Riskier Business — Force Majeure, Major Unforced Errors & a Capstone Solution
Many Local Files can describe the risk of a hurricane.
But few describe the risk from CEOs with comparable effect.
In our fourth and final Margin Note instalment of the Riskier Business series, we delve into the sometimes sensitive (and occasionally sensational!) topic of Hazard Risks. Herein we also propose a solution for gracefully incorporating new risks data into your documentation. We recognize there is growing pressure from not knowing what to do with all of this newly-unearthed ‘Risks’ information building up over these last few missives. Fret not—we’re here to help!
A Final, Hazardous Category – Beyond the Force Majeure Clause
What exactly are Hazard Risks?
Per the OECD Transfer Pricing Guidelines for Multinational Enterprises and Tax Administrations (“TPG,” Ch 1.72), Hazard risks are described as being:
“… likely to include adverse external events that may cause damages or losses, including accidents and natural disasters. Such risks can often be mitigated through insurance, but insurance may not cover all the potential loss, particularly where there are significant impacts on operations or reputation.”
Hazard Risk today extends well beyond hurricanes, fires, and other headline-grabbing events. It includes a broader—and often more subtly disruptive—set of events and situations that may not fit neatly within the confines of a force majeure clause. These include social and reputational shocks that move at the speed of a relentless news cycle, as well as judgment-based failures that arise from the decisions of individuals operating within (or sometimes outside of) established controls.
Some of these risks are insurable. Many are not.
Even where insurance exists, it may not resolve the question of which party bears economic consequences—or has the financial capacity to bear such risks—when business activities move beyond the assumptions embedded in an intercompany arrangement? When such events occur, they often fall outside the scope of agreements designed for routine operations. Routine (and often low-risk) services agreements seldom have contingencies for employees embezzling funds, relationships with questionable counterparties, or reputational crises triggered by spectacularly poor (and possibly livestreamed) bouts of judgment. In those moments, it becomes unclear which entity bears the consequences when neither the agreement, nor the transfer pricing model align with the current state.
To begin to address this, let’s explore common subcategories of Hazard Risks and pair them with annual reports disclosures from public US companies from regarding steps taken to mitigate the impact of similar risks.
Environmental Hazard Risk — When Externalities Become Internal
Having grown up on the Texas Gulf Coast, hurricanes, and petrochemical plant accidents immediately come to mind on this topic. But, Environmental Hazard Risk has not one, but two distinct dimensions: one catastrophic, and one strategic.
The catastrophic dimension includes industrial accidents, chemical releases, infrastructure failures, and so on. These events impose immediate and substantial costs: damages, remediation, penalties, litigation, etc. The following language from a US Fortune 500 public filing reflects both the obvious catastrophic element, but also the compliance-oriented and longer-term strategic aspects:
“Our manufacturing operations are subject to operating hazards… including fires, explosions, toxic gas releases… Such events could result in personal injury… environmental damage… and business interruption… we may be subject to claims for damages, environmental remediation costs, and fines or penalties…”
‘Business interruption’ above references the strategic element of these risks, as it relates to contingencies and the long-term work to recover (or to improve) operations.
In the aftermath of such events, investigations focus on control: who established the protocols, who maintained them, were they followed, and who had the authority and capability to intervene. For transfer pricing purposes, this raises a parallel question: were the entities characterized in documentation as “low-risk” ever positioned to control, or absorb, risks of this magnitude.
Social Hazard Risk — Reputational Risks & the Boycott Economy
Social Hazard Risk is often described as “reputational.” Corporate reputation is not solely a construct resulting from years of marketing and product delivery. It is actively shaped (and reshaped) by customers, management, employees, regulators, and loosely coordinated networks of stakeholders who can respond with speed and scale that traditional risk frameworks were never designed to accommodate.
Consider the modern boycott.
A company finds itself at the center of a controversy: sometimes tied to a deliberate corporate stance, sometimes to a perceived misstep, and sometimes to something that would have been inconsequential a few years ago, but now unexpectedly carries symbolic weight.
