Never the Same: Business After the War in Ukraine

Brandon Daniels:

Compliance was always the standard, now it’s compliance plus, because people realize that being in bed with a Russian oligarch is damaging to your brand and it doesn’t speak to the values of the everyday United States Americans.

More importantly, it doesn’t speak to the values of the people in the Democracy-10, which is the G-7 plus Australia, South Korea and India, in the largest democracies in the world and the most tech forward nations in the world.

When these issues started to arise, it was an issue of compliance, but it was really an issue of ethical, moral fiber as a set of democratic nations and that’s spilled into the industrial sector with reckless abandon.

Tom Fox:

Welcome to one of the most important podcast series I’ve ever been associated with, Never the Same – Business After the Ukraine War. In this five-part podcast series, along with my co-host Brandon Daniels, we explore how currents which have been percolating since at least the onset of the pandemic in 2020 came to fruition in February of 2022 when Russia invaded.

In the five topics of supply chain, sanctions and AML, corruption as a national security issue, cyber security, and ESG, we will explore how businesses have changed literally forever with the advent of the conflict in Ukraine.

These strains did not come out of nowhere. They have been in business bubbling up over the past two to three years, perhaps even longer, but now compliance officers, business executives, legal legals, and the government needs to understand that business has changed forever. And we’re going to explore that in this podcast series.

Hello everyone. This is Tom Fox with Brandon Daniel CEO at Exiger. Brandon, first of all, thank you so much for taking the time to visit with me on this podcast series.

Brandon Daniels:

Thank you, Tom. It’s always good to speak with you.

Tom Fox: Brandon, I wanted to start out with supply chain. I know this is something Exiger has been thinking about, has developed significant products and services around. From my perspective on the outside, we’ve got…

Legal requirements have changed, regulatory requirements have changed, facts on the grounds have changed, and business operations have changed. So I can’t think of a better way to start than supply chain.

So with that, where do you see the biggest change in supply chain, not simply from the Russian invasion, but a series of events starting with a pandemic culminating with that invasion?

Brandon Daniels:

Yeah. The first thing that’s happened in the supply chain is that there have been a series of significant, almost tectonic shifts or shocks that have happened in the market that have made supply chain, risk management, more complex and more multifaceted.

Obviously, there was the pandemic. That was the real catalyst Tom, for a lot of what we’re seeing today, because we noticed really three things that happened.

One, we noticed we were way over relying on China and it was a deafening silence when we tried to start to procure goods that could help us fight the pandemic. We really had to take a front foot forward approach to buying, to innovation, to risk assessment, and due diligence to try to buy as much safe and secure PPE pharmaceuticals and medical devices as possible.

And China was like… It was like this impenetrable force of dependence and reliance that’s then led to discoveries, right? For instance, how much of China’s economy is actually counterfeit goods, right? 70% of the world’s counterfeit market is driven out of China.

The second thing that we saw was how much slave labor, economic warfare, economic imbalance there was between us and China. It just hit us in the face. And then the last piece was it’s not appropriate to have dependence on some country that’s got that kind of adversarial interest.

And so, the pandemic taught us a lesson. Now, we’re seeing some of the pandemic issues ease. And when I say some of them it’s because we still have, in a lot of countries, a lot of COVID challenges, right? Like China’s going through continuous lockdowns.

And so, that was one of the first changes that we had, is we realized that supply chain is multifaceted in terms of issues. It’s not about weather events, it’s not about logistics, it’s not about just in time efficacy. So many things that you didn’t think could disrupt a supply chain now are. Like geopolitical tensions, right? I mean, that was low on the totem pole for a long time, Tom.

The second thing we realized in the pandemic was that we had to start to regulate around this. So we put in place things like the Uyghur Forced Labor Prevention Act to start to stamp out some of the modern slavery issues that we saw coming out of China during the pandemic.

We started to enforce some trade and export laws. We saw that our rare earth elements were subject to Chinese dependence and Russian independence as well, which is now further complicated things. And so, we put in place some tariffs on things like neodymium that we use for everything, to securing an F-35, to linking an electric car battery to the proponents it drives, right? So Neodymium-Iron-Boron Magnets are going through a tariff case right now.

But we saw also that we had to start regulating. We had to start making changes to drive industry, to re-shore, to ally-shore, to friend shore, whatever you were calling it, our supply chain.

The last thing we saw is just how big of a shock these sort of regulatory issues, geopolitical issues, natural disasters could cause in a system and how many frailties or fragilities that they opened up. It’s almost like you had this big earthquake in the pandemic, but then you had all these fault lines that we didn’t realize that we’re on the edge of, these really brittle places and just started to fall apart.

And so, as we were regulating into them, we were actually creating new supply chain challenges because the solar industry was really dependent on photovoltaic cells from Xinjiang, which were made by Uyghur Forced Labor hands, right? So the complexities of it got much more significant.

When we started to see the signaling on the Russia and Ukraine war, and this was November 2021, Tom, that we started to see these things starting to occur. In December, we actually went to our clients and I’m talking the biggest federal agencies, right? So DoD, three letter agencies like DHS, state… We went to everybody.

We said, “Hey, there’s a problem. And there’s a problem in a bunch of different sectors. We’re getting a lot of aluminum, steel, rare earth elements for our planes, for our weapon systems, for our defense systems.”

We went to our clients that are in the tech sector and say, “Hey, Intel chips have not yet gone into non neon, so like deep ultraviolet light photolithography. They’ve not gone into these new areas of technology and reduced the level at which they’re etching into semiconductors.” So, their chips are dependent on neon. And the biggest source of neon is Ukraine, right?

