Regulations such as the Foreign Corrupt Practices Act (FCPA), the UK Bribery Act, and the Dodd Frank Wall Street Reform and Consumer Protection Act (specifically Section 1502 on conflict minerals) have compelled companies to extend their compliance and monitoring efforts beyond the four walls of the enterprise and into the far reaches of their vast and global supply chains. No longer can an organization be ignorant if a downstream supplier is found to be noncompliant with a regulation or company policy. Ultimately, the blame—and any financial, brand, and reputation loss—lies with the company who has the relationship with the supplier, or the suppliers’ suppliers.
ADVERTISEMENT |
In other words, companies today are under more pressure than ever to effectively design, communicate, enforce, monitor, track, and resolve supplier compliance with varying jurisdictional and industry-specific regulations. This can be a Herculean task, given the fact that today’s supply chains are complex, vast, multi-layered, and dispersed across the globe. It is no wonder, then, that a regulation like the Dodd Frank Act’s Section 1502 has stirred up such opposition. The first conflict minerals reporting deadline has just passed, yet business and industry groups, such as the National Association of Manufacturers, are still voicing their concerns. Some have even filed a motion for a stay of the entire rule, citing, among other reasons, the immense efforts and costs related to internal and external information gathering, due diligence, audits, and reporting.
Yet it’s only a matter of time before companies—and not just those who fall under the conflict minerals rule—will need to gain complete and real-time visibility into and across their supply chains. As the pressure from regulators continues to rise at a fast rate, customer and consumer expectations and pressures will rise even faster. For organizations, it is critical that risks and issues of noncompliance can be proactively identified and remediated before they snowball into larger problems with costly and far-reaching brand and reputational consequences.
The state of supplier compliance
Companies are increasingly engaging suppliers in emerging markets for cost-savings and efficiency, but with these benefits come multiple compliance risks. In a 2012 Deloitte survey, 70 percent of executives said they were extremely or very concerned about compliance and integrity-related risks in emerging markets. At the same time, only 40 percent of these executives were extremely or very confident in the ability of their company to manage these compliance risks when engaging vendors, and only 36 percent were this confident when their company worked with third-party agents.
The truth is that in many companies, supplier compliance management efforts are not as strong as they should be. Take the conflict minerals rule as an example. The deadline for compliance was June 2, 2014. Yet, in a recent PricewaterhouseCoopers survey, a quarter of respondents were still in the early stages of compliance: 26 percent were either finalizing scoping or planning and performing their reasonable country of origin inquiry (RCOI), and had yet to evaluate RCOI responses.
Unfortunately, companies still view supplier compliance as a costly burden. If they pursue compliance, it is primarily with the intent of avoiding lawsuits and regulatory penalties. However, many supplier compliance programs have proven to yield measurable benefits. A compliance report from the US-China Business Council recounts how one United States company with business operations in China evaluated approximately 300 local distributors’ compliance with the FCPA regulation. In doing so, the company was able to eliminate two-thirds of these distributors, consequently increasing their profit margins by 17 percent.
So, if supplier compliance management can be seen not just as a necessary, regulatory-mandated activity, but also as something that can generate value for the business, the question becomes: How does one create a culture of compliance across the supply chain?
Based on my experience and conversations with executives in the industry, following are a few good practices that are top of mind.
Treat supplier compliance as an extension of your own business processes
Suppliers may be third-party organizations but they are also extensions of your enterprise, helping drive your business by performing tasks that you cannot or do not perform in house. So, it’s important to enforce compliance standards, policies, and activities in the supply chain with the same level of diligence, urgency, and commitment that is applied within your organization.
It starts with the tone at the top. The Board of Directors, C-suite, and other top executives need to understand the importance of supply chain risk management and compliance, and its effect on business risks. Getting their support and resources is valuable. Some executives choose to send out a personalized letter with the organization’s training, education, and certification processes to all suppliers, or at least the highest-priority ones. This letter highlights the importance of compliance and confirmation that the suppliers understand the requirements.
Another step in creating a truly compliant and risk-aware supply chain is to choose the right suppliers based on a third-party risk assessment. Know who you’re doing business with, beyond just your tier 1 suppliers. Vet each one carefully, and conduct effective due diligence. Find out who your suppliers’ suppliers are. Get to know their corporate and compliance objectives, and only choose those suppliers whose objectives align with yours. It may be tempting to focus more on a supplier’s costs than their commitment to compliance, but a noncompliant supplier could end up costing you much more in the long run.
