How did supply chain risk management develop? Its roots go far back and to a very different place than I expected. I recently had the chance to visit with Travis Miller, Compliance & Regulatory General Counsel at Assent Compliance. Miller had a very interesting and, indeed, unique perspective on the origins of modern-day compliance programs. He draws the origins of compliance through the US environmental movements. The first of which began in the 19thcentury as the conservation movement. This movement began around the eradication of such animals as the buffalo and carrier pigeons. It also included the creation of our national park system, that started in an attempt to respond to those issues and similar.

Miller identified the second big environmental movement beginning with the publication of “Silent Spring” by Rachel Carson in the early 1960s. There was increased awareness of air and water pollution. This led to the formalization of an environmental movement and such events as Earth Day, which is still celebrated. It also led to US regulatory responses, beginning with the creation of the Environmental Protection Agency (EPA) under the Nixon Administration. Additionally, Congress passed several key pieces of legislation including the Clean Air Act, Clean Water Act, and Endangered Species Act.

All of these US and global environmental initiatives led the need for greater transparency in supply chains. Companies began to be required to disclose the chemicals and ingredients in their products. This type of transparency evolved into different directions to such areas as conflict minerals. Of course, consumers played a role as well through their purchasing power and decisions. Many purchasers of consumer products did not want to purchase products which contained dangerous chemicals or damaged the environment. Miller believes all of this is “really the background that led us to where we are today and what is driving a lot of action and what’s really kind of garnered the ethos of the population.”

All of the above led to supply chain risk emerging as a business continuity risk. From investments in physical plants and facilities outside the US, to other issues of sourcing, labor controls and business practices, have all become key risks in your supply chain. Yet when there is overseas manufacturing there may not be any way to regulate these dangers to consumers or end users. What Miller observed is that “in reaction to all of this regulators and policymakers started to think and they came to the conclusion that what we can regulate is the product and the supply chain which produces that product and the components that were used to produce that product.” It is from this perspective that a compliance response to “supply chain risk really started to develop and there has been a surge over the last 10 years.”

Miller said understanding industry standardization has led to a series of best practices for managing supply chain compliance, you can see not only where supply chain compliance derived but also see where it may well be headed. He stated, “Everything you can think of from the chemical itself, to chemicals which are mixed together, to every single thing is produced from chemicals. It also includes the nut that goes inside the washing machine as well as the washing machine itself and all have disclosure initiatives”. Miller used the following to illustrate this point, “you have a bit of a diamond shape in the supply chain. There are a few people that do extractive. Next are those who turn the extractives into chemicals, which is a larger group. From there it goes into component manufacturing. And then those component manufacturers (also known as the Original Equipment Manufacturers [OEM]) then have to provide information. Basically, anybody that makes anything out of that washer or that nut, and they have to give you all the substance information you need globally.”

This means that every one of those OEMs is going to ask for information in their own format. A company could spend an inordinate amount of time responding to these information requests in non-standardized formats. A key component of supply chain risk management is taking these disparate forms of information and standardizing them across an entire supply chain or even industry. In this manner, there is one document that everybody can ingest or agrees is acceptable. Now you can communicate that to everybody and it gives you a fighting chance to be able to meet the requirements of all these various companies and all of these various industry sectors in silos.

This approach resonates with the business community because it ties two disparate strands  together. First, it allows companies to not only understand their legal obligations but respond to them as well. It also allows companies to move forward in a more business efficient manner. Miller concluded by noting the real advantage of effective supply chain risk management is “you are going to save a bunch of time, a bunch of money, a bunch of internal resources and that’s really what drives the business community to take these types of industry standardized approaches and these types of decisions.”

 Market Drivers for Continued Development

Perhaps one of the largest challenges in the businesses world today is the impact of external stakeholders on business behavior. There has been a magnification through social media. This has led to a recognition that there are numerous external stakeholders that a company, if not has to answer to directly, must at least pay attention to in today’s connected world.

Miller believes that in many ways “it gets back to the corporation or a business purpose.” When  corporations and businesses were first initially formed, it was supposed to be a social good. Yet thought time, that ethos changed into more of a “continuous existence of the corporation, not simply to achieve a corporate good.” He feels that what is happening is a reaction to that, even “a very visceral reaction. In many ways that people are saying that corporations are not upholding their end of the bargain. Simply put they are not doing what they were originally intended to do and now people are expecting more of them.”

He believes that there is a large movement to go back to some of those requirements and original purposes corporations were created for. This has become the driver behind a lot of new initiatives. It has led to items that were once voluntary are now becoming mandatory through the implementation of a lot of rules, regulations, laws, market access requirements. All of this is particularly true in the supply chain and the Corporate Social Responsibility (CSR) space.

Yet the other interesting factor that in many ways this social drive is not simply through regulatory enforcement, like fines and penalties for paying bribes for violations of the Foreign Corrupt Practices Act (FCPA), but rather in much more social areas as a byproduct of our social media culture generally referred to as “name and shame”. Miller related that even for corporations “so much of what we decided to do as people is really dictated by those around us and their perception. When the perception is that you are doing something negative as a brand or as a company, this can oftentimes be more catastrophic, at least as catastrophic as a very significant financial penalty.”

Miller believes that much like FCPA enforcement, which was quite light for 25 years, “you are probably seeing a very similar trend right now with labor practice violations.” He believes that it is “only a matter of time before either the law is changed to allow for financial penalties or that some clever policy or some clever enforcement authority finds a way to hold companies accountable for not doing anticipated they should be doing. As laws become more mature, I think you are probably going to see a lot of that coming about in the next several years.”

We concluded by considering whether there would be a move towards more of a public-private partnership in the overall fight against supply chain abuse and exploitation in all its forms. Miller believes regulators and policy folks are willing to say that business should be done ethically. The problem now is there is no single benchmark to hold companies against or even up to. Miller feels that it is up to business to take this step and initiative the conversation. It is not simply the regulators who are going to come up with ways to set expectations. Yet this can be done in a public-private partnership between business and government. Miller believes this is what formulates a better way that all businesses can operate. Such a collaboration allows a wide variety of companies to demonstrate, explain and share how they themselves are successful in the supply chain risk management arena. Miller concluded that it is “almost a race to the top scenario that gets created when policymakers and regulators collaborate” because they can demonstrate why the actions they are taking are so valuable.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at

© Thomas R. Fox, 2019