3 Ways the War in Ukraine Could Impact Your Third-Party Risk Program

While we observe the situation in Ukraine with concern, our hearts go out to those who are directly affected.

Many nation-states and international organizations have implemented harsh sanctions in reaction to the invasion in hopes that it will prevent the Russian government from obtaining funds and supplies to pursue the invasion of Ukraine.

But how will this affect European and global businesses that work either in or with Russian companies? Risk management executives are either already feeling the effects of the Ukrainian conflict and the sanctions put on Russian and Belarusian players or will shortly.

The Geopolitical Implications of the War on Ukraine

As the Russia-Ukraine war continues, the United States, the United Kingdom, the European Union, and several other countries have placed sanctions on specific Russian business organizations, individuals, and the Russian state.

Thousands of international employers, particularly those in Russia and Ukraine, are preparing for the unavoidable economic disruption as workforces and supply networks are interrupted. This is on top of existing recovery efforts from the crushing effects of the COVID-19 pandemic.

Sanctions

Because of the scope and depth of impacted parties and the fact that they come from numerous nations that have condemned Russia’s conduct, the sanctions imposed on Russia are highly complicated and frequently changing.

Additionally, each country and international organization has its list of sanctioned parties, creating a somewhat daunting list of activities for businesses in the international community. This list is not complete and is constantly being updated. However, the main areas where sanctions have been imposed are as follows:

• The United States and its allies announced the suspension of some Russian banks from the Society for Worldwide Interbank Financial Communications (SWIFT). SWIFT is an international communication service used by banks all over the globe to conduct business and make payments, and it is an essential mechanism for participating in international trade.
• Russian financial institutions are now prohibited from conducting transactions in the US currency, euro, and pound sterling.
• There is a growing list of financial companies whose assets have also been frozen.
• Individuals with close links to the Russian President Vladimir Putin or the Russian Parliament face further measures, such as asset freezes and property seizures.
• Certain products and technologies that can improve Russia’s military and aerospace industries, such as electronics, semiconductors, and telecommunications, are prohibited from being exported to Russia.
• Sanctions have been imposed on Russian enterprises in almost every primary industry (including natural gas and oil), potentially straining supply lines and critical infrastructure that the pandemic has already weakened.

The Impact on Your Third-Party Risk Management Program

Organizations and their supply chains have had to scramble to adjust their operations in the last year alone, as they faced a growing global pandemic, a complete interruption of the Suez Canal, fatal shortages in electronics manufacturing, unprecedented change in consumer habits, ongoing port congestions, and now Europe’s largest conventional military assault since World War II.

Here are some of the significant Third-Party Risk Management (TPRM) concerns that companies will confront and that risk managers should keep a close eye on due to the Ukraine conflict.

Supply Chain Disruption

Organizations with critical suppliers in Ukraine, Russia, or Belarus must plan for such suppliers to be entirely shut down due to sanctions, cybersecurity intrusions, employee safety precautions, or even direct physical damage to critical infrastructure.

Businesses should anticipate shortages and supply chain attacks exacerbated by an already damaged infrastructure attempting to recover from COVID-19.

For example, Ukraine generates approximately 75 percent of the world’s Xenon and Neon gas, which are crucial components in fabricating semiconductor chips - implying that an already severe manufacturing shortage will worsen for at least the next several years.

Increased Cybersecurity Risks

The threat of exposed cybersecurity vulnerabilities and cyberattacks on the global technological infrastructure is expected. Many cyberattacks have already hit Ukrainian service providers, including financial, administrative, or military in nature.

The downstream ecosystem of technology will remain vulnerable to catastrophic flaws, and hackers will dive as deep as possible to acquire important information or data. As a result, risk executives should revisit their cybersecurity and business continuity plans in anticipation of an increase in the number of attempted assaults as data security breaches, particularly within their supply chain and third-party ecosystem.

New Financial Risks

The cost of interruption will significantly impact every link of the end-to-end supply chain due to material shortages and reliant industries. The most visible example is Europe’s reliance on Russia for approximately 70% of its natural gas supplies.

