In 2021, prices of Natural Gas in Europe and Asia increased by up to 500% vs 100% in the US. With supply limited, and demand expected then to increase by 8 % in the next 2-3 years, global markets and industries were expected to be affected by further disruptions and price volatility. Large gas consuming companies in Europe could suffer when competing against companies located in gas producing countries such as the US. The situation in Ukraine is adding another major risk for companies in France and in Europe more generally.

The 2022 FTI Consulting’s Resilience Barometer® survey results show that 69% of companies in France consider they have been impacted by the ongoing energy crisis. With only 15% of the survey respondents in France directly involved in the energy sector, it appears that the energy crisis affects companies across various industries. Furthermore, from all regulatory, political and socio-economic issues, the main concern in 2022 for French companies appears to be the surge in energy prices for 40% of the respondents, while 25% of them appear to be concerned by global energy shortages.  The consequences of the situation in Ukraine are inevitably exacerbating these concerns.

While companies are fighting to deliver stable growth, protect value, and build resilience, the energy variables (economic, geopolitical, regulatory) are more than ever key issues that they need to address, in particular in the current Energy Transition period.

The Pandemic may encourage fraudulent practices and in particular "crisis cartels", which aim to limit the economic impact of the situation. Antitrust authorities keep a watchful eye on this risk, particularly because of the direct impact it has on consumers.

FTI Consulting’s Resilience Barometer® survey results show that amongst G20 companies, 30% of companies expect to be investigated by the authorities regarding their business practices and customer relations in the next 12 months. In addition, 26% of companies expect regulators to pay particular attention to abuse of dominance and antitrust issues.

Successive lockdowns have effectively interrupted antitrust investigations on the field, however dawn raids resumed as soon as the strict lockdown measures were relaxed, and there is no doubt that this trend will increase in the coming months.

Even if most companies already have a competition compliance program and a dawn raid response plan in place, adjusting these plans in light of the current hybrid work environment that combines remote and in-office work, as well as an expanding use of new communication tools may be worthwhile.

Training, mock dawn raids, and even targeted audits of mailboxes of particularly at-risk functions are all measures that can be judiciously organised in collaboration with lawyers and IT forensic experts.

These experts would be able to educate stakeholders on how IT search and seizure functions work, and make use of dedicated document review tools both of which are critical when conducting internal audits or responding to dawn raids.

According to the FTI Consulting Resilience Barometer®, 78% of the respondents have been negatively impacted by a cyber-attack in the last year.

The health crisis and changing working patterns have contributed to an increase in these types of threats, by widening the surface of exposure of companies to these types of attacks.

The use of remote working, the lack of user awareness and the acceleration of the digital transformation of companies, are all factors that have increased the vulnerability to cybercriminals. 

Cyber threats do not only damage company data, they can also expose third-party data, causing deletion, deterioration or alteration.

In France, 28% of companies admit to having suffered the loss of customer or patient data during the last 12 months.  

When personal data is involved, it is strictly regulated by the GDPR and its protection is a key issue for the company. Personal data breaches require from organizations to take prompt measures to identify, secure and notify the compromised data in order to limit risks for data subjects, and to protect itself against sanctions.

Since GDPR came into force on May 25, 2018, the enforcement authorities - including the CNIL in France - have issued several sanctions against companies that do not abide with the regulations surrounding the protection of personal data. 

Conscious of the increasing controls and investigations in this area, 29% of companies surveyed in France expect to be investigated or subject to controls on personal data issues over the next 12 months.

It should be noted that the CNIL investigate both with the Controller and with its Processors (suppliers, service providers, outsourced services, etc.). The use of a processor does not exempt the company from its responsibility to protect personal data. 

However, more than half of the companies surveyed in France (58 %) admit to not fully understanding the cyber risks generated by third parties. 

Such risks need to be controlled through proven mechanisms and processes such as privacy by design process, third party assessment programs, risk and privacy assessments, diligences and audits, policies and protocols for governance and use of data by suppliers. These controls should be initiated at an early stage of the selection process and maintained throughout the outsourcing relationship.

As privacy issues are closely linked to technological and cyber developments, they are constantly evolving. In recent years, the regulation of personal data has been strengthened and companies have put a lot of effort into complying.

While some companies still take corrective action once the "privacy" issue has appeared, others have adopted an approach of preparation and prediction in order to identify the issues, risks and potential blockages early on and to manage them before they arise. In France, half of the companies surveyed say they are proactive in dealing with personal data issues. 

