Anticipating and Planning for Geopolitical & Regulatory Changes

Steve W. Klemash is Americas Leader at the EY Center for Board Matters; and Jon Shames is Global Leader at the EY Geostrategic Business Group. This post is based on an EY Center for Board Matters publication by Mr. Klemash and Mr. Shames.

Late in 2017, the EY Center for Board Matters highlighted the importance of anticipating and planning for geopolitical and regulatory changes in our report, Top priorities for US boards in 2018. That priority has since intensified. In the first few months of 2018, US stock indexes experienced the highest levels of volatility since 2014. Long-standing trade agreements, tax and regulatory systems, and defense treaties are being renegotiated, transformed or absolved. And the International Monetary Fund has warned that rising US-China trade restrictions are threatening to derail growth and undermine confidence.

Rising geopolitical tensions and increasing electoral share for populist parties are a concern for businesses. With policy becoming harder to predict, many executives see policy uncertainty, geopolitical tensions, and changes in trade policy and protectionism as key risks to their business. At the same time, business leaders are optimistic about the near-term US outlook—in part because of deregulation and the passage of US tax reform. In fact, the recent Borders vs. Barriers report from EY, Zurich Insurance and the Atlantic Council indicates that despite concerns about policies restricting their ability to transport goods and raise capital, global CFOs are overwhelmingly bullish on investing in the US, and 71% expect continued improvement in the US business environment in the next one to three years.

These dynamics underscore the need for companies to proactively address strategic opportunities and risks stemming from geopolitical and regulatory changes. For the board to provide effective oversight in this area, it is imperative that directors understand the geopolitical and regulatory landscape and how relevant developments are identified and evaluated within their companies’ strategy setting process and Enterprise Risk Management (ERM) framework. Boards should also consider whether they have access to the right information and expertise to effectively oversee this space.

Examining the complexity of geopolitics

The term “geopolitics” encompasses a broad range of frequently interconnecting issues, including:

  • Global economics
  • Regulatory and tax legislative matters
  • Financial and supplier market uncertainty
  • Commodity constraints and pricing
  • Exchange rate fluctuations, including monetary policies
  • Civil and workforce disruption
  • Diplomacy and security

A PESTLE (i.e., political, economic, social, technological, legal and environmental) analysis, described further below, coupled with a comprehensive ERM framework, can help steer companies towards identifying the geopolitical threats and opportunities most relevant to their strategy, operations, financial performance and regulatory compliance.

Because geopolitical issues are complex and can be unpredictable, it is tempting to see geopolitics as impossible to prepare and plan for or control. While the fundamental nature of geopolitics can be volatile, most organizations understand that geopolitics are not a problem to solve but an external business force that must be understood and managed. The board should set the tone for confronting the challenge.

Understanding management’s framework for analyzing and managing geopolitical threats and opportunities

Generally speaking, the way companies assess and respond to geopolitical and regulatory developments is continually evolving, and each company likely has a bespoke approach. But given increased complexity and growing uncertainty, organizations should consider a more deliberate approach to better understand and incorporate these risks and opportunities into their strategy setting and risk management process.

For the board, it is critical to understand management’s approach to addressing potential geopolitical and regulatory impacts, which at its core should involve a process for understanding, preparing and acting.


Addressing geopolitical and regulatory developments requires that companies recognize the full universe of geopolitical and regulatory forces, as well as the likelihood of those forces coming to life, that can meaningfully affect their business and have a disciplined approach to assessing such exposures. This includes geopolitical shifts that can impact revenue drivers for the organization based on its current global footprint (e.g., trade barriers, tax policies), as well as any potential new or alternative markets for expansion. Companies should consider potential impacts to their supply chain (e.g., how trade agreements or military conflicts could impact operations), human capital (e.g., how immigration laws may affect the company’s ability to attract and retain talent), corporate functions (e.g., how changes in regulations may change the cost of capital) and stakeholders (e.g., the social and environmental impacts on communities in which the company operates). Without a comprehensive and prioritized review of all reasonable sources of potential geopolitical and regulatory impacts, some critical risks or opportunities may get overlooked.

A commonly used tool that organizations have used to better capture and screen the macro-environment facing the organization is a PESTLE analysis, which the COSO 2017 ERM Framework Update offers as an approach to categorizing and analyzing the external business environment. Using the PESTLE framework can allow companies to better identify how external forces and potential changes in the regulatory landscape may impact market growth, business strategies, current and future operating performance, and regulatory compliance. The results of the PESTLE analysis can then be used to determine the threats and opportunities that can be incorporated into a SWOT (strengths, weaknesses, opportunities and threats) analysis, which can further help organizations assess their internal capabilities (i.e., strengths and weaknesses) relative to the external environment (i.e., opportunities and threats).

Many companies perform a PESTLE analysis in advance of setting strategy, with the goal of having the strategy itself informed by external factors. Risks and opportunities identified through the PESTLE framework can change rapidly, requiring a dynamic process for monitoring, communicating and updating an organization’s risk profile. Monitoring threat levels for many geopolitical and regulatory related risks may require deep trend analysis (e.g., trends and predictive indicators identified through data analytics, including social media metrics), tracking of complex leading or lagging indicators (e.g., macroeconomics) and qualitative and quantitative business intelligence reporting. Management should also explore deeper underlying trends (including the speed at which trends are evolving) that can help anticipate and explain certain geopolitical events (e.g., mid-term change in government) and regulatory developments. Key indicators should also be identified and tracked to monitor for changes that could invalidate the company’s underlying strategic assumptions, or that could open up new strategic opportunities or prospects.

