A Holistic Approach to Assessing Supply Chain Risk

June 8, 2017
A holistic approach can enhance visibility, prioritize significant risks and provide a clear roadmap to regulatory compliance and revenue protection.

Global regulatory trends and the associated reputational pressures focused on supply chain transparency and responsible sourcing have mounted in recent years. Companies conducting interstate and international commerce face an expanding litany of compliance requirements and customer-driven obligations. As each new obligation comes into focus, a leader in legal, compliance, environmental health and safety (EHS), procurement, or another relevant corporate department is given responsibility for specific compliance.

It’s common for departments to operate independently, failing to coordinate on overlapping compliance requirements. Add in the complexities of multiple enterprise resource management (ERM) systems, mergers, acquisitions, divestitures, and all the other changes to product catalogs, and the compliance process becomes even more challenging.

Many companies could benefit from taking a step back and evaluating a centralized and holistic approach to supply chain regulatory management. This article outlines the significant steps and benefits of a holistic approach and also highlights some of the regulations that have spurred the need for this approach.

Adopt a Broader View

The first step in creating a holistic supply chain program is to develop a comprehensive view of the regulatory compliance landscape. Organize a “supply chain summit” with all the relevant personnel from legal, procurement, sustainability, EHS, IT and other departments to create a master list of compliance requirements and relevant dates.

Once the minimum requirements are clear, the second step is to layer on any additional considerations for customer requests and industry trends. Address all the relevant stakeholders—regulators, customers, socially responsible investors, nongovernmental organizations (NGOs), industry groups, competitors and other significant groups.

With this comprehensive view, the third step involves creating a master calendar of annual compliance obligations, highlighting deadlines for:

• Data collection from suppliers (including follow-ups and escalation).

• Validation and certification of data.

• Submissions to customers.

• Website disclosures.

• Regulatory filings.

• Benchmarking or other relevant processes.

• Technology updates.

• Evaluation and revision of terms and conditions and other important documents.

This holistic approach to compliance affords some unique benefits as well as an important opportunity to:

• Plan proactively instead of reactively.

• Harness collective institutional knowledge to benefit the whole organization.

• Combine efforts and streamline outreach.

• Avoid supplier fatigue from uncoordinated or duplicated requests.

• Enhance visibility of supply chain risk.

• Educate colleagues on other requirements.

• Maximize use of existing processes for new obligations and disclosures (for example, supplier audits can be adjusted to accommodate newer anti-human trafficking requirements).

• Create a comprehensive risk rating for suppliers and a scorecard measuring overall compliance and responsiveness.

• Plan for enhanced supplier onboarding.

Consider Major Regulations

A robust supply chain compliance program should identify and evaluate the requirements of all applicable regulations. Considering each one carefully is critical to the process of establishing a holistic approach. Following are some of the more challenging regulations.

Conflict Minerals

On Aug. 22, 2012, the Securities and Exchange Commission (SEC) adopted Section 1502 of the Dodd-Frank Wall Street Reform and Consumer Protection Act requiring issuers to disclose their use of tantalum, tin, gold, or tungsten (3TG) if those minerals are “necessary to the functionality or production of a product” manufactured by that issuer. The intent of the rule is to cut off funding to armed groups responsible for extreme violence and human rights abuses in the Democratic Republic of the Congo (DRC).

May 2017 marks the fourth year that companies file a Form SD and a Conflict Minerals Report with the SEC. Uncertainty exists about the future of the conflict minerals rule in the United States. On Jan. 31, 2017, SEC Acting Chair Michael S. Piwowar issued a public statement titled “Reconsideration of Conflict Minerals Rule Implementation.” He opened a 45-day comment period to determine if the conflict minerals rule still is appropriate and whether any additional relief is needed.

As U.S. filers await clarity, the European Union (EU) is finalizing a similar regulation aimed at halting the financing of armed groups through the trade of 3TG in developing countries. The EU rule is not limited to the DRC and adjoining countries, but applies globally to all conflict-affected and high-risk areas. Additionally, the EU rule will mandate reporting for certain importers of raw materials and request voluntary reporting for downstream manufacturers who use the minerals in their products.

In addition to U.S. and EU conflict minerals rules, companies also are trying to understand the impact of the “Chinese Due Diligence Guidelines for Responsible Mineral Supply Chains” and the new Massachusetts law that requires the state to examine the electronics and communications companies from which it purchases to ensure it does not fund the armed conflict or contribute to human rights violations in the DRC. Many universities have adopted conflict-free resolutions, creating additional uncertainty for suppliers. Several major companies also are now voluntarily tracing the cobalt in their supply chains following revelations from Amnesty International about mining conditions and forced labor.

