The latest report published by the International Maritime Organization (IMO) announced a 50% increase in the number of shipping crew kidnapped off the coast of West Africa in 2019. These incidents, even localised, help demonstrate the escalating risk faced by companies. In reality, the risks are plural and referred to collectively as “criminal risks”. Likewise, the actions of the criminal organisations triggering these risks and their associated impacts depend on their objectives:  economic objectives for criminal organisations perpetrating illegal actions in the legal economy or ideological objectives for terrorist and guerrilla movements. However, companies can apply strategies to protect themselves against these risks.

Companies face criminal risks in multiple forms

The risks are multiple for internationalised companies.

Economic risks

Certain organised crime syndicates (Japanese, Italian, Albanian, Turkish, etc.) try to enrich themselves by preying on corporate resources. In Italy, the mafia’s revenue is estimated to amount to 7% of GDP. There are also cross-border organisations focused on illicit activities, like drug cartels (Mexican and others) or international gangs like the Pink Panthers originating from the former Yugoslavia and specialised in robbing jewellers.    

Their methods: extortion like the Camorra’s pizzo protection racket in Naples, or the forced hiring of ghost workers, the theft of equipment or products, piracy, kidnapping of employees with ransom requests or cases of fraud or theft of intellectual property, data or know-how. They also sometimes adopt a parasitic approach by relying on bona-fide company logistics such as trucks to transport drugs, or the circuits of certain financial organisations to launder dirty money. Both Walmart (2012) and HSBC (2016), for example, have been accused of laundering money for Mexican cartels. Lastly, another challenge comes in the form of new competition from organised crime syndicates, some of which command a strong presence in counterfeiting for example, or which may control companies or even markets, such as the agribusiness and waste management industries in Italy or Japan (yakuza), or the cement business in New York.

Source: Monnet, B. and P. Very (2010) The New Corporate Pirates: Organised Crime and Terrorism, Paris: CNRS Editions

Ideological risks

For their part, terrorist organisations and guerrilla movements primarily pursue ideological objectives. They attack certain companies for what they symbolise: capitalism, the USA, etc. They commit violent acts (terrorist attacks, destruction of installations), kidnappings, or even assassinations that are likely to draw media attention towards them. One example is the hostage-taking perpetrated by AQIM in Mali. Companies may also be collateral victims, as seen with the attack on the Marriott Hotel in Islamabad (Pakistan) or with the Saudia Airlines crew that perished in 2008.

These organisations also need to fund themselves and consequently borrow methods like extortion, kidnapping with ransom and counterfeiting from organisations that pursue economic objectives. The Hezbollah, for example, was shown to be a proven specialist in CD counterfeiting, an activity it managed from Paraguay.

All in all, only by possessing extensive knowledge of the actors involved, how they operate and their methods, do companies have a chance of better understanding them and thus preventing the risks from materialising.

How can companies protect themselves against criminal risks?

Thanks to years of research and on-the-ground investigations, the EDHEC Criminal Risks Management Chair now advises businesses on how to fight these risks. Several types of measures can be employed.

Detect – prevent – respond

The first task is to understand what can happen, to examine how to prevent it and then to prepare a response, bearing in mind that the response generally implies prevention measures.

Obtain information

Local authorities, public authorities from the company’s home country, NGOs, corporate security management networks (CDSE, ISMA) and international companies already operating in the countries concerned are all excellent sources of information for detecting risks. In certain cases like contract signings, investigations can be conducted by consulting firms specialised not only in risks, but also in local laws, regulations and justice. When setting up an alliance with a local partner, due diligence work can be undertaken.

The International Security Management Association (ISMA) can provide companies with useful information about risks

Train employees

When companies operate in risky zones abroad, they must prepare their employees by introducing security procedures. These might explain to expatriates, for example, that they should not go to grocery stores and should stay in the compound, that they should use a particular vehicle and not another to move around, and that they should systematically ask for the car’s registration number and the driver’s name, etc.

Protect themselves

To protect their assets and employees, companies can also make decisions regarding the ways in which they enter the country concerned. They should also take the necessary steps to protect data and intellectual property. The way contracts are managed with partners, together with CSR, ethical conduct and compliance policies, also have a role to play.

Transfer part of the risk

Some of the risks (material damage, kidnappings and ransoms, deaths and injuries, illicit incarcerations of employees, information disclosures, etc. ) may be transferable to insurers or local authorities (anti-mafia prosecutor in Italy, for example). But such transfers do not obviate the need for internal solutions.

Be prepared to manage crises

Companies must be prepared to manage crises. More and more international groups train themselves to respond to criminal acts by conducting annual simulation exercises based on different scenarios. If an important problem occurs, the objective will be activate the crisis plan with investigations,  communication measures and potentially legal actions to involve the local authorities, along with revisions to procedures according to the lessons drawn from the event.

Depending on the criminal actors concerned, it is vital for companies to anticipate the means, costs and resources entailed and to adjust their business plans accordingly.