We were starting to raise alarm bells. And then we said, “And by the way, this would be the single most significant incursion on sovereignty that we’ve seen in 20 years.”

And so, this is an ethical conundrum. Ukraine has to win. This is important for democracy. So we went to our clients in December and started saying that and some responded and wanted to get a proactive look. So we were doing literally almost like war rooms, standups in the morning, stands up in the evening, and pushing out to the federal government and to critical infrastructure companies and other companies information about their connections to Russia, their dependence on Russia.

The realizations were startling in terms of not just our dependence on Russia, but what it meant for us if the Ukraine became incapacitated because of a brutal and unjustified war, right? And that had food and starvation issues attached to it.

It had technology, some of our biggest largest outsource software engineering hubs are in Ukraine. It obviously had the issue on semiconductors and micro electronics, which by the way, were not in a great place in 2021 already.

We knew that this was a bad situation and we knew that the United States was going to have to do something. And we knew that big, big part of that was going to be economic.

We saw these shocks, we saw these geopolitical tensions in the pandemic. We then saw those same bellwether points start to rise on Russia and Ukraine and realized that this was going to be a shift for everybody. Every supply chain risk manager was going to have to get smart and hip when it came to sanctions.

Everyone was going to have to understand these new areas of due diligence, like going beyond your first tier of suppliers and understanding how ethical, how sustainable those companies were.

We knew that there was going to be a big shift and learning curve for all the companies we were working with, and we spent time trying to get ahead of it.

The biggest thing was, for us, after we knew we had to get ahead of it, we had one thing that came up. And if you want to talk about it, I’m happy; that then set the alarm bells ringing in January and February, took us to a new level of sort of risk in crisis management.

Tom Fox:

And that really leads into what I wanted to explore next, which was that that risk, that shock that you observed largely by looking or working with your government clients, actually has now moved to the private sector. And the things you’ve articulated in terms of national security, I don’t think private sector companies realize that they have these national security issues and they’re a part of not only the problem, but the solution.

So I was wondering if you could perhaps end with a few words about what you observed in your communications and the shock you referenced, and how that transcends really to the private sector in terms of the supply chain issues, really being elevated to national security now?

Brandon Daniels:

Yeah. Yeah. So in end of January, early February, there were a bunch of communications that the Russian foreign ministry and the Chinese foreign ministry started putting out. As you know, those are state run media countries, right? So everything goes through a ministry of information or disinformation, whatever you want to call it.

One of the things that we saw with unequivocal clarity was that just after the Olympics, the invasion would begin. We knew that the war was coming, and we put together analysis showing it, we showed it to federal government, we showed it to private sector.

We knew unequivocally that this wasn’t an any day thing, that Beijing and Russia had gotten into bed together. And they were deciding that they were going to preserve China’s image to the world for that moment in time, and then they were going to take their steps. They were going to take those next steps just after whatever, February 20th, right.

And I was literally sitting in a meeting with a bunch of former government officials that I can’t really talk a lot about, but I was sitting in a meeting with them talking about integrated deterrents in China and Russia. And we’re literally sitting there as the Russian invasion unfolded.

What we realized is this won’t be the same, this continuous non-kinetic warfare, this continuous economic espionage, this continuous industrial espionage was going to lead to sanctions, which we’ve now seen, that were going to be comprehensive. It was going to lead to ethical trade offs that big companies would have to make, which we’ve now seen, right. And it was going to lead to potentially elongated and prolonged inflation because this was exacerbating what had happened in the pandemic, which we had now seen.

So all of these national security issues, which are interlinked with economic prosperity, right? I mean, if you can’t get a mask during pandemic, that means you can’t go to work. That’s an economic prosperity issue, Tom, right. I was literally sitting in that meeting and I just thought, “Everything’s shifted.”

And so, what that has now meant for the private sector is this new world of, “Hey, I used to think reputational brand damage was important. Now, I know it’s everything.”

Compliance was always the standard. Now, it’s compliance plus, because people realize that being in bed with a Russian oligarch is damaging to your brand. And it doesn’t speak to the values of the everyday United States American.

And more importantly, it doesn’t speak to the values of the people in the Democracy 10, which is the G-7 plus Australia, South Korea and India in the largest democracies in the world and the most tech forward nations in the world.

When these issues started to arise, it was an issue of compliance, but it was really an issue of ethical, moral fiber as a set of democratic nations. And that’s spilled into the industrial sector with reckless abandon.

Tom Fox:

Brad, unfortunately we are near the end of our time for this episode. We’re going to pick up on our next episode where you just left off and we’re going to look at sanctions and AML. So, I look forward to continuing this conversation.

Brandon Daniels:

Perfect.

Tom Fox:

This is Tom Fox. Thank you for listening to this episode of never the same business after the Ukraine war. This podcast was produced by One Stone Creative, and I want to give a shout out to Megan Dougherty, Dr. Cassano, Darla Field, and the entire team at One Stone Creative.

If you are interested in podcasting and need some help, or you want to have a turnkey solution, my suggestion is you would contact One Stone Creative. We’re going to link to them in the show notes.

On a very personal note, I hope that podcast series will get you to think and be curious and look at all of the issues we have explored in this podcast series. I really believe we have had a true watershed moment. And I think those who don’t understand that will be left in the dust of 2022.

This is Tom Fox. Thank you again for listening. Never the Same – Business After the Ukraine War is a part of the Compliance Podcast Network.

