How to manage political risk in a post pandemic world

Originally published on July 24, 2020 on EY

Mary Cline, Jon Shames, and Courtney Rickert McCaffrey


The COVID-19 pandemic has changed the world. People, industries and governments have had to adjust to the new reality, leaders prepared to manage the risks that emerge will gain a competitive edge for their organizations – the ability to seize the upside of disruption and reframe their future.

A critical consideration in the world beyond COVID-19 is political risk. It has never been more important for companies to have a geostrategy: incorporating political risk management into companies’ broader risk management, strategy and governance approaches.

As leaders push their organizations for what comes next, they should refresh their risk monitoring framework. Insights from Geostrategy in Practice 2020 (pdf), a report analyzing our recent survey of more than 1,000 global C-suite executives, may prove useful. While it was conducted in the fourth quarter of 2019, before the pandemic, its results provide a starting point for helping leaders determine whether they’re taking the actions necessary to mitigate political risk based on an understanding of the tools other companies are using and the actions they’re taking.

We’ve identified five areas to assess.

1. The political risks a company faces

The overall incidence of political risk — a political event that alters the expected value of a business investment or economic outcome — has increased dramatically in recent years, hitting a post-World War II high in the 2016-2018 period, according to research we conducted in collaboration with the Wharton School’s Professor Witold Henisz. The COVID-19 pandemic and resulting geopolitical tensions and volatile country policy environments are likely to dwarf that previous high.

Political risks manifest across four levels: geopolitical, country-level, regulatory and societal. Some 68% and 62% of executives, respectively, say country-level and geopolitical risk are having a very high or high impact on their company — significantly more than those who say the same of regulatory risk (47%) and societal risk (37%).

This assessment may underrepresent the impact of regulatory and societal risk. In the Wharton Political Risk Lab database of events, regulatory or legal impacts were prevalent in 73% of the political risk events recorded in the fourth quarter of 2019. And while many political risks may begin at the societal level, they only begin to impact companies once they have filtered through to another of the risk levels — such as with populism affecting country-level policies and protectionism affecting geopolitical relations. The latter has been on full display with recent export controls on personal protective equipment (PPE) and other vital medical equipment.

The top three geopolitical issues that global executives expect to have the greatest impact on their company over the next five years are the changing role of the US in the international system, European Union (EU) stability and US-China relations. The global nature of the COVID-19 crisis will only serve to increase tensions and raise the stakes of political risk even higher.

Defining political risks:

  • Geopolitical risks emerge when the interests of countries in defined policy areas collide, or when the international system at large is undergoing transformation.
  • Country-level risks emerge when the national political environment, the stability of the government and institutions, or legislation has measurable economic consequences for companies acting in that market.
  • Regulatory risks emerge when governments — at the international, national or local level — change the rules or implementation of environmental, health and safety, financial market, and other regulations.
  • Societal risks emerge when groups, from trade unions to consumer bodies, launch public activism such as boycotts or protests that have consequences for markets and companies operating globally.

2. The impact of political risk on a company

Executives must map the impact of political risks across their company’s activities so that they can better anticipate and prepare for potential disruptions in the new reality — and mitigate their impact.

Strategy and mergers and acquisitions (M&A) are seen by executives as the business functions that are most impacted by political risk. About 60% of executives in our survey assess a high or very high level of impact on these two areas. And about half of executives say sales and revenue, corporate finance and treasury are similarly highly impacted. With such a wide array of highly affected business activities, political risk can therefore have a profound effect on enterprise resilience.

Also notable are the business functions that executives do not assess as highly impacted by political risk. The three that stand out the most in this regard are supply chains, R&D and intellectual property, and human resources. In the wake of the pandemic, it’s likely this assessment will be subject to change, as policy responses to COVID-19 impact businesses in all of these areas. There are already questions about the intellectual property rights of any vaccine that is developed, for instance. And companies around the world have had to rapidly shift their human resources policies to adjust to lockdown policies, including introducing virtual hiring and onboarding processes and encouraging or mandating work from home — which in many cases may continue for the foreseeable future.

3. Who has responsibility for political risk management

Assigning responsibility and accountability for a particular risk is crucial. This holds true for political risk as well. In order to successfully implement a geostrategy, we recommend an individual, committee or function be made responsible for political risk management. It is also crucial for the responsible party to be empowered to work cross-functionally in terms of identifying political risks, assessing their impacts on the business and taking action to mitigate them.

