Businesses worldwide now engaged in ‘continuous non-kinetic warfare’
Tom Fox’s musings on the war following a recent chat with Exiger CEO Brandon Daniels; the pair discuss the ways in which Russia’s invasion of Ukraine is impacting businesses today, noting that a complex geopolitical climate set the stage for — and will perpetuate — these seismic shifts.
In the words of Deputy Attorney General Lisa Monaco, “[Russia’s invasion of Ukraine] is nothing less than a fundamental challenge to international norms, sovereignty and the rule of law that underpins our society.”
And of course, the severity of the situation is magnified by the current business climate. As Monaco added, “The world’s “geopolitical landscape is more challenging and complex than ever.” I explored these sobering themes in a recent conversation with Exiger CEO Brandon Daniels. We talked about the war’s impact on business and the irrevocable changes confronting five key areas: supply chain, trade and economic sanctions, anti-corruption, cybersecurity and ESG.
Our discussion began with changes in the supply chain, as there may well be no other area of businesses that has experienced such tectonic shifts. Daniels identified three key reasons for the shifts. The first began with the realization of the untenable actions of the major player on the U.S. supply chain: China.
This realization began pre-pandemic, when massive theft of U.S. intellectual property by Chinese businesses became apparent, leading to a huge counterfeit goods problem coming out of China. Daniels estimated that “70 percent of the world’s counterfeit market is driven by China.”
The second shift was the slave labor issue with China, particularly with Uyghurs, an ethnic minority in China. The extensive use of slave labor gave China an economic advantage, which in many cases could not be overcome. It was economic warfare by another name.
All of this was exacerbated by the pandemic, and those in business saw what it means to have an economic and geopolitical adversary as a key supplier during a true worldwide healthcare crisis.
This confluence of events led to several key changes in supply chain thinking. First, supply chain efficiency is not about weather events, it is not about logistics, it is not about just-in-time. There are far broader issues — such as geopolitical tensions. According to Daniels, “we realized that supply chain is multifaceted in terms of issues.”
Next came the recognition of the need for more and greater government oversight and regulation. The need to stamp out modern slavery led to the passage of the Uyghur Forced Labor Prevention Act. This law significantly expanded compliance requirements for companies to certify that goods made with forced labor in Xinjiang, an autonomous territory in northwest China, do not enter the United States.
Interestingly, the law created the presumption that all goods produced in Xinjiang are generated using forced labor, with the burden of proof resting on companies to demonstrate that materials, parts and goods originating in China were not mined, produced or manufactured wholly or in part in Xinjiang. There was also a business and government realization that many of the key rare earth elements and minerals widely used in U.S. manufacturing came from China and now Russia.
Daniels put all of this into perspective when he said, “You had this big earthquake in the pandemic, but then you had all these fault lines that we didn’t realize were on the edge of a precipice. We were in these really brittle places and it just all fell apart with the Russian invasion of Ukraine. From rare earth elements like neodymium, which is used in securing an F-35 (fighter jet) to electric car batteries, to metals and heavy metals used in standard manufacturing processes such as aluminum, iron and neon; supply chain disruptions were all exacerbated by the Russian invasion of Ukraine on top of the ongoing disruptions from the pandemic and beyond.”
You had this big earthquake in the pandemic, but then you had all these fault lines that we didn’t realize were on the edge of a precipice. We were in these really brittle places and it just all fell apart with the Russian invasion of Ukraine. . . . [The] supply chain disruptions were all exacerbated by the Russian invasion of Ukraine on top of the ongoing disruptions from the pandemic and beyond.BRANDON DANIELS
Finally, as a new element to the supply chain calculus, there was what Daniels termed “the ethical conundrum.” Russia has engaged in a brutal, unjustified war that has disrupted the flow of goods and services from both Russia and Ukraine. Neon, a key element for computer chips, is heavily concentrated in Ukraine, as are some of our largest outsourced engineering software companies. As the U.S. and EU governments have responded with a series of harsher and more robust economic and trade sanctions, supply chain pressures have increased. We must look at greater and more ongoing due diligence and greater sustainability.