Brandon Daniels:

I think the most interesting conversations I’m having with corporations and institutions is in every conversation on sanctions, I ask them one question, “Are you still struggling with compliance or are you moving to reputational damage?”

And it’s about 50 50, where people are saying, “I’m still struggling with compliance.” Or, “I’m moving away from compliance. I’m going to reputational damage on this month.” So I think sanctions have forever changed. I think now that we’ve got things like the Uyghur Forced Labor Prevention Act enforcement into that will continue to change the world. The question is who enforces these types of new issues? I think we’re moving towards a world where we’ve got better enforcement, because that’s going to make clear that we’re serious about getting right the complexities of these sanctions.

Tom Fox:

Welcome to one of the most important podcast series I’ve ever been associated with. Never the same business after the Ukraine war. In this five part podcast series, along with my co-host Brandon Daniels, we explore how currents which have been percolating since at least the onset of the pandemic in 2020 came to fruition in February of 2022 when Russia invaded. In the five topics of supply chain, sanctions in AML, corruption as a national security issue, cyber security, and ESG, we will explore how businesses have changed literally forever with the advent of the conflict in Ukraine. These strains did not come out of nowhere. They have been in business bubbling up over the past two to three years, perhaps even longer. But now compliance officers, business executives, legal eagles, and the government needs to understand that business has changed forever. And we’re going to explore that in this podcast series.

Hello everyone, this is Tom Fox back with Brandon Daniels, CEO at Exiger for our exploration of how the world has changed. In this episode, we’re going to take up sanctions and anti money laundering. Brandon, first of all, welcome back.

Brandon Daniels:

Thank you, Tom. Thanks.

Tom Fox:

Brandon, one of the precursor or a couple of precursors to this topic were the increase in sanctions utilized by the Trump administration, economic sanctions against countries that the US felt had abused our various trade positions. But most significantly, at least in my mind was on January one when Congress over rode President Trump’s veto of the National Defense Authorization Act. And in that pass the AML law of 2020, which was the first update of the AML laws and federal AML laws since the Patriot Act was passed in the wake of 9/11. And so those in my mind set us for a change and then Russia invaded Ukraine and the Biden administration came down along with most of the Western nations levying sanctions. So with that incredibly long winded introduction, how has the world of sanctions and anti money laundering changed in your mind since the Russian invasion?

Brandon Daniels:

Yeah, I was just at a dinner with a few of our Congress people, some of our representatives. And the one thing that we talked about was the nature of sanctions and the nature of sort of punitive economic activities and ensuring that you’re having the right impact. The right impact. And that you’re not either missing the forest from the trees by not having sanctions that are comprehensive enough, but also making sure that you’re not hurting your allies and partners that can help you unwind some of these undesirable or intolerable geopolitical situations. And so when I think about the sanctions that we implemented, I think it’s not just about the economic sanctions that OFAC put out. It’s about sort of this comprehensive set of economic and trade policies that have been codified into legislation, regulation, rule making that set the tone for sanctions in the future, sanctions and economic prohibitions in the future.

Right? So first of all, you have comprehensive set of sanctions that have been focused on primarily companies that have engaged in activities that are adversarial to the United States industry or United States itself or the United States and its allies. But also you have things like NDA A847, NDA A889, that really look at our supply chains and start to say, “Hey, companies like Huawei and ZTE like China telecom,” which isn’t an 889 yet, but is one of those companies that was just subject to an FCC ban. If you have them in your supply chain, it’s problematic, right?

So you’ve got things like 889 that says, “We’ve got information and communications technology and surveillance equipment that’s come into the government. If there’s a Huawei chip in it, we don’t want it.” That’s a new type of sanction because it’s a little bit broader. It’s a little bit more comprehensive and it actually gets to the root of an issue, which is that economic corporate espionage intelligence gathering and potentially disruption are all not just one tier away from you, not just found in transactions, but actually are found in the packaging that happens downstream in supply chain.

So I think NDAA, the expansion of the AML and sort of more comprehensive financial crime compliance changes and the establishment of things like section 889, which borrows again, ZTE, Dahua, Huawei, Itera those major manufacturers from the federal supply chain recognize that this is not just a direct supplier direct transaction issue. The second thing on sanctions and the comprehensive sanctions that we saw around China were that we were trying to prohibit the investment of United States foreign direct investment going into China and into specifically companies that had been notoriously connected with human rights abuses, with infringing upon the sovereignty of nations like Taiwan. And what we wanted to do was to contain these sort of adversarial, non-democratic activities through sanctions. Those two things, right, sort of like the changes that we saw in the NDAA plus these more sort of comprehensive sanctions across sectors in China and then in other places where we saw similar human rights abuses set a precedent for us to say, “We can actually reach into the supply chain and we can make comprehensive sanctions to have punitive effects to change behaviors, non-democratic behaviors or unethical behavior.”

And man, did we get that right. Because it’s set the stage for what we’ve been able to do in Russia now. We’ve got an autocrat, we’ve got a criminal, Tom. A criminal that is slaughtering people for the purposes of self aggrandizement. That is a crime. And the ability for us to specifically target some of these big parts of how they fund this war, their banking sectors, their commerce with the EU, the EU being willing to take a hit in terms of gas prices, the world being willing to take a hit in inflation to defend democracy long term, which will win because individualism and democracy allow for one person to change the world. Without democracy, you don’t have the light bulb top. Without democracy, you don’t have real space exploration. Without democracy, you don’t have these things where one person gets the opportunity to make the world better for billions of people.