Once a supplier signs a contract, make sure that they are well-trained and educated on your compliance policies and controls. Maintain the policies in an online repository that suppliers can refer to easily. This is important because, ultimately, compliance comes down to awareness, which can only be created through strong communication, training, and education programs. Use these programs to reinforce the strong message of compliance throughout the business and across all levels of the supply chain.
Motivate your suppliers to comply
When an employee within your organization demonstrates high quality and consistent performance, he or she is usually recognized and rewarded. On the other hand, if a supplier complies consistently with policies and regulations, few people take notice. Yet if these same suppliers fail to comply or make a mistake, all eyes are on them.
If suppliers are an extension of your organization, then treat them as such. In a recent conversation with a large retailer, I learned that the company motivates its suppliers with both monetary and nonmonetary incentives based on their conformance to the retailer’s programs and processes. Incentivizing suppliers to do business in a more compliant manner, and to report deficiencies, can often strengthen compliance. Find ways to reward your suppliers for compliance performance.
Also, try to motivate them by simplifying compliance as much as possible. For instance, you could make sure that compliance manuals don’t run into hundreds of pages with complex requirements. Supplier compliance works best when you state your goals and outline your policies in a clear and succinct manner.
Finally, make compliance more collaborative than didactic. Share compliance performance data in real time with your suppliers. Offer them some insights into your own compliance best practices. Encourage them to disclose deficiencies, and work closely with them to resolve these issues, instead of penalizing them. This will prompt suppliers to be more open and transparent with you.
Be flexible in your approach
One of the biggest challenges compliance officers face is in trying to balance differences between global regulations and local mandates. Practices such as gift-giving, which is considered unacceptable and noncompliant in the United States, may be an integral part of local culture in another country. So, when developing compliance policies for your suppliers, take these cultural differences into consideration.
The best thing to do would be to create a federated model of policy implementation. At the corporate level, establish policies and procedures that focus on key compliance issues and risks across the supply chain. At the supply chain level, allow some amount of flexibility in how these compliance policies are adapted to local and cultural requirements, as long as they don’t contradict the “spirit” of the original policy.
Also, establish a common, standardized taxonomy across the supply chain for reporting compliance controls and activities. This way, data from various supplier locations can be rolled up to the corporate level, to provide a clear, consistent view into the overall compliance level and areas of concern across the global supply chain. Technology can be a valuable enabler of this model.
Manage supplier compliance on a risk basis
All suppliers don’t need the exact same level of controls or compliance monitoring. For instance, a supplier in the United States may not need as much anti-bribery compliance monitoring as a supplier in India or China, where the risk of bribery is higher. Similarly, a supplier that doesn’t maintain sensitive customer information will not need to implement the same level of information security controls as one who does.
The key is to ask the right questions. What are you using the supplier for? What type of information does the company deal with (e.g., confidential customer information)? When was the supplier last evaluated? Is the supplier located in a high-risk area (e.g., the Congo region, where conflict minerals is a major issue)?
Based on these questions, conduct a compliance risk assessment of each supplier. Evaluate and score the responses to gauge the risk profile of each supplier. Rank the suppliers accordingly—if a supplier is low risk, they wouldn’t need to be audited as often as a high-risk one.
Use a data-driven approach for analyzing supplier compliance. This requires that you leverage past supplier data as well as predictive analytics to simulate and model potential supplier compliance risks. These insights can be used to forecast and remediate compliance issues before they occur.
Conclusion
Incidents such as the horse meat scandal, worker exploitation at supplier factories, and high-profile instances of corruption and bribery highlight how quickly things can escalate when suppliers are not effectively managed, trained, and monitored. In a highly competitive and public environment, where a single misstep can be detrimental to the company’s brand, valuation, reputation, and very survival, it’s imperative for companies to collaborate closely with their suppliers towards strengthening compliance with various regulations using a risk-based approach. Those companies that position supply chain compliance as a core business activity to be embedded into each supplier’s processes as well as broader supplier relationship management efforts, only stand to gain.
Add new comment