Anti-Human Trafficking

An estimated 20.9 million victims of forced labor exist globally, according to 2012 estimates [Editor’s note: That number could be as much as twice as high in 2017.] As such, regulatory bodies are just one of the many stakeholders demanding supply chain transparency. Investors, NGOs and consumers are also pressuring companies for transparency so that they might make better-informed decisions.

California’s Transparency in Supply Chains Act of 2010 (CTSCA), the UK’s Modern Slavery Act of 2015 (UKMSA), and recent amendments to Federal Acquisition Regulation (FAR) in the United States are driving the need for enhanced supply chain transparency. While the FAR amendments affect federal contractors and subcontractors, the CTSCA and UKMSA both cast a wider net, affecting tens of thousands of companies directly, along with untold numbers in their supply chains. Compliance requires that companies assess their supply chains to identify and mitigate areas of risk associated with human trafficking. The rules also require website disclosures, and UKMSA expressly directs that a director or partner of the company sign the disclosure and that the company’s website feature the disclosure prominently.

Substance Restrictions and Regulations

Concerns about environmental and public exposure to hazardous chemicals have prompted many countries to implement regulations restricting the use of certain chemical substances. The EU Restriction of Hazardous Substances (RoHS) Directive, the EU Directive on the Registration, Evaluation, Authorization and Restriction of Chemicals (REACH), the Japanese Chemical Substances Control Law, and California Proposition 65 are prominent examples.

In addition to the jurisdictional restriction of certain substances, industry-specific lists of restricted substances have been developed, including diverse industries such as textile manufacturers, the automotive industry and fragrance manufacturers. Failure to comply with these regulations can result in fines or exclude manufacturers from selling their products into certain markets.

U.S. Economic Embargoes and Trade Sanctions

The U.S. Department of Treasury’s Office of Foreign Assets Control (OFAC) has administered various sanctions programs aimed at advancing the international goals and security interests of the United States. The lists of economic sanctions are increasingly complex and companies are expected to react immediately to any changes.

OFAC sanctions are not limited to direct business contact with a sanctioned entity. They also can be levied if any secondary party with which the company works does business with a sanctioned entity. This extended scope of potential liability increases the necessity of enhanced supply chain visibility.

EU Nonfinancial Disclosures Directive

The EU nonfinancial disclosures directive aims to provide shareholders and stakeholders with enhanced insights into the performance achieved by companies as those companies address risks related to environmental, human rights, anticorruption and bribery, board diversity, and other social and employee issues. Companies’ internal policies and the actions they take concerning conflict minerals, anti-human trafficking and substance restrictions will shape the content of these disclosures. Even if a company is not directly subject to the directive, it may receive inquiries from customers who are.

Corporate Social Responsibility

In addition to the binding regulatory requirements, companies also face pressures from customers and NGOs to take a more active role in corporate social responsibility (CSR). Various organizations, standards and codes with which companies can work to ensure CSR include CDP (formerly the Carbon Disclosure Project), an organization that works with shareholders and corporations to disclose the greenhouse gas emissions of the world’s major corporations; International Organization for Standardization (ISO) management standards; the Electronics Industry Citizenship Coalition (EICC) Code of Conduct; and the United Nations Global Compact.

Antibribery and Anticorruption

The Foreign Corrupt Practices Act (FCPA) was enacted in 1977 but has been in the spotlight recently due to the immense fines and penalties levied against pharmaceutical, manufacturing and other companies. The act essentially prohibits bribing foreign officials for the purpose of gaining business. Increased globalization makes compliance with the FCPA, and the corresponding U.K. Bribery Act, a critical priority. Establishing strong policies, training employees, mandating oversight and conducting continual monitoring are some of the hallmarks of a robust program.

Create a Comprehensive Compliance Plan

Creating and implementing a comprehensive compliance plan take some effort and planning but offer many benefits, including:

• Increasing efficiencies.

• Reducing supplier fatigue.

• Improving risk identification and mitigation.

• Allowing for more informed sourcing decisions.

• Speeding up response time to emerging and evolving regulations and customer requirements.

Using existing technology or comprehensive compliance software programs can further streamline the process. Technology can assist with determining applicability and scope, connecting with suppliers, managing data, validating responses, coordinating with and reporting to customers, and developing regulatory disclosures.

The global supply chain compliance landscape, which has grown increasingly complex, necessitates companies take a fresh approach to effectively manage a litany of regulations and customer demands. A holistic approach can enhance visibility, prioritize significant risks and provide a clear roadmap to regulatory compliance and revenue protection.

Chris McClure is partner, Rebecca Neary is a senior staff member, and Meghan Rzepczynski is advisory services manager with consulting firm Crowe Horwath LLP.

Sponsored Recommendations

Voice your opinion!

To join the conversation, and become an exclusive member of IndustryWeek, create an account today!