Securing Operations in the Middle East and West Africa
There is a wealth of business opportunities for companies seeking to meet growing demands for capital in frontier and emerging markets. The Middle East and West Africa are no exceptions.
Security and geopolitical developments in these regions underscore the importance of understanding the operational, strategic and reputational risks involved in operating in complex and difficult environments. Risk management and resilience should be the cornerstones of best practices for companies looking to pursue opportunities in these markets.
The last four years have been exceptionally turbulent in the Middle East and West Africa. The ripple effects of the Arab Spring and other geopolitical developments have led to an increased threat from transnational terrorist networks and reduced governmental capacity to deal with it.
The expansion of operating spaces for violent extremists has combined with unprecedented flows of foreign fighters to present high threat/high vulnerability risks that are difficult to detect, disrupt and protect against. Governments and corporations are exposed to security and geopolitical challenges that are growing in scale and complexity.
In the Middle East, the emergence of the Islamic State in Iraq and the Levant (ISIL) is driving a new wave of international terrorism threats, exacerbating sectarian tensions, destabilizing the region and mobilizing a new generation of global jihadists with connections to more than 70 countries around the world.
In West Africa, the rise of Boko Haram has devastated communities in northeast Nigeria, increased terrorism risks across the wider Lake Chad region and presented serious challenges to Nigeria’s security forces and political leadership. Recently endorsed by ISIL, Boko Haram has made significant progress in establishing an Islamic caliphate and is driving revenge attacks, conflict and instability that is spiraling out of the government’s control.
Strong Business Opportunities
As these regions struggle, their economic indicators remain strong. The International Monetary Fund forecasts the Middle East and North Africa is set to be the third fastest-growing region in the world over the next five years, fueled by one of the youngest consumer markets on the planet.
Meanwhile, West Africa’s vast mineral wealth continues to attract international investors. In 2014, Nigeria overtook South Africa to become Africa’s largest economy and the continent’s largest foreign direct investments beneficiary, with the non-oil sector growing faster than the oil sector as Nigeria’s consumer society grows.
However, the increasingly complex and large-scale security and geopolitical risks confronting companies operating in these markets must not be ignored. Since risks are presented by a combination of threats and vulnerabilities, anyone seeking to pursue opportunities should take two aspects of their operation very seriously: risk management and resilience.
There are several competing models of crisis management that espouse best practice. As with many things in life, the KISS (Keep It Simple, Stupid) rule is the best guide when dealing with complexity and uncertainty. It’s important to remember a dramatic event is not, inherently, a crisis; it is the inability to respond effectively to a drama that creates it. Keeping things simple maximizes the chance of people understanding what to do and doing it effectively.
Companies operating in difficult and potentially hostile environments must, therefore, be able to:
- Identify and analyze threats and uncertainties that have the actual or potential capability (and intent) to cause harm, in the form of a grid that can be prioritized and disseminated on a weekly basis. Access to high-quality intelligence with source descriptions and assessment bases is essential; otherwise it will be hard to reach actionable intelligence judgements.
- Assess levels of risk by either identifying vulnerabilities against threats, or calculating the probability of threats vs. the impact they will have on the operational, strategic and reputational health of the company. The choice of method depends on requirements.
- Plan specific responses that will mitigate the effects of or, ideally, eliminate the source of, threats that present risks. These plans should cover what actions will be taken but also who will take them, and should be disseminated accordingly. A variation of a Gold, Silver, Bronze command structure helps to assign responsibilities and actions, which is critical.
- Practice, practice, practice!
- Implement and monitor risk management plans at appropriate moments, strictly adhering to specific actions, wider handling and command structures.
Communicate clearly with internal and external stakeholders throughout the crisis management process to maximize collaboration and minimize confusion.
Sometimes bad things happen, and the growing complexity and scale of high threat/high vulnerability risks have increased the chances of businesses getting caught by surprise. The need to maximize resilience by building capacity to maintain acceptable levels of operational, strategic and reputational health in the event that something goes wrong has never been greater. Risk management is necessary but no longer sufficient; the ability to absorb setbacks and recover is critical in gaining the competitive edge in hostile environments, both physical and cyber.
Resilience should be viewed as part of a company’s overall risk management capability. While risk management seeks to build structures that can implement risk management processes, resilience seeks to create processes that can make structures resilient. Best practice in this area follows the fundamental aspects of risk management above, but with a few more considerations. Resilient companies must be able to:
- Protect against identified threats that have the potential to cause stress, shock and sustained change to critical infrastructure and working practices.
- Diversify functions across the organization to ensure critical decision-making, access to assets and the implementation of action plans can happen in the event of transformative disruption.
- Connect with other well-placed individuals and organizations outside the company to provide operational, strategic and reputational support.
- Build redundancy in systems to avoid a single critical point of failure if things go wrong.
The role of risk management and resilience, and the way these functions are perceived within the wider company, is of fundamental importance. While risk managers and resilience officers need a solid understanding of their company’s business and be in a position to demonstrate their positive contribution to the bottom line, they should be perceived and treated as part of the executive team, not as a drag factor on the company’s ability to generate revenue. Handled well, risk management and resilience empower companies to identify and pursue opportunities in an increasingly complex but no less rewarding world.