The Case for a Political Risk Committee

THE STRATEGIC EDGE  |  Blog Series by Stefan Borst

Your firm almost certainly has an audit committee. It probably has a compensation committee, a nomination and governance committee, and – depending on the sector – a technology or cybersecurity committee. If it operates in a regulated industry, there may be a dedicated risk committee overseeing financial, operational, and compliance exposures.

Now ask yourself a simple question: which committee owns political risk?

While geopolitics disrupts the world around us in most companies, the answer is still: nobody. Or, more precisely, everybody and therefore nobody. Political risk, the one we see manifest in headlines or in our social media feeds, remains largely in the „no-man’s-land“ of governance. Meanwhile government action, regulatory shifts, geopolitical disruption or political instability materially affect business performance. It surfaces in board discussions only when a crisis forces it there. A sanctions package hits a key market. A tariff announcement wipes out supply chain assumptions. An election result rewrites the regulatory outlook overnight. The board reacts. Management scrambles. PA leaders are ordered into firefighting mode. And afterwards, everyone agrees someone should have seen it coming.

This is not an edge case. It is the defining corporate risk of our era.

The Data Is Unambiguous

In McKinsey’s December 2025 Global Survey on economic conditions, executives identified geopolitical instability as the number one risk to company growth over the next twelve months – the first time since March 2022 that it has topped the list, overtaking trade policy changes, macroeconomic volatility, cybersecurity, and technological disruption. The Conference Board’s 2025 C-Suite Outlook echoed this: CEOs globally ranked intensified trade wars as the top geopolitical risk to their companies, with US-EU-China tensions cited as a high-impact issue by nearly 50 per cent of executives in Europe and Asia.

McKinsey’s research on CEO responses to geopolitical upheaval is even more revealing. It found that only one-third of executives were confident in their organisations’ ability to manage trade policy changes. Board directors, the report noted, frequently said they were ready to deal with challenges close to home but unprepared for major global crises and larger-scale forces that were, in McKinsey’s words, “too ambiguous to understand fully.”

Meanwhile, Weber Shandwick’s 2025 study found that just 17 per cent of CEOs felt their communications and public affairs functions were well-equipped to navigate the current environment. Only 10 per cent felt very well prepared to deal with global armed conflict. Less than a quarter considered themselves prepared for public criticism from elected officials.

In other words: executives overwhelmingly recognise political risk as the dominant threat to growth, while simultaneously acknowledging that their organisations lack the governance structures, capabilities, and preparedness to manage it. If you would be confronted with a similar assessment in the area of finance – action would be swift and decisive. In Public Affairs hardly anything changes.

The Structural Gap

How did we get here? The answer is twofold. 1. We still have an lack of education at the level of major business schools as I have outlined here. 2. It lies in how boards have historically categorised risk. Financial risk has quantitative models, a regulatory framework (Basel, IFRS) and decades of board-level infrastructure. Cyber risk, once treated as an IT problem, has been elevated to board level over the past decade, with dedicated committees, external advisors, and formalised reporting cadences. ESG risk, for all its political volatility, has generated its own governance apparatus – committees, metrics, disclosure requirements.

Political risk has none of this. It has no standardised framework, no agreed reporting metrics, no dedicated committee structure, and no regulatory mandate requiring boards to demonstrate oversight. It is, as I have argued before, the last unmanaged corporate risk. And the real irony is that it may also be the one with the most direct impact on enterprise value.

Consider the numbers. When Russia invaded Ukraine in February 2022, BP was forced to abandon its 19.75 per cent stake in Rosneft – taking a $25.5 billion hit in a single quarter. The largest writedown in the company’s history. Shell wrote off $5 billion. TotalEnergies booked $7.8 billion. Across the oil majors alone, Russia exits erased approximately $40 billion in value. Carmakers, chemicals producers, banks, and retailers added billions more. These were not the result of operational failures, competitive missteps, or technological disruption. They were the direct consequence of a political event for which most boards had no structured governance response.

Or consider the tariff shock of 2025. J.P. Morgan estimates that US tariffs on vehicles and auto parts imposed a $41 billion cost on the automotive industry in the first year alone. Toyota projected $9.1 billion in tariff-related costs for its fiscal year ending March 2026. Volkswagen reported $1.5 billion in losses in the first half of 2025. Ford accumulated $8.2 billion in losses over the full year. These are not abstract policy debates. They are P&L events – and they arrived at a speed that outpaced most boards’ ability to respond swiftly.

Consider what political risk actually encompasses in 2026:

• Tariff regimes that reshape cost structures overnight.

• Sanctions packages that close entire markets.

• Industrial policy programmes that redirect capital flows.

• Increasing regulatory fragmentation between the EU, US, and China that forces companies into parallel compliance architectures.

• Export controls on critical technologies. Government intervention in M&A.

• The weaponisation of investment screening.

