How do the massive family conglomerates of the GCC think when it comes to scaling, wealth preservation, and corporate expansion?
In this episode of Exit Builders, host Adel sits down with global risk leader James Rammel to pull back the curtain on how large family offices and sovereign investment arms evaluate acquisitions. Moving past the black-and-white constraints of legal compliance, James breaks down the critical execution edge of modern Enterprise Risk Management (ERM). From managing shifting data protection laws across 14 different Middle Eastern countries to engineering bulletproof supply chain resilience in the face of global geopolitical chaos, learn why risk is no longer a quarterly check-the-box exercise, but a weekly operational necessity.
Whether you're an early-stage startup founder or an established business owner looking to optimize for a high-value exit, this episode reveals how to build systems that protect your margins and make your company inherently more attractive to institutional buyers.
Large GCC family groups expand aggressively via strategic M&A to preserve wealth and monopolize key sectors. However, they rarely want to manage day-to-day ground operations. They look for clean, platform-ready businesses with strong senior leadership teams that can immediately yield an investment return.
While corporate lawyers operate in a binary world of regulatory compliance, a Chief Risk Officer (CRO) evaluates how to push the business forward through ambiguity. The goal of risk management isn't to eliminate risk entirely—it's to identify the exposure and deploy cost-effective mitigation frameworks that protect the corporate timeline.
Given today's rapid geopolitical shifts, sudden international tariffs, and changing cross-border data privacy rules, a static risk register is useless. Modern enterprise risk requires a dynamic, decentralized framework where functional stakeholders own their risk parameters and review them on a rolling weekly basis.
"A lot of the time, people don't realize that quarterly and half-yearly reviews are now not enough with everything that's going on in the world... It's a chaos level now. You need to be reviewing your risks on a weekly basis." — James Rammel
[00:00:00] These big family groups, you've been with them, you understand how they think, how they operate when they expand. What's their philosophy when it comes to expanding? Is it acquiring? Is it setting up? I think, I think it's more from my experience, it's more around acquiring. they're very much around, uh, acquiring businesses to get a, an investment return.
[00:00:24] whether they're in them for the long term is debatable, um, but a lot of them look at it from an investment purely in investment, which is why the investment arm, I believe, is, is very, very focused and very,concise. And it's what it's trying to achieve. So you get a lot of CFOs and you get a lot of companies and family offices where they're, they're focused on having certain businesses that they have a majority stakeholder stake in, uh, that give them a return.
[00:00:53] and that's where they, uh. especially in this part of the GCC, focus on, you know, when you look at the, investment funds for the governments, they're all in big businesses, but you know, it's a localized level. They're about buying companies and or investing in companies that they see a return on.
[00:01:11] And what are usually, uh, the types of companies they look for in your experience? sizes, industries. It. Uh, to be quite honest, I think it's about a diverse portfolio. a lot of them not necessarily, stick to one specific industry. There's a lot of variation from the interactions I have. I, a lot of them look for new emerging businesses that could take something like sustainability or, um, something on crypto or whatever.
[00:01:42] but they look to invest in them early. Um, especially when the business is seeking investment, and in a return for. scaling the business. and a lot of the times businesses won't scale until they have the investment to do it. So they'll, that's where they kind of fit in. depending on the size of the family business, it depends on what they want to invest in.
[00:02:05] some of them invest in, in assets, others invest in businesses. some diverse between both. so yeah, so it, it depends really on what their. What their overall strategy is for investing and what do they, like I'm assuming always family businesses, they're aggressive, they want to monopolize, they want to preserve the wealth.
[00:02:29] Yeah. No, no, definitely. So, uh, so that means they follow strategies that help them achieve these objectives. How do I monopolize if I can? And how do I achieve or, uh, sustain the wealth or maybe even increase it possibly. Yeah. Yeah. Wealth increasement. Yeah. Yeah. So the question that always comes in my mind is how do they, if they're looking at acquisitions, are they looking at acquiring, new verticals or they're looking to expand into like vertically, into like the supply chain to maximize.
[00:03:07] No efficiency. I don't know whether that, I don't know whether they would do the, the second part to maximize efficiency. I think it would be more around, they would invest into the business to expand it rather that they would let the operation, I don't know if family offices would get to involved in found in opera.
