Political risk – An overlooked risk category now coming of age?

Although political risk is hardly new, the events of the past few years have brought renewed attention to this risk type. The Covid-19 pandemic brought unprecedented levels of government intervention in the economy around the globe, while the Russian invasion of the Ukraine has generated political risks associated with war and terrorism. In this article, we’ll explore what political risk is, how thinking about it is changing and what kinds of steps companies should take to improve the way they identify and manage political risk.

What is the definition of political risk?

There doesn’t seem to be much of a consensus for the definition of the term “political risk“. Often, the terms “country risk” and “political risk” are used interchangeably. When the term political risk is used in this sense, the risk issues being focused on often include expropriation, currency and trade controls, changes in tax and labour laws and regulatory restrictions. Other wider, social issues can be added in, such as public opinion, political protests, alliance shifts, revolutions and coups. However, other risk experts and academics say country risk and political risk are quite different risk types, and that “country risk” ignores the international political risk dimension.

Two different definitions of political risk that may be helpful are:

  1. a particular exposure to risk which depends on the actions of a government
  2. the likelihood that political forces will cause drastic changes in a country’s business environment that adversely affect the profit and other goals of a particular business enterprise


One of the big differences between these two definitions is that the first seems to confine itself to the official actions of a government, while the second speaks more broadly of political forces, which could include non-official government actions – including activities by individuals in roles of political power – as well as actions by non-government political actors.

Taking this line of thought further, companies may want to consider looking at elements of other parts of their enterprise wide risk management programme through a political risk lens. One example of this is the anti-money laundering regime many companies are required to have – including compliance with politically exposed persons requirements and the risks associated with doing business with politically exposed persons. Elements of bribery & corruption could also potentially benefit from a political risk view, when the activities involve political people or projects.  

In a similar vein, the concept of “business risk” is usually taken to refer to the risk that unexpected or adverse issues occur within the environment within which the firm operates, resulting in a detrimental impact on the firm. Business risk issues typically include systemic risks, sovereign risks, economic cycle issues, project risks, resourcing issues and changing market or regulatory practices. In this sense, mismanagement of the economy by a ruling political party may also be considered a form of political risk, as evidenced in many countries, such as Zimbabwe, Cuba and North Korea.

How well is political risk managed?

The role of political risk in enterprise risk management programmes has evolved over the past few years. The impact of government interventions in the economy and other actions during the Covid-19 pandemic has shaken what some observers felt were complacent views in the C-suite and at the board level about the role of political risk within an enterprise risk management framework.

According to a recent poll, the need to better anticipate and mitigate risk is why 94% of executives report moderate or significant changes in the past 12 months to their organisation’s political risk management approaches. These companies are taking action because their leaders seem to feel less confident in their ability to manage political risk. Before the pandemic, 74% of global executives were highly confident about their company’s ability on this front; today, only 55% are.

The fact that political risk is an external risk can often make it seem like it is difficult to manage. Sometimes, companies with certain types of political risk exposure have chosen to transfer those risks through political risk insurance. Many larger companies will have dedicated government relations teams, who play a role in managing political risk. Other companies may hire consultants or receive reports on political risks that could impact them. However, some companies have – until recently – viewed political risk as something that can only be managed when there is a loss event, not before.

How will the unfolding conflict in the Ukraine change the way companies think about political risk?

The invasion of the Ukraine by Russia was long expected by some and a great shock for others. And as a cause of political risk, the conflict is different in nature to Brexit and the 2016 US presidential election, which were previously held up as significant examples of political risk. Recent loss events and potential loss events as a result of political risk include:

  • BP divesting its holdings in a Russian oil company. BP’s CEO was summoned to a meeting with UK business secretary Kwasi Kwarteng, to discuss BP’s Russian ties, before BP’s divestment announcement was made. Kwarteng then said: “I welcome BP’s decision to exit its shareholding in Rosneft oil company. Russia’s unprovoked invasion of Ukraine must be a wake-up call for British businesses with commercial interests in Putin’s Russia.” The implication here seems to be that the UK government would like other companies with interests in Russia to exit them as well.
  • In a joint statement, US, UK, Canada, France, Germany, Italy and the European Commission said they were ejecting a group of Russian banks from Swift, an important international financial messaging service, effectively unplugging those banks from the global financial system. This will have significant repercussions for companies using those banks to transact with Russian companies, to invest in Russia and to trade in Russian financial instruments.
  • Roman Abramovich, a wealthy businessman with ties to President Vladimir Putin, said he was ceding day-to-day management of Chelsea football club to a charity. There had been calls for him to be forced to sell his stake. Other organisations with Russian shareholders are likely to come under similar pressure, particularly if the company is in a sensitive industry or a Russian shareholder has a controlling stake.
  • Products from microchips to grain are being impacted by the invasion and the political and economic fallout of that. Big energy companies stopped buying Russian crude oil, sending the global price of oil to $110 a barrel in early March. With the global economy already unsettled because of the pandemic and supply chains creaking, it’s likely that many companies are going to encounter significant challenges in the months ahead.
  • A series of famously successful ads from the Comparethemarket price comparison website have been pulled because they feature cartoon Russian meerkat characters. (Note that meerkats are actually an African mammal and have no connection to Russia other than in these advertisements.)
  • There are significant concerns that, as part of the current conflict, Putin will unleash cyberattacks on those countries he perceives to be his enemies. Companies have been warned to be on alert and to increase their cybersecurity to meet such a threat.

