The Red Flag Group®
How to succeed in supply chain risk management using a risk-based approach

Identifying and avoiding weak links in your supply chain

Identifying and avoiding weak links in your supply chain

Organisations that obtain their raw materials from conflict-prone jurisdictions or engage suppliers that contract unethical third and fourth tier subcontractors risk having their reputations and brands impacted, which may eventually lead to significant loss of business, loss of ‘ethically-minded’ employees and mistrust among customers. This is because the responsibility for ensuring transparency and ethical conduct in the supply chains rests with the contracting entity.

Regulators and governments around the world are constantly introducing legislation requiring organisations with suppliers in high-risk jurisdictions and industries to have checks and balances spreading across the entire supply chains – from primary contractors through to lower-tier suppliers. Most misconduct does not occur at the direct supplier level, but rather at their supplier, or their suppliers’ supplier level. This is why you need a holistic supplier monitoring system that covers all levels. Watching over your immediate supply only is simply not enough and will not protect you if you are investigated by regulators for misconduct. Neither will it save you from media bashing and courts of public opinion.

The United States, United Kingdom, Australia and The Netherlands either have or are in the process of enacting legislation aimed at promoting sustainable business practices in the supply chains by placing full responsibilities on entities found or deemed to use products resulting from human rights abuse, child labour, sanctions breaches, export controls, environmental mismanagement, human trafficking or modern-day slavery among others.

The surge in media reports suggesting that some multinational companies are dealing with suppliers that have integrity and compliance issues, mostly in parts of Africa, Asia and Latin America, is sufficient reason why you need to have proper oversight of your entire supply chains. This will help you to quickly identify issues, manage them accordingly and remediate before impact on your business and reputation.

To ensure proper oversight across your entire supply chain, the following are recommended:

1.    Segment your suppliers into risk tiers

With thousands, or even hundreds of thousands of third parties in your supply chain, most organisations simply do not have the resources to conduct in-depth due diligence on each, nor is that recommended. An effective programme will segment suppliers into tiers to help determine what constitutes a reasonable level of due diligence for each tier for any risk. Even a simplified risk scoring framework can help organisations focus their resources and be more effective in identifying potential risks. Consider factors such as where goods are being manufactured, types of materials going into it, and the political and social influences in the production and movement of material as you evaluate the integrity risks of a supplier type.

2.    Screen your suppliers against a database

When you get a basic overview of your suppliers’ risk tier, you can screen them against a database to validate the risk tier. Database screening will help you to know which suppliers are listed on sanctions lists, blacklisted or have been involved in compliance and integrity issues. Database screening will serve as a baseline for the next step you need to consider.

3.    Know your suppliers and their suppliers’ supplier

You must understand your suppliers - who they are, what they will do for you, their compliance culture, their integrity profile, financial standing and their business capabilities. This can be done through questionnaires with tailored questions including checking whether your immediate suppliers use third and fourth tier suppliers or whether they have an internationally acceptable compliance programme. Questionnaires may also help you to learn more about your suppliers’ owners, some of who may be Politically Exposed Persons, public officials, State Owned Entities, compliance challenged or have close links sanctioned parties.

4.    Perform due diligence

Once you have a good understanding of your suppliers’ activities and capabilities, you may need to perform risk-based due diligence. This means that for medium risk suppliers you may perform basic diligence exercises while for high-risk suppliers, you need to undertake enhanced due diligence. Due diligence must be proportionate to risks presented by each supplier. For instance, suppliers located in conflict-prone jurisdictions or extractive industries such as mining, or oil and gas warrant enhanced due diligence, with additional background checks in some cases. Those in low-risk regions require low-level due diligence. To ensure independence and minimising vested conflict of interest, consider obtaining your due diligence services from an external vendor. This is will also give you wider access to specialised resources, local insights, in-country expertise and proprietary ratings tailored to your risk appetite and exposure.

5.    Ongoing monitor and recurring due diligence  

For proper and effective oversight, enroll your suppliers on an ongoing monitoring system that enables you to receive real-time alerts whenever suspicious activities are flagged. This is will help you to act timely and deploy remediation at the earliest possible time. Additionally, repeat the due diligence over a preset time frame - a two or three-year renewal cycle on supplier due diligence to balance costs and risk exposure. Onboarding due diligence is only a snapshot in time and things in your supply chain may change thus repeating due diligence will give you the most recent and accurate assessment of your suppliers and their suppliers’ suppliers.

6.    Integrated and automated supply chain management

To support today’s supply chain managers, there are tools and solutions available for any size of business to identify and effectively manage risks that may be hiding in their supply chains. Such tools range from simple database screening to deep dive due diligence background checks to more advanced automated supplier management solutions. Most of these solutions can be configured and integrated into your customer relationship management platforms, giving you better control at a lower price. It is therefore highly recommended that you opt for an automated supplier management solution that can be integrated into your own systems (like an ERP or CRM) and be able to perform multiple tasks on one platform. Opting for such a solution will mean that you can risk rate your suppliers, do database screening, send out questionnaires, order due diligence and trigger repeat due diligence using one consolidated platform. This will not only make the best use of your resources but will also help you to minimise costs and add value to your compliance requirements and that of your entire supply chain.

You are responsible for the conduct and integrity of your suppliers. Ensure that you have a watertight supplier risk management process to help you to quickly identify and avoid weak links in your entire supply chain.