And so we’ve been able to preserve, with this sort of new sanctions regime, our ability to create comprehensive sanctions against countries through critical organizations, without compromising key partners like India that are really dependent on a lot of things from Russia. And so I think that it’s a complex web. I think people are still trying to get a handle on what it all means. I think the most interesting conversations I’m having with corporations and institutions is in every conversation on sanctions, I ask them one question, “Are you still struggling with compliance or are you moving to reputational damage?”

And it’s about 50/50, where people are saying, “I’m still struggling with compliance.” Or, “I’m moving away from compliance. I’m going to reputational damage on this month.” Because places like Yale have put out lists of people that just aren’t quite doing enough. You got a D or an F on Yale’s Russian investment or Russian connections list. That’s not a good thing for you. So I think sanctions have forever changed. I think now that we’ve got things like the Uyghur Force Labor Prevention Act, enforcement into that will continue to change the world. The question is who enforces these types of new issues? I wrote a paper with Center for New American Security where we advocated for sort of OFAC sanctions enforcement like group in commerce, maybe through PIS, the ability for acquisition professionals and DOD and DHS to get involved. And I think DHS is getting some new authorities in terms of cyber to do the same. So I think we’re moving towards a world where we’ve got better enforcement, because that’s going to make clear that we’re serious about getting right the complexities of these sanctions.

Tom Fox:

Brandon, that really brings up the point I wanted to maybe turn to next. And it ties into financial crimes compliance. The trope, the meme, the most visible communication of sanctions is the yachts, the oligarchs’ yachts. And everyone understands when they see one of those yachts, what that means in terms of sanctions. But tying that back to the AML law of 2020, there was a whistleblower provision with bounties paid for those who turned over information on financial crimes compliance. And we now have literally a cottage industry of people looking for those yachts, trying to find them in places that the US can extradite or seize them and communicating that to public officials. And I really wanted to use that as an example of the higher visibility of financial crimes compliance. You’ve been in this field for a long time. So this is not new to you, but for many people, this is the first time they’re hearing about financial crimes compliance and anti money laundering compliance. And there’s in my mind, a huge increase in knowledge and visibility of this because of those yachts.

Brandon Daniels:

Yeah. Whistleblower provisions, Tom, as you know, have been a major force for change in lots of industries. You and I both worked in energy and in healthcare, as we reform those industries from a bribery, corruption, financial crime compliance perspective. I mean, we were both there in the middle of it. And whistleblower provisions, there’s some detractors to them, but in a lot of ways they help reform because man, if you incentivize people to say when something’s wrong or to help you seize an asset that’s ill gotten, or that makes change, it does drive some good behavior and really some good prosecution, Tom, right? Because you can get evidence that would otherwise be very difficult to get through the discovery process. So I think that the yachts are a good emblematic way to speak to the people of the excessive wealth that these people that are sort of either passively or actively involved in these atrocities get the opportunity to leverage and to essentially indulge themselves with while the rest of the world is suffering and how important financial crimes compliance and AML whistleblower provisions.

But then also AML controls, like the ones that were put into the 2020 updates, that help you to see who owns those yachts, who owns those assets, who owns those companies, who owns those companies that owns those yachts. I mean a big part of that is transparency. You and I have said before, transparency, light, sunshine is the best antiseptic. And so I think one of the things that I also really hope we take seriously is [inaudible 00:13:20] effort to create this much more comprehensive ownership database because then I think it gives those Carmen Sandiegos of the world and you might remember that show from the 80s and 90s, those carbon Sandiegos of the world, the ability to trace down and hunt down some of these assets and help the government in prosecuting unethical behavior.

Tom Fox:

So Brandon, unfortunately we’re near the end of our time for this episode, but I hope our listeners will join us for our next episode where we take up anti-corruption as now a national security issue. I look forward to continuing this conversation.

This is Tom Fox. Thank you for listening to this episode of Never the Same: Business After the Ukraine War. This podcast was produced by One Stone Creative and I want to give a shout out to Megan Doherty, Dr. [inaudible 00:14:12], Darla Field and the entire team at One Stone Creative. If you are interested in podcasting and need some help or you want to have a turnkey solution, my suggestion is you would contact One Stone Creative. We’re going to link to them in the show notes. On a very personal note, I hope that podcast series will get you to think and be curious and look at all of the issues we have explored in this podcast series. I really believe we have had a true watershed moment. And I think those who don’t understand that will be left in the dust of 2022. This Tom Fox. Thank you again for listening. Never the Same Business After the Ukraine War is a part of the Compliance Podcast Network.

Brandon Daniels:

There are these third parties and advisors that aren’t operating on the up and up right now. And I’d call them out to say, “Hey, if you’re a law firm, if you’re corporate consulting, if you’re accounting, if you’re tax accounting, and you’re still operating in these places that have shown a distinct lack of care for humanity, it’s time to rethink your position.”

Tom Fox:

Welcome to one of the most important podcast series I’ve ever been associated with. Never The Same: Business after the Ukraine War. In this five part podcast series, along with my co-host Brandon Daniels, we explore how currents which have been percolating since at least the onset of the pandemic in 2020 came to fruition in February of 2022, when Russia invaded. In the five topics of supply chain sanctions in AML, corruption is a national security issue, cyber security, and ESG, we will explore how businesses have changed, literally, forever with the advent of the conflict in Ukraine. These strains did not come out of nowhere. They have been in business bubbling up over the past two to three years, perhaps even longer, but now compliance officers, business executives, legal eagles, and the government, needs to understand that business has changed forever. And we’re going to explore that in this podcast series.