These issues have moved beyond simply national security issues in the governmental and public sector. As Monaco said, “Increasingly, you and your clients are on the front lines in responding to these geopolitical realities … our goal is not only to hold people accountable, but to disrupt these threats using all the tools available to us.” Private companies must understand they are now a part of what Daniels characterized as “continuous non-kinetic warfare.”
But in addition to this new type of warfare, of which every business is now part, going forward, it all ties back to U.S. economic prosperity. While this was clear in the adversarial relationship with China pre-pandemic, it accelerated during the pandemic and after the invasion of Ukraine. If you could not get a mask so that you could go to work during the pandemic, that health issue became an economic issue. If you were doing business with a Russian oligarch, the reputational damage to your top line will negatively impact your company, perhaps in a material manner.
Economic and trade sanctions
When thinking about economic sanctions, it is not simply a consideration of the implemented economic sanctions; you must consider of “a comprehensive set of economic and trade policies that have been codified into legislation, through regulation and rulemaking, that set the tone for sanctions in the future sanctions and economic prohibitions in the future.”
Governments must ensure they are having the right impact and through a set of comprehensive sanctions. And they must do so while, “making sure that you’re not hurting your allies and partners that can help unwind some of these undesirable or intolerable geopolitical situations,” Daniels said.
Two precursors to the development of the U.S. economic and trade sanctions response to the Russian invasion of Ukraine were the increase in economic and trade sanctions utilized by the Trump Administration and, most significantly, the passage of the National Defense Authorization Act on Jan. 1, 2020, which included the Anti-Money Laundering (AML) Law of 2020. This was the first update of federal AML laws since the Patriot Act was passed in the wake of 9/11.
These seemingly disparate developments set the stage so once Russia invaded Ukraine, the Biden Administration, along with most western democracies, responded in short order by levying economic and trade sanctions against certain Russian individuals, Russian companies and against Russia itself.
The U.S. government had also been ramping up its economic and trade sanctions enforcement over the past several years. Monaco has said that three such cases have led to more than $1 billion in fines and penalties alone over the past 10 years, adding “we’re by no means starting on a blank canvas.”
However, “What you have seen in the last few months is something completely different. The scope of the sanctions imposed on Russia by the United States and its allies and partners are of a new order of magnitude,” Monaco said. “We are pouring resources into sanctions enforcement, and you have seen and will continue to see results.”
What you have seen in the last few months is something completely different. The scope of the sanctions imposed on Russia by the United States and its allies and partners are of a new order of magnitudeLISA MONACO
Deputy Attorney General
Indeed, she categorized economic and trade sanctions enforcement as “the new FCPA.” But it’s not just the war in Ukraine that has prompted a new level of intensity and commitment to sanctions enforcement. We have turned a corner in our approach.
Daniels noted that these new rounds of sanctions based on the Russian invasion of Ukraine are actually broader and more comprehensive because they strive to get at the root of an issue: intelligence gathering by state- and non-state actors from U.S. businesses. He pointed to the examples of Chinese companies ZTE Corp. and Huawei Technologies Co. Ltd., which are subject to bans from the Federal Communications Commission (FCC) but that still might be supplying chips to suppliers down your supply chain and, more nefariously, might be using those chips to engage in intelligence gathering and industrial espionage.
The economic and trade sanctions put in place before the Russian invasion of Ukraine and those levied thereafter are designed not only to simply punish Russia but also to interdict their ability to wage war. This means sanctions will be used to disrupt Russia’s ability to fund the war through its banking sectors. Economic and trade sanctions also seek to change non-democratic and unethical behaviors by raising the cost of engaging in the behaviors.
One of the more interesting consequences in this area has been the increase in whistleblowers and increased publicity about whistleblowing. Once again, the AML Law of 2020 set the stage by including a bounty provision that any person or entity involved in reporting an economic and trade sanctions violation would be eligible for up to a 30 percent bounty on any recovery.
Perhaps the most visible byproduct of this has been the worldwide hunt for the multimillion- and multibillion-dollar yachts of Russian oligarchs. Whistleblowers and bounty hunters are actively looking for these yachts to turn their locations over to American authorities, who can seize them.
But these seizures are only one step, as Daniels noted, because the AML Law of 2020 also helps uncover the companies that own these yachts and the companies that own those companies. In other words, transparency. Here one needs only to think of the Panama Papers, the Pandora Papers and the Paradise Papers to understand why the light of day is the best disinfectant for enforcing economic and trade sanctions.
