In Focus: Richard Fenning, CEO, Control Risks

In these unprecedented times of political and economic change, organisations must learn to understand the shifts in risk and opportunity. In this issue, Orient Editor Lucy Haydon discussed this risk paradigm with Singapore-based Richard Fenning, CEO of Control Risks, who brings 25 years of experience and a sense of perspective to the issue.

This article was first published in Orient Magazine, September 2017.

By Lucy Haydon, Editor, Orient Magazine


You have been with Control Risks for almost 25 years, how has the global outlook on risk changed throughout this period, and in particular between regions?

When I started out in the early 1990s, markets like China, India, Russia and Eastern Europe were emerging. With the globalisation trend, there has been so much change since then that it feels like a lifetime ago.


Our history as an organisation has been to ride the wave of change with our clients, as people expand to new markets. Our historic premise has been that our clients are based in secure, well-regulated and ordered markets, taking decisions to invest in more complicated, frontier markets about which they know far less and are more unpredictable. That transfer of capital from safe, regulated and ordered to poorly regulated, difficult to understand but high-growth markets has been the status quo.


Now, a lot of the original “safe” markets are going through change and turbulence, and the riskier markets are looking a lot more attractive. Data and technology have created a more democratic risk arena. Data has become the new currency and vulnerability, and it has eroded the contrast between stable-but-low-growth, and unstable-but-high-growth markets. Now there is a more balanced model which is the future for us, and for businesses willing to take a gamble on the opportunities.


How can organisations plan ahead and mitigate the risk during this period of geo-political change in multiple regions?


It does feel that we are living in an age of unprecedented fragility in the international system. We have the UK going through an existential political crisis, and the Middle East, even by normal standards, experiencing major complex problems.  Asia on the whole looks to be a lot more ordered and steady than other parts of the world, even if the dial is being steadily turned on the perennial issue of North Korea’s nuclear weapons programme. China’s emergence as an economic power now sees it starting to stretch its political muscles on the international stage. That causes tension in this part of the world, particularly with Singapore’s neutrality as a country that is open and integrated with the West, but also mindful of its relationship with China and keeping the balance. So far, China is coming out favourably in the public relations war in comparison with the United States, which is going through a very public period of political turbulence that has implications on geopolitics.


The question we are sometimes asked by international businesses is does any of this actually matter? Yes, it does. What we are seeing is a fundamental shift in the way nations interact with each other and trade is the everyday mechanism by which those relationships happen. For Britain, as a consequence of political change, we can see it having to reassess its relationships with the EU, as well as having to reshape economic relations with all its major trading partners on a bilateral basis. That is profoundly difficult for companies to anticipate and undermines their ability to make informed investment decisions.


At Control Risks, we enable clients to concentrate their efforts on their core business by stripping away much of the hyperbole and hysteria about politics and giving perspective to uncertainty. Organisations like us exist to focus clients on the core objective facts so they can make better informed decisions about the balance between the opportunities and the actual risks around trade, market access, political change, corruption and so on.


Uncertain times like these create an environment in which it is essential that risk, as the flip side of opportunity, is more acutely understood. This is key to our philosophy:  our business does not exist to tell people that the world is inherently risky. Our job is to help people understand how risk and opportunity are two sides of the same coin; how to balance that and to get a sense of appropriate risk into proportion, so that people can really focus on achieving their objectives.


It takes an amount of bravery to succeed in times of uncertainty like this, a bravery of vision and action to see and seize the opportunities. Behind the rhetoric in the headlines, the conversation of business continues. The need to react to shifting geo-political change is part of the fabric of international commerce and will never go away.

We have seen an increase in high-profile, global cyber-attacks recently. How can organisations stay ahead of those who plan to do harm for political or personal gain?


Just a few years ago, people would be highly critical of organisations that were hacked, whereas now there is a change in realisation that everyone is vulnerable, and the blame is now placed on how culpable you were in getting hacked, and how you responded. Customers and investors are intolerant when organisations have been deficient with their preparation and poor in their response. Understanding the cyber threat landscape and why and how an organisation is vulnerable is key to managing these risks.


Some of the highest-profile cyber-attacks are nation-to-nation activities and headline-grabbing ransomware like WannaCry back in May, which see companies caught in the middle.  But there is a huge amount of everyday criminality designed to disrupt and steal from organisations. The level of threat depends on the industry sector, the countries in which you operate, and the culture of openness within your organisation. There is an interesting mentality of organisations finding it easier to focus on external threats rather than believe that an insider from your own company could plan to do harm or indeed cause harm through negligence. Educating people on the internal and external dangers around cyber security is essential.


We have a large cyber practice that advises companies on the need to invest in making sure systems are as protected and robust as possible. We help clients to understand what is of critical value in their organisation, where their systems might be vulnerable, and how to protect these assets. You can never be 100% secure, so you should prioritise protecting what really matters. In the WannaCry example, many people had simply not updated the security patches offered over time which left them vulnerable. Cyber-attacks typically do not require a high level of sophistication; simply not paying attention or becoming fatigued by the constant number of updates which are critical to your business’ protection can leave an organisation vulnerable.

How far is the current Middle East disruption likely to escalate, and what will its impact be for businesses?


The Middle East has a number of complicating factors. The wars in Syria and Northern Iraq tend not to directly affect businesses, but in some ways the ongoing dispute between Qatar and its Gulf neighbours is more difficult to understand from the outside and also why it has become so public. The reasons are largely historical, relating to Iran, and other complicating factors.


It has been very public and hugely disruptive, as people had assumed that the GCC countries from a business perspective were reasonably stable and collaborative. These short-term escalations are far harder to plan around, and require regular intelligence and analysis from companies such as us. The region is already living with the consequences of persistently low oil prices by recent historical standards.


There is an opportunity with Iran, which, with a market of 80 million people, holds many attractions for investors. However, remaining sanctions do still make it a country to approach with caution and a rich environment for the kind of analysis that we do, helping organisations to see the opportunities in balance with the risks.



About Control Risks


Control Risks is a specialist risk consultancy that helps create secure, compliant and resilient organisations, providing the insight and intelligence to realise opportunities and grow. Clients are supported with strategic consultancy, expert analysis and in-depth investigations, handling of sensitive political issues and practical on-the-ground protection and support. Working across five continents and with 36 offices worldwide, Control Risks provides a broad range of services to help clients manage political, integrity and security risk. For more information visit