Hello, again, this is Tom Fox back with Brandon Daniels, CEO at Exeter, for our continuing five part series on how the world has changed. Today, we’re going to take up anti-corruption compliance as a national security issue. First of all, welcome back, Brandon.

Brandon Daniels:

Thank you, Tom. It’s good to speak with you again.

Tom Fox:

Brandon, in December of 2021, the Biden administration released its strategy on combating corruption and they made clear that the administration views corruption across the globe as a national security issue of the United States. This is beyond the $3 trillion the World Economic Forum estimates it’s loss to the global economy from bribery and corruption. This is now saying that corruption outside the United States is a national security issue of the United States. I recognize that this document largely spoke to the government’s response to corruption in leading the fight against corruption, but it heightened the visibility of anti-bribery and anti-corruption legislation. I wanted to ask you, that document in the context of the Russian invasion, how do you see anti-corruption compliance now, particularly even in the private sector?

Brandon Daniels:

Bribery and corruption are not lone wolf crimes. They’re not by themselves. When they’re happening, there’s often other crimes that are linked to them. Antitrust issues like bid rigging issues. There is often issues of national security concerns. There are often issues of maybe higher order crimes that have to do with the circumvention of laws. One of the things I worry about with the Uyghur Forced Labor Prevention Act, is how much bribery and corruption that puts into the Chinese government, because people are going to be trying to doctor where goods come from. If you remember back in… and the Wall Street Journal just reported on this in a story where they interviewed me back in 2008, 2009, when iron ore crisis started to spike, there’s huge amount of corruption concern in those Chinese ports that were the main hubs off of Australia, right? We know that supply chain issues, constraints in economic… in the market, and the circumvention of laws, of other laws, is often part and parcel to bribery and corruption.

So bribery and corruption rolls with a gang of crimes. And I think what we’re seeing the administration do is say, “Look, we take bribery and corruption seriously. We don’t think of this as a cost of doing business for two reasons.” One, because it does go alongside of, very often, autocratic governments. It goes alongside of disinformation. It goes alongside of doing things that are adversarial to our interest as a nation. So it is inherently a scourge. I think also second, what they’re saying is corruption enforcement for a small period of time, I think [inaudible 00:05:03] as we’ve been looking at privacy regs and privacy changes in the EU. Bribery and corruption, and specifically, the financial crime compliance of it saw a retrenchment after we had the big fines in the last five years against the banks and financial crime compliance issues.

And I think this administration is saying, “Hey, we’re not going to play a game of whack-a-mole.” We’ve got these sanctions that we’ve put in place. We’re trying to stamp out modern slavery, and the one way to circumvent and get around all of that is to bribe the local officials to help you cover up what you’re doing. And I think that they recognize that they have to enforce uniformly in order to see effectiveness of outcomes.

Tom Fox:

Brandon, one of the interesting aspects of the Russian invasion is we have seen the national security impact of corruption on Russia because of their lack of material, the untrained troops, the inability to bring arms or armaments up because they’re gone. They can’t replace tank parts. And weirdly, the Russians have shown exactly what I think this national security issue is. And if I could tie it back to the Biden administration’s strategy, they brought the DOD into this discussion. They brought NATO into this discussion. And so the Russian invasion, in my mind, helped illustrate why… and from the military aspect alone, this is a national security issue.

Brandon Daniels:

Yeah. After the fall of the Berlin Wall, the same sort of international investment that went into restoring and really providing some sort of recourse to the Jewish people that had been through such horrific atrocities. The rebuild of Germany and of Europe didn’t really happen in Russia, right? It wasn’t the same thing, and so as you careened into the eighties and saw the fall of the Berlin Wall, as you saw the end of the USSR, you didn’t replace brutal communists with brand new capitalists. You replaced them with criminals and they have pilfered and siphoned away the materials, and the armaments, and the things that made it so that that country had a solid and sturdy infrastructure to grow off of. And although we saw some leaps and bounds, I would say in the nineties, a lot of those have been eroded away by corruption and I think we recognize that.

And I think that’s why you’ve seen so many of the sanctions, Tom, target individual government officials and oligarchs, because those are the folks that have been siphoning away from the population the ability for prosperity. And that’s why I think this enforcement will be heightened as we come back and we look at what deals have been made with Russia and US companies in this interim time. One of the things I really worry about, Tom, is the advisors. Law firms, big four consultancies, they’re not pulling out of Russia. There was a law firm, who I will leave their name out, that was right there with ZTE all the way through the sanctions evasion that they did with Iran. There are these third parties and advisors that aren’t operating on the up and up right now. And I’d call them out to say, “Hey, if you’re a law firm, if you’re a corporate consulting, if you’re accounting, if you’re tax accounting, and you’re still operating in these places that have shown a distinct lack of care for humanity, it’s time to rethink your position.”

Tom Fox:

Brandon, I can’t think of a better way to end this episode. I hope our listeners will join us again for our next episode, where we take up the topic of cybersecurity. I look forward to continuing this conversation.

This is Tom Fox. Thank you for listening to this episode of Never The Same: Business after the Ukraine War. This podcast was produced by One Stone Creative, and I want to give a shout out to Megan Dougherty, Dr. Casino, Darla Fields, and the entire team at One Stone Creative. If you are interested in podcasting and need some help, or you want to have a turnkey solution, my suggestion is you would contact One Stone Creative. We’re going to link to them in the show notes. On a very personal note, I hope that this podcast series will get you to think, and be curious, and look at all of the issues we have explored in this podcast series. I really believe we have had a true watershed moment and I think those who don’t understand that will be left in the dust of 2022. This is Tom Fox. Thank you again for listening. Never The Same: Business After the Ukraine War is a part of the Compliance Podcast Network.

