As 2020 comes to a close, it is time for many organizations to analyze its risk management processes and how well the processes managed the risk events that has recently occurred. For many companies, Covid-19 was a catastrophic or near catastrophic event. Those companies that were prepared to handle the pandemic (such as those that had business continuity plans in place, etc.) were able to handle the risks presented by Covid 19. Those that were not prepared had a harder time. What successful companies know is that in order for a company to succeed it not only has to a sustainable business model but it has to constantly review its risk processes. After all, what happens when the current business model does not work anymore? What happens when the risks outweigh the benefits of continued standard corporate operations? So, maybe it’s time to re-examine your risk management processes. Do they really work?
When talking to your staff or to other departments, how often have you heard the phrase “That the way we have always done things.” Just because corporate processes have been done one way doesn’t mean that the best way or even in todays’ fast changing world- the right way. Even after 2008 many companies continued to use the failed metrics that got them into trouble in the first place. Even the credit markets haven’t changed as much as you would think after 2008. And of course, some companies have not changed processes during Covid. But why?
I truly believe that once processes are created in a corporate or bureaucratic environment, it is as if the processes have been set in stone. They are very hard to change. Even if the world around the company has changed. It is human nature to accept what has been done in the past. Few people want to “rock the boat” even if the proverbial boat is actually sinking. Companies get into real trouble because of this. What happens if the company’s business model is out of date or its business plan is no longer viable? Just because it worked in the past doesn’t mean it will work in the future.
I therefore caution everyone not to blindly accept the current risk management processes in place. Risk managers as well as in house counsel and other managers should be challenging risk management metrics on a regular basis. Counsel should be auditing departments on a regular basis. Does that compliance program really work? Does the business continuity plan really work? Maybe it did 5 years ago. But what about today?
What about re-examining the areas of risk management responsibility? The areas should include the purpose and policy of the RMD in the organization, the functions and execution points of the RMD (who does what, when, how, reporting lines, etc.) as well as a detailed outline of the procedures and processes of the RMD. Procedures and processes can include:
-conducting risk assessments of the organizations’ divisions and departments
-developing solutions for the various risk management issues
-developing business continuity plans
-coordination with various departments to assist with compliance issues
-oversee loss control concerns
-develop training for the organization’s employees covering various risk related areas of concern such as product safety, etc.
Remember, if local or national laws have changed maybe the current processes are out of date. If your organization was not prepared for the Covid 19 pandemic, maybe the current processes are out of date. If the products that your company manufactures or the services it provides have changed maybe the internal processes surrounding the review of those products and services are out of date. What about the current geo-political environment? When reviewing your current product liability review processes have you factored in the new risks created by the Internet of all Things? These risks are real. Are you ready for them? Does your current business model still work or is it outdated? What about data privacy laws? What about business continuity plans?
It is a fundamental truth that all things change. Of course, some things change faster than others. Regardless, don’t rely on your old or standard risk management processes to continue to provide the same level of comfort they did in the past. Continue to review and to modify them if necessary. And don’t think that just because “that the way things are done” your company should continue to operate as usual.
So if you haven’t re-examined your risk management processes- now is the time to do so.
Recently, a number of airlines have announced plans to cancel flights to South Korea due to the corona virus outbreak. Korean companies such as Samsung and LG have had to shut down production lines in some of their Korean based plants as well, causing a cascading number of economic issues to impact Korea’s economy as well as the world’s supply chain. Much of the world’s high tech based supply chain is based in Northeast Asia ( China, South Korea, Japan, etc.) and the negative effects of the corona virus can be seen everywhere. As a major supplier of memory chips, cell phones, computers, consumer electronics and home appliances, any disruption in Korea’s economy spells trouble for the rest of the world.
Until recently, for companies doing business in South Korea, the most pressing geo-political risk was the threat of war. Seoul is not far from the DMZ and any altercation between North and South Korea would have an immediate impact upon Seoul and its surrounding cities. However, the impact of the current virus, drives home the fact that for companies doing business in South Korea, not only do they have to think of geo-political risk in terms of war, but as health emergencies and pandemics as well. Therefore, a company contemplating potential business projects in Korea must at least on a tactical level consider the implications of geopolitical risks as well as everyday market risks such as financial, legal and operational risks.
Considering recent geo-political events, many companies should review old risk management policies and procedures, in case updates are needed. Companies are only now beginning to realize they are not prepared to handle the escalating risks caused by the corona virus. Of course, what happens if there really is a true global pandemic? Many companies are not prepared for that. Some risk management processes that should be reviewed are not being considered as they are viewed as too expensive or impractical. Such is the case with political risk insurance.
Companies face many kinds of risks when engaged in offshore projects; of course geo- political risk is one of them. This comes about when a government changes its policy, ideology or even itself which creates instability, disorder, war, strikes, riots, etc. Or of course health risks that effect the region. What must be done to manage such risks? Political risk insurance comes to mind, but some forms of political risk insurance that are offered by capital –exporting nations ( such as OPIC, etc.) is subject to politically motivated conditions or motivations that may not take the needs of the investor into account. Case in point- OPIC can only operate in countries which have a bilateral investment treaty with the US. If you are a US investor trying to invest in a country which lacks a bilateral investment treaty with the US- you are out of luck when trying to obtain political risk insurance from OPIC. This is true of outer countries which supply similar political risk insurance through export development programs.
For more on political risk see my previous blog: “Managing Political Risk” at Seoullegalriskmgmt.com.