This is not conjecture. It is plainly disclosed in public filings:
“Brand value is based on perceptions of subjective qualities, and any incident that erodes the trust or confidence of our consumers or business partners, including negative publicity regarding our products, manufacturing practices, or the actions of our employees, could adversely affect our brand and reputation… our brand may be adversely affected by public perception of our position on social or political issues…”
Such events can have a swift, measurable revenue impact. Public filings suggest that companies do not simply prepare to absorb these risks. Rather, they actively manage them:
“We engage regularly with stakeholders, including investors, customers, and civil society organizations, to understand evolving expectations and to inform our sustainability and social impact strategies. We have established governance structures and internal controls to oversee these initiatives and to monitor performance… Failure to meet stakeholder expectations could adversely impact our reputation and business performance.”
For companies with greater direct exposure, it’s worth proactively exploring the contingencies and how they are reflected in both agreements and documentation, rather than waiting until after a crisis has occurred. Of course, it’s also critical to validate that entities expected to bear these risks also have the financial capacity to do so.
People-Driven Hazard Risk – In Cases of (Mis-)Judgment & (Mis-)Leadership
Not all Hazard Risks are exogenous. A meaningful share arise from within: from decisions made by company personnel inside (and sometimes outside) the systems designed to guide them.
Hazard Risk, in this sense, sits at the intersection of structure and behavior. It reflects what actually happens when individuals—despite training, policies, and controls—exercise judgment in ways that push business activity beyond its intended parameters.
At one end of this spectrum are highly visible, leadership-driven risks. There are companies today where the public identity of the enterprise is closely tied to the conduct of its senior executives. In such cases, statements made in unscripted moments, positions taken in public forums, or patterns of behavior that invite scrutiny can have all have tangible business consequences.
Again, this is not theoretical, as public filings acknowledge this dynamic explicitly:
“Due to the significant media attention given to our [executive(s)]… any statements made, including via social media, may result in significant volatility… and may have a material adverse effect on our business, prospects, and financial condition.”
Which raises a question that transfer pricing documentation seldom directly confronts: whether individual behavior—particularly at senior levels—can effectively constitute a risk-bearing activity. Where leadership actions directly (and materially) influence outcomes, the location and economic owner of that influence becomes relevant. It is difficult to reconcile a “routine” characterization with exposure to risks that arise from decisions over which the entity has no control. That, in itself, can be an important story to tell.
More commonly, these risks emerge through less visible decision-making. Employees may override controls, disregard procedures, or act on incomplete or poorly understood information. Sometimes these actions are inadvertent; sometimes they reflect poor judgment or intentional misconduct. In each case, the result is the same: activities occur outside the assumptions embedded in both the agreement and the transfer pricing model.
Fraud, Misconduct & High-Risk Environments — Risks Embedded in the Business Model
Certain industries (e.g., financial services, healthcare billing, procurement-heavy operations) are inherently exposed to fraud, misconduct, and abuse. Transactional complexity, decentralized decision-making, and reliance on third parties create opportunities that cannot be fully eliminated.
A Note on Personal Responsibility
In some jurisdictions—particularly the US—certain systems are often designed around the expectation of foreseeable misuse. Product safeguards are layered; warning labels are explicit (at times shockingly obvious). Liability frameworks extend to cover a wide range of outcomes arising from imperfect judgement or incomplete information.
And the fine print may be extensive.
In others, there may be a relatively greater emphasis on an individual’s accountability within structured systems. Business managers and operators are expected to exercise a (higher?) baseline competence and awareness. Jurisdictional legal frameworks place more weight on adherence to professional standards and reasonable conduct.
While certainly not an absolute distinction (!), this can still be useful to consider when something goes wrong in a business (or controlled transaction).
Are SNAFUs the result of an individual failure, or do they reflect a broader failure of governance, incentives, or control?
From a transfer pricing standpoint, those differing perspectives can matter. They may influence how risk is perceived, how it is allocated, and whether adverse outcomes are viewed as local aberrations (and local consequences) or cases of systemic responsibility.
