Compliance in Focus: Strategies for Mitigating Supply Chain Compliance Risk

Print PDF
April 24, 2020

The Covid-19 pandemic has created significant disruptions to supply chains.  A month ago, the focus was on the interruption caused by the closures of Chinese factories. Even as Chinese manufacturing reopens to production, the challenges continue. Now, the shock waves are being felt throughout the global economy as more markets are grappling with disrupted workforces, shortages of materials and liquidity constraints. As the virus spreads, global businesses are confronted with mounting challenges as a result of shifting their supply chain in order to maintain business operations. 

A break in the supply chain can threaten the business itself. Senior management will rightly focus on finding solutions as efficiently as possible to ensure the survival of the enterprise. However, it is important to remember that the compliance risks that can accompany supply chain disruption can also impact enterprise survival. It is critical that senior management recognize and reiterate the importance of maintaining compliance processes even in the midst of significant supply chain disruption.   

The compliance risks that can arise due to supply chain disruptions span the gamut from:

  • Corruption arising from the lack of appropriate diligence on alternative suppliers to;
  • Sanctions violations arising from dealing with restricted parties or products or failing to obtain the appropriate license to;
  • Human rights violations arising from sourcing in alternative markets where child labor and other human rights abuses may be more common to;
  • Product liability, recall, and safety violations arising from alternative suppliers that provide contaminated or defective products.

It is a laundry list of headaches for any compliance officer. Compliance processes are designed to mitigate these risks. When alternative suppliers are not fully vetted and processes are ignored or circumvented, the business loses its best defense if a subsequent regulatory violation arises.  

Listed below are three strategies compliance departments should consider in order to protect the business and mitigate the compliance risks that can arise due to supply chain disruption.

1. Engage with Procurement

The procurement team is likely developing a business continuity plan to mitigate supply chain risks. Your procurement officer is head down, focusing on how to ensure operations continue when the inevitable disruption occurs. Even though no one wants to poke the hornet’s nest, this is a critical time to remind procurement about specific compliance responsibilities and to identify and address issues that may present hurdles to meeting your company’s compliance requirements. Send targeted communications that outline concise compliance requirements for vendor and supplier due diligence. Highlight high risk markets. Communicate that the compliance department is a partner and can support procurement in these challenging times. 

It is also likely that the procurement team is working to quickly source alternatives through digital platforms and intelligent procurement programs. These digital platforms can provide efficient solutions, but they can’t replace the compliance requirements that must be followed. Just because an alternative is available, doesn’t mean it will satisfy the requirements of your compliance program. That is why communication is critical, so that compliance remains a priority, even in times of crisis. 

2. Compliance Involvement in Planning for Alternative Suppliers

Compliance should take an active role in identifying critical supply channels, reaching out to responsible personnel and proactively assisting in vetting alternatives if a disruption occurs. If this planning step is left to procurement officers alone, the danger is significant business continuity impact if the alternative identified by procurement poses regulatory risk.

For example, the alternative suppliers may be located in a jurisdiction with a high rate of corruption or human rights violations. Or the vetting process for new suppliers in the region or industry may be so time consuming that it could result in operations grinding to a halt. If compliance is involved in the process from the beginning, then these potential roadblocks can be proactively addressed, minimizing business continuity impact. 

In planning for alternative suppliers, compliance should consult with relevant personnel to identify those markets that pose the most significant risks and highlight those markets to the procurement officer. Compliance should plan, prepare, and take as many steps as possible to conduct diligence on potential alternative suppliers identified by the business, especially for critical components in the business’ most important markets. Proactively reach out to the service providers you use for background reports and license and registration searches. Find out if they are facing delays in any of their markets and plan accordingly. 

Existing, approved vendors can also be an important lifeline in supply chain disruptions. These vendors may have capabilities in other products and markets and may be able to act as an alternative. These vendors are familiar with your business expectations and have passed your compliance program requirements. 

3. Risk-Focused Diligence

Conducting due diligence on a new supplier or vendor during the pandemic can be challenging. Not only is there the potential for delays in your typical diligence processes, but the risk of corruption and fraud is higher. The diligence process should be closely documented. 

The terms of the agreement with any new supplier or vendor must be closely scrutinized. Price markups may be anticipated, but they also leave room for bribes. The new vendor should provide a written justification for the price that is independently verified. Commission payments, rebates and any third-party payments should likewise be closely scrutinized.  

The pandemic has led to numerous reports of counterfeit, defective, and contaminated products. Depending on your business line, you should allocate additional resources for inspections to ensure the safety of products and you should account for this potential risk in any agreement. Post-transaction monitoring is also critical. 

Overall, documentation of the compliance process –particularly any alternative procedures that must be adopted to address the current operating environment – is critical. Ensure that you have captured the basis on which you accepted different types or sources of documentation and are comfortable relying on them. Confirm that compliance has vetted pricing and the basis for the conclusion that any markups are legitimate in this market. Continue to monitor your vendor relationships and consider imposing heightened monitoring requirements on a risk basis to address heightened risks in this climate. The documentation you prepare today will be a critical lifeline in the future when an allegation of misconduct arises, providing a contemporaneous basis for your risk-based approach to diligence and demonstrating that your company did not turn a blind-eye to compliance risks in the face of economic pressures.