Former Secretary of State Condoleezza Rice and fellow Stanford University professor and political economist Amy Zegart begin their book Political Risk, which was published earlier this year, with a harsh lesson SeaWorld taught the business world about risk mitigation. In July 2013, SeaWorld’s stock was trading at $38.92 a share. By the end of 2014 it was trading at $15.77. In just over a year, the company lost a third of its market value due to what is now called the “Blackfish effect.” Blackfish, a documentary film about the company’s controversial treatment of its famed killer whale, cost about $76,000 to produce and was relatively unknown until it was publicized by a few celebrities via Twitter. Its compelling depiction of SeaWorld’s killer whales made the public wary of visiting the parks. Some parks saw attendance fall by double-digit levels in the years following the film’s release. A later examination of SeaWorld’s corporate response to the film showed that executives were blindsided even though there were many reasons to believe they should have been better prepared.

The point of the SeaWorld example is that a small budget film and a few celebrities with Twitter profiles can wipe out billions in a corporation’s market value. It is a powerful example of the 21st century political risks faced by today’s business leaders and helps quantify the value of effective security risk mitigation.

Defining 21st Century Political Risks

In the past, the political risks that companies faced were primarily actions by governments or organized adversarial groups, such as terrorist groups. The authors give examples of this old form of political risk emerging from individuals like the late Venezuelan dictator Hugo Chavez, who nationalized western companies operating in his country and who banned the sale of certain products for political reasons.

This old version of political risk has not disappeared from the world business stage, but it has been joined by new “risk generators” that companies face – and that Rice and Zegart spend 336 pages of their book examining. According to the authors, the 10 political risks facing companies today are:

  1. Geopolitical – Wars, power shifts, sanctions and interventions
  2. Internal conflict – Social unrest, violence and nationalism
  3. Laws, regulations, policies – Changes in foreign ownership rules, taxation, environmental regulations
  4. Breaches of contract – Governments reneging on contracts and agreements for political reasons
  5. Corruption – Discriminatory taxation and systematic bribery
  6. Extraterritorial reach – Unilateral sanctions, criminal investigations and prosecutions
  7. Natural resource manipulation – Politically motivated changes in supply of energy and other scarce resources
  8. Social activism – Events or opinions that “go viral” and facilitate collective action
  9. Terrorism – Politically motivated threats of violence
  10. Cyber threats – Threats or destruction of intellectual property, espionage and massive technology disruption

The Authors’ Framework for Managing Political Risk

If your company faces any of the risks mentioned above – which affect pretty much any corporation since, as the authors explain, “anyone armed with a cell phone or a Twitter or Facebook account can create political risks” – you are in luck. While the Stanford professors go to great lengths explaining the different political risks faced by companies, they spend equal or more time detailing how to mitigate them. While the authors acknowledge that context is needed to address each risk a company faces, they present a four-part framework with questions a company’s leaders and risk professionals should ask and have answered to manage political risks.

  • Understand – What is your organization’s appetite for political risks? Is this understanding shared universally within the organization? If not, how can you foster a new understanding or reduce blind spots?
  • Analyze – How can your organization get good information about political risks it faces? How can you ensure a rigorous analysis of that risk? How can you integrate political risks into business decisions?
  • Mitigate – How can you reduce exposure once a risk is identified? How can you ensure systems are in place for timely warning and action? How can your organization limit damage once something happens?
  • Respond – Does your organization capitalize on near-misses? Is it reacting effectively to a crisis? Are you developing mechanisms for continuous learning?

‘Nobody gets credit for fixing problems that never happened’

Securing more resources for political risk mitigation can be a hard sell in some organizations because, as the authors explain, “Nobody gets credit for fixing problems that never happened.” But as the Blackfish example and numerous others detailed throughout the book highlight, for companies caught unprepared, it is not just the “risk people” who have to answer but the CEOs and other top leaders.

In addition to defining types of political risks facing companies and the risk mitigation framework, Rice and Zegart keep Political Risk engaging with numerous anecdotes of political risk issues that companies have faced and how those companies either successfully or, in some cases, unsuccessfully mitigated them. These examples offer corporate leaders an understanding of why incorporating political risks into their business strategy is the right approach and, at the same time, serves as a practical handbook for security and risk professionals responsible for mitigating such risks for their companies.

Whatever position you hold, Political Risk is a must-read for any leader concerned about protecting their company’s people and reputation.