As disclosed:
“[The Company] is subject to the risk of fraud, theft, and misconduct… Despite our efforts to detect and prevent such activities through internal controls and compliance programs, these measures may not be effective…”
Controls can be created to mitigate risk, but cannot eliminate it. Insurance may cover losses, but what happens when procedures aren’t followed? Or when reasonable controls are deliberately circumvented?
These challenges are amplified in higher-risk environments. Certain markets and industries present elevated exposure to corruption, sanctions risk, and opaque counterparties. In these contexts, routine operations require judgment under uncertainty.
“We operate in countries that are subject to… corruption… and trade sanctions…”
It is also worthwhile to note that different business cultures may have (widely) varying expectations regarding personal responsibility of its employees and management teams. (See “A Note on Personal Responsibility” in the sidebar.) Expectations for the role and responsibilities of an entrepreneur vs. a limited risk entity may have pronounced regional differences.
Which brings us back to that draft transfer pricing report. Especially where Hazard Risk is greater, detailing the expectations and responsibilities of the parties in the context of performing a requested and beneficial activity can be critical.
A Capstone Solution — Marketplace Risk & Business Strategy Risk
The introduction of Hazard Risk adds yet another layer to an already crowded Risk Analysis writeup. Despite this added complexity, we don’t suggest that routine functions require exhaustive detail for every risk sub-category.
But we do have a solution!
Our proposed approach borrows from an unlikely place: my own MBA program curriculum. The final required capstone course – itself a veritable rite of passage – was titled: “Capstone: Business Strategy.” While this class sought to incorporate every core skillset learned during ‘Capstone,’ this steered students to identify the most impactful external business factors, and then focus their assessment on what a company could do – or did do – to manage them.
In similar fashion, we propose to integrate risk elements into a two-element framework consisting of Marketplace Risks and Business Strategy Risks.
Element #2 – Business Strategy Risk
The capstone. This is where some of the most consequential risks reside, helping to contextualize the importance of decisions made at the highest level. We recommend defining and addressing those business risks requiring strategic decision-making and company actions as Business Strategy Risks.
This cements a linkage between decision-making authority and its economic consequences, and counter-balances the traditionally sparse narrative about proactive risk-related actions. It can also even reinforce the “Business Strategy’ discussion (i.e., another oft underserved narrative, explored further here: When ‘Business Strategy’ Gets Written Out of the Story)
Element #1 – Marketplace Risk
This foundational element becomes the repository for risks that are largely exogenous and tend to be observable in fiscal period performance (e.g., revenue variability, competitive dynamics, pricing pressure, etc.) In most cases, this is what a generic, catch-all ‘market risk’ narrative usually describes.
These Marketplace Risks are important, they are relevant, and they manifest in routine profitability results that can lead to the need to make a transfer pricing adjustment. But as we have often discussed, this element—alone—often fails to address what steps were taken to manage these risks.
Making “Limited Risk” More Meaningful by Demonstrating What It Isn’t
At the end of the day, a controlled transaction is not ‘limited-risk’ merely because it is labeled as such in the policy. The proposed ‘Business Strategy Risk’ and ‘Marketplace Risk’ approach relieves a risk analysis narrative from the ambiguity of ‘Market Risks-only’ approaches, and dramatically reduces reliance on (readily-measurable and, as we’ve discussed, almost universally over-weighted) Transactional Risks. An entire echelon of critical risks that are NOT directly related to a transaction now come into clearer resolution.
Thus, a controlled transaction is also inherently limited-risk because the most consequential risks to the overall business—and by extension the controlled transaction—are demonstrably managed and borne elsewhere. That shift in perspective not only sharpens today’s documentation, but also makes it easier to explain tomorrow’s surprises.
Thank you for following along in this final instalment of the Riskier Business series, and for engaging with this look at the often-overlooked, non-transactional risks embedded in your controlled transactions.
And you can probably take those shades off now…