Once again, as with supply chain concerns, the government is now looking for businesses to help in this fight. The U.S. government has enlisted the private sector as a key partner in the implementation of economic and trade sanctions to allow the U.S., as Monaco stated, “to go after those who profit from corruption and crime around the world — whether they are sanctions-evading oligarchs or office-holding bribe recipients. Working with our partners, we can ensure that corrupt regimes will be held responsible — whether we’re seizing yachts or freezing slush funds.”
The World Economic Forum estimates that more than $3 trillion is lost annually in the global economy due to the scourge of corruption, but the losses go far beyond the monetary: “Corruption robs citizens of equal access to vital services, denying the right to quality health care, public safety, and education,” according to the U.S. Strategy on Countering Corruption. “It degrades the business environment, subverts economic opportunity, and exacerbates inequality. It often contributes to human rights violations and abuses, and can drive migration. As a fundamental threat to the rule of law, corruption hollows out institutions, corrodes public trust, and fuels popular cynicism toward effective, accountable governance.”
Writing for the World Economic Forum, Delia Ferreira Rubio, Nicola Bonucci and Rachel Davidson Raycraft linked the fight regarding economic and trade sanctions to bribery and corruption. They connected the money stolen by oligarchs and strongmen through a variety of strategies to bribery and corruption. Taking this connection a step further, they noted “the close relationship between corruption and conflict,” as laid out in the UN Sustainable Development Goal (SDG) 16 – Peace, Justice and Strong Institutions. As with the U.S. strategy, UN SDG 16, “is grounded in the principles of anti-corruption, including targets such as reducing illicit finance, corruption and bribery; and developing effective, accountable and transparent institutions at all levels.”
ABC enforcement is well-known, and there are two decades of the modern era of FCPA enforcement. This modern era began after the connection was established between corruption and terrorism, most notably from the events of 9/11. However, now ABC is seen as a key component of both global security and global prosperity. The Biden Administration recognized these components when it announced that ABC is now seen as a national security threat to the U.S., when it announced its strategy in December 2021.
The strategy laid out five pillars of the U.S. government’s increased emphasis on ABC enforcement and compliance. Pillar 1 spoke to modernizing, coordinating and resourcing U.S. government efforts to fight corruption. Pillar 2 dealt with curbing illicit financing. Pillar 3 was about holding corrupt actors accountable. Pillar 4 broadened the approach beyond a U.S.-only perspective to discuss a multilateral anti-corruption architecture. Pillar 5 also provided a more holistic approach by discussing improving diplomatic engagement and leveraging foreign assistance to advance these goals.
All of this means more information and analysis, including search and data collection, by using “information more effectively to understand and map corruption networks and related proceeds, and dynamics, and tailor prevention and enforcement related actions, as well as build the evidence base around effective assistance approaches.” This allows improved information sharing between the U.S. government and private companies and across international boundaries. It also includes holding corruption actors accountable, curbing illicit financing and bolstering international cooperation and actions.
Another key area laid out in the strategy was the increased focus on the “transnational dimensions of corruption.” This means more than simply looking at the usual geographic areas recognized as high risks for corruption by tackling transnational organized crime through “understanding and disrupting networks, tracking flows of money and other assets, and improving information and intelligence sharing across U.S. departments and agencies, and, as appropriate, with international and non-governmental partners.”
The strategy set the stage for changes wrought by the Russian invasion of Ukraine. Daniels said that bribery and corruption are not “lone-wolf crimes,” as they do not occur in a vacuum. They are almost always associated with attempts to hide illegal payments through money-laundering and often are done in conjunction with anti-competitive crimes, such bid-rigging or similar acts. Moreover, bribery and corruption lead to constraints in the marketplace through awarding of business in decidedly non-legal manners.
Daniels went on to state, “We don’t think of this as a cost of doing business for two reasons. One, because it does go alongside very often autocratic governments. Two, such actions go with it, such as disinformation.”