Brandon Daniels:

That interconnectedness between third party and supply chain risk management and cyber risk management was made so much more explicit, so much more clear, was really highlighted in the Russia-Ukraine war. Because you saw people, for instance, recognizing, oh my gosh, I’ve got vendors that are owned one to two degrees away by Russian oligarch. That Russian oligarch might be using the fact that we use their software one to two degrees away as an entry point to steal classified information about what the US government is doing in critical infrastructure, let’s say. So the nature of cybersecurity and its interconnectedness with third party and supplier risk management, I think was, again, another revelation that came out of this crisis and this conflict.

Tom Fox:

Welcome to one of the most important podcast series I’ve ever been associated with. Never The Same: Business After the Ukraine War. In this five part podcast series, along with my co-host Brandon Daniels, we explore how currents, which have been percolating since at least the onset of the pandemic in 2020, came to fruition in February of 2022 when Russia invaded. In the five topics of supply chain sanctions in AML, corruption is a national security issue, cyber security and ESG, we will explore how businesses have changed literally forever with the advent of the conflict in Ukraine.

These strengths did not come out of nowhere. They have been in business, bubbling up over the past two to three years, perhaps even longer. But now, compliance officers, business executives, legal eagles, and the government needs to understand that business has changed forever. And we’re going to explore that in this podcast series. Hello everyone, this is Tom Fox back again with Brandon Daniels, CEO at Exiger, Inc, for our continued exploration on how the business world has changed forever. First of all, Brandon, welcome back.

Brandon Daniels:

Yeah, thank you, Tom. It’s good to be back.

Tom Fox:

Brandon, now let me turn to cyber security. And certainly this was an issue and it’s an issue Exiger was very concerned with for years before the Russian invasion of Ukraine. But I would say one of the changes is US companies now see cybersecurity not as a business threat that might curtail operations and cause a ransomware payment to be made, to actually a national security issue that you and the others in the government have been talking about for some time. Is that assessment’s fair or do you see cybersecurity changing differently after the Russian invasion?

Brandon Daniels:

That’s a great question, Tom. The nature of cybersecurity was made explicit by the Russia-Ukraine war. The United States is subject to non-kinetic warfare all the time. And I hate to say it, but Russia and China are essentially showering us, in a lot of cases state actors, are showering us with attacks and attempted and successful acts of IP theft. And so what the Russian invasion of Ukraine highlighted for us and for our customers was that this non-kinetic warfare is happening all the time and it’s going to heat up when the US and Russia are on polar opposites of a geopolitical debate. And really, the geopolitical debate here is the survival and the viability of democracy as opposed to autocracies. That’s the existential crisis that we’re all in. Now, I would bet on democracy every day of the week. I mean, I think the rest of us that love this country would as well. But cybersecurity as another battle front was just made more explicit by the Russia-Ukraine war and by Russia’s attempts to compromise US facilities, US companies and US technology during this crisis.

So the first thing is really that, I think it just gave everyone else an understanding of how serious cybersecurity really was from a defense perspective and not just from a corporate risk management perspective. The second point on cybersecurity that really came to light for me was how interconnected it is to commerce. So what we realized, and I think what we’ve been preaching for a while at Exiger, but I think the market really had an awakening moment, recognizing, was the nature of some of our near peer adversaries and how they use business as a way to further the ambitions of the state. If you look at the supply chain attacks over the last 20 years, or even the last 10 years, Tom, the largest supply chain attacks or the largest cyber attacks that have occurred, 80% of them have been supply chain attacks. So they have been due to software that you had integrated into your organization as a vendor, as a clean vendor, as a clean piece of software.

But somewhere earlier in that software development, in that vendor’s purchasing of underlying software capabilities, there was a malicious piece of software that was planted by a state-owned actor or criminal network that was associated with a near peer adversary. And that interconnectedness between third party and supply chain risk management and cyber risk management was made so much more explicit, so much more clear, was really highlighted in the Russia-Ukraine war. Because you saw people, for instance, recognizing, oh my gosh, I’ve got vendors that are owned one to two degrees away by Russian oligarch. That Russian oligarch might be using the fact that we use their software one to two degrees away as an entry point to steal classified information about what the US government is doing in critical infrastructure, let’s say. So the nature of cybersecurity and its interconnectedness with third party and supplier risk management, I think was, again, another revelation that came out of this crisis and this conflict.

Tom Fox:

Brandon, we’ve talked about specifically supply chain in this podcast series. We’ve talked about trade sanctions, economic sanctions, and export control. Anti-corruption is a national security issue. Crypto and cyber. And one of the themes that I’m hearing throughout this is that although we have talked about these risks in a different podcast, they are not siloed. And in fact, they’re almost all interconnected. And just on your last remarks, you talked about cybersecurity, you talked about supply chain, you talked about crypto, and I heard sanctions as well. How would you counsel, perhaps a client, to help them understand not only the interrelated nature of these risks, but a very holistic risk management approach? Starting with the board of directors and senior management to manage these risks going forward.

