Developing countries are set to pay a record $400 billion in external debt service in 2024. Since 2020, there have been 15 sovereign defaults, driven by pandemic fallout, commodity price shocks, and inflation. Ghana, Zambia, and Ethiopia have entered debt restructuring. Argentina’s inflation hit 143% in 2023. Kenya issued Eurobonds at 9.75% because cheaper options were unavailable.
And yet, emerging markets contributed over 60% of global GDP growth in 2024, the IMF projects India and Vietnam to grow at 6%+ annually, Southeast Asia’s internet economy is forecast to reach $600 billion by 2030, and the African Continental Free Trade Area (AfCFTA) is creating a single market of 1.3 billion people. Latin America returned 55% in equity markets in 2025, driven by dollar weakness and commodity strength.
This is the fundamental tension that US investors and multinationals face: the growth is in emerging markets, but so is the complexity.
Political risk, currency volatility, regulatory opacity, corruption, infrastructure gaps, supply chain fragility, and sovereign credit risk operate at levels that standard US-centric ERM frameworks are not designed to handle.
Enterprise risk management in emerging markets requires a deliberate expansion of the risk identification, assessment, and monitoring processes that organizations use domestically.
It requires different data sources, different scenario assumptions, different escalation triggers, and different risk appetite calibrations.
This guide provides the practical framework for making that expansion work. For the foundational ERM concepts that underpin this approach, see our complete guide to enterprise risk management.
Why Standard ERM Frameworks Fall Short in Emerging Markets
COSO ERM and ISO 31000 provide excellent structural foundations for enterprise risk management. The problem is not with the frameworks themselves. The problem is with how US organizations apply them when they enter markets where the risk environment operates by fundamentally different rules.
Assumptions That Break Down
| Assumption (US Domestic) | Emerging Market Reality | ERM Implication |
| Legal system enforces contracts reliably | Court systems may be slow, politicized, or ineffective. Arbitration clauses may not be enforceable locally. | Contract risk is a standalone risk category, not a sub-risk under legal/compliance. |
| Currency is stable (USD) | Local currencies can depreciate 20-50% in a single year. Capital controls may prevent repatriation of profits. | Currency risk requires dedicated scenario modeling with tail events, not just hedging assumptions. |
| Regulatory environment is predictable | Regulations can change with limited notice. Tax regimes shift. Import/export rules are reinterpreted. | Regulatory risk needs continuous monitoring, not annual compliance reviews. |
| Political transitions follow established processes | Regime changes, coups, election disputes, and political instability can alter the business environment overnight. | Political risk must be assessed at country, regional, and local levels with explicit scenario planning. |
| Infrastructure is reliable | Power outages, port congestion, road quality, telecom failures, and water shortages are operational realities. | Infrastructure risk directly impacts operational risk and business continuity planning. |
| Corruption is a compliance issue | In some markets, corruption is systemic and touches procurement, permitting, customs, and tax administration. | FCPA/anti-bribery compliance must be integrated into operational processes, not just a policy statement. |
The solution is not to abandon COSO ERM or ISO 31000. It is to extend them with risk categories, assessment methods, and monitoring mechanisms calibrated to emerging market conditions. For a detailed comparison of these frameworks, see our article on COSO ERM vs ISO 31000 risk management standards.
The Eight Risk Categories That Define Emerging Market ERM
When US organizations expand into Africa, Asia, or Latin America, the enterprise risk register must be restructured to accommodate risk categories that either do not exist domestically or exist at a fundamentally different scale.
1. Political and Sovereign Risk
Political risk in emerging markets is not just about elections. It encompasses regime stability, policy continuity after leadership transitions, nationalization risk (particularly in extractive industries), sanctions exposure, civil unrest, and the political will to honor contractual commitments with foreign investors.
Practical indicators: Sovereign credit ratings (Moody’s, S&P, Fitch), Economist Intelligence Unit (EIU) political risk scores, World Bank Governance Indicators, Transparency International’s Corruption Perceptions Index, and Multilateral Investment Guarantee Agency (MIGA) coverage availability.
2. Currency and Capital Controls Risk
Currency risk in emerging markets goes far beyond exchange rate fluctuation. It includes convertibility risk (the ability to exchange local currency for USD), transfer risk (the ability to move funds out of the country), devaluation risk (sudden government-imposed currency adjustments), and the availability of hedging instruments.
In 2024, the Nigerian naira lost over 40% of its value against the dollar following the removal of currency controls. The Egyptian pound devalued by 38% in a single day in March 2024.
ERM response: Model currency scenarios at the 95th and 99th percentile, not just the expected case. Include capital controls as a scenario variable. Maintain diversified banking relationships with both local and international banks. Structure contracts with hard-currency pricing clauses where possible.
3. Regulatory and Legal Risk
Regulatory risk in emerging markets manifests as unpredictable changes in tax policy, import/export regulations, sector-specific licensing requirements, labor laws, environmental regulations, and local content requirements.
In many markets, the written law and the enforced practice diverge significantly. Local legal counsel who understands both the letter and the practice of the law is essential.
For guidance on building a comprehensive risk management policy that accounts for multi-jurisdictional regulatory complexity, see our article on the key components of a risk management policy.
4. Corruption and FCPA/Anti-Bribery Risk
The Foreign Corrupt Practices Act (FCPA) applies to all US persons and entities, regardless of where the conduct occurs.
This means US companies operating in emerging markets face dual exposure: the operational risk of corruption itself, and the legal and reputational risk of FCPA enforcement actions. The DOJ and SEC brought over $2.7 billion in FCPA penalties in 2023 alone.
ERM response: Anti-bribery due diligence on all third-party agents, distributors, and government-facing intermediaries. Robust gifts and entertainment policies. Whistleblower mechanisms. Regular FCPA training for all employees and third parties in high-risk jurisdictions. Red flag monitoring integrated into the compliance function.
5. Supply Chain and Infrastructure Risk
Supply chains in emerging markets are exposed to risks that rarely materialize in developed markets: port congestion and customs delays (a container at the Port of Lagos may take 3-4 weeks to clear), unreliable power supply (forcing reliance on backup generators), road and rail infrastructure that limits distribution reach, and telecommunications gaps in rural areas.
The China-plus-one manufacturing shift has accelerated supply chain diversification into Vietnam, Indonesia, India, and East Africa, but the infrastructure in these destinations is still developing.
6. Human Capital and Labor Risk
Talent availability, skill gaps, labor law complexity, expatriate management, and security of personnel are all heightened in emerging market operations.
Labor regulations in countries like Brazil, India, and Nigeria can be significantly more complex than US employment law, with strong worker protections, mandatory benefits, and restrictions on termination that affect operating costs and flexibility.
7. Reputational and ESG Risk
Operating in emerging markets creates ESG exposure that can affect the organization’s reputation globally: environmental practices in extractive industries, labor conditions in supply chains, community relations, and human rights considerations.
Investors, regulators, and consumers increasingly scrutinize these dimensions, making ESG risk management a strategic imperative for emerging market operations. For a detailed KRI framework for tracking ESG risks, see our article on key risk indicators for ESG and sustainability risk.
8. Cybersecurity and Data Protection Risk
Data protection regulations vary dramatically across emerging markets. Some jurisdictions (Kenya’s Data Protection Act, Brazil’s LGPD, India’s DPDP Act) have enacted comprehensive frameworks that create compliance obligations for US companies processing local data.
Others have minimal regulation, creating liability gaps. Cybersecurity maturity in local operations, vendors, and partners may be significantly lower than in the US, creating vulnerabilities that affect the global enterprise. For cybersecurity KRI frameworks, see our article on NIST cybersecurity key risk indicators.