Encouragingly, 70% of executives say their company has an individual or function assigned responsibility for political risk management. This global view hides important discrepancies by region, however. More than 80% of companies in Asia-Pacific and Europe say they have someone tasked with political risk management, but only 51% of companies in the Americas say the same.

The global C-suite has not yet reached consensus on where primary responsibility for political risk management sits. Our survey shows that it is held in a number of different business functions. The most commonly cited functions for political risk management responsibility are risk and finance or treasury — but each of these is pointed to by only about one-quarter of global executives. The other half of companies assign the responsibility to a wide array of functions and individuals.

We recommend the responsible party be empowered to work cross-functionally and be able to effectively coordinate strategies for all stakeholders. That makes the CRO or CFO — or, indeed, any individual or function with strategic cross-functional authority — natural choices for the coordination of political risk management.

4. The tools available to manage political risk

The COVID-19 pandemic brought to the fore questions about the most effective risk management tools. Chief among these should be political risk management tools, given government policy responses to the pandemic are helping to shape the post-pandemic normal.

Executives tell us companies are already taking a variety of political risk management actions. Integrating political risk into enterprise risk management (ERM) frameworks and processes is the most common, with 85% of executives saying their company has done this. The other most common risk management actions taken by the global C-suite today are performing assessments of political risk exposure and recruiting individuals with political experience onto the board or senior leadership.

More than 40% of companies are taking 10 or more different actions to manage political risk. What’s less certain is whether companies are taking this suite of actions to integrate political risk assessment into risk management, strategy and governance — what we call geostrategy — or simply implementing a series of one-off actions amounting to a piecemeal approach.

Executives still see room for improvement. Three practices stand out as providing companies with the opportunity to significantly or highly improve their political risk management: scenario analysis, collecting data on sources of political risk, and obtaining political risk insight from external sources.

Fully 89% of executives point to scenario analysis as a current or desired political risk management tool. The strategic foresight scenario analysis can provide is even more vital as companies position themselves for growth beyond the COVID-19 era. The only other two political risk management actions that executives emphasize to a similar degree are collecting data on sources of political risk, such as early warning indicators, and obtaining political risk insight from external sources. The latter is important because the often subjective nature of political risk analysis means that collecting a variety of viewpoints can be useful.

5. Whether political risk management is at the core of how a company operates

A majority of executives point to improvements in governance as crucial for better political risk management. There are three areas of governance executives believe would significantly or highly improve their ability to manage political risk. Just over half of executives say that incentives and processes to overcome internal silos, a more dynamic process around communication of political risks, and a better understanding of political risk across key functions would strengthen their ability to manage the risk.

Importantly, among the 76% of companies that have brought someone with political experience to the board or management, 66% still struggle with silos. It is not enough to simply bring political risk expertise in house — that expertise must be shared broadly across the organization.

Indeed, EY’s recent CEO Imperative study argues that C-suites need to break silos to increase organizational agility. Managing political risks — or any external risk for that matter — requires a cross-functional, whole-of-enterprise approach. And breaking down silos helps to achieve the other two impactful governance improvements by enabling better communication and greater understanding about political risks across functions.


To face the myriad political risks arising today and awaiting tomorrow, organizations need to assign responsibility for political risk management, use the right set of tools to manage it, and integrate it into the core of how they operate.

Companies don’t have to accept the supply chain disruptions and revenue losses that rising levels of political risk can generate. Our survey results indicate political risks can be managed. While 51% of global executives say political risk is having a greater effect on their companies today than just two years ago, 50% are also very confident in their ability to effectively manage it. Given the governance challenges a majority of executives identify, it’s unclear whether this confidence is warranted, however. It’s not enough to simply “check the box” on a set of political risk management actions. Companies must go further to implement a geostrategy — incorporating political risk management into their broader risk management, strategy and governance approaches.

COVID-19 has presented executives with the opportunity to design and implement a geostrategy to improve political risk management and enterprise resiliency in both the short term — mitigating the risks associated with pandemic-induced shifts in government policies and geopolitical relations — and the long term — as companies adjust to whatever new reality arises in the wake of this pandemic.

Mitigating political risk requires adopting a systematic and cross-functional approach that embeds geostrategy within company culture. Companies that do so will successfully migrate political risk management from the periphery to the core, improving their enterprise resilience to the COVID-19 pandemic and whatever political risks may come in the future.