The Red Flag Group®
compliance screening

Classifying supplier risks in emerging markets

Classifying supplier risks in emerging markets


The client had over 100,000 suppliers listed in its supplier master file and wanted to work through that list and build a risk-based compliance programme to manage compliance risks.

The client had not previously conducted any supplier risk assessment and needed a risk-based approach to managing this project. The driver of the programme was mostly to comply with the United Kingdom Bribery Act by identifying potential bribery risks in the supply chain.

The first problem was sorting through the supplier list and building a smaller list of certain suppliers in particular categories that might require a more thorough risk-management process.

This process had to be documented and defensible as the client was under significant investigation with the United States Department of Justice and the United Kingdom Serious Fraud Office.


The project began with a risk roundtable: a facilitated meeting where members of the procurement, business, legal, finance, risk and compliance teams reviewed and discussed the supplier categories across the company for two days.

Over the next two weeks, via telephone, the team worked through a process of looking at each category of spend and assessing it for risk in the following areas:

  • Corruption
  • Human rights
  • Conflict minerals
  • Sanctions
  • CSR and product stewardship.


Risk assessment
  • Risk-assessment methodology that showed the basis upon which we risk rated the suppliers
  • Went through the risk-rating process and how we documented the analysis

  • Pivot tables of suppliers that can easily be manipulated for adjustments in tolerance
  • Heat map of suppliers by country and supply code.


About four weeks in total.

Why The Red Flag Group®

Industry knowledge

We know our clients’ industries very well. In this case we were knowledgeable about the mining sector and being aware of the many different parties and operations involved helped us separate and follow different processes. Being aware of the industry made it easier for us to help define risks in their supply chain.

Knowledge on risks

While the project started out looking at the risks associated with the United Kingdom Bribery Act and corruption risks, we ended up expanding the scope to be much broader and include several risk areas. While it fell short of the 30 risk areas that we commonly look at, there were several risks that the client included as part of this initiative.

Good business experience

If you are going to do a project like this, you need to have a global business vision. It is important to be able to identify a supplier with potential risks within minutes. You need to be business savvy, understand the local and national laws, know your risks and be up to date with the ever-changing marketplace.