What CEOs Can Do as the Rule of Law Is Under Attack
The Conference Board uses cookies to improve our website, enhance your experience, and deliver relevant messages and offers about our products. Detailed information on the use of cookies on this site is provided in our cookie policy. For more information on how The Conference Board collects and uses personal data, please visit our privacy policy. By continuing to use this Site or by clicking "OK", you consent to the use of cookies. 

Geopolitics Hub

Navigating the Rapidly Changing World Order


What CEOs Can Do as the Rule of Law Is Under Attack

May 03, 2022 | Report

The war in Ukraine has raised profound questions about the future global political and economic order. It has also served as a reminder of the importance, and fragility, of the rule of law. With companies facing the seizure of their Russian assets, with their workers living in fear for their liberty and their lives, corporate leaders should view the war as a catalyst to review more broadly their company’s own vulnerability to weaknesses in the rule of law in the regions where they operate.

Here are six areas where CEOs can take action now to limit their company’s risk.

Risk Assessment

As suggested in our essay on Cutting Ties with Russia: A Guide to Decision-Making Now and in the Future, CEOs should ensure that the company has a clear understanding of its risks relating to a lack of respect for the rule of law. These include corruption, lack of transparency and other constraints on government power, disrespect for civil rights and fundamental human rights, a breakdown in security and social order, and the arbitrary administration of civil and criminal justice.[1] This information should be not only incorporated in the company’s risk management program, but also factored into mergers & acquisitions and other business decisions.

  • In conducting rule-of-law risk assessments, companies can draw upon governmental reports, such as the US State Department’s annual Country Reports on Human Rights Practices, that looks at 198 countries and territories around the world; the EU’s annual Rule of Law Report covering its 27 Member States, as well as nonprofit sources such as the World Justice Project Rule of Law Index that uses survey results to rank 139 countries around the world on accountability under the law, evenhanded application of the law, open and transparent government, and impartiality of the justice system. The World Justice Project, for example, ranks Russia 101 out of 139 countries overall, but 129th in terms of constraints on government powers.
  • Just as importantly, companies can use their own sources of information—including interviews with country managers and employees—to get a sense of the risks on the ground. In collecting that information, it’s important to keep in mind the need for confidentiality to obtain a candid picture, so companies may wish to engage outside counsel to ensure the information is protected by legal privilege.


CEOs should ensure that their compliance policies and training programs are up to the task of helping their employees and agents operate in a world in which respect for the rule of law cannot be taken as a given.

  • Compliance programs should go beyond addressing the basic legal requirements of anticorruption laws such as the US Foreign Corrupt Practices Act, the UK Bribery Act, and Japan’s Unfair Competition Prevention Law and include information on the company’s respect for fundamental civil and human rights.
  • In addition, in rolling out an international compliance program, it’s important to do more than translate the corporate code of conduct into local languages and adjust the text for specific legal requirements. Companies should provide compliance training that is sensitive to the legal environment in each country. Employees in Bulgaria or Romania, for example, are less likely than those in Denmark or Norway to trust the government to fairly enforce the rules that compliance programs are intended to address.[2]


Companies should be prepared for future international sanctions relating to Russia and other countries that violate international norms. A couple of decades ago, government sanctions were a fairly straightforward affair: for example, the US government banned all commerce involving US currency, products, or people with countries that were blacklisted such as Cuba, Iran, and North Korea. Today, sanctions are more tailored—aimed at putting pressure on a government and undercutting its ability to use its military or police powers by targeting individuals (Specifically Designated Nationals, or SDNs) and critical industries, while still allowing humanitarian relief and trade in food and agriculture, medicines and health care, and other essentials to reduce the harm to the broader population.

  • To avoid a future conflict between complying with international sanctions and fulfilling your obligations under business contracts with the target country (hint: sanctions will win), companies should ensure that contracts with suppliers, business partners, and customers include provisions that address the potential imposition of sanctions as well as general force majeure provisions.
  • An unprecedented wave of companies decided to go beyond simply complying with sanctions and cut all business ties with Russia. In the future, the choice may not be so clear-cut, and companies may want to continue to do (at least some) business with that country or resume business after a period of time. In that case, now is the time to conduct due diligence on the ownership structure of the companies you’re doing business with so you know, if sanctions are imposed, whether you’re doing business with an SDN.
  • As is the case with Russia, the US and other governments allow time for an orderly wind-down of operations if a company does need to, or decides to, cut business ties with a country. As part of business continuity planning, companies should have basic checklists for winding down operations in high-risk countries.

Asset Seizures

CEOs should make sure their firms are prepared for the seizure of assets in Russia. While there is little companies can do to prevent seizures, they can be compensated for those seizures under bilateral investment treaties, as the Swiss Federal Supreme Court upheld in a case involving Russian seizing of Ukrainian oil and gas companies in Crimea.