Regional Risk Profiles: Africa, Asia, and Latin America
| Risk Dimension | Sub-Saharan Africa | Asia-Pacific (ex-China) | Latin America |
| Political Risk | High. Frequent transitions, coups (Sahel region), election disputes. AfCFTA promising but implementation uneven. 13 countries at high risk of financial crisis (IMF/World Bank). | Moderate to High. ASEAN generally stable. Myanmar, Cambodia elevated. China-plus-one shifting investment but creating new geopolitical dynamics. | High. Argentina hyperinflation, Venezuelan crisis. Brazil and Mexico offer scale but policy shifts affect investment. Political volatility a recurring theme. |
| Currency Risk | Very High. Naira, cedi, birr all experienced major devaluations 2023-2024. Hedging instruments limited. Capital controls common. | Moderate. Regional currencies generally more stable, though vulnerable to dollar strength and capital outflows. Indonesia, Thailand manageable with hedging. | High. Argentine peso extreme. Brazilian real and Mexican peso volatile but liquid and hedgeable. Regional debt exceeded 70% of GDP post-pandemic. |
| Regulatory Risk | High. Regulatory frameworks evolving. Local content requirements expanding. Tax regimes unpredictable in some jurisdictions. | Moderate. Vietnam, India improving regulatory clarity to attract FDI. Intellectual property protection uneven. Data localization requirements emerging. | Moderate to High. Brazil’s tax and labor complexity among world’s highest. Mexico’s USMCA provides framework. Chile, Peru relatively transparent. |
| Corruption / FCPA | High. TI CPI scores generally low. Procurement, customs, and permitting high-risk. Third-party intermediary risk elevated. | Variable. Singapore, Japan low risk. Vietnam, Indonesia, India moderate. Myanmar, Cambodia high. Due diligence essential for government-facing activities. | High in several jurisdictions. Brazil’s Lava Jato demonstrated scale of corruption risk. Mexico, Colombia elevated. Chile, Uruguay lower. |
| Infrastructure | Significant gaps. Power, logistics, telecom. Kenya, Nigeria, South Africa best positioned. East Africa improving with Belt and Road investments. | Generally adequate. Vietnam, Indonesia rapidly improving. India infrastructure investment accelerating. Logistics costs declining. | Variable. Brazil’s logistics costs high. Mexico near-shoring benefits. Chile, Colombia adequate for major operations. |
| Growth Opportunity | Highest long-term demographic growth. AfCFTA creating continental market. Fintech, mobile, agriculture, and mining sectors leading. | Strongest near-term. ASEAN internet economy $600B by 2030. Manufacturing diversification from China. India’s digital transformation. | Moderate. Commodity-driven. Fintech, clean energy, agribusiness growth sectors. Brazil and Mexico dominant markets. |
Building the ERM Framework for Emerging Market Operations
The following framework extends standard COSO ERM and ISO 31000 processes for emerging market application. For the foundational methodology, see our article on how to develop an enterprise risk management framework.
Step 1: Country Risk Assessment (Pre-Entry)
Before entering any emerging market, conduct a structured country risk assessment that evaluates political stability, macroeconomic fundamentals, regulatory environment, rule of law, corruption indices, infrastructure quality, and market access barriers.
Use quantitative data sources: IMF Article IV reports, World Bank Doing Business indicators, EIU country risk ratings, and Moody’s/S&P sovereign ratings. Overlay qualitative intelligence from in-country legal counsel, industry peers, and diplomatic sources.
The country risk assessment should produce a risk-adjusted return model that explicitly prices political risk, currency risk, and regulatory risk into investment return requirements. If the risk-adjusted return does not meet the organization’s hurdle rate, the market entry should not proceed.
Step 2: Expanded Risk Register
The corporate risk register must be expanded to include emerging market-specific risk categories. For each market, document:
- Country-level risks: Political, sovereign, currency, regulatory, and corruption risks specific to the country.
- Operational risks: Supply chain, infrastructure, labor, security, and business continuity risks.
- Compliance risks: FCPA, sanctions (OFAC), data protection, tax compliance, and local regulatory compliance.
- Strategic risks: Market access changes, competitive dynamics, government policy shifts affecting the business model.
- Reputational/ESG risks: Environmental, labor practices, community relations, and human rights.
Each risk should be scored using a methodology that accounts for the higher severity and probability ranges typical in emerging markets.
A 5-point scale calibrated for US domestic risk may not differentiate adequately between emerging market risks. Consider expanding to a 5×5 matrix with explicit severity definitions calibrated to the emerging market context. For the detailed risk assessment methodology, see our complete guide to the risk assessment process.