Brandon Daniels:

So the one thing is, it’s easy to get overwhelmed. I know there’s a lot of complexity here. When we deal with most companies, the biggest issue is where do we get started? You’ve got these foreign ownership control and influence issues. You’ve got ESG issues, like environmental risks, carbon emissions, companies that have contributed to superfund sites. You’ve got social issues like modern slavery or situations where labor strikes can create supply chain disruptions. I mean this kind of panoply and complexity of risk is really hard to fathom and it’s even harder to manage and mitigate. And so what we counsel our clients to do is to take it in a format that is much easier to manage. What I mean by that is, look at it in three distinct areas of control. One is, what risks do your vendors inherently have? We’ve built software processes and expertise that helps clients to assess each vendor that’s in their environment for operational risk, foreign ownership control and influence, financial health, and reputational criminal and regulatory risk.

We basically allow them to assess every vendor on an individual and singular basis. And we allow them to do that on tens of thousands, hundreds of thousands, millions of vendors, depending on how big they are and how big their scale of their supply chain is. But the first thing is, think about vendor risk appetite first. So what things do I want to flag when it comes to each vendor coming through my pipeline? And create an onboarding process that manages to that risk appetite, that risk threshold. And then monitor for the risks that could pull a vendor above that risk threshold. And don’t do more than that. Get a risk appetite on those four quadrants, operational risk, regulatory/reputational risk, foreign ownership control and influence, and financial health. And then determine where you think vendors could fall outside of risk appetite based on those four very key attributes. The second type of risk I look at is industry risks.

So one of the major critical industries that I’m relying upon, I’m a cloud hosting company. I’m worried about computing resources. I’m worried about bandwidth or fiber optic resources. And I’m worried about, let’s say, power. Take those industries and just monitor those industries for volatility, for risk, for issues. Don’t try to boil the ocean, just look at your critical industries and see where you might have issues that are coming up that could be problematic. And the last thing is jurisdictional risk. What I traditionally do is, I look at where my facilities are. I look at where my top or most critical products are being manufactured. Again, if I’m a cloud hosting company, it might be the microelectronics that I use to power my global computing resources. I look at that industry.

I determine where the concentration of manufacturing locations are and then I monitor, for instance Taiwan and the South China sea, and make sure that I’m monitoring those couple of countries that are just so imperative to me. Or those couple of jurisdictions, regional jurisdictions, that are so imperative to me. Because if I take it in those bite size chunks; company, industry, and jurisdiction, and then I monitor for anything that looks crisis-esque, I can at least maintain a reactive posture on upcoming events. And once I’ve done that, then I can do a whole bunch of maturing and evolution and increasing complexity and efficacy work to continuously improve that program to start to work towards the proactive.

Tom Fox:

Well, Brandon, unfortunately we are near the end of our time for this episode. I hope our listeners will join us again tomorrow, where we conclude our podcast series with a look at how the world changed with ESG. This is Tom Fox, thank you for listening to this episode of Never The Same: Business After the Ukraine War. This podcast was produced by One Stone Creative, and I want to give a shout out to Megan Dougherty, Audra Casino, Darla Field, and the entire team at One Stone Creative.

If you are interested in podcasting and need some help, or you want to have a turnkey solution, my suggestion is you would contact One Stone Creative. We’re going to link to them in the show notes. On a very personal note, I hope this podcast series will get you to think and be curious and look at all of the issues we have explored in this podcast series. I really believe we have had a true watershed moment and I think those who don’t understand that will be left in the dust of 2022. This is Tom Fox, thank you again for listening. Never The Same: Business After the Ukraine War is a part of the Compliance Podcast Network.

Brandon Daniels:

The kind of brand damage that can come from people losing faith, losing trust, losing a fealty to your brand is something that no regulatory fine could ever come close to replicating.

Tom Fox:

Welcome to one of the most important podcast series I’ve ever been associated with, Never The Same: Business After the Ukraine War. In this five part podcast series, along with my co-host Brandon Daniels, we explore how currents which have been percolating since at least the onset of the pandemic in 2020 came to fruition in February of 2022 when Russia invaded. In the five topics of supply chain sanctions and AML, corruption as a national security issue, cyber security and ESG. We will explore how businesses have changed literally forever with the advent of the conflict in Ukraine.

These strains did not come out of nowhere, they have been in business bubbling up over the past two to three years, perhaps even longer. But now, compliance officers, business executives, legal legals, and the government needs to understand that business has changed forever and we’re going to explore that in this podcast series.

Hello everyone. This is Tom Fox back again with Brandon Daniels, CEO at Exiger for our concluding episode of our five part series on Never The Same, how the business world changed after the Ukraine invasion. Brandon, first of all, welcome back.

Brandon Daniels:

Thank you Tom. Thank you for having me.

Tom Fox:

Brandon, once again our topic today is something that has been percolating for quite some time, it the sped up during the pandemic and is now one of the most ubiquitous terms in business, which is ESG. But I think some significant changes have come to ESG from the Russian invasion of Ukraine, and indeed ESG will never be the same and it will never impact companies less going forward. But from where you sit, how do you see the impact of ESG on companies having changed from the Russian invasion?

Brandon Daniels:

I think ESG, as you mentioned, prior to the Russian invasion of Ukraine prior to the war that has been carried out by the Russian autocracy on the sovereignty of democracy, ESG was amorphous. Meaning, it meant different things to different companies. At some companies that would focus on the G and they’d almost exclusively focus on things like cyber governance. Am I managing my risk register effectively? I had people that would ask me about ESG and it would be all about DE&I, right? Diversity, equity and inclusion. And in some cases they might even include sort of best practices in labor management and stamping out modern slavery. And yet another cohort of customers would look at ESG and they would talk about nothing but environmental risk issues. Very few clients that I’ve spoken to have thought holistically about how their brand is impacted by all three of those areas, environmental, social, and governance problems. Until the Russia war against Ukraine, until this war broke out people hadn’t put together those three as a comprehensive assessment.

