How-to guide

Industry Risk Analytics

A 5-step guide on how to use it in your workflow
Verisk Maplecroft / How-to guide

What ESG and disruption issues do you worry about?

Does the new wave of sustainable supply chain due diligence legislation
keep you up at night? What about the threats posed by insecurity and natural
hazards to your staff, customers, and operations? Or do you have clients
asking difficult questions about the real world ESG exposures of your
transactions and investments?

Verisk Maplecroft’s Industry Risk Analytics dataset delivers precise industry-

specific country risk scores that can help you build a nuanced and effective
risk assessment framework. The dataset, covering 198 countries, 80
industries, and 51 ESG and Disruption risk issues, enables you to easily
assess and track the risk exposures faced by any supplier, facility,
investment, place or industry based on robust, independent geospatial risk
information.

Industry Risk Analytics You can compare the solar energy sector in China with the mining sector in
delivers precise industry- South Africa, the agricultural sector in the UK with the apparel sector in
Thailand, and the manufacturing sector in the US with the oil and gas sector
specific country risk scores. in Mexico.

This means you can rapidly identify the risks facing your suppliers,
operations, or investments at-scale based on where they are and what they
do. From there you can understand which issues you are most exposed to,
what’s driving them and how they’re changing, so you can prioritise your risk
mitigation efforts more efficiently, based on a rigorous, intelligent and
comprehensive process.

The following 5-step guide describes how you can build a process like this,
using our Industry Risk Analytics as a universal foundation for your risk
assessment program.

STEP 1 Set up your risk assessment framework

STEP 2 Assemble your location and industry information

STEP 3 Screen your suppliers, operations, or investments

STEP 4 Analyse your exposures

STEP 5 Mitigate your risks

2 Verisk Analytics Official Public Information © Verisk Maplecroft 2022 | maplecroft.com

Verisk Maplecroft / How-to guide

STEP 1 Set up your risk assessment

framework

The table below walks you through Step 1: setting up your risk assessment
framework. Every organisation is different, but there is a high chance you’re
charged with managing one of the three broad workflows.

Workflows

Sustainability of my Resilience of my Screening for ESG

supply chains company’s operations exposures in my portfolio

What you’re worried about
● Labour rights violations ● Staff and customer safety ● Material ESG exposures
of transaction, portfolios,
● Compliance with local due ● Continuity of operations companies or assets
diligence legislation
● Corruption
● Environmental damage

Example salient issues for ● Biodiversity ● Civil unrest ● Biodiversity

you* which are assessed by
● Child Labour ● Climate change ● Child labour
Industry Risk Analytics
● Climate change ● Conflict ● Civil unrest
● CO2 emissions ● Heat stress ● Climate change
● Corruption ● Kidnapping ● CO2 emissions
● Decent Wages & Working ● Natural hazards ● Conflict
Time
● Water stress ● Corruption
● Deforestation
● Decent Wages & Working
● Discrimination Time
● Migrant workers ● Deforestation
● Modern Slavery ● Indigenous Peoples’ Rights
● Occupational Health & ● Modern slavery
Safety
● Natural hazards
● Waste
● Occupational Health &
● Water pollution Safety
● Water stress ● Political violence
● Waste
● Water pollution
● Water stress

Which issues do you pick?**
Using your supplier code of The indices and weights that We work with you to choose
conduct or local legislative help you to best understand indices and select weights
requirements as the starting and mitigate risks in your that align best with your asset
point, pick and apply weights area of responsibility class and investment strategy
to indices in a way that
reflects their importance to
your business.

What you need to know The locations and industries The locations and industries The locations and industries
of your suppliers of your own operations of your counterparties,
assets, or investments

*Issues listed are an example and are not meant to be exhaustive.

**Refer to our Index catalogue for a list of all issues covered, or contact your account manager for more information about a mapping exercise that can reflect your needs.

3 Verisk Analytics Official Public Information © Verisk Maplecroft 2022 | maplecroft.com

Verisk Maplecroft / How-to guide

STEP 2 Assemble your location and

industry information
Once you’ve set up your risk assessment framework, you’ll need to score
your suppliers, operations, or investments based on where they are and what
they do. But before you can do so, you’ll need to assemble data on their
locations and industries.

The location element could be as broad as countries or regions, or as

specific as the cities or coordinates of individual sites (HQ buildings,
administrative offices, suppliers’ factories, ports, warehouses, or retail
outlets, etc). Many of our indices provide subnational data, so the more
detailed the locational information you have (ideally latitude/longitude
coordinates), the more precise the risk scores we can provide.

