Ed. Note-today we have a guest post from Brian Alster, Global Head of Compliance and Supply, Dun & Bradstreet
With a growing number of complex regulations and directives, the only thing that is constant right now in the regulatory environment is change. Supply chain leaders and compliance professionals alike continue to grapple with how best to adequately identify, screen, and gain visibility into ownership structures of suppliers, resellers, manufacturers, distributors, and customers so that they understand exactly who they are doing business with at all times.
What’s at Stake?
Companies can unknowingly finance goods that are potentially obtained illegally or sold on the black market. Procurement teams that are unaware of the third-party restrictions and activities and have antiquated systems may put their company at risk. Without proper visibility, these teams could unknowingly be funding terrorism and human trafficking.
It’s not just regulatory concerns either. A higher overall demand for transparency and provenance today means there is more focus on how corporations conduct business and with whom. The demand for green and sustainable products and services, responsible sourcing, diversity in suppliers, and ethical business practices requires the corporate procurement teams to rely on consistent, fast, accurate, and global business compliance data and analytics that give them enough visibility into every supplier relationship in order to manage those relationships. At the same time, protecting brand reputation and avoiding costly non-compliance fines is also crucial. With the prevalence and speed of social media and digital news, a company’s image, honed over years or even decades, can be destroyed in mere minutes by a lack of supply chain insight.
Current Internal Challenges
As pressure mounts for Chief Compliance Officers (CCOs) to know third parties – customers, vendors/suppliers, TPIs, business partners, and acquisition targets — new pressures are growing for Chief Procurement Officers (CPOs) to Know Your Vendor (KYV), and for Chief Technology Officers (CTOs) to connect and consolidate platforms to onboard a customer, partner, or vendor. While CPOs and CCOs need to create a framework for vendor compliance around a single source of master data, most corporations use disparate systems and data that are dependent on the department’s individual compliance knowledge and corporate standards for registration and screening of outside entities. That structure is inadequate in a regulated world, and procurement leaders are often not equipped to do the level of due diligence required and instead rely on the traditional self-assessment onboarding of a supplier. That just won’t cut it.
In-depth research is needed to identify ultimate beneficial ownership (UBO) and third-party risks. No supplier with ties to or involvement in corrupt practices such as human trafficking or money laundering is going to self-report, so procurement must take the work on themselves and procure the third-party data needed to determine risk, protect against exposure, and comply with regulations around ethics, labor, diversity, health and safety, the environment, governance, and responsible sourcing.
Pressure is also mounting for companies to adopt corporate sustainability practices, such as the ten principles promoted by the United Nations Global Compact, which cover everything from areas of human rights and labor to environment and anti-corruption. Investors are also placing a premium on companies that have solid Environmental, Social and Governance (ESG) practices, because they often achieve greater profitability and are better investments. One-third of sustainability is risk management, which is comprised of regulatory management, reputation management, and operational risk management.
Real World Costs
The entire process, and the requirement for individual groups within a company to work together is daunting, but the rising costs associated with compliance pale in comparison to risk. Perhaps the most obvious and top-of-mind risk is the financial implication of being assessed fines for regulatory noncompliance. As two recent examples on the supply side illustrate, the fines can stop your business cold: Rolls-Royce agreed to pay $830 Million to UK, US, and Brazilian authorities to settle bribery and corruption allegations. In another recent example, two major Brazilian companies, Odebrecht and Braskem, were hit with a record $3.5 billion in criminal fines in what authorities say is the largest foreign bribery case in history. While Odebrecht’s US portion of the fine was significantly reduced, from $260 million to $93 million, fines that are assessed at such high million- and even billion-dollar amounts affect even the most profitable corporations.
The bottom line is that two key internal corporate functions — procurement and compliance — must work in lockstep as supply-side due diligence responsibilities fall increasingly to CPOs.
This convergence is crucial, but it’s also intuitive. Compliance teams have the master data and tools necessary to dig into third-party involvement and UBO, which is exactly what procurement teams across industries need to proactively manage third-party relationships efficiently, while accelerating due diligence, all while keeping up with ever-changing regulations and addressing customer demand.