Marentis Labs

Home / Insights

Risk Management Portfolio Strategy

Navigating the Polycrisis: A C-Suite Framework for Geopolitical Risk Strategy

Geopolitical risk has moved from a background concern to a board-level governance obligation. A practical framework for C-suite leaders who need to act, not just monitor.

Owen Vallis · August 2025 · 6 min read

The Governance Failure Behind the Surprise

When a geopolitical shock disrupts operations, supply chains, or regulatory regimes, the post-event analysis almost always surfaces the same finding: the risk was known. It appeared in a risk register. It was discussed in a board meeting at some point. The failure was not identification. The failure was governance: the absence of a systematic, board-owned process for translating geopolitical awareness into strategic decision-making.

The polycrisis, meaning the overlapping and mutually reinforcing nature of current geopolitical, economic, climate, and technological disruptions, is not primarily a risk management problem. It is a governance problem. Boards that treat geopolitical risk as an external monitoring task, delegated to a risk team and reviewed quarterly, are already behind.

This article provides a practical framework for C-suite leaders and board members who need to act, not just monitor.

What the Polycrisis Actually Means for Boards

The term “polycrisis” captures something specific: crises that interact. A supply chain disruption is manageable in isolation. The same disruption occurring simultaneously with an energy price shock, a regulatory shift in a key jurisdiction, and a credit market tightening is a different problem, not because each is more severe, but because their interaction creates consequences that no individual risk model anticipated.

For boards, this has three specific governance implications:

Assumption interdependency. Strategic plans are built on assumptions about the operating environment. When multiple crises interact, those assumptions do not fail sequentially. They fail simultaneously. Most boards review risks in silos. The polycrisis requires a framework that stress-tests the interaction effects between risks, not just the risks in isolation.

Decision velocity. Geopolitical disruptions often require decisions at a pace that boards are not structured to accommodate. The governance question is not just “what should we do” but “who can decide, with what information, in what timeframe.” Boards that have not pre-assigned decision authority for geopolitical scenarios will be slow when speed matters most.

Stakeholder narrative management. In a polycrisis, stakeholders (investors, regulators, employees, customers) are experiencing the same disruptions simultaneously and forming views about management competence in real time. The governance obligation to communicate clearly and credibly under pressure is as important as the strategic response itself.

A Practical Governance Framework

Step 1: Map Your Geopolitical Exposure Specifically

Generic geopolitical risk frameworks are of limited value. The useful question is not “are we exposed to geopolitical risk” but “which specific geopolitical scenarios would materially affect our strategic plan, and through which specific mechanisms.”

For most organisations, the relevant exposure vectors are a manageable number: supply chain concentration in specific geographies, regulatory exposure in key jurisdictions, currency and capital flow dependencies, technology and data transfer restrictions, and talent access. Mapping these specifically, with named countries, named dependencies, and named thresholds, creates the foundation for a board conversation that is actionable rather than abstract.

Step 2: Stress-Test Interaction Effects, Not Scenarios in Isolation

Standard scenario analysis asks: what happens if X occurs? Polycrisis governance asks: what happens if X and Y occur simultaneously, and Z follows three months later?

The most useful stress-testing exercise is not the 100-year flood (a single catastrophic scenario that board members privately assess as implausible). It is a plausible sequence of mutually reinforcing disruptions that individually seem manageable but in combination test the resilience of the strategic plan.

For a board considering this seriously: take your top five geopolitical risks. Ask your risk function to model not each in isolation, but every two-risk interaction. The results are usually more instructive than any individual scenario.

Step 3: Assign Decision Authority Before the Event

One of the most consistent governance failures in a geopolitical shock is the absence of pre-assigned decision authority. Who can authorise a supply chain switch in a 48-hour window? Who can adjust guidance without a board meeting? Who can commit to a regulatory engagement in a foreign jurisdiction without full committee sign-off?

These questions are answerable in advance. A decision authority matrix for geopolitical scenarios, specifying what decisions can be made by the CEO, what requires the Chair, what requires a quorum. This converts a governance gap into a documented protocol. It takes half a day to build. It can prevent weeks of paralysis in a crisis.

Step 4: Build the Stakeholder Communication Protocol

In a geopolitical disruption, the instinct is often to defer communication until there is something definitive to say. This instinct is wrong. Stakeholders who are not hearing from management are forming their own narratives from external sources, and those narratives are rarely favourable.

A board-level communication protocol for geopolitical scenarios should specify: who communicates first (Chair, CEO, or both), what the trigger threshold is for proactive communication versus responsive communication, and what the key message principles are: acknowledging impact, demonstrating situational awareness, and signalling governance control.

Step 5: Make Geopolitical Governance a Board-Level Agenda Item

The most practical governance change most boards could make is to elevate geopolitical risk from the risk committee agenda to the main board agenda, not as a standing item that receives a quarterly update, but as a periodic deep-dive that stress-tests the strategic plan against specific geopolitical scenarios.

A board that spends 90 minutes twice a year on a structured geopolitical stress-test, with specific scenarios, specific interaction effects, and specific decision authority pre-assignments, is materially better prepared than one that reviews a geopolitical risk register quarterly.

The Governance Obligation

Geopolitical risk has moved, in the past decade, from a background concern for internationally exposed businesses to a board-level governance obligation for almost every significant organisation. The polycrisis has accelerated this shift.

The boards that will navigate it most effectively are not the ones with the best intelligence or the most sophisticated risk models. They are the ones that have done the governance work: mapped their exposure specifically, stress-tested interaction effects, pre-assigned decision authority, and built the communication protocols. None of this requires geopolitical expertise. It requires governance discipline.

Owen Vallis is the founder of Marentis Labs. If your board is considering how to strengthen its geopolitical risk governance, this is one of the scenarios we work through in a Diagnostic GaaS engagement. Schedule a confidential discussion.