The Invasion of Ukraine Turbocharges the Need for Effective ESG and Resilience Governance

Russia’s invasion of Ukraine is the most dramatic geopolitical rupture of the last eight decades. Are your CEO, management, and board prepared?

Of course, a war in Ukraine, which is Europe’s second-largest country (covering 603,500 square kilometers), has macro-level humanitarian, economic, geopolitical, and military implications. However, individual businesses also have critical considerations that they must deal with immediately: the well-being and safety of people, facilities, and assets; the status of operations, contracts, and supply chains; the protection of future revenue streams; the pivot to a long-term resilience plan; and the protection of brand and reputation.

Business does not operate in a vacuum. It impacts climate, people, and assets, and in turn, it is impacted by world events including natural disasters, pandemics, and wars. Thus, business increasingly requires environmental, social, governance, and technology (ESGT) situational awareness, risk management, and resilience.

As Mirova CEO Philippe Zaouati said, “Ukraine is one of the most important ESG issues we’ve ever had. It’s a vital issue for energy and human rights, and questions whether we still want to live in a democracy or not.”

In the context of the invasion of Ukraine and the subsequent economic sanctions on Russia, the business world has seen the full spectrum of corporate reactions from those professing to be walking the talk by immediately leaving Russia (BP) to those who say that they are acting consistently with their ESGT programs by staying in Russia to serve essential foods such as baby formula (Danone) to those with ESGT programs taking their time to leave (investment banks such as Goldman Sachs Group) to those devoid of ESGT programs refusing to shut down operations (crypto companies).

ESGT is not primarily about ratings, metrics, or investor- or regulator-imposed requirements. Rather, at its best, ESGT is the discipline of understanding and deploying your company’s core environmental, social, governance, and technology issues, risks, and opportunities in strategy and tactics consistent with your mission, vision, and values. If a company builds an ESGT-resilient organization, the metrics and the ratings will reflect this success. On the heels of the invasion of Ukraine, companies that have publicly embraced ESGT will need to account for how they handled the crisis and whether they did so in alignment with their professed ESGT principles.

What Is a Board to Do?

The short answer is “a lot.” In the wake of Russia’s invasion of Ukraine, your board should start by engaging in profound introspection. Is your board properly structured and populated to be ready for the world as it is and as it will be—instead of the world as it was prior to the Russian invasion (and the COVID-19 pandemic)?

Several steps can help your company prepare for the current and future world.

Build a board skills matrix if you don’t have one already. Consider the following two questions as you build it:

• Do you have columns for ESG, technology, cybersecurity, risk management, and resilience expertise? If not, it’s time to add one or more of these columns to your matrix.
• Are there directors presently serving with one or more of those skills? If not, start looking for new directors, who might be business-savvy chief risk officers, digital transformation and cyber experts, futurists, and systems thinkers.

Ask management questions relevant to your company’s ESGT profile. Use the following list as a guide for ESGT issues, risks, and opportunities related to the Ukraine invasion to discuss as a board. Then, make this discussion a regular practice, connect it to risk governance, and ensure it is embedded in strategy and opportunity governance.

• Environmental: destruction of habitats, cities, plants, infrastructure, facilities, and offices; pollution from destruction; destruction of agriculture and food supplies; ecological disaster due to closeness to nuclear plants; and biodiversity loss

• Social: health and safety of employees, contractors, partners, and their families; human rights; political speech; labor rights; migration issues; discrimination, harassment, and bullying; and data protection

• Governance: geopolitical and geoeconomics risk preparedness; reputation risk management; resilience building; the CEO’s public comments; sanctions compliance; review of investments, partnerships, and joint ventures; review of supply chain contracts; and review of sales contracts

• Technology: Internet access and usage; social media; digital chatter; cybersecurity; data privacy; data back-up; hardware and device maintenance; Internet of Things; and drones

Assess risk governance. What’s the state of your risk oversight processes? Do you only schedule related discussions when and if there is a material event, or do you have a systematic approach to reviewing risk and embedding it into your strategic exercises? Specifically, boards should ask themselves the following questions:

• Do we have board directors who are risk-savvy and experienced?

• Do we have a committee that oversees risk proactively beyond the audit committee?

• Does the company have a savvy chief risk officer and team? Do the team members have the resources and tools necessary not only to manage risk but also for foresight and futureproofing? Do they report to the board, or does the board talk to them regularly?

Assess organizational resilience oversight. What’s the state of your organizational resilience? Do you exercise regular oversight of the following?

• Crisis management plan and team, including a board liaison or member

• Business continuity plan and team

• People protection plans, including travel

• Remote work ecosystem

• Data protection and back-up systems

• Cybersecurity

• Facilities protection

• Third-party experts on call, including legal, public relations, cybersecurity, and rescue experts

The Bigger Picture

How do you want to be regarded by your stakeholders, and what is your company’s appetite for reputation risk? Do you want to be remembered as a company that took a stand early and firmly, such as BP and Exxon Mobil Corp.? Or do you want to be named on a variety of boycott lists for wanting to continue doing business in Russia after economic sanctions began? If you decide to continue doing business in Russia, do you have a well-thought-out policy, plan, and communications strategy that is consistent with your professed values, purpose, and ESGT program?

While the world is absorbed in this global crisis, other big systemic challenges aren’t going away (see the Intergovernmental Panel on Climate Change report that was recently released). In this deeply turbulent time, corporate boards must double down on ESGT risk governance, foresight, situational awareness, and resilience-building—and do it for the long term.

If there were ever a time for ESGT oversight, it is here and now.