The recent introduction of US-imposed tariffs has shaken global trade. While economists and financial analysts debate whether this on-again/off-again trade war fits into their model for geopolitical, economic, or supply chain risks, the result is the same: uncertainty and chaos sure to shake up business strategy for the foreseeable future. This new era of volatility will impact all companies regardless of industry or geography, forcing business leaders and technology leaders to think like risk leaders. Everyone must focus on what they can control and adapt swiftly and dynamically. This is the moment for which enterprise risk management was made.

Let Context And Control Dictate Your Risk Management Response

Even in times of relative calm but perhaps especially in times of chaos, the purpose of risk management is not to remove all risks but to determine which risks are worth taking — and at what cost — in pursuit of strategic goals and business objectives. Two mantras should dictate your approach: context and control.

Context is key to risk response. For example, for the pharmaceutical, airline, and automotive industries, where safety is paramount, pivoting to new suppliers to avoid tariff impact may not be a viable short-term strategy, as new suppliers must be certified for safety and quality.

Control is critical for risk prioritization. Trying to predict and plan for what the US administration will do next on tariffs is not a suitable basis for a stable risk management strategy. To respond dynamically but in a collected manner:

  • Continue to align risk strategy with the business. Volatility will inevitably require companies to rethink their business strategy. That could mean deliberately shrinking certain product lines that may no longer be profitable, pivoting away from certain global markets with high complexity, or diversifying your offering to take advantage of current circumstances and new preferences. For risk leaders, now is the time to embrace a continuous risk management approach to ensure that the business is taking on the right risks, at the right costs, in pursuit of value.
  • Focus on factors you can control. There’s never enough time, budget, or resources to tackle risk in the way we’d like. And when the risk changes with every new headline or social media post, risk pros must prioritize efforts based on level of control. To regain control over business risk arising from tariff trauma, apply the Forrester Three E’s Framework to identify risks to the enterprise that you can control directly, risks to the ecosystem for which you only have partial control, and external risk factors (systemic risks) that are outside your control when determining risk mitigation options. Risk pros must identify those levers, whether that involves sourcing alternative suppliers, cost management measures, or reimagining pricing.
  • Bolster your risk intelligence to enable dynamic risk management. To empower executives to make the right decisions, risk professionals need to borrow a leaf from first responders and emergency services and bolster their organization’s strategic risk intelligence capabilities. Risk pros can use them to quickly spot emerging risks and threats to the business, providing actionable strategic counsel to executives when moments such as the recent tariffs occur. This requires not only good data sources but professionals who are able to quickly synthesize and write actionable and practical recommendations that executives can use to make decisions, even in the face of limited information.
  • Scrutinize changes through a data risk lens. Data risks come in different flavors: risks to data, risks from data, and risks in the data. Assess whether this change — such as to the supplier, location, process, etc. — introduces data risks that are unacceptable or require additional risk mitigation efforts. Changing your supplier for IT equipment may introduce risks to data if it is preloaded with spyware during the manufacturing process or if it’s in locations where threat actors have a higher likelihood of intercepting shipments to tamper with the devices. Hastily restructuring to move operations out of a geography may introduce risks from data based on how you use or process the data, as well as how the data needs to flow for business purposes; this can potentially put your organization out of compliance with regulatory or contractual obligations.
  • Adapt safety and quality control processes to cost pressures, carefully. New tariffs can negatively impact safety and quality assurance by increasing overhead costs, which pressures companies to cut corners and brings a decline in quality control practices. Yet every industry has unique requirements for safety and quality outcomes that are nonnegotiable. Pharmaceutical companies must ensure that medications are safe, even if it means incurring higher costs for quality control, and construction projects must follow quality design and safety standards for new buildings or public infrastructure. Cost pressure cannot override safety and quality outcomes. Risk leaders must communicate the value of meeting these outcomes to business leaders, even if it means higher costs in the near term. There is only so much a company can do to optimize its safety/quality management systems, so risk leaders must be involved in any new sourcing or supply chain discussions to ensure that required outcomes are upheld.

US Tariffs Don’t Apply To Services Yet, But Services Will Still Be Impacted

US tariffs focus on goods, with a range of tariffs applied based on a highly specific focus on the balance of trade with specific countries and the United States. The US administration has not been shy about its desire to bring more manufacturing back to the US, but the US tariffs do not apply to services that make up the majority of the US’s trade balance with the rest of the world. Don’t forget to include services in your overall context and control lens and:

  • Include services in risk intelligence feeds. US tariffs did not initially include any tariffs on services, but by levying significant goods tariffs, other countries are now fighting back. Service sectors including financial services, healthcare, and technology services are squarely in the firing line. China has started by targeting services exports from the US in response to the 145% tariffs levied on it, in addition to its 125% goods levies in response. Risk managers should expect other countries to follow suit if tariffs continue after the current 90-day pause. Risk managers must include services in risk intelligence feeds and develop scenarios for how services can be impacted by tariffs.
  • Model drops in services-related revenue. US tariffs on goods impact associated services like logistics, maintenance, and consulting for these goods. US organizations such as Apple make significant profits from services associated with their hardware ecosystem. Global manufacturers (for example, European automobile providers) rely on revenue from servicing and maintenance offerings for their cars. Risk managers must not only factor in the impact of direct tariffs on goods and supply chains but must also model drops in services revenue.

Want to know more? Book a guidance session or inquiry session with any of the authors of the blog.