It’s been nearly two and a half years since United Kingdom voters first declared thatthe UK should leave the European Union. While most large companies began Brexit contingency planning months or even years ago, one of the biggest challenges facing decision-makers today is that they don’t truly know what they’re planning for.

Nonetheless, amidst political turmoil and unclear outcomes, complex contingency planning proceeds for a relatively wide range of very different scenarios. Given the current state of the Brexit debate, what should that planning and preparation look like? Where should they be in the process, and what are the key considerations business leaders should be keeping top of mind in the months ahead?

Continuity concerns

The first and most immediate priority should be to address potential continuity issues. This is particularly relevant for companies with European supply chains and organizations that rely on cross-border transactions. Companies who want to maximize their chances of being able to continue trading immediately and minimize any disruption need to anticipate and prepare for continuity disruption. This is especially important in the event of a No Deal outcome—where a failure to reach a mutually acceptable withdrawal agreement would eliminate the planned 21-month transition period and the UK would leave the EU immediately on March 29th of this year (2019).

Many companies are already undergoing additional accreditation checks and certification—which typically includes comprehensive auditing of systems and processes—to optimize their chances of minimal physical disruption at a border. And it’s not just companies who import or export physical goods that are preparing. Banks are looking at their financial and regulatory exposure and working out how they can continue to trade in financial assets, possibly from outside of the UK through the use of subsidiaries. The key is to know where vulnerabilities exist should Brexit go forward. Assessing the risks and the potential business impacts will determine how best to allocate risk mitigation resources to reduce negative exposure.

Background screening obligations

UK businesses need to recognize that they may be obligated to structure new background screening systems and processes to fit a new and as-yet-undocumented compliance regime. While this is more of a medium- to long-term risk, the potential expense and complexity likely to be involved makes early planning prudent. The key uncertainty here centers on the new regulatory framework that UK companies may have to comply with.

These new and as of yet, undecided, set of rules for immigration and right to work that many companies will have to comply with could restrict freedom of movement for European workers. [UK companies should still be cognizant and comply with GDPR as well as any deviations that result in the UK application after Brexit.]

While this would be the biggest change to immigration in the UK in 40 years—a significant planning challenge for UK businesses even if a deal is reached and new guidelines would (likely) be scheduled to go into effect in 2020. In the event of a No Deal outcome, a new system could be in operation in April 2019, which gives businesses virtually no time to adjust.

Given that UK companies are legally obliged to ensure that their employees have a right to work in the UK—and can face fines if they employ workers without the right to work—fundamental immigration system changes implemented with little lead time could leave many UK companies struggling to remain in compliance (at least in the short term).

Given the uncertainty of what new regulatory guidelines will be, Pinkerton’s recommended approach to this issue is to make sure that your current guidelines and practices are fully compliant with the highest level of privacy and security standards, and systems and process quality. If you meet and exceed industry standards today, there is less chance that the formal implementation of a new regime will require costly, complex and time-consuming changes in the future. Businesses that are fully compliant with new regulations will have a market advantage over competitors who may be slower to make necessary changes.

Preparing for protests, marches and civil unrest

Since Brexit was first put forth as a possibility, media reports have shown that it has created strife between supporters and detractors, leading to protests and violent clashes. Companies need to create plans that shore up their operational security risk in the event of civil disruption or unrest.

Whilst Brexit demonstrations have been non-violent so far, a No Deal outcome could heighten the risk of civil unrest, and companies should be monitoring the situation closely and preparing specific risk mitigation tactics and strategies to address physical security and disruption of business.

Operational security planning and preparation should also be focused on finding ways to address potential longer-term security risks, specifically with regard to how cooperation and information-sharing between UK security services (police and government intelligence agencies) and their European counterparts could be impacted. Points of concern range from intelligence sharing to policing issues, such as the European Arrest Warrant. What that impact might look like—and the specific details about how any impact on security operations and apparatus in the UK could affect public safety—are still unclear at this point, so it’s an issue that security departments in UK companies should be monitoring closely.

Brexit is a fluid situation with a range of possible outcomes that seemingly change from one day to the next. Any or all of those outcomes are likely to have profound implications for the security environment and risk landscape in the UK—and consequently for the security planning and protocols for UK businesses.

The ability to dynamically assess physical, market, and economic risks is critical as companies face the political uncertainty Brexit has created. No one knows what the future holds, but companies that take into account multiple potential outcomes, address the impacts each could have on their business, and are ready to react when the dust settles will be well positioned to mitigate those risk more effectively than their competition.

Published March 12, 2019