On of the most well known of all criminal procedural rights was established by the US Supreme Court on this day in 1966, when the Court handed down its Miranda v. Arizona decision. It established the legal principle that all criminal suspects must be advised of their rights before interrogation. Now considered standard police procedure, “You have the right to remain silent. Anything you say can, and will, be used against you in court of law. You have the right to an attorney. If you cannot afford one, one will be appointed to you,” has been heard so many times in television and film dramas that it has become almost cliche. As a result of the case against Miranda, each and every person must now be informed of his or her rights when arrested.

I thought about the creation of new rights in the context of moving towards a broader supply chain risk management program. I recently had the chance to I visit with Jared Connors, senior CSR subject matter expert (SME), Assent Compliance on how to institute a broader program.

In 2019, under the Trump Administration, sanctions and a wide variety of other economic pinch points can be levied and changed on an almost daily basis. I asked Connors how this was impacting supply chain professionals. He said that previously the focus for supply chain professionals was on operational risk issues, this included “business continuity, quality lead time, availability, very similar procurement type risks to make sure that they can get the goods from suppliers they need to either assemble or manufacture or have assembled the products that a company is trying to put to market.” However, these operation risk issues have been overtaken by what Connors called “other peripheral risk issues, including regulatory issues addressing corporate social responsibility from human trafficking regulations, to environmental impacts and other similar corporate social responsibility issues.”

Yet Connors believes many supply chain professionals and companies are not addressing sanctions issues specifically involving Specially Designated Nationals (SDNs) and Potentially Exposed Persons (PEPs). Moreover, they are not evaluating their suppliers from the perspective “of am I even allowed to import goods from this company?” This has led him to conclude, “I think a lot of companies, are starting to realize that they’re leaving a lot of risk issues on the table and they are not sufficiently engaging.”

He provided the example of a CSR representative who might say something along the lines of the following, “I learned about this supplier months after the contract was signed and the procurement representatives said, I need you to address these risk issues that are out there. What do you mean we have risk issues out there with the supplier? We already have a contract. This puts the organization at a disadvantage to make sure that they are properly addressing engaging those risks with the suppliers.” Connors believes it is about setting expectations around the relationship, noting, “it just means that you might need to plant a seed with the supplier to make sure they’re clear on what the expectations are. Because oftentimes risk from the supply chain is nothing more than level setting on expectations.”

We then turned to risk assessments which are a key tool in managing your supply chain. One important way to think about risk assessments is to recognize that it is one data point that is continually refined with the additional data that you receive. Properly viewed this allows you to continue to refine information to narrow down a cogent list of the areas of risk which require your attention. In other words, this process allows you to determine the highest risks to your organization and manage those risks. This allows you to focus on your risk but in a cost-effective manner so that you are not spending time, money and your efforts on every risk, but on the key risks for your organization.

I asked Connors about the different ways to obtain information through the risk management process. He noted, “a lot of organizations will have their supplier management or supplier onboarding portals. You can start through very basic, oftentimes public information on a third party to determine your initial risk. This can be based on things like what types of materials they are producing for your organization, what is the risk associated with those types of materials, labor concerns, geographical risks, the amount of your spend, sole source suppliers and a myriad of other issues” which might show how vulnerable your organization is with a supplier if that supplier were to no longer exists tomorrow.

There are multiple ways to use information from your initial risk assessment. As you are gathering information on the supplier, you can further refine the focus areas you may need to address with the supplier. It may well be that you need to perform a  physical, onsite audit.

Yet even in that situation, Connors related, “oftentimes I find that corrective actions, for example, can be done long before physical audit. A physical audit can be used to actually assess if your supplier has instituted those corrective actions. If not, then then the auditor can go and focus on those things. Even for companies which cannot afford supply chain audits because they may have too large of a supply base or do not have the in-house capabilities to perform supply chain risk assessments”, Connors noted there are multiple “automated tools to help support that risk assessment.”

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2019