We don’t think of this as a cost of doing business for two reasons. One, because it does go alongside very often autocratic governments. Two, such actions go with it, such as disinformation.BRANDON DANIELS
One of the consequences of the dramatic increase in economic and trade sanctions is enhanced risk of bribery and corruption. This can occur as affected businesses and sanctioned individuals look for ways to evade sanctions through the use of bribery and corruption. Some of the ways they will try to avoid and evade sanctions will be through smuggling, setting up shell companies, money laundering and self-dealing, all facilitated by bribery and corruption.
Finally, Monaco stated, the role of compliance professionals as gatekeepers has dramatically changed. The DOJ clearly views corporate citizens as key allies in this fight. Rubio, Bonucci and Raycraft noted that gatekeepers “play an indispensable role in the enforcement and realization of laws and regulations that target illicit finance.” Anti-bribery and anti-corruption compliance has been forever changed by the Ukraine war as it is clear that “by controlling, distributing and managing wealth, gatekeepers control, distribute and manage global power — and, in effect, global security.” Anti-bribery and anti-corruption compliance and enforcement will never be the same again, literally on a worldwide basis.
The Russian invasion of Ukraine gave everyone an understanding of how serious cybersecurity really is from a defense perspective and not just from a corporate risk management perspective. According to Daniels, it drove home the clear message in cybersecurity that the United States is in a non-kinetic war with Russia and China. Over the past decade the theft of intellectual property (IP) through cybercrime has steadily increased, but Russia and China are essentially “showering the U.S. with attacks,” and specifically, Russia is attempting to compromise U.S. facilities and technologies since the crisis began.
A second and equally important point on cybersecurity is how interconnected it is to commerce. Russia and China are clearly using both state- and non-state businesses to further the ambitions of the state. These attacks have been particularly prevalent in the supply chain; 80 percent of the largest cyber-attacks have targeted supply chains.
This means that you may have integrated some software into your organization through a vendor, but somewhere earlier in that software development, in that vendor’s purchasing of underlying software capabilities, there was a malicious piece of software that was planted by a state-owned actor, a non-state actor or a criminal network. This interconnectedness between third-party and supply chain and between risk management and cyber risk management was made so much more explicit by the Russian invasion of Ukraine.
Daniels pointed out that companies may have “vendors that are owned one to two degrees away by Russian oligarchs, and those Russian oligarchs might be using the fact that we use their software one to two degrees away as an entry point to steal classified information about what the U.S. government is doing,” as in an area such as critical infrastructure. Once again, the nature of cybersecurity and its interconnectedness with third-party and supplier risk management was “another revelation that came out of this crisis and this conflict.”
This increase in interconnected risk can lead to a perception of complexity, overwhelming risk management and other business functions, as they think through how to manage these risks. This includes supply chain, trade and economic sanctions, and anti-bribery and anti-corruption., which we’ve already touched on, but also things like crypto and ESG.
Daniels suggested an approach that assesses your vendors in their environment for four quadrants of risk: operational, foreign ownership, financial health and reputational risk. After you have established your risk appetite, you will need to assess every vendor on an individual and singular basis. You should have a process where each vendor coming through your company’s pipeline follows an onboarding process that manages risk appetite and monitors for risks that could pull a vendor above your risk threshold. If a vendor falls outside of your risk appetite for any of these key areas, you should review the use of that vendor in more detail.
There are other risk profiles you should consider. One is industry risk, which refers to the critical industries you rely on. Daniels noted that a cloud hosting company should be concerned with computing resources, bandwidth, power or fiber optic resources. He said, “Don’t try to boil the ocean; just look at your critical industries and see where you might have issues that are coming up that could be problematic.”
Don’t try to boil the ocean; just look at your critical industries and see where you might have issues that are coming up that could be problematic.BRANDON DANIELS
Another key risk area to consider is jurisdictional risk. This means reviewing the locations of your facilities. Daniels said, “I look at where my top or most critical products are being manufactured. Again, if I’m a cloud hosting company, it might be the microelectronics that I use to power computing resources to determine the concentration of manufacturing locations.” But the key is to take it in bite-sized chunks by company, industry and jurisdiction, and then monitor so you can at least maintain a reactive posture on upcoming events. This enables your company to do continuous maturing and evolution, thereby increasing complexity and efficacy to continuously improve that program and work towards proactive risk management.