  • To be eligible for compensation, the company needs to be doing business through an entity that is domiciled in a country that has a bilateral investment treaty with the asset-seizing country. (The United Nations Conference on Trade and Investment (UNCTAD) maintains a useful database on these treaties.) This means that, when deciding where to locate hubs for international business, companies should consider the existence of these trade agreements along with the tax implications. It’s also critical to review the text of these trade agreements, as the specific terms vary.
  • Further, companies should be sure that they have full documentation confirming the entity through which they did business and train their employees on the best way to document the circumstances in which the seizure takes place.


CEOs should ensure that their boards and their companies are prepared for increasing stakeholder pressure and regulation on civil and human rights. This applies not only to companies that have retained business ties with Russia, but also companies with substantial operations, suppliers, or customers in areas where the rule of law is weak.

  • While investors have shown only a moderate level of support for shareholder proposals on human rights (the 14 proposals that went to a vote in the US last year received an average of 23.5 percent), other constituencies are more engaged. Throughout the past year, US employees have put pressure on companies to take stands not just on the Russian invasion of Ukraine, but on voting rights at home. Consumers care, too: in a recent survey by The Conference Board/Harris Poll, 57 percent cited “compliance with anti-bribery, corruption laws” as a factor driving their spending decision, and 62 percent of consumers cited “fair labor conditions.” Companies need to understand what issues matter to their stakeholders, where those issues intersect with the company’s business, and how the company can best address stakeholder concerns.
  • CEOs should also monitor—and prepare for—a proposed draft EU Directive on Corporate Sustainability Due Diligence that would vastly increase companies’ regulatory obligations regarding human rights. The directive would require companies to implement a sustainability due diligence program addressing the company’s actual or potential adverse impacts on the environment and human rights, not only through their own operations, but also those of their value chains.[3] The directive would have broad territorial reach, covering an estimated 4,000 non-EU companies with a net annual turnover of more than 150 million euros (or, in some cases, just 40 million euros) in the EU. The directive would reach into the boardroom to expand the directors’ fiduciary and other duties, requiring directors, when exercising their duty to act in the best interest of the company, to take into account the consequences of their actions on short-, medium- and long-term sustainability. It would also place responsibility for establishing the sustainability due diligence program on the board. The proposed directive is subject to change, but it could be finalized in 2023, and then it could take two more years for Member States to adopt implementing legislation.


CEOs can view issues relating to the rule of law not just as a source of risk, but as an area where they can have a positive impact. A broad public-private effort to help build the rule of law in Russia and other countries emerged after the breakup of the Soviet Union. While the opportunity to help rebuild the rule of law in Russia seems remote at best, companies should consider providing support to other former Soviet republics and their neighbors to continue to address issues such as corruption and transparency. More broadly, companies can take the following steps:

  • Global companies can ensure that their in-house pro bono programs focus on international civil rights and other areas relating to the rule of law. They can provide pro bono representation to those displaced or harmed by the Russian invasion. In addition, many companies, especially through their legal departments, support nonprofit organizations aimed at international human rights and freedom of the press. Some companies and political action committees have incorporated respect for democratic institutions as a factor they consider when they make contributions to candidates.
  • But companies may wish to go further. For example, Chubb has established a Rule of Law Fund, supported by the Chubb Charitable Foundation and a group of leading law firms. What began as an initiative by a group of in-house compliance lawyers has become a global, multimillion-dollar effort to support rules-based legal systems, address corruption, ensure transparency in the regulatory process, and provide for adequate representation.

The Russian invasion of Ukraine has heightened awareness of a host of issues relating to the rule of law. With attention and leadership from the CEO, this moment can also spur meaningful action: ensuring the company factors a broader set of risks into its business decisions; enhancing compliance programs to reflect that government respect for the rule of law is far from universal; preparing for future international sanctions and even potential asset seizures affecting the company’s business; addressing stakeholder concerns and laying the groundwork for greater global regulation of human rights; and making support for the rule of law a part of the company’s citizenship efforts.

[1] See, for example: the US State Department’s annual Country Reports on Human Rights Practices (listing six key areas); the EU’s annual Rule of Law Report (addressing four topics); and the World Justice Project’s Rule of Law Index (covering eight areas).

[2] And do not forget to pay attention to risks at the state and local level. Especially in heavily regulated industries, companies need to have controls to govern entering into employment or consulting agreements with the politically connected. See here.

[3] Among other things, the directive would require companies to adopt a sustainability due diligence policy (and incorporate due diligence in all their other policies); prevent or, if not possible to prevent, adequately mitigate potential impacts; bring actual adverse impacts to an end; periodically assess the effectiveness of the company’s measures under the directive; and publish an annual report by April 30 of each year.




President and CEO
Society for Corporate Governance
The Conference Board ESG Center

Explore More on this Topic

Filter By Center


Webcasts, Podcasts and Videos

Press Releases / In the News