[00:03:28] Opera in. On the ground operation, it would be more around how do they scale it and how do they move it forward and how do they invest in it. Um, some of them would invest in, might invest in a little section of it, so they might invest in, they see that the development of the senior leadership team needs that, but the business is not big enough to afford that.
[00:03:48] So they'll invest in that way. So they do it in various ways. It depends purely upon what kind of business they're doing and how they're, how much they want to invest in it and what they see as the future potential. So there's a lot of bit around, you mentioned earlier around the CFO and what they do and how do they understand what it all links into.
[00:04:07] some of them will have purely CFO and chief investment officers. Some of them won't. Some of them will amalgamate roll into one. It depends what they, how they specifically want to do it. And how big the office is and the, the investment scope available, I suppose is, is where it kind of sits.
[00:04:25] Yeah. and there's a lot of family businesses in varying sizes and they'll work in different ways. so yeah, that's, that's, that would be my view. It just depends on what they, what their. Whole strategy is if they, if they have built it, they're just setting off. You never know. Yeah. You might have something different.
[00:04:41] Lawyers basically, where they only highlight not all of them. Some of them, they only highlight what's wrong, what could go wrong. Yeah. And they don't give you a solution. So our risk experts or the area of risk, is it the same or is there, a way. To think about it or maybe frame it in a critical analytical thinking, approach.
[00:05:08] I think from a lawyer point of view, from a legal point of view, your, you can, and the difference between legal and risk is legal will very much be around the impact on, regulatory. Scenarios. Risk is more around looking at it from a view of we want to move forward and we want to move.
[00:05:32] We want to go, so this is a risk. What mitigating action do we need to do? That doesn't necessarily eliminate the risk because I think sometimes people get caught in the yes and no scenario or the right and wrong. And you can't not in business these days, business can be very am. There's a lot of ambiguity around business and how it works.
[00:05:53] Risk is more around understanding the risk and saying, okay, what actions can we put in place that limits the risk to the business? With the legal side of things, you are, you can be very black and white because you are required to do this, to achieve this. regulatory wise. but I think if you, I think that's where you'll kind of get a little bit of a difference if I was doing something in relation to a legal, person, because there would be a very much a yes and no.
[00:06:23] This is what we need to do. My argument would be, yeah, okay, if we don't do that, what's the risk of us? Not, and it might well be you have to do it 'cause that's what legally you've gotta do or you can't get. certified or you can't get,registered or you can't get a license or you can't, you know, there's licenses that are required in, in the UAE to be able to trade, you know, and we're in a coffee shop, you know, they can't trade without a license and there's certain things they need to do to get that license.
[00:06:51] They're non-negotiable. You don't get the license, you don't do it. You don't get the license. And I think what the risk function comes in is, is around okay. What's the risk of not doing it, but also what do we need to do to enable us to get the license Yeah. In the most cost effective way. Yeah.
[00:07:07] Rather than, and I'll give you an example. Previously we've opened a store where there's been a requirement for a certain amount of equipment that's needed to open. But actually when you challenge you, when you're challenged, you can get away with a lot less. Mm. So the, so there, there, the risk is highlighted around, okay, we can still do the same thing, but we don't need to do it in quite such big detail on big cost.
[00:07:28] Mm. To enable us to do it because the cost is too much. Um, so we can do certain parts of it and still achieve the goal. whereas when you look at it from a one point of view, you go, well, I need to do this, and this is the answer. Well, that's not very flexible really. Yeah. Yeah. What about, um, we're talking about, again, going back to the critical analytical thinking.
[00:07:50] Uh, there is a concept of deductive reasoning when it comes to saying, this is what we're trying to achieve by this date. Like the example of opening a store Yeah. In Dubai by this date. Uh, how can we plan it or build up the time timeline, especially if you're working with the project management team, or how does that, the nature of that discussion go?
[00:08:12] Because usually with CEOs of startups. We, I've been there. I've worked with them as well. Yeah. I would say we want to ignore all the challenges because. Somehow we believe if we ignore it, we don't, we won't have to deal with most of it. Yeah. And when it comes, we'll deal with it. Yeah. When issue comes.
[00:08:36] Yeah. I think, I think that's, and I think that goes down to your, to the project management team in relation to how do they plan all of the things with experience comes these scenarios that you can work around. and sometimes you can outsource your project management and they, their specialist.