In short, the impact of this political risk event is being felt both globally and locally in a very wide range of risk categories. There is little doubt that as the situation continues to unfold, the types of loss events will continue to evolve.

What should companies do to better manage political risk?

As companies look to enhance their political risk management as a result of the events of the past couple of years, they should consider the following potential improvements:

  • Ensure political risk information is available to those individuals who are manging those risks. Political risk is an external risk to most organisations and so good information sources are vital if senior management and the board want these risks to be adequately managed by their teams. There are many sources of in-depth analysis, including the Economist Intelligence Unit , Transparency International and Companies may want to consider monitoring social media for sentiment in some markets as well.
  • Discuss political risk regularly at the board and senior management level. Political risk is a critical risk and should be a regular part of strategic discussions about risk appetite, risk mitigation strategy and other elements of the risk framework. This should then roll down across the enterprise risk management programme throughout the organisation. Also, having the board and senior management openly talking about managing political risk sets the tone at the top regarding the importance of political risk within the overall enterprise risk management programme. If the board and senior management aren’t focusing on political risk issues, the teams across their organisation won’t either.
  • Include political risk questions in the risk and control self assessments (RCSAs). For areas of the organisation that have historically been impacted by political risk, or which are operating in a politically sensitive environment, be sure to regularly and proactively monitor the state of play for these risks. An open-ended question about political risk could be useful as well, as it may help call out emerging political risks.
  • Assess third parties and fourth parties for political risk. Many organisations have been caught out by political risk loss events that have impacted on their outsourcing or supplier relationships. For example, global semiconductor chip production was significantly disrupted because of government-mandated labour restrictions and lockdowns during the Covid-19 pandemic. While the pandemic may have been more of a black swan event, many companies have production facilities or customer service call centres in emerging markets where political risk could potentially cause disruption. In addition, the Ukraine has emerged as an important software development centre, especially in the areas of artificial intelligence, machine learning and high-computational applications, used by many firms to augment or replace internal development capabilities. This kind of political risk within third and fourth parties is easier to monitor through news media and the kinds of information sources discussed above.
  • Conduct political risk scenario analysis. Companies should consider undertaking this kind of scenario analysis from both a risk and a resilience perspective. For some organisations, it may be helpful to bring external experts in to work with the organisation to develop realistic scenarios of more “everyday” political risks, as well as extreme but plausible scenarios. Companies should also look for potential scenarios in the experiences of other organisations during the Covid-19 pandemic and the invasion of the Ukraine to create scenarios, as these are more extreme events. Lastly, scenario analysis may also be a good way to potentially tease out emerging political risks.
  • Understand how political risk loss events could impact operational resilience. Building on the previous point, companies should look at political risk loss events through an operational resilience lens – particularly financial services firms that have an operational resilience compliance obligation. Political risk events are usually external risks, over which companies sometimes seem to have little control, and so building a robust resilience strategy is one way to minimize the impact of events and remain competitive.
  • Look at the impact of political risk across the entire enterprise risk spectrum for knock-on impacts. Many of the political risk events mentioned in this article had significant knock on effects. Some of these would be challenging to anticipate – for example, the need for Comparethemarket to pull its advertising programme, which had been successfully running for a number of years. However, other knock-on risks such as supply shortages and price increases are easier to anticipate. Anticipating knock-on impacts can be one area where creative scenario analysis exercises can deliver real benefits. They are also areas where key risk indicators (KRIs) may play a role as helpful early warning indicators and controls could play a positive role in mitigating losses.
  • Develop an internal and external communications strategy in the event of a political risk loss event and/or operational resilience issue. The recent UK Financial Conduct Authority final policy statement on operational resilience requires firms to develop such communication strategies as part of their operational resilience programmes to reduce potential harm. Their framework includes providing advice to clients in a disruption, using communication to gather intelligence about the disruption and supporting vulnerable customers through communications during a disruption. Even for companies not regulated by the FCA, these elements of a communications framework are a good place to start. Trying to create a communications strategy in the midst of a crisis can be extremely challenging.


The last decade has seen a much greater level of political risk, as a result of a wide range of different events. Companies concerned about their ability to manage political risk in the past can use these recent events as case studies upon which to build an improved approach. While the Covid-19 pandemic and the conflict in the Ukraine provide two extreme scenarios, firms should also remember to consider the identification and management of local or national political risks that may be less vast but could still have significant impacts. Companies can do much to enhance the way they detect and manage political risk within their enterprise risk management frameworks, with the right resources and processes.