Country risks aren’t just But country risks aren’t just different from place to place. Each sector faces
different from place to place. its own unique set of challenges. As standard, Industry Risk Analytics
Each sector faces its own matches the activity of a business to one of 80 different industries, mapped
unique set of challenges. to the Sustainability Accounting Standards Board’s (SASB) industry
taxonomy. We can provide you with a list of these industries so you can
match them to your data, or otherwise discuss supporting you with this
mapping process. Other mappings beyond SASB’s are also available (e.g.,
SIC, UNSPSC), while others are under consideration or otherwise possible
(please contact your account manager to discuss specific mappings if you
have a particular internal system or external taxonomy in use).

4 Verisk Analytics Official Public Information © Verisk Maplecroft 2022 | maplecroft.com

Verisk Maplecroft / How-to guide

STEP 3 Screen your suppliers, operations,

or investments
Having set up an assessment framework and assembled your information,
you can now begin screening for risks. To do this we need to combine your
information with data from Industry Risk Analytics. This can take place in a
variety of ways, but the most common will likely be via filtering in the
Industry Risk module of our GRiD (Global Risk Dashboard) online platform, or
by exporting the data from GRiD to be used in a spreadsheet. (For more
advanced use cases, such as those involving subnational scores and
locations, please contact your account manager, support@maplecroft.com
or use the ‘Ask the Analyst’ function in GRiD for more information.) Example
outputs of this screening exercise could look like those in Figure 1 on the
next page.

Spend less time creating

Focus box: Industry Risk Analytics at-a-glance
spreadsheets, wrangling
inconsistent data and For each country (or location), our geospatial risk data tracks over 50
crunching numbers, and issues across 198 countries. This means you can robustly compare
more time taking robust, the different risks faced by your suppliers, operations, or investments
data-driven actions. based on 100s of indicators that draw on our vast array of geospatial,
unstructured, expert-derived and structured sources.

For each industry we assess 21 global characteristics, capturing whether

they make that industry risky to source from, operate, or invest in.

We also build in country-industry-issue specific information, leveraging

machine-learning and artificial intelligence, to ensure our data is as
specific and up to date as possible.

Taken together, these three pillars represent 1000s of your analyst hours
saved that enable you to differentiate between two businesses which
might be situated next door to one another but operate in two entirely
different sectors, as well as two firms that work in the same industry
but are situated on different continents. In both of these scenarios, and
the spectrum of others in between, two companies can pose entirely
different sets of risks, which may require very different risk management
strategies.

By using our comprehensive, independent data, you can spend less

time creating spreadsheets, wrangling inconsistent data and crunching
numbers, and more time taking robust, data-driven actions that influence
decisions and improve outcomes.

5 Verisk Analytics Official Public Information © Verisk Maplecroft 2022 | maplecroft.com

Verisk Maplecroft / How-to guide

Figure 1: Example scorecard output from our GRiD platform, based on selections of
issues, industries, and countries

This step should be

repeated on a regular basis
– risks rarely stand still, so You now already have actionable, risk-based insights, which can be used to
neither should you. build ongoing inherent risk monitoring into your risk management process.
For example, if you observe that the aggregate inherent risks your business
faces globally, or in a particular region or sector, are increasing over time,
is that a deliberate or unintended consequence of management’s strategy?
Accordingly, this step should be repeated on a regular basis – risks rarely
stand still, so neither should you. We’d recommend revisiting it quarterly,
given that’s the update frequency of our risk data, but annually is sufficient
as a minimum starting point (and even necessary for compliance with some
legislation, such as the German Supply Chain Due Diligence Act, or “LkSG”).
Inherent risk screening is
critical to ensuring the Further, screening outputs can also be an input into your initial onboarding
robustness of any risk or due diligence processes, and facilitate dialogue on the issues raised
management process to (supported by easy-to-export visualisations from GRiD) with your internal
both observed and potential stakeholders.
risks.
Sustainability, resilience and ESG risks are challenging phenomena,
which often hide in unlit, unnoticed corners of supply chains, operations,
transactions, or investments. This means they are hard to spot and mitigate
against when using other methods such as SAQs and audits, or company
performance and controversy datasets that either produce inconsistent
results, are difficult to scale, or depend on disclosure- or media-reported
information that only observes issues after-the-fact. In this context, regular
data-driven inherent risk screening is critical to ensuring the robustness of
any risk management process to both observed and potential risks, and how
they evolve over time.

6 Verisk Analytics Official Public Information © Verisk Maplecroft 2022 | maplecroft.com

Verisk Maplecroft / How-to guide

STEP 4 Analyse your exposures

Now you understand the risks facing each supplier, operation, or investment.
But you can go a step further by integrating additional internal data to add an
extra ‘exposure’ dimension to your analysis.