EY’s research underlines the gap between recognition and action. It found that in 2025, 77 per cent of boards considered political risks when making strategic decisions such as M&A or market entry. This is way more than the 55 per cent in 2021. And 67 per cent had engaged in scenario planning around geopolitical risks, up from 42 per cent. Progress, certainly. But EY also noted that this focus remained periodic, leaving many boards unprepared to act when it mattered most. In short: The governance structures have still not caught up with the threat level.

The frequency data is particularly telling. EY’s 2025 study found that only 32 per cent of boards discuss geopolitical risk more than once a year. A majority of 55 per cent discusses it annually at most. And only 2 per cent of S&P 500 companies explicitly address geopolitical risk in their committee descriptions. This is a category of risk that executives rank as their number one concern, governed by structures that treat it as an annual conversation item.

Why Existing Structures Fail

The typical board response to political risk is to park it somewhere in the existing committee structure. The audit committee picks up regulatory compliance. The risk committee monitors financial exposures that happen to have political drivers. The nominations committee may, on a good day, discuss whether the board has sufficient geopolitical expertise.

This fragmentation is well-documented. Deloitte’s 2025 Board Practices survey found that among large-cap companies, 38 per cent spread geopolitical risk oversight across multiple committees, 21 per cent assigned it to the full board, and 18 per cent parked it with the audit committee. But no one really owns it. Political risk is inherently cross-cutting. A single geopolitical event – say, a new round of China-related export controls – can simultaneously affect supply chains (operations), market access (strategy), compliance obligations (legal), workforce planning (HR), and investor expectations (finance). No existing committee is designed to connect all the dots and hold this together.

More critically, most boards lack the internal capability to process political intelligence. A Harvard Law School Forum analysis on the governance of geopolitical risk in 2025 observed that while demand for geopolitical expertise at board level had grown, there remained little consensus on how to approach these risks. Solutions remain bespoke. The integration of geopolitical analysis into governance structures is still the exception.

And here is the deeper issue: political risk is not just a risk to be monitored. It is a strategic variable to be managed. Companies that get this right do not merely protect themselves from downside effects. They identify political shifts early enough to position for advantage – securing subsidies, shaping regulations, entering markets before competitors recognise the opportunity. That requires a fundamentally different governance than passive risk monitoring and crisis firefighting.

The Precedent: BP’s Geopolitical Committee

I am sometimes confronted with the claim that this is an untested theory. Which is not really correct. There are examples out there. The most prominent being perhaps BP. The company established a dedicated Geopolitical Committee in 2014, evolving from the Gulf of Mexico Committee that had been created following the Deepwater Horizon crisis. Its mandate was explicit: to monitor the company’s identification and management of primary and correlated geopolitical risks, to review activities in the context of political and economic developments on a regional basis, and to advise the board on strategy.

The committee’s composition was impressive. It was chaired initially by Antony Burgmans, the former CEO of Unilever, who brought international operating experience and crisis management expertise. From 2016, it was led by Sir John Sawers – the former Chief of MI6 and previously UK Ambassador to the United Nations, Foreign Policy Advisor to the Prime Minister, and Special Representative in Iraq. Other members included Ian Davis, the former global Managing Director of McKinsey and Admiral Frank Bowman. The committee was integrated with an International Advisory Board that included figures such as Kofi Annan, lending diplomatic and conflict-resolution expertise.

What a Political Risk Committee Should Deliver

I am not proposing another bureaucratic layer. Boards are already overloaded and the last thing any chairman needs is another costly committee for its own sake.

What I am proposing is a structured, accountable mechanism for the one category of risk that currently has none. Such a „Political Risk Committee“ – whether a standalone body or a clearly mandated subcommittee of an existing risk or strategy committee – would serve four functions:

First, strategic sensing. The committee maintains a structured political risk register, updated at least quarterly, that maps regulatory, geopolitical, and political developments against the company’s strategic priorities. Not a clippings service. Not a dashboard designed to impress leadership. A prioritised, commercially grounded assessment of political developments that could affect revenue, cost structures, market access, or capital allocation. The committee commissions and reviews scenario analyses for the three to five political developments most likely to have material business impact.

Second, strategic integration. The committee ensures that political risk assessments are embedded in the company’s major strategic decisions – M&A due diligence, market entry, capital expenditure, supply chain design, and partnership selection. It serves as the bridge between the PA function’s intelligence and the board’s strategic oversight. No major investment decision should go to the board without a political risk assessment attached. This is the equivalent of requiring a financial model – nobody would approve a €500 million acquisition without one. The same discipline should apply to political risk.

Third, capability oversight. The committee evaluates whether the company’s PA function, government affairs team, and external advisory network are fit for purpose. Does the team have the right skills, seniority, and access? Is the function structured to deliver strategic intelligence, or is it stuck producing activity reports about meetings held and events attended? Can it produce a quarterly political risk assessment that a board member would consider commercially meaningful – one that connects political developments to revenue exposure, market access risk, and capital allocation implications? Or does it generate position papers that circulate internally without reaching a strategic decision-maker? This is where the committee drives the kind of PA maturity assessment I have advocated for in earlier posts. Like an IT audit or a financial controls review, the political risk capability should be regularly stress-tested.