A proactive and preventive approach to privacy converges with the resilience process, as it requires:   

  • Robust implementation of good information governance (data quality, data mapping/data lineage, etc.).
  • A need for assuring  IT and security best practices (IS processes and procedures, security reinforcement, IT controls, etc.).
  • Setting up active monitoring systems on cyber risks and threats, but also on emerging privacy topics and regulations to adapt quickly to changes.
  • Training staff on data protection topics in order to promote a "privacy culture" within the organisation. 
  • Considering risks linked to personal data when developing new products, setting up new projects(privacy by design approach).
  • Acquiring appropriate skills, technologies and tools that will allow for appropriate response to privacy concerns.  

 

Privacy issues can cause significant risks for organisations (risk of financial penalties, risk of non-compliance, reputation risk, etc.) and if not properly tackled, they can result in the collapse of the business.

These risks are so important that they are integrated into the decision making related to topics such as to mergers and acquisitions. In this context, "privacy" seems to be of such importance that, 2/3 of the companies surveyed in France acknowledge that data protection issues have had an impact on their decisions (i.e. M&A decisions).

Risks identified during the due diligence process are considered when deciding to proceed with deals, and also when negotiating deal terms. Consequently it makes sense to consider privacy topics and GDPR compliance during this process as well. Auditing privacy aspects such as  processing registers, subcontractor contracts, third-party assessments, policies (personal data policy, customer information policy, cybersecurity policy, etc.)  allows companies to accurately evaluate risks and to decide whether to proceed with deals.  It also helps in fixing the transaction price and in making decisions on future liabilities.

The subject of privacy does not end with the closing of the transaction, as both entities will have to keep harmonising and jointly organising their compliance approaches. 

Companies are facing new challenges with the use of new collaboration tools and a remote work environment.  27% of surveyed companies faced difficulties when conducting investigations in the remote work environment.

The need for investigations of fraud, illegal practices and illicit behaviours remain important in a context marked by the pandemic. As business continuity requires the use of collaboration and messaging platforms such as Teams, Zoom, OneDrive or Slack, challenges have expanded. This has resulted in an explosion of data types and volumes that are now coming to the fore as potential sources of evidence in matters.

Remote working has also made it more difficult for organisations to facilitate the collection of electronic evidence in a timely manner. Responsive data is now often stored on company or personal devices, that stay in employees’ homes, making them less physically accessible, and with lower-speed connections, than if they were centralised in a corporate office.

Moreover, with most employees working from home, more corporate data is residing in personal environments, potentially on personal devices (BOYD).

These factors have increased the need and demand for deep technical expertise and adaptability to new sources of evidence.

The unprecedented media coverage of the Covid-19 pandemic and the assertion of new risks for companies (attacks on their IT systems, climate change, etc.) have greatly impacted the way executives deal with reputational risk. Amongst G20 corporate executives, 75% have had to make decisions during the crisis with potential consequences for their company's reputation, which runs the risk of being directly confronted with the court of public opinion.

Whilst G20 countries seem to be returning to relative 'normality' thanks to the progress of their vaccination programs, companies believe that some issues will remain at the heart of media attention over the next 12 months. French business leaders have identified use of government funding, IT attacks and vulnerabilities, post-crisis employee well-being, and data privacy as key reputational issues.

 These circumstances have equipped executives with a greater awareness of the risks linked to insufficient preparation for crisis management, hence they have adopted a new way of thinking in terms of anticipating sensitive communications. As a result: 97% of surveyed executives say that they will invest in various crisis preparedness programs over the next 12 months. In France, updating business continuity plans (38%), risk identification and preparedness programs (38%), and cyber risk management (39%) are at the top of the list of concerns.

Company relations with the public authorities as well as the position of the company in the public sphere are at the heart of the executives' concerns, more so than ever before.  Amongst G20 companies, nearly a third of the executives believe that government policies, as well as regulators, could strongly impact their company's performance and strategic business plans. 

The Pandemic has fundamentally changed the dynamics of the relationship between governments and the private sector; support through stimulus packages is often conditional on social or environmental commitments and expectations regarding the societal contributions of companies are higher than ever. This trend is expected to accelerate further in 2022. Among the French companies surveyed, 71% said they are under greater pressure to demonstrate the strength and validity of their corporate responsibility policies when receiving government grants or subsidies.

