It May Be Time for Government Intervention on Corporate Risk

It’s so easy to forget the close calls. I was reminded of this while reading an article in a recent issue of The New Yorker, which looked back at one of the more terrifying international crises of recent years—the near war between India and Pakistan in 2002. That event marked the first time since the Cold War that two nations threatened to launch nuclear weapons at one another, and to this day it’s not clear either country has developed a realistic plan about how to manage their weapons responsibly. Even so, this danger is almost entirely ignored by the ever-growing number of companies that rely on work done in India.

Some readers will wonder why a war in India, even if nuclear, should concern the average CIO. But others will see the point immediately, which is that the detonation of even a single nuclear weapon in a modern capital would all but paralyze the flow of information, money, goods and people into and from that country. This of course means that any company that has, say, located key back-office capacity within that nation’s borders better have an airtight contingency plan that can be implemented immediately, using resources far from the affected lands. Yet as we all know, in a business environment shaped by intense global competition and shareholder pressure, such plans are increasingly rare.

Today’s interconnected world is full of risks with the potential to trigger catastrophic business shutdowns. Flu epidemics, natural disasters, terrorist attacks, political uprisings, war—the dangers are so varied that it’s only natural to feel a sort of paralysis when confronted with what might happen. Sometimes it seems the only option is simply to go about business as usual and pray that when the next disaster strikes, it won’t prove so devastating as to make recovery impossible.

Yet there are in fact many actions we can take to limit the risk, once we set our minds to the task. The catch? Well, actually there are two. First, any general fix will raise one’s cost of doing business, at least temporarily. Second, and far more important, the only way to guarantee a level playing field, to ensure that all companies will be willing to accept the higher costs, is for the government to regulate the process by demanding that all companies respond to the new landscape of risk. This is true not only in India but in any country that serves as a major link in the new global economy.

The Fallacy of Rationality

During the 2002 crisis, many companies doing business in India woke up fast to the risk of relying on key business operations and personnel located there. Yet as is so often the case, the fear faded almost as soon as the threat of war did, and it was not long before most companies were acting as if nothing had ever happened. We all know why it can be so hard to focus on political risk. For one thing, everyday competition is replete with near-term dangers that can seem far more pressing. More disturbing is the utopian thinking on the part of those who are supposed to manage political risk. An increasing number of executives seem to assume that the very fragility of their operations will discourage political conflict. Politicians, these executives believe, will always rationally conclude that their own self-interest and the interest of their people will be served best by avoiding any conflict that might throw a monkey wrench into smoothly operating cross-border business processes. One example of such thinking was a Thomas Friedman column in The New York Times about the Indian nuclear scare. More than the soothing voice of the U.S. Secretary of State Colin Powell, Friedman wrote, it was pressure from multinationals like GE that convinced the Indian government to “cool it.”

It doesn’t take much effort to spot the deep flaws in this thinking. The idea that national leaders, caught in a crisis that might cost millions of lives, would be influenced by the fear that foreign investment could suffer would be laughable were it not so naive. Not that such hubris is new to the world of business. Longtime IBM CEO Thomas Watson remained convinced until after the outbreak of World War II that international businesses could lead Adolf Hitler onto the road to peace.

Many executives scoff at the idea that government can really do anything to reduce the risks posed by a globally networked system of production. After all, for a generation now we have been told that the market controls us, not the other way around. We must keep in mind, however, that the corporation, and indeed the marketplace itself, are ultimately tools that can be shaped in different ways by different policies to yield different outcomes. We can adjust everything from trade rules to risk management systems, and do so in a way that boosts security while preserving true freedom for managers.

Change is already on the way. Policy-makers are fast waking up to the new nature of business risk, and they are beginning to alter long-standing policies. The problem is that their responses can prove to be counterproductive, if not downright dangerous. A perfect example is the U.S. port controversy, a case in which protectionists managed to chase away an important foreign investor without improving the security of the United States one iota. The real question for CIOs is whether they will help shape the new policies or simply allow their practices to be shaped by them.

There is much CIOs can do right now. Insist that all outside service providers prove they have detailed plans to deal with any contingency. Apprise other members of the management team and the board of directors of the global risks. Seek out counterparts at other organizations to share best practices and develop ideas about what sort of government regulations would result in true redundancy at the lowest cost. Simply requiring companies that do business in the United States to divide their information processing work equally among two providers, located in two nations, would dramatically lower the level of risk. Yes there will be some cost. But it will surely seem worthwhile to any CIO who wakes up one day to read of an outbreak of avian flu in, say, Bangalore.

Being the bearer of bad news won’t make you the most popular executive at headquarters. But an honest assessment, supported by a well-thought-out plan to solve the problem, will gain you the respect of your peers. If anything, CIOs who provide their executive team with a more realistic appraisal of the risks posed by global networks will reap greater responsibility and bigger budgets. In some cases work that has been outsourced may need to be brought back inside. In many cases, outsourced work will have to be managed much more closely.

We must adjust our thinking to make sure this new world of outsourced activities upon which we now rely is flexible and redundant enough to absorb any political, economic or natural disaster that we can imagine. CIOs are in a position to help lead the way.