Article

Crisis management: three things all businesses should review now

March 16, 2022 · Authored by Ryan Holzhueter

The crisis in Ukraine is having a major impact on companies with suppliers, distributors, customers and employees in Ukraine, Russia and Belarus. Some of the ramifications are obvious, while others are taking place "behind the scenes," so to speak. In either case, business leaders need a proactive strategy to protect their business that includes:

• Revisiting their enterprise risk assessment plan
• Refocusing on their supply chains
• Rehearsing their crisis management, business continuity and disaster recovery plans

Risk assessment plan

Companies need to revisit their enterprise-wide risk assessment plan, with a focus on geopolitical risks and the barriers and hurdles created by the crisis event. For example, if you don’t “know your customer,” it's something that you need to think about because of the sanctions placed by the U.S. Treasury Department on various Russian oligarchs and political and national security leaders. Federal regulators will have zero tolerance for sanction violations, so there's no excuse for not knowing them. Review the sanctions and see how they line up with the risks you have identified, how they may directly or indirectly impact your supply chain, and how they will affect your ability to do business.

Because of the increased threats of cybercrimes, businesses should review their cyber insurance policies, to know exactly what the conditions are and what the policies cover.

Also, be aware of fraud risk, specifically related to money laundering and bribery. In the wake of sanctions, entities in Russia, Ukraine and Belarus will get more creative about financing transactions, including the use of cryptocurrency. When the status quo changes (whether it’s moving to a remote work environment, in the case of COVID-19, or a shift to unique ways of financing transactions, in the case of the crisis in Ukraine) companies may override internal controls or ignore policies and procedures. Business leaders have to monitor internal controls on an ongoing basis to gauge whether they are designed appropriately to deter and prevent fraudulent behavior.

In the event of a future investigation, regulators likely will ask questions such as: