Security and Compliance Risks for International Corporations.
New offshore sourcing necessities caused by technological changes, as well as the need to secure frontier markets in order to not fall behind peer competitors, drive both procurement and business development into diverse markets. Be it Central Africa, South Asia, or Southeast Asia, to name some regions of substantial matter to our clients, the Threat Pictures that require security and compliance risk assessment are:
a) Risks of Physical Attacks, as management, employees or agents might become (1.) either direct targets, or (2.) indirect victims of local struggles. These physical security risks include threats from state-actors – such as staged imprisonments by corrupt regimes or their local officials.
b) Legal Risks, especially due to the Duty of Care for people deployed. Other growing Legal and Compliance Risks come from having to comply with old and new laws related to supply chain conditions, money laundering, and corruption. Related liabilities, loss of licenses, and severe fines increasingly stem from activities of local business units or partners.
c) Reputational Risks may arize by picking the wrong local partners, or otherwise not complying with what stakeholders and the public expects. These risks are beyond what corporations are used to at home or have seen in the past. To identify just one root cause of such risk, one might think about local organized crime that in many countries infiltrate labor market structures. A related lack of threat awareness or deeper due diligence can create ugly incidents, shocking claims and graphic news stories, which companies might not easily recover from. Think of minors in sweatshops working on components for popular cell phones or having to extract raw materials for electric vehicles. Or consider “company branded” toxic waste in local waters.
d) Digital Risks are also taking a different shape (in terms of threats and vulnerabilities) when operating in or with certain countries; be these risks ransomware attacks or social media hacks. Having state of the art IT Security, does not effectively help in regional offices, if not backed up by Cyber Threat Intelligence and local Enterprise Security Risk Management tailored to country risks and realities there.
e) Strategic & Financial Risks are also faced from (I) losing valuable time, managerial focus, and critical assets (such as substantial cash amounts or vital intellectual property), as well as from (II) having critical supply flows interrupted. A “promising” local partner might be a mere “wheeler-dealer” looking for easy cash – while not worrying much about the actual outcome. Aggressive competitors or geopolitical adversaries find it much easier to infiltrate unprepared local structures – in order to access the technological heart of their targets; or sabotage their local business development or production.