Demonstrating awareness of changing political and societal expectations is now an expectation of businesses. 84% of French Corporate Executives say that companies should be run in the interests of all stakeholders, not just shareholders. In addition, 70% of these Corporate Executives believe that they have a responsibility to communicate their views on social and political issues. The recognition of the need to engage with stakeholders regarding the company’s role in society shows that a significant majority of leaders are now willing to engage proactively and consistently with the public.

Whether it is because of the pandemic, the climate and environmental emergency or  other pertinent debates that are rippling through society, the theme of sustainability is now strongly anchored in the opinions of both French and international  business leaders.

Within companies, ESG is no longer a secondary concern. It is now a major component of business strategy and is a primary  consideration throughout the value chain. More than a third of CEOs say that they are under extreme pressure to improve their company's ESG performance. Furthermore, 30% of the companies surveyed expect to be investigated by regulatory or governmental bodies in the next 12 months regarding their ESG practices and 30% also said that they would like to complete an M&A transaction in the coming year that would allow them to improve their ESG performance, solidifying the importance of ESG in business practices.

In response to this increased attention from all their stakeholders, 95% of G20 companies have increased their ESG commitments over the past 12 months. Their actions have been mainly focused on implementing measures to establish quality management (42%), better manage their resources (38%) and reduce their environmental impact (37%).  However, in France, corporate executives recognise that they need to do more when it comes to climate action plans (29%), integrated sustainability strategy (27%), talent attraction and retention (25%) and ESG reporting (23%).

Autumn 2021 Resilience Barometer®

The latest Resilience Barometer® data reveals that socio-economic fault lines exposed by COVID-19 are creating an unforgiving marketplace. Economic disruption, government support schemes, social change and climate crisis are driving relentless scrutiny of companies from governments and the public, with little room to avoid disputes and investigations into business practices and behaviour.

DOWNLOAD

Baromètre de la Résilience®

Les dernières données du Baromètre de la Résilience® dévoilent des bouleversements économiques et sociétaux accélérés par la COVID-19.  L’étude identifie comme chaque année les principaux risques et défis auxquels les chefs d’entreprises des pays du G20 sont confrontés et analyse leur niveau de préparation.

DOWNLOAD >

INSIGHTS

slide left

Polémiques, risques politiques et enjeux de réputation : quelle place pour la subjectivité dans le contrôle des investissements étrangers ?

Par Guillaume Granier, Senior Managing Director, Cosme Julien Madoni, Senior Director, et Mathilde Jean, Director, FTI Consulting

READ MORE >

Beyond the Pandemic: EMEA Data and Discovery Roundtable

Many organisations are worried about IP theft, data privacy breaches and compliance violations that may occur while employees are dispersed and working from home. What can companies do to mitigate this new landscape of risk—both while their employees continue to work remotely and when they begin to return to the office?

READ MORE >

Déploiement des politiques ESG : le CAC 40 parmi les leaders en Europe

La pression croissante des investisseurs pour que les entreprises mènent des politiques ESG efficaces a conduit FTI Consulting à analyser leur déploiement au sein des grands indices européens. L’engagement ESG des entreprises est-il assorti d’un programme complet, d’objectifs tangibles et mesurables ainsi que d’un suivi efficace ? Quels sont les progrès accomplis en 2020 ? Où se situe la France en comparaison de ses voisins européens ?

READ MORE >

Les Cles du Succes du Digital CEO

Les grandes entreprises utilisent aujourd’hui les réseaux sociaux comme canal de communication privilégié à destination de leurs parties prenantes, clients, employés ou investisseurs, une tendance qui s’est accélérée au cours de la dernière décennie à travers l’utilisation de plateformes comme Twitter, LinkedIn, Facebook ou Instagram.

READ MORE >

Internal Investigations “à la Française

In France, an internal investigation can introduce an array of key challenges for in-house and outside counsel who will need forensic technology experts to navigate new data challenges and ensure their internal investigation obligations are aligned with new guidelines released by the France National Bar Council (CNB).

READ MORE >

Evolutions de la perception de l’ESG par les investisseurs institutionnels pendant la crise de la COVID-19

La pandémie de COVID-19 a eu des répercussions considérables sur la santé publique, les comportements individuels et l’économie mondiale. Au cours de cette période, l’importance de l’ESG a été soulignée tant par les entreprises que par les pouvoirs publics, les investisseurs ou les médias.

READ MORE >
slide right