Step 3: Scenario Analysis and Stress Testing
Scenario analysis is the single most valuable tool for emerging market ERM. The standard three-scenario approach (base case, upside, downside) is insufficient. For emerging market operations, include:
- Currency shock scenario: Model a 30-50% local currency devaluation against the dollar. What happens to the P&L? To working capital requirements? To the ability to repatriate profits?
- Political disruption scenario: Model a change in government that reverses key policies: tax incentives revoked, local content requirements increased, import restrictions imposed.
- Capital controls scenario: Model the imposition of restrictions on profit repatriation, foreign exchange access, or dividend distribution.
- Infrastructure failure scenario: Model extended disruptions to power, ports, logistics, or telecommunications. What is the impact on production and revenue?
- Sovereign default scenario: For markets with elevated debt risk, model the consequences of sovereign default on banking system stability, currency, and the operating environment.
These scenarios should be quantified with probability-weighted financial impacts and presented to the board alongside the investment thesis. For guidance on translating risk scenarios into financial terms for board consumption, see our article on risk quantification for boards.
Step 4: KRI Dashboard for Emerging Market Operations
A dedicated KRI dashboard for emerging market operations should monitor leading indicators across each risk category. The following table illustrates a starter set:
| Risk Category | Key Risk Indicator | Green Threshold | Red Threshold |
| Currency | Local currency depreciation vs USD (30-day rolling) | < 5% | > 15% (triggers hedging review) |
| Political | EIU Political Stability Index change | Stable or improving | Downgrade > 0.5 points (triggers scenario refresh) |
| Sovereign Credit | Sovereign CDS spread (5-year) | < 300 bps | > 600 bps (triggers exposure review) |
| Regulatory | Days since last material regulatory change affecting operations | > 180 days | < 30 days (triggers compliance impact assessment) |
| FCPA/Compliance | Third-party due diligence completion rate | > 95% | < 80% (triggers remediation) |
| Supply Chain | Average customs clearance time (days) | < 7 days | > 21 days (triggers logistics review) |
| Infrastructure | Unplanned power outage hours per month | < 10 hours | > 40 hours (triggers BCP activation) |
| Talent / HR | Key position vacancy rate | < 10% | > 25% (triggers retention intervention) |
For a comprehensive KRI library including enterprise-wide indicators, see our article on key risk indicators examples.
Step 5: Governance and Reporting
Emerging market risk requires governance structures that connect local risk intelligence to corporate risk oversight:
- Local Risk Champions: Each emerging market operation should designate a local risk champion (not necessarily a dedicated risk manager) who monitors in-country risk conditions and escalates changes to the regional and corporate risk functions.
- Regional Risk Aggregation: For organizations with multiple emerging market operations, aggregate risk reporting by region (Africa, Asia, LatAm) to identify concentration risks and cross-country correlations (e.g., dollar strengthening affects all emerging market currencies simultaneously).
- Board Reporting: Emerging market risk should have a dedicated section in the quarterly board risk report. Include the KRI dashboard, any scenario trigger breaches, material regulatory changes, and updated risk-adjusted return analysis.
- Escalation Protocols: Define specific escalation triggers for each risk category: currency thresholds that trigger hedging review, political events that trigger scenario refresh, and sovereign credit downgrades that trigger exposure reduction.
FCPA and Anti-Corruption: The Risk That Can End a Business
The Foreign Corrupt Practices Act deserves special attention because the consequences of violation are existential: criminal prosecution, multi-billion-dollar penalties, debarment from government contracts, and reputational destruction.
FCPA enforcement has accelerated, with the DOJ explicitly targeting conduct in emerging markets where corruption risk is highest. For the compliance framework context, see our article on the COSO framework and how it is used for internal control assessment.
High-risk activities in emerging markets include:
- Government-facing activities: Permitting, licensing, customs clearance, tax administration, government procurement, and regulatory approvals. Any interaction with a government official is a potential FCPA touchpoint.
- Third-party agents and intermediaries: Customs brokers, freight forwarders, distributors, and consultants who interact with government officials on behalf of the company. The majority of FCPA enforcement actions involve third-party intermediaries.