The pandemic led to an explosion of ESG awareness and forward movement. This was driven much more by the business world, from institutional investors, to shareholders, employees and other stakeholders to financial institutions and even insurers, rather than through regulatory change. They are all now evaluating business prospects, targets and partners through an ESG lens.
Many businesses have responded by upping their ESG game through sustainability officers, more robust ESG programs and similar efforts. However, these efforts were in many ways siloed within the three broad categories of “E,” “S” and “G.” What the Russian invasion of Ukraine drove home was the need for a more holistic approach to corporate ESG.
ESG is now a key national security interest of democracies. The transparency mandated by ESG programs, through government-required disclosure or private sector-required disclosure, also ties into the other areas of business change we have explored. Obviously, the disruption in the supply chain of materials coming out of Russia, such as aluminum or fossil fuels, is an important issue, but companies that tried to continue to use those resources faced reputational risk — a risk greater than that of economic sanctions. Daniels remarked, “in terms of social issues, companies were forced to comply with sanctions but then there were boycotts against companies that maintained relationships with the Russian autocracy. There were boycotts against companies that had ties to Russian oligarchs.”
It is this impact on reputational damage that has changed ESG going forward. Regulators can certainly levy and assess fines based on violations of laws and regulations. For many businesses, however, this is simply seen as a cost of doing business, a below-the-line cost, similar to a corporate legal department of compliance function. However, hits to reputational damage are above-the-line costs, meaning they eat directly into sales, revenue and success.
Moreover, your market cap and the valuation of your business are both based on revenue, so any hit to your top line could significantly impact your organization in a very negative manner. If your organization is seen as supporting autocratic regimes that nakedly wage wars against women and children, or your company purchases goods that were made by Uyghur slave labor, a very large swath of the consuming public will not want to purchase your products or even do business with you. The risk is simply too high.
This led Daniels to reflect that consumers want to purchase and transact with purpose-driven businesses. He said, “What is more purpose-driven than supporting democracy and supporting the arrest, the fight against a brutal regime that is quite literally killing innocent women and children. This is not a question of risk management or risk appetite. This is a question of deciding whether or not you as a brand can stand for the ideals of freedom and the ideals that we have for an inclusive and fair and open and democratic world. When we talk about purpose-driven, we have to remember that what people are demanding is a company that aligns with their values [and] aligns with their ethics.”
This is not a question of risk management or risk appetite. This is a question of deciding whether or not you as a brand can stand for the ideals of freedom and the ideals that we have for an inclusive and fair and open and democratic world.BRANDON DANIELS
All of these factors will change ESG forever and how companies approach ESG. Your organization must not only more fully integrate ESG into the overall business strategy, but your organization must also integrate the ESG through a cohesive approach to all three letters, all the way up to the board level. Daniels noted that many companies were caught “flat-footed” by the Russian invasion of Ukraine.
Looking across the three pillars of ESG, the Russian invasion of Ukraine forced companies to take ESG more seriously. Daniels said, “it codified and solidified in people’s minds the need to manage ESG as a part of reputational brand value. You have to look at ESG proactively, because trying to react to these situations causes so much turmoil.”
We began with a consideration of how the Russian invasion of Ukraine has driven regulatory and legal change. We pivoted to how companies might think through managing these changes and using these changes as a business positive going forward. Most significantly, we tied it back to the most important theme, the fight for democracy.
The Russian invasion made clear that everyone has a place in this fight: the regulators, the DOJ, consumers and businesses have a place in this fight. Doing business in a manner that is purpose-driven and with a framework that companies can agree on, is the way we must measure and test against that framework.
We are in a global corporate ecosystem that is changing for the better, and we are making the world a safer place to do business. Daniels concluded, “Ultimately despite some pain, despite some volatility at the end of the day, our goal is to provide sustainable growth. That is fair and just, and it provides opportunity for individuals to thrive. There is no way to accomplish this without having risk management, strong governance and the ability to sometimes put our ethics above profits.”
The Russian invasion of Ukraine has changed business forever. How will your business respond?
Don’t play guess who. Mitigate your risk today.
For more on Exiger’s Sanctions Response:
How to Ensure Your Company is Russia Sanctions Compliant
Critical Vendor Flags Russian FOCI Risk Months Before Russia-Ukraine War
Never the Same: Business After the War in Ukraine