, or they're looking to hire 25 new prosecutors, they've got ahead of the division. 

So this hasn't happened historically where the DOJ has actually acknowledged that companies play a role in both maintaining the national security here at home, but also in terms of navigating geopolitical risk. So interested to get your thoughts on that.  Particularly whether or not you think this could be a game changer in terms of how the risk teams are set up in corporations. 

And now can someone get a seat at the table? 

Andrea Bonime-Blanc:

That's a really important, and game changing kind of change, taking place within our own government. The danger of national security issues, IP theft, intelligence gathering. Has it always been there because we're an open market economy, and anyone and their brother can come here. And if they happen to be a spy or plant from another government, we don't find out. Maybe ever. Sometimes we do, but they just found someone who was the Ambassador to Bolivia from the State Department, with 35 years of being in the State Department and becoming an ambassador who turns out to be a Cuban spy for the entire period. So these kinds of people are going to be part of our companies and business world and have been forever. 

But I think now the dangers have become much greater, much more intense because of technology, because of the ability to just take information in powerful and surreptitious ways. God only knows what Gen AI is going to do to turbocharging the tools that enemies of the state might use through business. 

And so I understand why the US government, at least speaking as Americans, sitting in the United States, and why other nations might be doing a similar thing, but why they would want to intensify both the search for these kinds of national security challenges and dangers, but at the same time create more corporate compliance requirements. 

And I did spend a lot of my executive life as a General Counsel and as a Chief Compliance and Ethics Officer building these programs internally at four different companies and making sure that you have a culture not only of compliance, but of ethics. And I think this isn't a domain that works well with that function. And maybe, perhaps we need to get more of the compliance and ethics folks to expand their repertoire to understand these national security issues. 

And clearly, some companies have greater issues than others. So the technology companies, especially the ones building the chips, and having lots of IP that has to do with new technological inventions, and other kinds of inventions, are the ones at the front lines. The pharma companies clearly are on the front lines of that. 

I think the compliance teams and the legal teams have to work closely with risk management teams on these kinds of things. And to the extent that the DOJ is beefing up their capabilities and looking to go after these kinds of issues, the companies in turn have to reevaluate how they're doing compliance and how their programs are arrayed. Their risk and compliance programs are arrayed. And that also translates back up to the board. 

Is the board's risk governance, and oversight of ethics and compliance prepared to deal with these new hyperdeveloped national security issues that are geopolitical issues as well? If you have, for example, offices or people in locations where they can be endangered as well, that's another whole aspect of this national security geopolitical piece. 

Ian Oxnevad:

Yeah, you raised something really kind of crucial here. 

If you're talking to, say, small or medium sized enterprises, what's the best way, in practical terms, for them to obtain this culture of geopolitical risk mitigation? And who's the best person, typically to run point on trying to integrate that culture across these different domains, whether it be strategic planning or compliance or even marketing. Who would that be and how would they do that? 

Andrea Bonime-Blanc:

Great question. And I've actually faced this directly myself as a General Counsel of an international electric power company many moons ago. But we were doing business in a lot of different countries around the world. Some of them were recently eastern European countries that had been communist countries that became democracies. We were in China and India, all over Latin America, and I ended up becoming the point person for these kinds of things. 

I was the General Counsel. I also happened to be really interested in these things. So I made myself sort of available to my boss, the CEO. He understood that I understood these issues and I wanted to do something about it. So I became more involved with developing a risk management framework and a crisis management framework, and it included these geopolitical risk issues because we were deep in Gansu province in China, for example, in the mid ninety’s. 

And that's just one example, but completely different geopolitical situation. We were doing business as a joint venture partner to a major oil company in Colombia during the guerrilla warfare period of the late 90s. This is why we developed a crisis management plan, because we had our engineers going into the jungle to the location where the power plant site was supposed to be built. And there was warfare. There was guerrilla warfare and other kinds of violent and dangerous things going on. 

So we have to think about this. So getting back to your question, I think a General Counsel is a very good place to look. But in a smaller business, sometimes smaller businesses don't even have a general counsel. They have an outside lawyer who serves as the general counsel. So in those cases, ideally the CEO and the COO, the Chief Operating Officer or the Chief Financial Officer should be people thinking seriously about this stuff. They often aren't. 

So I would default them to the general counsel. If you don't have a General Counsel, then just look for the first person who has whatever title they have, who is interested and concerned and savvy about this and knows what questions to ask, knows what they don't know, brings in the experts from the outside who can help them fill in the blanks and create part of their strategy and that common service, both for management and the board. 

There really has to be sort of refresher taking place on a regular basis. Read the newspapers, but also get the experts in to help you fathom what you need to do. 

There are a number of different people who could do it, but ideally it starts with the CEO, CFO, COO General Counsel, Chief Risk Officer, and then anybody who will take the responsibility. 

Ian Oxnevad:

Right. That's great. That's really practical advice I think our listeners will like. Chris, any final thoughts? You want to close it off? 

Christopher Mason:

We covered a lot of ground today. It's an exciting time. It can seem somewhat daunting. But one of the things that I always like to highlight is: if you really do spend the time to focus on geopolitical risk and you really look at some of these issues that we've talked about today, there's numerous or endless amount of opportunity in a lot of these areas, not only to help others sort of turn the ship in the right direction, but also to create new markets and new ways of doing business around the world. 

I think the more that people can start seeing that, the easier it'll be to bridge the gap between the culture of today and the culture of compliance that we really need to navigate sort of these turbulent waters. 

Andrea Bonime-Blanc :

I couldn't agree more with you. One of my favorite thoughts that I've tried to promote throughout my career and in my writings, is this idea that if you know your risk, and that includes geopolitical risk, you will know your opportunity to create value, to protect value, but to create value, to find alternatives, to make better products and services, to have better supply chains, to select better partners and joint venture partners and customers in the markets that you're going to. 

So to me, good risk management translates into good opportunity management and opportunity value creation. And, yeah, I couldn't agree more with you. I think we're in violent agreement with each other. 

Ian Oxnevad:

Such a great way to put it. That's such a good point to end it on.

Having better information or better intelligence doesn't just help you discover all the snakes that you have to avoid, but also the opportunities. That's a great way to close it off. 

Well, you have been listening to Riskology by Infortal™.  Have a happy new year, and we will catch you next time.