The most common mistake by law firms regarding geopolitical risk is simple: They don’t see themselves as exposed. They’re highly attuned to client risk but fail to apply that same lens internally, assuming they’re removed from volatility because they’re not the principal actor.
Many firms operating abroad, whether through offices or client work, believe they’re insulated from risk or lack the capabilities to track it. But risks emerge gradually from shifting political conditions and instability, requiring planning before a crisis escalates.
Firms face two distinct but overlapping categories of risk: client risk (advising organizations impacted by sanctions, corruption investigations, or shifting regulatory regimes) and direct risk (the exposure of their own people, data, reputation, and operations).
Legal Work Impact
These dynamics are currently playing out in Iran and Mexico, where political uncertainty and regional tensions create ripple effects extending beyond borders. Those effects can translate into real risks for firms with international clients, matters, or travel.
Geopolitical risk often hides in plain sight. Attorneys frequently travel abroad for depositions and client meetings—sometimes to jurisdictions experiencing instability or corruption concerns. Firms may represent clients operating in volatile regions or industries vulnerable to government scrutiny, sanctions, or asset seizures.
Political upheaval can trigger nationalization, corruption investigations, or targeting of individuals tied to foreign companies. Laws such as the Global Magnitsky Human Rights AccountabilityAct allow governments to sanction individuals connected to corruption, quickly creating compliance challenges.
Even seemingly routine legal work can involve hidden exposure.
For example, London law firm Mishcon de Reya reportedly handled a significant property transaction in 2024 for a foreign billionaire who was later sanctioned by the UK and US. Public reporting had already identified potential warning signs, including a related money laundering investigation and the client’s status as a politically exposed person from a high-risk jurisdiction.
This illustrates how an otherwise standard engagement can quickly implicate sanctions and reputational concerns that extend far beyond the immediate legal matter.
Falling Short
While many firms invest heavily in cybersecurity, fewer maintain formal risk management or security functions comparable with multinational corporations.
Larger global firms are more likely to have some level of security or risk infrastructure in place. This makes the capability gap especially relevant for smaller and boutique litigation firms, which may not view themselves as exposed but can still face significant risk through client matters, travel, and the information they handle.
And the gap matters because attorneys are attractive targets.
Firms and lawyers hold significant amounts of sensitive information, and attorneys traveling abroad may operate in jurisdictions with limited legal rights and remedies.
Authorities may not respect attorney-client privilege or constitutional protections, and attorneys could be detained or questioned as potential witnesses because of their connection to a client under investigation.
Although formal data doesn’t exist, it’s well known that law firms lag behind corporations on geopolitical risk. Continuing legal education programs spend significant time on cybersecurity, business continuity, and succession planning—yet geopolitical risk is rarely part of the conversation.
Often viewed as a low-probability issue, it’s not prioritized, despite extremely high consequences. But risk assessment is about impact and danger as much as it is about likelihood. For law firms, that could mean an attorney detained abroad or entangled in sanctions.
Risk in Practice
Geopolitical risk can take many forms. Travel security is often the most immediate concern. Risk can begin the moment an attorney lands abroad: getting through customs, navigating transportation, and avoiding being targeted as a foreigner en route to a hotel.
In some countries, taxis may be unsafe; in others, rideshares are the risk. Coordinating vetted transportation, knowing where to stay, and even presenting oneself properly can materially affect safety. Yet many firms approach travel without a clear plan.
Other threats are less visible but equally significant. Governments may monitor communications or conduct surveillance. Sanctions regimes can change quickly, creating risks for firms and clients. Illicit networks can obscure beneficial ownership and expose companies to legal scrutiny.
Assessing Exposure
Certain factors should prompt firms to assess their exposure: frequent international travel, clients in high-risk jurisdictions, and matters involving sanctioned regions or industries. Another sign is the absence of any sort of structured process for managing risk, such as a designated travel risk manager, contingency plans, or clear response protocols for incidents abroad.
At a minimum, firms should be asking:
- Who are our clients, and where are they operating?
- Where are our attorneys traveling, and how often?
- Do we have a designated owner of this risk, whether general counsel, the chief operating officer, or a defined point of contact working with firm leadership?
- What protocols are in place to support attorneys before and during international travel?
Even without in-house resources, assigning ownership and implementing basic safeguards can significantly improve resilience. Firms that do so are far better positioned to avoid disruption, protect their people, and maintain continuity if something goes wrong.
Actionable Steps
Law firms operating internationally should begin with a basic travel risk management strategy, including pre-travel risk assessments, local condition reviews (at a minimum, State Department guidance), safe accommodations and transportation, and knowledge of whom to contact if issues arise.
More robust programs similar to those of corporations may include travel risk intelligence, vetted in-country support, and contingency planning such as medical evacuation or political risk coverage.
Enhanced due diligence on clients is equally important. Sanctions can shift quickly. Understanding beneficial ownership, political exposure, and cross-border financial activity can prevent routine matters from becoming liabilities.
Law firms aren’t adjacent to geopolitical risk; they are part of it. As that risk becomes more complex, firms that fail to plan will leave themselves exposed. Taking some practical steps can protect a firm’s people, assets, and reputation if something goes wrong.
This article does not necessarily reflect the opinion of Bloomberg Industry Group, Inc., the publisher of Bloomberg Law, Bloomberg Tax, and Bloomberg Government, or its owners.
Author Information
Shafi Saiduddin is CEO of Legalis Intelligence Advisors, a licensed attorney and former Army Special Operations Forces and Intelligence Community professional with more than 30 years of national security experience.
Write for Us: Author Guidelines