- Joint ventures and partnerships: Local partners who may have government connections or who may engage in practices that violate the FCPA.
- Charitable contributions and sponsorships: Donations to organizations affiliated with government officials or political parties.
ERM controls for FCPA risk:
- Risk-based due diligence on all third-party agents before engagement, with enhanced due diligence for government-facing intermediaries.
- Contractual anti-corruption representations, warranties, and audit rights in all third-party agreements.
- Annual FCPA training for all employees and third parties in high-risk jurisdictions.
- Robust whistleblower mechanism (anonymous hotline or digital platform) accessible in local languages.
- Periodic auditing of third-party payments, expense reports, and gifts and entertainment records.
- Monitoring of OFAC sanctions lists for all business partners and counterparties.
Business Continuity Planning in Emerging Market Environments
Business continuity planning for emerging market operations must account for disruption scenarios that are rare in developed markets: political unrest, infrastructure failure, natural disasters with limited government response capacity, and pandemic-related supply chain disruptions with weaker healthcare systems.
Key BCP considerations for emerging market operations:
- Personnel security and evacuation: Maintain current evacuation plans for all expatriate staff and local employees in high-risk locations. Partner with security firms that provide real-time threat intelligence and extraction capabilities.
- Data and systems resilience: Ensure that critical systems and data are backed up to locations outside the country. Cloud infrastructure with failover to non-local data centers.
- Alternative supply routes: For each critical supply chain, identify at least one alternative route that does not depend on the same ports, roads, or border crossings.
- Cash management: Maintain access to hard currency reserves and multiple banking relationships to manage through periods of capital controls or banking system stress.
- Communication plans: Establish communication channels that do not depend solely on local telecommunications infrastructure (satellite phones, international mobile networks).
For the complete business continuity planning methodology, see our ISO 31000 framework overview for integrating BCP into the broader risk management process.
90-Day Implementation Roadmap
Days 1-30: Assessment and Baseline
- Inventory all current and planned emerging market operations, investments, and exposures.
- Conduct a gap analysis of the existing ERM framework against the eight emerging market risk categories.
- Engage local legal counsel, risk advisors, and industry peers for each market.
- Establish baseline country risk scores using public data sources (IMF, World Bank, EIU, Transparency International).
Days 31-60: Framework Extension
- Expand the corporate risk register with emerging market-specific risk categories and scoring criteria.
- Develop or refresh scenario models for currency shock, political disruption, and capital controls for each market.
- Build the emerging market KRI dashboard with automated data feeds where possible.
- Review and strengthen FCPA/anti-corruption controls, third-party due diligence procedures, and training programs.
Days 61-90: Governance and Integration
- Designate local risk champions in each emerging market operation.
- Establish escalation protocols with defined triggers for each risk category.
- Develop the board reporting template for emerging market risk (KRI dashboard, scenario triggers, risk-adjusted returns).
- Conduct a tabletop exercise simulating a combined currency shock and political disruption in the highest-exposure market.
- Present the enhanced ERM framework to the board risk committee for endorsement.
Frequently Asked Questions
Which ERM framework is best for emerging market risk management?
Both COSO ERM and ISO 31000 provide effective foundations. COSO ERM is widely used by US-listed companies because of its alignment with SEC reporting and internal control requirements. ISO 31000 is often preferred for international operations because of its global adoption and flexibility across organizational types and industries. Many multinationals use both: COSO ERM for the overall corporate framework and governance structure, and ISO 31000’s risk assessment process for the operational methodology in international subsidiaries.
How should US companies approach political risk in Africa?
Treat political risk as a first-order risk category, not a background assumption. Use quantitative indicators (EIU political stability index, sovereign credit ratings, Transparency International CPI) supplemented by qualitative intelligence from in-country advisors, diplomatic channels, and industry associations. Model political risk scenarios explicitly in investment appraisals. Consider political risk insurance through MIGA (World Bank), OPIC/DFC (US government), or private market insurers. Build relationships with multiple levels of government to reduce dependency on any single political patron.
How do you hedge currency risk in markets with limited hedging instruments?