[00:08:52] You know, I know of a specialist company that actually comes in and, and builds the store for you, and then you just basically at handover pick it up. Um, and in the background you are doing your regulatory or legal, whatever, registration, whatever it is you need to do. Mm-hmm. so I think it's, I think it's more around the understanding of a, a timeline and a process to follow, and whether you outsource or whether you don't, and if you're big enough to have an indoor, an in, in-house team, fair enough.
[00:09:20] If you're not, then you'll outsource. Yeah. Um, outsource comes a bit more, you would hope a bit more, guidance and project management experience to deliver on time in full. but in this part of the world, it's not guaranteed. You know, I mean that all you need is a hold up in the government side of things and you can be behind schedule and that's where you kind of need to lead.
[00:09:46] Give a little bit of leeway in your, in your project timelines for slippage, and work around that. But I mean, you can, you can get held up quite considerably with government, especially, if they, you are not. Adhering to what they want in a specific, in the way that they want it. And that's where you, your in-house or your outsourcing works with it.
[00:10:10] and how does your relationship, uh, I mean work or the dynamics work between the CRO and the CFO? very much together, really, to be quite honest. You are, I always look at it from a, a point of view. This, the CFO is, is your, is your cash and your finance and everything to make sure that that is.
[00:10:28] keeps the cash flow coming. keeps the numbers correct, keeps the, you know, if you've got a, whatever targets you've got, their targets are on track. but they're all from a financial side. It's one arm of it. It's not the other arms that the, that link together, you and reputational and an operational, they're not financial sides of things.
[00:10:48] They're business. So the CRO works very closely with all of the board members and the senior team. to understand the risks from their specialist function and pull them all together. Now, it doesn't mean to say that the CRO picks up all of the work, and they don't, that's not their job. they're not a specialist in finance, potentially not a specialist in property.
[00:11:12] Then, whatever area it is, they're not a specialist in that. What they do is they pull the risks outta there, understand how they impact the business, put in and understand with the stakeholder what the. Mitigating action is that you need to take to reduce those risks. Um, and you pull it all together into, uh, I mean, there's AI systems coming on board all the time, but you know, the risk register goes in, but they're being automated as you go along.
[00:11:38] especially with the invention of ai, um, it make, it can make the efficiency very much better, using the tools. The tools are coming on board thick and fast, and they improve all the time. So it's, I suppose the challenge to everybody is what's the system you're gonna choose, but you amalgamate 'em all into one place and then on a very regular basis.
[00:12:00] I mean, I think a lot of the time people don't realize that, quarterly and half yearly and yearly reviews are now not enough with everything that's going on in the world. The geopolitical, unrest that we have and the chaos. 'cause it's classed as chaos now. It's past the, the unrest and every other level.
[00:12:19] It's a chaos level. you can't leave it a quarter or a half year or a year. In order to review. To review, you need to be reviewing on a weekly basis, and that's where it's, you work closely with all of the CFO and. At all areas of the CIO anywhere and the CEO, you, you just link with them all to understand where the risks are and how you help mitigate them.
[00:12:45] but you, but I think sometimes, especially in a smaller business, the senior team will fall back into like, CROs got it. Now they'll pick it up. And that's not true. That's not the way it works. You've got to, yeah. Disseminated out into the various stakeholders. 'cause their vested interest in reducing that, like, uh, the CRO is the custodian of the rest.
[00:13:09] Yes. But then everyone is involved totally in their own areas, ownership. And that's why it's important to, you know, look, everybody will be thinking, okay, Well's got a big long list of 20, let's say 20 top 20 risks. You're gonna go through those every week. No you're not. No. All you're looking at is. Is the action working and is there a need for review?
[00:13:31] Sometimes there might be that the actions you've put in place, you only need to look at three or four, but you've got to keep reviewing it. Whereas it used to be reviewed every quarter or reviewed every half year. You can't do that anymore. You know, it's just, it's too much going on. You know, when you only have to, you only have to look at Donald's tariffs and the unrest that that caused, and actually the impact on margins and supply chain and costs.
[00:13:56] Of moving things around you and you start whacking on two, 300% tariffs and all of a sudden something that used to cost a $1 now costs three times as much. Yeah. So you, I think that's, that's where people and businesses where the reaction time of the CRO now is more important than, than it ever was.