It can be valuable for the board to review the geopolitical and regulatory factors identified by management as potentially relevant and provide input. With its independent perspective and unique combination of expertise, the board can help challenge management to fully understand the risks embedded in their business strategies and uncover potential opportunities in the changing geopolitical landscape.


Once the sources of geopolitical and regulatory risks or opportunities have been identified, management needs to assess possible scenarios, including the potential impact, the time frame to realization of the impact and the likelihood of the change occurring. The assessment needs to bring into focus and highlight the key issues, and should also inform a revisit of the company’s strategy. Is the company willing to accept these risk exposures with respect to the business strategy? Is the company well-positioned to capitalize on potential opportunities? Is the company effectively monitoring signposts for increasing and decreasing risk? This assessment process should be revisited to incorporate relevant changes to the company’s strategy and the company’s global footprint. It should also include external expertise as appropriate.

It is important that the assessment process take into consideration company culture and the interests of its stakeholders, including, for example, investors, employees, consumers and the communities in which the company operates. Taking advantage of opportunities presented by geopolitical or regulatory changes may create consequences that can impact the company’s relationships with key stakeholders, its reputation and even its social license to operate.


Once risks and opportunities have been identified and assessed, companies can respond by either accepting, mitigating, eliminating or transferring the risk, or strategically pivoting to seize opportunities—all while avoiding knee-jerk reactions. Companies need to create and evaluate their options for addressing various scenarios that may result and integrate the responses into their business strategy to build resiliency. In other words, companies need a geostrategy that positions them to navigate uncertainty with predictable contingency plans that harness opportunity and minimize risk.

Contingency planning for geopolitical factors should focus on designing and testing responsive controls. These may include a range of stress-test exercises, including tabletops, quarantines and any number of resiliency plans, such as rapid deployment of assets, capabilities, lines of credit and so forth. In volatile regions, companies should establish alternative operational measures to employ in the event of unrest.

It is important for companies to recognize that, as revealed time and again in recent global developments, political forecasting is not always reliable, and responsive testing should account for a wide range of scenarios, including the long shot. While we can’t predict the future, a response is generally easier to predict. Focusing on people and processes and creating an open culture of flexibility and resiliency is key. Management should also have a process in place to conduct postmortems and “lessons learned” analyses over a prior relevant time range to assess what was missed and how well the company responded.

Exercising influence

Some companies may seek to proactively influence political and regulatory developments, including working through trade organizations and industry groups, engaging with stakeholders and policymakers at the local and national level, identifying and building relationships with political champions (and opponents) and advocating for policy approaches that serve the company’s interest. Leading practice includes developing a holistic political perspective by systematically tracking macro indicators and establishing a robust public policy strategy that is aligned with the company’s position on key issues and risk profile.

Most importantly, companies seeking to proactively shape the geopolitical risk landscape through lobbying and/or political spending should understand the financial and reputational risks connected to such expenditures, especially in today’s fractious and divisive political climate. Such spending may be subject to scrutiny by some investors, consumers and other stakeholders.

How can boards better cultivate competency and readiness around geopolitics?

As a starting point, boards need to make sure they have the right people in the boardroom to effectively oversee the geopolitical risks and opportunities facing the company. For some boards, that may mean having a director with specific regulatory or public policy expertise, or expertise relevant to volatile regions or markets where the company operates or is planning on operating in the future. For others, it means consulting with an expert on relevant topics.

Boards also need to consider their process for getting information and staying current on how the geopolitical and regulatory landscape is evolving relative to the company’s strategy, critical assumptions, and its operations and regulatory compliance. It is important that boards are being updated from the appropriate individuals from the senior management team who are knowledgeable about the geopolitical environment and can provide the board with timely, valuable information in a manner that facilitates rich dialogue. Boards also need to have more exposure to external viewpoints to provide that the board has the competency to challenge management and offer informed input. Boards and management need to be open to differing interpretations of events and trends, and attention must be paid to the optionality value associated with investing in projects in politically risky geographies and business ventures.

Overall, the reality is that even with all the planning in the world, companies may still miss a key geopolitical risk or opportunity—particularly in today’s environment of shifting and unexpected political outcomes. But that should not paralyze management teams or boards from capitalizing on key strategic opportunities. As with other priorities on the board agenda, having a board and management team that are well aware of the external business context, deeply understand the company’s strategy and the assumptions underpinning that strategy, and can be nimble when executing strategic pivots is key to weathering any black swan event and creating long-term value.

Questions for the board to consider

  • Are geopolitical and regulatory opportunities and risks considered as part of the strategy setting process and embedded into the company’s risk management process and controls?
  • Does the management team utilize a robust framework to identify and assess relevant geopolitical and regulatory factors?
  • Does the board have complete visibility around the potential geopolitical and regulatory impacts that the company faces? Is the company approaching such impacts only from an “event” lens or as part of a broader sociopolitical analysis that is updated with dynamic, holistic monitoring?
  • Does the board understand management’s process for mitigating geopolitical and regulatory risk through scenario analysis and stress testing?
  • If shifting geopolitical or regulatory risks challenges management’s critical risk assumptions, is the company prepared to effect a strategic pivot? And has the board reviewed and provided input?
  • For operations in high-risk jurisdictions, does the organization have robust processes and controls to protect against bribery and corruption? And does management have sufficient understanding of the geopolitical and psychological drivers and enablers of corrupt behaviors as well as controls to prevent and mitigate such behaviors?
  • Does the board have the right directors, committee structure and access to information to oversee key geopolitical and regulatory risks—and to challenge management?
Both comments and trackbacks are currently closed.