As the Russian-Ukraine conflict unfolds, companies have had to move quickly to ensure the safety of their workers, while girding themselves for the economic impacts and operational disruption to come. Many companies are now re-evaluating their businesses in Russia, with some curtailing their operations there or deciding to leave entirely. Meanwhile companies with operations in Ukraine have suspended operations. Even for companies not operating in the region, the conflict adds new risks to a global economy already struggling with inflation and supply chain disruption. Recognizing that the implications for companies will vary by sector and geographic reach, this article looks at a number of the key issues for boards to consider and monitor, including:

The well-being of employees and those affected by the conflict

The conflict’s impact on Ukrainian lives – including, at the time of writing, upwards of two million refugees[i] – has rippled worldwide, compounding the anxiety and toll that two years of pandemic-related hardship has taken on workers. Understand how the company is supporting employees in Ukraine, Europe and around the world. For companies with a significant employee base in Russia, deciding whether to cease operations in light of reputational risk and pressure will no doubt be difficult.

The company’s public position

Expectations for companies/CEOs to make public statements condemning the Russian invasion (as many companies have done) and activist demands for divestitures in Russia and/or assistance to Ukrainian refugees underscore the importance of having a clear internal process for determining and articulating the company’s public positions – on this and other major crises – with consistency. Decisive actions might be necessary as employees, customers and society at large expect boards to behave responsibly.

Also monitor for potential reputational issues posed by disinformation via major social media platforms and understand how the company is viewed by its stakeholders and the broader public in the context of the conflict and evolving narrative. Proactively communicate with key investors about the rationale for and implications of the company’s position(s).


The National Cyber Security Centre (NCSC) in the UK and the Cybersecurity and Infrastructure Security Agency (CISA) in the US recommend that organizations should move to a position of heightened alert when it comes to cybersecurity and protecting their most critical assets. At the time of writing, the Centre for Cybersecurity Belgium (CCB) reported “no objective evidence of a concrete cyber threat to our country. However, a cyber-attack with consequences for Belgian organizations can never be excluded…. Building cyber resilience remains the best security for organizations and businesses in all circumstances.”[ii] [iii]

The increased risk of cyber threats – whether Russian retaliation for sanctions or public support for Ukraine, increased hacking and ransomware activity, or the impact of Russian malware “released into the wild” – should be prompting fresh tabletop exercises, a review of business continuity plans and an assessment of third-party/vendor vulnerabilities. Consider the adequacy of the company’s cyber-related talent and resources in the event of a major breach, disruption or failure of critical infrastructure, as well as the company’s connectivity and coordination with law enforcement. Monitor regulatory and/or legislative developments impacting cybersecurity incident reporting and disclosures.

Macroeconomic, trade, and supply chain issues

The impact of the conflict on the global economy will continue to be multidimensional and interrelated – from increased energy and food costs to supply chain disruptions, slowed economic growth, and continued stock market volatility. Concerns about inflation have already prompted interest rate hikes by central banks, with implications for capital allocation decisions. Scenario analysis and planning for persistent inflationary pressure in the near term, particularly from rising commodity and input costs, should be a top-of-mind consideration for many firms. In addition, trade restrictions and sanctions should be closely monitored, and compliance should remain a top priority [see also “Compliance with laws and regulations”, below.]

Compliance with laws and regulations

Compliance with laws and regulation should be front and center. This includes the proper implementation of trade restrictions and compliance with sanctions and export controls, not only within your own organization, but also understanding counterparty and third-party risks, along with associated controls like Restricted Party Screening.

Continue to monitor the direction of Government policies that could impact the company and/or its operations – including any shifts in sanctions, defense, ESG, energy, cybersecurity, and cryptocurrency policies and spending, among others.

As many companies learned firsthand during the COVID pandemic, the depth and frequency of reports to the board on how the company is responding to a crisis should strike a balance between keeping the board sufficiently informed without unduly burdening or distracting management.

Geopolitical volatility and the company’s risk profile

Reassess the company’s global risk profile in the context of shifting geopolitical dynamics, within Europe and around the world. These and other geopolitical uncertainties highlight the critical importance of robust scenario planning, including spending time envisioning the future, challenging the company’s strategic and risk-related assumptions and making scenario planning an ongoing, iterative process.

More fundamentally, has the speed and impact of the conflict caused any critical gaps to surface in the company’s risk management process, crisis readiness or the board’s risk oversight, which need to be addressed?

The Russia-Ukraine conflict and its wider geopolitical implications also reinforce the importance of having geopolitical expertise in the boardroom, whether on the board, in management or from a third party. 

Corporate reporting

The events and market conditions associated with the Russian-Ukrainian conflict may have significant accounting, audit and reporting implications for financial statement preparers (and auditors). Boards should understand the nature and extent of any operating and financial exposures and the potential financial statement impacts, in particular, management’s assessment of the entity’s ability to continue as a going concern, and the need for additional disclosures to reflect any uncertainties and volatility triggered by the conflict.

For December reporters, the impacts will generally considered to be non-adjusting events requiring disclosure of inter alia: significant business interruption; any damage/destruction of non-financial assets; the seizure/expropriation of assets by government authorities; significant declines in sales, earnings and/or operating cash flows; and any plans for major asset disposals.

Also, the risks posed by the Russian-Ukrainian conflict may need to be addressed in the company’s risk-factor disclosures – e.g., if the business depends on imports/exports to or from Russia; if Russia, Ukraine, or affected countries have a material customer base; or if the company’s key third-party vendors are affected by the conflict.

Accelerate the transition to net zero

Sixty percent of Russian exports are oil and gas[iv]. Moving away from oil and gas will impact Russia’s access to financial resources, while also having a positive effect on the existential crisis that is climate change. The Intergovernmental Panel on Climate Change (IPCC) report[v] published on 28 February was not widely talked about. Nevertheless, the IPCC issued a stark warning: “Human-induced climate change is causing dangerous and widespread disruption in nature and affecting the lives of billions of people around the world, despite efforts to reduce the risks. People and ecosystems least able to cope are being hardest hit.”

About the Board Leadership Center

KPMG’s Board Leadership Center (BLC) offers non-executive and executive board members – and those working closely with them – a place within a community of board-level peers. Through an array of insights, perspectives and events – including topical seminars and more technical Board Academy sessions – the BLC promotes continuous education around the critical issues driving board agendas.