[00:14:18] Yeah. Um, and how much they have to do. To assist the business and in making Unrestful waters a bit calmer. Yeah. Yeah. Yeah. So we'll park the CRO discussion. I think we have a good, good, uh, good view of that. Thank you. Now, um, maybe I'd like to. Focus more on you, Uhhuh. How did you get into this field? How did you get into this area?
[00:14:51] Where did you start? And Well, I start because it seems, yeah, yeah. I can see the passion in your eyes when you're talking about, you know, risks. no, I, I've done a, I started off in the UK and one of the things I've always tried to do throughout my career is, is to learn and, and innovate and develop my own.
[00:15:09] skill sets. you know, starting off in the uk in, in, uh, in the supermarket industry, FMCG you in Bury was a big second biggest supermarket in the uk and I learned leadership and management and, and, and as you go up the ranks in, in, in businesses in the uk. It's all around how do you deal with people and how do you deal with, with the kind of operation that I did.
[00:15:36] So I did the operational side of things for a long, long time and then moved on to, Chaz Perkins and Wix, which was a bit different in relation to, it was, um, a trade merchant, different mentality, but it taught, I learned a lot around margin and commercial acumen there. So you earn leadership. I learned leadership at the first instance and then commercialism in, uh, in the second half.
[00:16:03] So I built a career up around knowing the operational side of the business and then also the, the back end of it. So your commercial side, your margins, your profit and loss, your your cost of goods and, and all of that. How it linked into. What you don't necessarily see when you are in the front end and your front end is all around customer.
[00:16:25] So you mean running call centers, managing stores, all those types of things. And then also being in a support function. You learn an awful lot around the whole areas of the business and that's always what I've tried to do. One of the things that brought me out to the Middle East was the challenge around, moving from a one trip pony, so to speak, which is basically what Sainsbury's is.
[00:16:47] It's a retailer, it's a supermarket, that's all it does. and moving into our shire was, a challenge for me because it was 80 different cultures, hundred thousands of stores spread over in multiple countries. And that's a different style of leadership and that's a different style of remote working that you have to kind of deal with.
[00:17:06] So pulling all together, all that I'd learned in the uk and then developing a framework of risk. part of the bit around Travis Perkins and Wick was, although I learned the commercial acumen, I also, you know, learned steering groups. And how do you bring all your stakeholders on board in relation to building a risk framework?
[00:17:28] So what I implemented into Alshaya was basically the frameworkof risk. So understanding where the risks are, the potential risks that are coming. So, you know, when companies moving to e-comm, you know, there's a risk around online fraud rather than. Fraud at the front end. you've got, um, corporate fraud, so you've gotta bring all those risk frameworks together and, and, you know, building that over, 15 years, 16 years in, in Alshaya, you're building up a framework around all areas of, of risk.
[00:17:59] And so starting off and implementing enterprise risk management frameworks into, uh, a company like Alshaya, which was moving in like a, a bullet train in expansion. Um, you, it takes a little while longer to get that framework set up. and so that was what brought me into, into really driving risk and understanding how it affects every part of the business.
[00:18:25] 'cause it does, whether it's people, whether it's operations, whether it's supply chain, whether it's financed, it doesn't matter where it is. And so you'll learn. As you move into new markets, the risks going into the new markets as you go into E-com, the risks on e-com as you go into, loyalty apps, you know what I mean?
[00:18:43] And an online loyalty and, and data. Um, so setting up a data protection office in our shire was, was huge because things were moving so fast. there was a, a strategy moving into, into online and aura and applications like that. You mean that? To roll out in every country that they operate in is a massive challenge.
[00:19:07] Why? Because in the Middle East region, every country has a different version of data protection. so you have to adapt 14, in this case, 14 different ways, to make sure that you can roll it out. And if you can. and then it's about how do you capture the data? So you link with, um, the information security office all the time.
[00:19:30] So you're working on how do you protect the data in one aspect and how do you capture the data in another and who has access to the data. So that's all around risk and all about how the, the framework set up. I did a lot of, understanding of how each, and, and one of the things around risk is you, you don't reinvent the wheel, you just.
[00:19:50] Adapt and modify to, to sit in relation to, um, what we describe as an international standard. So a lot of the times you hit iso, standard and that gives you a framework and basis for, so when you, whether you're going 31,000 or whether you're doing ai 42,000, it doesn't matter. Your framework is there under international standards.