Global supply chain transportation and freight have already been disrupted. Higher fuel prices, energy for manufacturing facilities, and other sizable infrastructural reliance will put significant strain on company models and the long-term viability of operations.

Additionally, in reaction to Russia’s invasion, the EU has restricted much of its airspace to Russian jets save for humanitarian missions.

Furthermore, global carriers UPS and FedEx have suspended all shipments to Russia and Ukraine and may explore additional restrictions if the war directly affects other nations. These decisions will have an immediate and direct influence on logistics and freight-based travel costs.

Best Practices to Adapt Your TPRM Program

Organizations must strengthen their third-party risk management program and protect themselves from the potential risks resulting from the Ukraine crisis. Risk management professionals should adopt the following best practices to adapt their TPRM programs.

Update Your Business Continuity and Disaster Recovery Plans

Risk managers, Chief Information Security Officers (CISOs), and Information Technology executives must conduct an immediate evaluation of their reliance on major IT providers in the area and examine their capacity to swap vendors swiftly if the need arises.

Examine business continuity plans, supply chain arrangements, and local or global alternatives, and ensure that individual leaders have the authority to make such choices quickly if needed.

Educate Your Employees On The Heightened Risk

Ensure that everyone in the organization is aware of potential threats. To prevent instilling unwarranted anxiety, keep your content truthful and brief. In addition, empathy should be shown in your messaging, especially if you have employees who may be directly affected by the occurrence.

Make sure your personnel is ready for phishing attempts and exhibit email and digital communication best practices such as not opening or clicking on emails or links from unknown senders.

Plan for Supply Chain Disruption

Businesses should plan for supply chain interruptions, shortages, and disruptions for at least the next 24 months.

Considering that Russia provides more than a third of Europe’s natural gas and is also the world’s second-largest exporter, and the fact that Germany has already blocked permission of the Nord Stream 2 pipeline, you’re probably already bracing for increased fuel costs and potential supply shortages.

Also, as the EU has blocked its airspace to all Russian planes and FedEx and UPS have banned shipments to both Russia and Ukraine (as of this writing), you should expect rises in the cost of, and interruption in, both travel and freight transit.

Furthermore, shortages are also expected for metals, industrial gasses, maize, and wheat. If those exports or imports impact your business, you should plan how your business can transition now.

Re-Think Your Downstream Supply Chain Now

Cyberattacks against Ukrainian financial and government systems have already begun. Therefore, companies should start documenting (if they haven’t already) their third-party ecosystem and any connections with critical infrastructure, sensitive assets, and data.

Over 3,300 US and European companies have tier-one suppliers in Russia, while over 650 US and European companies have tier-one suppliers in Ukraine. Begin modeling your tier-one, tier-two, and tier-three vendors if you haven’t already to analyze the possible impact on the downstream supply chain.

Enlist the Help of Third-Party Risk Management Software to Improve Visibility in Your Supply Chain

With the changing landscape of the crisis in Ukraine and the actions of states around the world, it is almost impossible to keep track of all your vendors’ information manually. The situation is simply changing too rapidly.

Vendor Risk Management (VRM) technology tools are your best ally in providing visibility into your inherent and residual risks while minimizing internal maintenance and record-keeping costs.

For this reason, the potential return of investment (ROI) of TPRM software is higher than ever before for businesses impacted by the conflict in Ukraine.

Introducing CENTRL’s Vendor360

Vendor360 is a leading-edge, integrated Third-Party Risk Management platform that allows you to choose and onboard new partners more efficiently. In addition, you can rapidly collect your vendor data, automate your assessments, and have complete control over the supplier due diligence and risk assessment process.

Our platform can help you expedite pre-contract risk analysis for new suppliers by distributing questionnaires to multiple internal teams and assessing inherent risks at each vendor’s relationship, product, and service levels.

Learn more about how Vendor360 can support your business! Book a demo today.