Where forward contracts and options are available (Brazil, Mexico, India, South Africa), use them as the primary tool. Where instruments are limited or prohibitively expensive (many African markets), structural hedges become important: match local currency revenues with local currency costs, maintain USD-denominated pricing clauses in contracts, hold hard currency reserves, and negotiate intercompany loan structures that provide natural hedging. For high-exposure markets, consider non-deliverable forwards (NDFs) traded offshore.
What is the biggest FCPA risk factor in emerging markets?
Third-party intermediaries. The majority of FCPA enforcement actions involve payments made by agents, distributors, customs brokers, or consultants acting on behalf of the US company. The single most effective FCPA control is rigorous, risk-based due diligence on all third parties who interact with government officials on the company’s behalf, combined with contractual anti-corruption provisions and ongoing monitoring.
Should emerging market risk be managed at the corporate level or locally?
Both. Local teams have the intelligence and context to identify and monitor in-country risks effectively. Corporate risk management provides the governance framework, aggregated view, cross-country correlation analysis, and board reporting.
The model that works best is local risk champions who report to a regional risk coordinator, who reports to the corporate CRO or risk committee. Decisions about risk appetite, hedging policy, and escalation triggers should be set at the corporate level. Execution and monitoring should be local.
How does AfCFTA affect risk management for US companies in Africa?
The African Continental Free Trade Area, which came into force in 2021, aims to create a single continental market by reducing tariffs and non-tariff barriers across 54 African countries. For US companies, AfCFTA creates opportunity (larger addressable market, simplified intra-African supply chains) and risk (increased competition from regional players, uneven implementation, rules of origin complexity). ERM should monitor AfCFTA implementation progress at the sector level and model scenarios for both accelerated and stalled implementation.
Conclusion: The Growth Is in Emerging Markets. So Is the Risk.
US investors and multinationals that treat emerging market risk management as an afterthought, or as a simple extension of their domestic ERM framework, will be caught unprepared when the inevitable shock arrives: a currency devaluation, a regulatory reversal, a political crisis, or an FCPA enforcement action.
The organizations that succeed in emerging markets are those that invest in understanding the risk environment as deliberately as they invest in the growth opportunity. They conduct structured country risk assessments before market entry. They expand their risk registers with emerging market-specific categories. They run scenario analyses that model tail events, not just base cases. They monitor KRIs continuously, not quarterly. They build governance structures that connect local intelligence to corporate oversight. And they treat FCPA compliance not as a cost center but as a condition of operating in these markets.
The frameworks exist. COSO ERM and ISO 31000 provide the structure. The risk categories are known. The data sources are available. The implementation requires discipline, investment, and the recognition that the risk management practices that work in the US are necessary but not sufficient for the markets where the next decade of global growth will occur.
Build your emerging market risk management capability. From enterprise risk management frameworks to country risk assessment methodologies, our resource library covers the standards and practical tools that risk and investment professionals rely on. Explore our guides at Risk Publishing to deepen your understanding of ISO 31000, COSO ERM, and risk management for international operations.
Sources and References
- IMF. Emerging Markets Face a Perfect Storm. Public Financial Management Blog (April 2025). blog-pfm.imf.org
- Duke University Fuqua School of Business. Emerging Market Outlook 2025 (2025). fuqua.duke.edu
- World Bank. Doing Business Indicators. World Bank Group.
- Transparency International. Corruption Perceptions Index 2024.
- COSO. Enterprise Risk Management – Integrating with Strategy and Performance (2017).
- ISO 31000:2018. Risk Management Guidelines. International Organization for Standardization.
- U.S. Department of Justice. FCPA Enforcement Actions and Guidance.
- Moody’s. Exploring Diverse Opportunities and Risks in Global Emerging Markets (2025). moodys.com
- PineBridge Investments. 2026 Emerging Market Debt Outlook (December 2025). pinebridge.com
- African Continental Free Trade Area (AfCFTA). African Union.
Chris Ekai is a Risk Management expert with over 10 years of experience in the field. He has a Master’s(MSc) degree in Risk Management from University of Portsmouth and is a CPA and Finance professional. He currently works as a Content Manager at Risk Publishing, writing about Enterprise Risk Management, Business Continuity Management and Project Management.