[00:20:13] And then what you do is you look at each individual market and say, okay. What aren't we covering? Because if you try and write, say for example, in this case, 14 different procedures and policies, then people will never know what the scores are. You have one basis policy that goes with ISO standards, and then if there's an idiosyncrasy, it's an addendum in the policy.
[00:20:36] It's a lot easier to run, a lot easier to manage. but these things take time because. In the Middle East, and to be quite honest, around the world, AI policies are changing all the time. Data policies are changing all the time. So you are constantly, you know, when you go back to talking about risk and you talk about how you, what the C'S role is, you know, why do you need to review it every week?
[00:20:57] Because it might well be that the Uua E and Saudi bring out a change to their policy on data, and then Qatar does, and then Bahrain does three weeks later and then four weeks later, Egypt does and you've. Got to keep on top of that, otherwise you could potentially incur reputational damage or financial damage by not doing it properly.
[00:21:17] So in my whole, career has been built across learning and understanding and innovating as we go along. Um, and change management is, is fundamental to that. And a lot of the times you, I've tried to, to, embrace change. To make sure that my learning moves forward, you know, and doing my masters was, I did it in leadership and innovation because that helps me understand how innovation in marketing, for example, works and what's the risks associated with that.
[00:21:52] Capturing data, doing different, marketing activities. So you, it's all been around constantly learning and constantly adapting to the changing environment that is businesses. And now it's kind of for me that I feel really proud that it's, it's more amplified now because of the geopolitical chaos we're in, where businesses are changing and having to adapt and pivot as we've done all the time.
[00:22:18] so that's really what's, what's been me, throughout my career, is to try and make sure that I keep learning and keep adapting and keep innovating ways of working. Amazing. Thank you. And you touched on very important, uh. Um, an important point, which is how do you get people, there is a people factor.
[00:22:41] Mm. Right. When it comes to adapting, implementing these policies. Yeah. And you mentioned instead of having complex too many documents Yeah. Put them in one. What are the be how do you get everyone aligned? Uh, what are the common challenges you face? Usually when it comes to change management, getting everyone.
[00:23:00] I think And how do you sustain it? Is what? That's the Yeah, yeah. You're right. No, there's, there's a couple of things for me. You, you've got a, there's a. There's a psych, a psychological aspect in relation to change. And some people, you know, you've got a, they call it the bridge version where you kind of, some people will sit one side of the river, some people will sit on the bridge and other people will embrace the change and go over the other side of the river and they'll adapt the change and they'll move on very quickly.
[00:23:27] And the people that sit on the bridge are just hedging their bets in relation to how the people that went over the river have adapted. And then there's people that are on the other side of the river, they just won't change. And I think that's the thing around, if you've got a, the cultural side of aspects of businesses is around, a lot, it's about the timing of individuals and how they work, in relation to change, with risk.
[00:23:52] There's a, a little bit of a, a topic around, do people understand culturally that risk is very important or do they not see it at all? And that's the culture of the business. And how do you change that? That's a long period of time to do it in, and it starts with capturing every person, in my view, it starts with capturing every person that comes in the business.
[00:24:15] So everybody new to the business. Everybody existing is a different scenario. Everybody new in the business needs to understand this is what risk is, this is where we're going, this is what. Code of ethics is, this is what your governance is, this is, they need to understand that first. 'cause that's, once they understand how it links into the business, uh, business culture of the actual organization, then you are, you are able to kind of move forward with those people.
[00:24:43] The turnover in the business is always gonna be an issue depending on how much turnover you have. But I think then what you need to do is look at. What's your main points? Going back to the policy bit, the standard around international standard is, is, is the basis mark and then you have addendums. So you might have different inductions in an immersion packages in each country depending upon what the regulatory requirement is for that particular country.
[00:25:12] But I think what you've got is a long journey around constant, over and over again. Sometimes companies take the, the view of. Um, the cow and the stick. Mm-hmm. Okay. Depending upon how the leadership team wants to work, you can do it in a number of different ways, but you need to constantly revisit and constantly, um.
[00:25:33] educate people and I think that's very underestimated and how hard that is. just giving somebody a 20 minute video on something is fine, but you gotta keep going and relating to making it interesting. You know, my philosophy on training has changed over the years where I, instead of it being, I mean, they always used to say, I think there's a terminology around death by PowerPoint.
