PYMNTS-MonitorEdge-May-2024

How Suppliers Can Take The Lead On Supply Chain Risk Management

The growing complexity of international supply chains inevitably adds complexity to risk mitigation and increases risk exposure to all players involved. This trend is evolving rapidly, and corporate buyers are examining threats from all angles.

Once, a company’s top supplier-related risk may have been the threat of a vendor going out of business, or goods failing to make it to their destination on time. While these challenges remain, firms must also assess and manage risks related to human rights, war, economic turmoil, foreign exchange volatility, cyberattacks and the implications of noncompliance.

Today, supply chain and supplier risk management is a beast.

Catherine Beare, senior director, Supply Chain Assurance at quality assurance provider Intertek, said global corporations are becoming more aggressive at tackling that beast.

“Risk management is about identifying, assessing and controlling risk from an operational level and making decisions to balance the benefits,” Beare told PYMNTS in a recent interview. Companies, she continued, have to assess the risks they face and ensure they are offset by the benefits of doing business. “Nowadays, approaching risk is an absolute top requirement on the procurement side.”

But in the conversation of supply chain risk, there is no single focus. Rather, Beare said, risk mitigation touches all aspects of business, from human rights to cybersecurity.

“When we think of compliance, we think of it across all spectrums,” she said, “from social risks, environmental, governance, security, quality, cybersecurity — it could be anything.”

Regulations related to this vast array of risks in the supply chain have played a significant role in placing risk mitigation at the top of mind for supply chain professionals and the C-suite. Again, explained Beare, these regulations are vast, including child labor and trafficking laws, anti-corruption and anti-bribery rules and environmental requirements. Incoming regulations around the area of cybersecurity are also becoming a key focus for businesses.

In some cases, many of these areas, like human rights, had not been legal requirements for members of supply chains around the globe, and it is only recently that regulations have turned these concepts from social mandates to regulatory mandates, said Beare.

In a report published by SCM World last October, researchers emphasized the proliferation of supply chain risk concerns. The firm’s 2017 Future of Supply Chain survey found the biggest increases of concern center on war, natural disasters and data security.

“A decade ago,” SCM World wrote, “supply chain risk was primarily focused on supplier failures, commodity price volatility and component shortages. Mitigating these threats was possible with closer supplier coordination, collaborative planning around upstream constraints and dual sourcing … This is no longer enough.”

The biggest shift in the area of supply chain risk mitigation is the focus from risks that can be controlled (like supplier sourcing) to risks that cannot (like war). As supply chain management technologies begin to deploy sophisticated tools like predictive analytics in an attempt to prepare companies for those less-controllable factors, corporates are also recognizing the importance of addressing the risks they can.

According to Beare, this traditionally means corporate buyers must work with their Tier 1 suppliers — that is, the vendors that work directly with their customer — and not with suppliers further down the chain. But this creates a lack of visibility and communication, she said.

“Considering the sheer size and complexity of supply chains, a lot of times today, businesses communicate with their Tier 1 and maybe some Tier 2 suppliers,” said Beare. This forces companies to rely on their vendors to get the message out to the rest of the supply chain about what a firm’s expectations and requirements are around compliance. It also creates a barrier, said Beare, to businesses being able to gain the necessary information into their supply chains to assess whether unnecessary risks are hitting their organization.

For corporates, she said, this means asking questions like, “Does the buck stop with you? Does it stop with your supplier? Do you expect your supplier to take on more due diligence to ensure the expectations you set are being disseminated down the chain? Do you expect suppliers to also have visibility down the chain?”

“If you’re not giving the message directly to the supplier with which you have a concern, you need to make sure that information gets down the chain correctly,” she continued. “More and more, we encourage the flow of communication. We eliminate barriers to give more visibility for buyers to approach different tiers with their message, to make sure it’s clear.”

With this objective, Intertek recently launched its Inlight Advantage solution, a way to automate and streamline supply chain compliance and risk mitigation, as well as its Inlight Network, a platform to facilitate supply chain compliance. In addition to providing companies with enhanced visibility into the compliance of members of their supply chains, Beare noted that the tool offers a way for suppliers to take the initiative to be transparent with their compliance efforts.

“This is about the supplier being proactive themselves,” she said. “For them to … understand what they really need to be aware of, what regulations and laws they face under different areas of compliance. This is a bottom-up approach, rather than a top-down approach of trying to disseminate a message of compliance requirements one way down the supply chain.”

Beare also said that, for buyers and suppliers alike, the financial implications of noncompliance go far beyond regulatory fines.

“In the risk management process, you need to understand if you have a risk, which is normal with today’s complex supply chains. You need to be able to see that impact, determine the risks you’re prepared to take, what it is you’re resilient to and what risks you’re not prepared to take, because the bottom line could be major in terms of the effect it could have on your reputation.”

PYMNTS-MonitorEdge-May-2024