CBI @10am: What does the Ukraine crisis mean for your business?

Speakers:

• Anna Leach (Deputy Chief Economist, CBI)
• Jason Hungerford (Partner, Mayer Brown LLP)
• Paul Maddinson (Director for National Resilience and Strategy at the National Cyber Security Centre)
• James Harding, Managing Editor and Partner, Tortoise Media (Chair)

In this session:

Anna Leach

• First and foremost – our thoughts continue to be with families impacted by the unfolding events. This is what companies are focusing on now – this is the priority.
• For companies with affected employees, they are setting up crisis teams to support staff., some are pre-paying salaries to colleagues in Russia and supporting visa applications, and others are providing donations – food and parcels, medical supplies and expertise, and logistical support to help transport aid.
• We have also been working with the Ambassador of Ukraine and members on coordinating humanitarian efforts from businesses.
• Businesses can find more information on:  https://www.cbi.org.uk/articles/ukraine-crisis/
• On the economic picture: we’re seeing impacts via trade, prices, access to markets and confidence to spend amongst business and consumers.

• Significance of this war is that global supply chains and financial market connectivity are incredibly complicated. While direct market exposure is limited Russia and Ukraine are intrinsically connected to global supply chains.
• Oil prices are highest since 2008 because Russia is the third biggest oil supplier in the world. Ukraine and Russian also export several commodities which are impacting commodity markets.
• Will have significant impacts for cost-of-living crisis and economic growth in the UK.

Jason Hungerford

• No precedent on the current sanctions: some of the measures have existed before – notably in Iran and Cuba - but never for a country with such a financial significance or at such speed.
• Short-term effects: impacts have been seismic already, and longer-term it will affect some company’s economic outlooks quite significantly. 
• Number of ‘flavours’ of sanctions the basic and most widely implemented is assets-freeze. Usually a sanctioned individual, their company, and employees.
• It can seem that implications are complicated but often they are quite simple.
• If there is an asset-freeze sanction against an individual or company, it prohibits anyone engaging with assets or resources from the sanctioned entity in any form; if you come into possession of any funds or assets from a sanctioned company or individual, you must freeze them and report them to the government.
• This Asset-Freeze extends to any entity the individual controls or owns – including companies owned by the sanctioned individual. Employees themselves are not sanctioned but they couldn’t be paid by that company and companies that service that company or who were paid by it would need to stop.
• You can apply for a licence to receive certain payments if you are owed money for work previously delivered.
• Key issue for businesses to be aware of are supply chains. Businesses are on the hook for indirect dealings with sanctioned entities through distributors and supply chains. You could be held in violation of sanctions - even if your involvement with them is indirect.
• What can businesses do? It’s a matter of putting the effort in and ‘not burying your head in the sand’. Ask tough questions throughout your supply chains and make sure you know the exact origins of products you use and where they end up.
• Can sanctioned entities just avoid countries that aren’t imposing sanctions, or register as offshore companies? Yes – but collectively the countries that have implemented sanctions make up a lot of the world’s collective commerce.

Paul Maddinson

• There was always an existing threat from cyber-attacks. We see cyber-attacks on businesses all the time, but the risk has increased.
• Have called out Russia several times on this as they are a historic threat, mainly around and data theft and ransomware.
• What we’ve seen Russia do in previous conflicts is implement and increase cyber-attacks to cause interruption alongside other military approaches.
• In particular, the deployment of ‘Wiper’ attacks or ‘Wipermalware’, which destroys information on computers and prevents them from being used, can cause a lot of problems.
• There are also dangers of  ‘spill over’ from these attacks via connected networks. Some companies already impacted in Latvia and Lithuania and this could spread via other organisations that have links into Ukraine. 
• But people are also worried about direct and deliberate targeted attacks on the UK – government also considering UK resilience on this.
• We think there is currently a low risk of targeted attack, but cyber instances are often quite complex and can happen via supply chains and shared networks so businesses must remain vigilant
• What are the best steps businesses can take?

• Go to www.ncsc.gov.uk and you’ll see two pieces of important guidance on ransomware and other guidance specifically on Ukraine conflict.
• The National Cyber Security Centre also provide regular updates on current threat levels with the website updated regularly.