Fourth, response readiness. The committee oversees the company’s preparedness for political shocks – sanctions escalation, regulatory reversals, trade disputes, election outcomes that change the operating environment. McKinsey’s research found that the best firms in this space create insightful geopolitical scenarios, model the economic consequences for their markets and their own financials, and then have mitigations and event-based triggers ready if the scenario materialises. The committee ensures this discipline exists and is maintained, not just invoked during a crisis.

A Note on Composition

The BP model is quite a lavish one which may not be an option for every company. But it offers a template that can be boiled down into something more manageable (and less costly). The committee should include at least one non-executive director with direct government, diplomatic, or intelligence experience. Someone who understands how political decisions are actually made, not merely how they are reported. It should include directors with operational experience in the company’s most politically exposed markets. And it should have standing access to external political and geopolitical advisory capacity, whether through a formal advisory board or a retained panel of specialists. EY’s research found that 50 per cent of large-cap companies already engage outside advisors for periodic geopolitical briefings. The committee formalises and deepens that engagement, connecting it to strategic decision-making rather than leaving it as an ad hoc educational exercise.

The Objections I Hear – And Why They Don’t Hold

“We already discuss this at board level.”

Discussing is not governing. If political risk has no defined owner, no reporting cadence, no accountability mechanism, and no link to resource allocation, it is not being governed. It is being acknowledged. Those are very different things.

“Our risk committee covers this.”

Ask your risk committee chair what the company’s political risk assessment looks like. Ask them to define the three political scenarios most likely to affect enterprise value. Ask them whether the PA function’s budget is adequate for that threat environment. If these questions produce hesitation, the committee is not covering this – it is listing it.

“We don’t want to overload the board with another committee.”

Then mandate it as a formal responsibility within an existing committee – but with a defined charter, reporting requirements, and named accountability. The form matters less than the function. What matters is that someone at board level can be asked: “What is our political risk exposure, and what are we doing about it?” – and give a substantive answer.

“We won’t do this until regulators make us.”

That is a defensible position – until you consider the trajectory. Cybersecurity committees did not emerge from boards’ spontaneous enthusiasm for network security. They emerged because the SEC mandated cyber disclosure rules and the EU enacted NIS2. ESG governance did not materialise voluntarily. It was driven by CSRD reporting obligations and the CSDDD’s due diligence requirements. The regulatory direction of travel is unmistakable: governance frameworks follow risk categories with a lag, not a lead. The EU’s CSDDD – even in its simplified post-Omnibus form – requires risk-based due diligence across value chains, with board-level accountability and penalties of up to 3 per cent of global turnover. Investment screening regimes are proliferating. The question is not whether formalised political risk governance will become a regulatory expectation, but when. Companies that build the infrastructure now will be ahead of the curve. Those that wait will be retrofitting under pressure – the same pattern we have seen with cyber and ESG.

The PA Function’s Opportunity

Let me be direct with PA leaders reading this: if you want a seat at the strategic table, this is your moment. A Political Risk Committee at board level creates the governance infrastructure that PA functions have lacked for decades. It gives you a formal reporting line into the board’s strategic oversight. It creates demand for the kind of strategic intelligence you should be producing. But it also subjects your function to the same rigour and accountability that every other business-critical function faces.

That last point is uncomfortable but essential. The same governance structure that elevates PA also exposes it. If you cannot produce a quarterly political risk assessment that the board finds commercially meaningful, the committee will reveal that gap. If your team is structured for event management and stakeholder lunches rather than strategic analysis, the committee will surface that. This is PA’s opportunity to demonstrate it belongs in the same governance tier as finance, legal, and technology – but only if it can deliver at that level.

The Question for Your Next Board Meeting

Political risk is no longer a background condition. It is the operating environment. Tariffs have risen sixfold between the US and China since 2017. Global trade interventions have grown twelve-fold since 2010. Industrial policy actions surged by nearly 390 per cent between 2017 and 2024. The US Committee on Foreign Investment issued more penalties in 2023–24 than in the previous five decades combined. This is not cyclical volatility. It is structural transformation.

If your board has a committee for cybersecurity – a risk that, for most companies, ranks below geopolitical instability in executive surveys – but no formal mechanism for political risk, you have a governance gap. And governance gaps, as any board director knows, are where enterprise value goes to die quietly.

So here is the question I would pose at your next board meeting, and it is a question that requires no budget, no external consultant, and no restructuring – just honesty:

If a major political shock hit our key markets tomorrow – a new sanctions regime, a tariff escalation, an election result that rewrites regulatory expectations – could our board point to a named individual responsible for political risk oversight, a documented risk register, and a set of pre-approved response protocols? Or would we be starting from scratch?

If the honest answer is the latter, then the conversation about a Political Risk Committee is not a luxury. It is overdue.