The fact that so many companies were hit so hard by the disruption of the Russian supply chain set a blinding lights in front of most corporate risk managers across our US and allied partner industrial base. Because what it did was it flagged for you that, hey, a huge volume of your aluminum is coming from Russia. A huge volume of your neon is coming from smelters in Ukraine. A large volume of companies had spread to Russia and had coupled with some characters that supported Putin’s regime pretty closely. And so you had these existential shifts in ESG where people were confronted with the fact that, oh, we’re way too reliant on fossil fuels coming from Russia, which was the E issue. There weren’t strict trade regulations. We were largely still dependent on Russian gas in Europe. Being confronted with that issue made people think, well, what kind of concern is this great for me, not just in terms of supply disruption but reputational brand damage.

In terms of social issues, again, companies were forced to first say, well, let me comply with sanctions but then a bunch of companies, there were boycotts against companies that maintained relationships with the Russian autocracy, right? I mean, there were boycotts against companies that had ties to Russian oligarchs. There were companies that extracted themselves together from Russia. Exiger took a really sort of strict stance on this Tom, and just said, we’re not doing due diligence or not providing our services, our technology to any companies that support any of these Russian interests. Look at the S side of ESG, way beyond compliance. They decided to protect reputational brand and that’s going to have a lasting impact on how people think about ESG and ESG scoring and ESG resilience and ESG prioritization.

The last thing is in terms of board governance and in terms of governance overall, how do you systemically prepare for, and then actually act in the case of a crisis? I think a lot of companies were caught flatfooted. Again, looking across the three pillars of ESG, I think the Russian invasion of Ukraine forced us to, one, take ESG more seriously than I think people had previously. Two, I think it codified and solidified in people’s minds, the need to manage ESG as a part of reputational brand value. And then lastly, I think it really put a fine point on the idea that you have to look at ESG proactively because trying to react to these situations causes so much turmoil that it’s not tolerable in a traditional corporate risk management framework.

Tom Fox:

Reputational risks and damage that you articulated in prior answer really spoke to or raised a question from me about has potential reputational damage become more significant than potential regulatory damage? So in an earlier podcast, we talked about economic sanctions, trade compliance. And if a company might violate those, what some of the regulatory sanctions might be. But my question is if they engage in that type of behavior, if they continue to do business in Russia, would the potential reputational be even greater and the financial loss be greater?

Brandon Daniels:

It’s certainly greater than it’s ever been, meaning regulators can impose big fines to the tune of billions of dollars. We’ve seen that. As we saw in the financial crisis, the fines reached unbelievable levels, but the reputational damage, the brand damage that has come out of the Russian Ukraine war. Hurts your top line revenue, so whereas fines and regulatory issues can drain cash. Your market cap, your valuation as a business, all that is traditionally driven off of revenue and the impact that the Russian invasion of Ukraine had on companies, because companies had ties to this brutal regime could be in the billions of dollars in just revenue. But then could also be a lasting value. And what’s more purpose driven. What is more purpose driven than supporting democracy and supporting the arrest, the fight against a brutal regime that is quite literally killing innocent women and children.

This isn’t a question of risk management or risk appetite, Tom, this is a question of deciding whether or not you as a brand have a brand that can stand for the ideals of freedom and the ideals that we have for an inclusive and fair and open and democratic world. And so when we talk about purpose driven, we have to remember that what people are demanding is a company that aligns with their values, aligns with their ethics. And again, the kind of brand damage that can come from people losing faith, losing trust, losing a fealty to your brand is something that no regulatory fine could ever come close to replicating.

Tom Fox:

Brandon, I can’t really think of a better way to end this series. We started off talking about how the Ukraine war had driven regulatory change and business risk change. We pivoted to how companies might think through managing these changes and using these as a business positive going forward. And now we’ve tied it back to what I think is the most important theme of this podcast series, which is the fight for democracy. And that businesses have a place in this fight and doing business in a manner that’s purpose driven with a framework that people can agree on with the way we can measure and test against that framework to see how we’re doing really is in my mind, a great way to end this series and to hope people will understand the things not only they now face, but perhaps how they can meet those challenges going down the road.

Brandon Daniels:

Absolutely, completely agree. We’re in a market. We’re in a global corporate ecosystem that is changing for the better we’re making the world a safer place to do business. And I think that ultimately, despite some pain, despite the volatility at the end of the day, our goal is to provide sustainable growth that’s fair, just and provides opportunity for individuals to thrive. There’s no way to do that without having risk management, strong governance and the ability to sometimes put our ethics above profits.

So Tom, thank you for this entire conversation and thank you for continuing to highlight how critical it is that we get this entire complex framework of risk management right for generations to come.

Tom Fox:

This is Tom Fox. Thank you for listening to this episode of Never The Same: Business After the Ukraine War. This podcast was produced by One Stone Creative, and I want to give a shout out to Megan Dougherty, Dr. Casino, Darla Fields and the entire team at One Stone Creative. If you are interested in podcasting and need some help or you want to have a turnkey solution, my suggestion is you would contact One Stone Creative, we’re going to link to them in the show notes. On a very personal note, I hope that podcast series will get you to think and be curious and look at all of the issues we have explored in this podcast series. I really believe we have had a true watershed moment and I think those who don’t understand that will be left in the dust of 2022.

This is Tom Fox, thank you again for listening. Never The Same: Business After the Ukraine War is a part of the Compliance Podcast Network.