I recently had the opportunity to visit James Calder, the Vice President, Compliance & Regulatory Programs for Assent Compliance Inc. We considered what is supply chain risk management and why compliance professionals need to consider it for their anti-corruption programs.
We begin our introduction of the topic of supply chain risk management by focusing on the complexities of supply chain data exchanges. In my experience, and with the quantum of data generated by the supply chain, it is sometimes difficult to cut through the chaff and determine what is real and what is white noise. Further, while the complexity certainly is present, Calder noted it “is important to get data with respect to your supply chain as most companies are nowadays who are manufacturing products, with complex products in a complex supply chain that is typically touching on certain geographies all around the world”.
This dependency on suppliers is now a huge part of business risk, revenue and success. Calder said, “To mitigate any kind of business risk to achieve that business success, there needs to be clear access to the supply chain data and also ensure that that data is up to speed and the quality is up to speed. The complexity comes because you need to actually attribute certain qualities with every single supply chain data.”
Calder provided several different types of data that is critical in the management of supply chain. He listed such types of data that could relate to the quality of a business entity; individuals who are important within the business entity; the material composition of products that are supported by a business entity. He also noted the data could be “related to the activities which occur around the production of those materials and parts supported by that business entity.” Literally, each one of those topics can determine if your product can be sold within a market.
But is also includes such data as if your product is ethically sourced, are your products going to receive or be assessed certain duties, and even could terrorists import your product into a market? If you are sourcing products from a company which is on a sanctions lists it can create business risk. All this means the complexity of getting that data is significant because you have to map all those different data points from your supplier.
But supply chain risk management is not simply the external data from your suppliers or even with whom you are doing business, you must map that data to your internal data qualities because typically it is not just a pass through of data. Calder noted this is because you are “taking all that data and then you have to roll it up with respect to all those parts and suppliers into the story you present to your prospective customers. This requires a lot of business intelligence. It also requires an understanding of your market need because just getting data and passing it to your downstream supply chain does not always represent the full story.” All of this means complexity in supply chain data management is significant because your organization may literally have thousands of suppliers that represent millions of parts and materials.
We next turned to managing the supply chain data. I asked Calder how does a company think through managing that internally versus using an external third party and really what types of economies of scale a third party brings to the overall topic of cost of managing supply chain data? He began by noting there are two costs, “the immediate direct costs which are incurred by your business to utilize your internal resources, your internal technologies and your internal understandings to collect this data, aggregate this data, and then communicate that data.”
However, beyond this direct cost, there can well be a secondary cost. This is the cost which occurs when your organization fails to adequately manage its supply chain data and can lead to a market loss or reputation damage. Such failures could also lead to some type of enforcement activity which could translate in to fines, product removal or loss of investor confidence if things are not done well. So those are the direct internal costs and indirect external costs. Now these costs are usually born because of individuals “who are educated have a very strong vocational background or being dragged into sort of administrative activities which are not utilizing their core capabilities.”
The external supply chain data management entity brings a level of professionalism and expertise that is not typically available inside most organizations. This expertise allows the legal department, compliance department, supply chain or risk management professional to engage in activities which are not only better suited to their skill sets but also brings more value to their organizations.
It is through this data management that the anti-corruption compliance practitioner can make great inroads in assisting to management compliance risks. Understanding which suppliers create the highest risks anti-corruption risks and then bringing a robust risk management program into place will pay great benefits to managing not only legal risks but also the reputational damage which has become even more ubiquitous with the amplification through social media.
This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at firstname.lastname@example.org.
© Thomas R. Fox, 2019