The type of information used here will vary depending on what you’re
assessing (and the state of your own internal databases and systems), but
some examples could include:

Sustainability Resilience ESG

Spend with supplier Revenue Asset / transaction value
Supplier performance Staff headcount Revenue
Criticality Customer footfall
Brand proximity
Create a risk profile that is
unique to your business,
This step creates a risk profile that is unique to your business, identifying
identifying where and to
where and to what degree your business is exposed. For example, what
what degree your business
happens if the headcount at your call centre in Kuala Lumpur grows from
is exposed.
100 to 500? The site’s inherent risks haven’t changed, but given Kuala
Lumpur is high risk for a range of environmental and human rights issues,
increasing the number of staff there would increase your overall exposure to
these risks.

Similarly, imagine you have two suppliers located in the same country with
similar risk profiles, but your budget only allows you to audit one. Which do
you choose? The more you spend on a supplier, the greater the potential for
reputational damage.

By combining Industry Risk Analytics with your internal information, it is

quick and easy to identify which risk exposures pose the greatest risk to your
business. And the more information you can combine with our risk data, the
richer and more accurate your assessment.

7 Verisk Analytics Official Public Information © Verisk Maplecroft 2022 | maplecroft.com

Verisk Maplecroft / How-to guide

STEP 5 Mitigate your risks

Understanding the risk exposures in your supply chain, operations or
investments is powerful information and should be a springboard for
managing and mitigating those risks.

For example, this might mean speaking to the manager of a factory that is at
extreme risk for flooding to ensure that suitable defences and recovery plans
are in place. It may suggest communicating with a regional supply chain
manager to understand what is being done to prevent child labour in your
suppliers’ factories. Or it could indicate you should undertake additional due
diligence on a transaction, or adjust the makeup of your investment portfolio
to better match your (or your client’s) risk appetite.

See beyond conventional

performance assessment Verisk Maplecroft’s risk-based approach
methods by applying
country, industry, and Managing sustainability, resilience and ESG issues requires screening for
commodity context to risk inherent risks and understanding exposures. This ensures mitigation plans
analysis. are precisely targeted based on the types and levels of risk faced across
supply chains, operations, transactions or investments. Verisk Maplecroft
provides granular, actionable intelligence on these challenges, built upon
objective geospatial data and independent expert insight. We do this at
location, sector, and raw material level, enabling our clients to see beyond
conventional performance assessment methods by applying country,
industry, and commodity context to their risk analysis.

Whatever your goals, we are here to help you develop and implement a risk
assessment framework that meets your organisation’s objectives. For further
details, please contact your account manager or support@maplecroft.com
to arrange a call or meeting with the team.

8 Verisk Analytics Official Public Information © Verisk Maplecroft 2022 | maplecroft.com

Verisk Maplecroft / How-to guide

For further information on Industry Risk Analytics visit our website maplecroft.com/risk-indices/industry-risk/
or to speak to one of our team about how we can support you in developing your risk management processes,
please contact us maplecroft.com/risk-indices/industry-risk/contact/

info@maplecroft.com

maplecroft.com Verisk Maplecroft is a Verisk business

These materials, including any updates to them, are published by and remain subject to the copyright of Maplecroft.Net Limited (“Verisk Maplecroft”), and are made available to clients of Verisk Maplecroft under terms
agreed between Verisk Maplecroft and those clients. The use of these materials is governed by the terms and conditions of the agreement under which they were provided. The content and conclusions contained
are confidential and may not be disclosed to any other person without Verisk Maplecroft’s prior written permission. Verisk Maplecroft makes no warranty or representation about the accuracy or completeness of the
information and data contained in these materials, which are provided ‘as is’. The opinions expressed in these materials are those of Verisk Maplecroft, and nothing contained in them constitutes an offer to buy or
to sell securities, or investment advice. Verisk Maplecroft’s products do not provide a comprehensive analysis of the financial position or prospects of any company or entity and nothing in any such product should
be taken as comment regarding the value of the securities of any entity. Verisk Maplecroft does not warrant or represent that these materials are appropriate or sufficient for your purposes. If, notwithstanding
the foregoing, you or any other person relies upon these materials in any way, Verisk Maplecroft does not accept, and hereby disclaims to the extent permitted by law, all liability for any loss and damage suffered
arising in connection with such reliance. Please also note that the laws of certain jurisdictions may prohibit or regulate the dissemination of certain types of information contained in these materials, such as
maps, and accordingly it is your responsibility to ensure that any dissemination of such information across national boundaries within your organisation is permitted under the laws of the relevant jurisdiction.
Copyright © 2022, Maplecroft.Net Limited. All rights reserved. Verisk Maplecroft is a Verisk Analytics business.