[00:25:58] you know, we don't. I don't use that anymore. I use things that make it more interesting for people to do. So it might be a, a story challenge, where, for example, they're a detective and they're trying to find stuff, but it makes it interesting and engaging and you've gotta make it engaging to get the message across.
[00:26:17] it's very hard in some topics. and I always remember there was a little bit of a challenge around, um, information security around, you know, clicking on the email link, checking where it's from. Is it, you know, I'm phishing. All those kind of emails that go on. I. But I think you just gotta constantly keep changing and keep engaging people on it is because they'll see it as a, oh, we did this last year.
[00:26:39] okay, yeah, you did it last year, but, but you, you still gotta keep going because the hackers, as we've seen and talked about with Mark and Spencers, they change all the time and it can, doesn't necessarily need to be in through the business. If you look at Mark and Spencer's, mark Spencer's was hacked through the supplier that had a link into the business.
[00:27:00] So you, you've gotta, everybody's got to be aware and even it just means instead of just clicking on something, hovering over something to see whether that link comes from, I had an email the other day, um, and I looked at it, it was just like, too good to be true. and I was like, okay. And I was about to go, oh, yeah, yeah, yeah, let me, and then I went, oh wait.
[00:27:21] And just looking at the email address and then doing a little bit of research for two seconds on whether that email address was legitimate. helped me say, okay. I mean, okay, I did click on it 'cause it was legitimate. It was from a legitimate company, but sometimes you just need that. It can be too good to be true.
[00:27:37] yeah. Um, 'cause you what you don't want to do. And I mean, I've had friends of mine that are actually, they have been hacked and you just don't want to go through it. It's, it's not a nice experience. it's horrible when you, for example, lose your Facebook account and then they get everywhere and then they're selling stuff in your name and it's, oh no, it can be a nightmare.
[00:27:57] What, how do you balance between. With change management, between motivating people, educating them, implementing controls to change the ritual or through rituals or changing the habits so that you get exactly what you want, you get them to operate in exactly the same way. It's, it's super hard and I don't think there's any one formula that you can do.
[00:28:20] I think it, it depends upon, you know, from my experience, you know, in Alshaya. People in Kuwait react differently to people in Saudi, react differently to people in, um, UAE, for example, on, on this, basically on the demographic background. And you have to really adapt and be flexible. it can't be a one size fits all, I feel.
[00:28:41] Um, you've got to adapt, you've got to be flexible, and you've got to work at what. It fits best for that particular market. Sometimes you go more in depth with more detail. Other times you can step back and go, okay, we can give you this overview and it will work. we move towards, uh, a matrix format in, for data protection, where the people that worked more with data, we gave them more training than people that did it.
[00:29:09] Mm. Because you. There is also a question from a human perspective as well, what has it gotta do with me? and if they don't feel that there's an engagement in relation to, it doesn't affect me, so I'm not really gonna bother, then you are, you're lost. You have to, you, we, we bought it down into low impact, medium impact, and high impact people with high impact, where there was a lot of data.
[00:29:31] So like the people function, part of the people function has a lot of impact on personal data. you train them more than you do, for example, somebody that has no interaction with it. You that may, it might just be a picker for a store, for example, in the depot or somebody just picking stuff in admin that's just filing, just general paperwork.
[00:29:52] They have minimal impact on data, personal data that affects them. so they don't need too much. And if you did give them that, you'd be going, well, I don't deal with any data, so they're gonna switch off. So I think you've got to have this fine balance between engagement and, and not, and how you change and, and develop that education piece over the course of time.
[00:30:16] 'cause it's difficult. it's not simple. One size, there's, there's not. and so that's where you kind of have to, what I got down to was, what worked was specific areas needed more than others, for that particular topic, For information security, for example, the whole company needed to do it.
[00:30:35] 'cause everybody has emails. So you can't miss anybody then. so you've got a, I think there's a, there's a very much around know your customer. And know what is needed to fit what they want. And it's very important to understand, especially when you're looking at it from risk point of view or you're looking at it from anything, from a people point of view, you mean every, we're not all robots, we're not all the same.
[00:31:01] And different people react to the different training methods in different ways. some like to just do it on their own with a bunch of headsets. Some people like to do it in a classroom environment. Some people like to do it. Face-to-face on one-on-one. It just depends how you can adapt all of that into your training and your people side of things.
[00:31:20] Interesting. Thank you. What about supply chain? We're looking at, uh, suppliers and partners and channels. Mm-hmm. Uh, how do you 'cause this? You have no control over them. They're external people, external entities. Yep. How do you formulate strategy? How do you look at it? How do you, I think there's, um, I think there's a way of, of, I use the word partnership around, engaging.
[00:31:47] There's, there's a bit about risk in the background around making sure that you can always have a resilience towards the business. Don't forget these. You might have a policy on, for example, data retention or how that works or systems, but the, when you've got, when the bigger you get, the more suppliers you have, the more challenging it is around, you know, what do those people within that company do and specifics that you have.
[00:32:17] So you, this is where the chief risk officer comes in, in relation to supplier partnership and what, what's the non-negotiables that the business has to do? So with suppliers, they are separate businesses. They are working their own business with their own challenges and their own ability to do, but they're, you know, you are a service provider to you.
[00:32:38] As they are a service provider, as their customer, you have a right to challenge them on various bits. We used to do various, visits to understand and nego and liaison with various main suppliers, and I use the word main in inverted comm mainly because. If you've got 3000 suppliers out and you can't visit them all, you've just gotta make sure that your, your main ones are, bought into what your standards are within your business and what you are trying to achieve.
[00:33:11] So you work very well. I mean, with our share, it's about franchisees. So working with the franchisees to make sure that their alignment, 'cause they might have some bits that they can give to you and you can give to them. it's always a two-way street in relation to that. So it's a challenge, don't get me wrong.
[00:33:28] but I think it's more around you setting your standards out in the initial contract stage and what you do with your suppliers going forward and the checks and balances that you feel comfortable with. Sometimes it's very difficult. Sometimes you wanna outsource it, sometimes you don't. so yeah, it's just around, that kind of thing.
[00:33:45] Um, you know, you have to build partnerships and relationships with them so that it's an open, honest conversation. And I think that's, you know, what a lot of the supply chain logistics directors do, uh, very much building relationships with the big suppliers that they use all the time and that they're in, uh, needing of.
[00:34:05] but it's also around. For example, the various divisions, making sure that the policy of the business is cascaded. Um, and I think that's sometimes where it can fall over a little bit. Yeah, because the brand is interested in selling, done an interesting in the due diligence behind the scenes. Uh, it's a kind of an unknown that's missed sometimes where it can fall over.
[00:34:29] What if there are multiple layers? Like for example, you had, uh, maybe Alshaya is not the right example, like Carrefour, for example. Will, would marginally. Uh, what if you've got like, uh. Two layers of suppliers. How does that, do you think that way as well when it comes to those? you've got a primary supplier.
[00:34:51] You can, you can, like I said, you going back to my, uh, you know, Carrefour for sainbury's bits, I mean, there was all around. Always around backups, you mean? Resilience is always around. You can't, in the interruption of supply chain, your main supplier always has a backup supplier. Um, and you always diversified and challenge each others around negotiation, around opportunity and delivery and uh, on time in full and, you know, all those kind of things that go on in the background.
[00:35:19] so the various layers are around. Diversification of ability to be, to continue the supply chain all the time. it's a bit more, it's a lot harder in the perishable side of things because, that's just the way, I mean, if a yield's down or the quality's rejected, you know, I remember, one of the things you get around running a call center and the support functions of call center was around the supply issues that used to go on and all the time there used to be.
[00:35:48] Supply a failure because the quality was rejected and it wasn't to the standard that's required. Well, that can impact the business tremendously when it wipes out something very major, especially for seasonal product. So you always have to have a backup, and it's about whether that backup can cope with the volume that you're required.
[00:36:06] If it gets in a, an amount, a percentage of it, then fine. You can still keep production going, but, um, sometimes you're wiped out and so you, it's just around the resilience of getting back on track with that. Um, so that's where you, you have to kind of, you know, work very closely with, I use the word partnership again.
[00:36:26] It's got to be in a partnership and you've got to be open and honest around, which are sometimes fails, but you've gotta be open and honest to supplier to say. You know, this is what we expect. If your, if your quality, if your QR rejects it, then what's the backup? Or do we need to diversify into somewhere else?
[00:36:47] So you do get that. and that's, that's business resilience and works in, in a different way. Nice. Okay. This is really helpful. Anyways, I think we covered a lot. We have, we have. Yeah. It's been good.