Recent disruptions, such as the COVID-19 pandemic, port congestion, and the Russia-Ukraine war have placed a spotlight on businesses’ supply chains and their resilience. Growing consciousness about environmental, social and governance (ESG) principles has also raised issues about more ethical business practices extending throughout the supply chain. These factors are leading companies to rethink their business logistics processes.
Corporate Risk and Insurance spoke with Eric Hensley (pictured above), chief technology officer of third-party risk management software provider Aravo, about how businesses can help make their supply chains more resilient and ethical in the face of current economic, social and geopolitical upheavals.
According to Hensley, many of today’s component and product shortages are from an over-dependence on a single geographic area or vendor.
“For example, at the pandemic’s peak, the lead time for semiconductor chips coming out of Wuhan, China doubled to 36 weeks – and we are still seeing severe shortages,” he said. “To fulfill demand and mitigate financial losses, many businesses have considered reshoring or partnering with additional third-party vendors. However, these approaches can invite cybercriminal activity across supply chains, such as the hackings of SolarWinds in 2020 and Colonial Pipelines in 2021.”
These challenges, coupled with new third-party ESG regulations, are creating a need for improved supply chain visibility across the ecosystem of direct and indirect suppliers, Hensley said. While governments continue to pass and enforce ESG regulations, there is strong demand for companies to adapt existing ESG frameworks and report on their progress to meeting objectives.
How can businesses make their supply chains more resilient amid global crises?
Hensley offered several steps that can help risk managers fortify their supply chains in the face of potential disruptions:
- Build or develop sound TPRM practices and controls. If you’re starting from scratch, build a third-party risk management (TPRM) program based upon best practices and robust controls. There are frameworks available for businesses to institute (or adapt) TPRM programs that are digital and holistic, and guard against the chaos within global supply chains.
- Identify and analyze third parties that could impact critical operations and prioritize dependencies. Drive visibility into your extended supply chains, especially third parties, to understand their risks. Identify your most critical and vulnerable vendors and develop alternative sourcing agreements should they go offline.
- Formalize supplier agreements, then manage to improve performance, reduce risk. Codify your supplier agreements with contracts, including terms and conditions and service-level agreements, to share risk exposure. Track and measure your suppliers’ performance, hold them accountable, and work with them to reduce risk.
- Continuously monitor for supplier performance and risk. TPRM is not a “set it and forget it” exercise. Instead, regularly run reports of your systems, assessments, and controls, and provide ongoing monitoring of supplier/vendor performance to ensure that issues that could impact resilience are addressed early.
- Develop a process to manage the disruption of services. Disruption is reality. Develop a strategy for keeping your operations online, including a JIC sourcing model, prioritizing key goods and services, and sourcing optimization, without compromising your commitments to customers, the law, and quality.
How can businesses make their supply chains more ethical?
According to Hensley, an ethical and sustainable supply chain means creating greener, cleaner products while utilizing legal and humane business practices.
“Minimizing a product’s end-to-end environmental impact is one part of the equation,” he said. “Another is implementing production methods that protect the health, safety, and rights of the workers and their communities at each stage of a product’s supply chain – including n-tier suppliers.”
Hensley said that ethical and sustainable companies are transparent with their procurement and supply chain operations. Companies must provide tangible evidence, supported by data and verified by respected ESG ratings providers, that they are compliant with laws and regulations and align with their customers’ values. If they are not, it is an opportunity to fully disclose such shortcomings and commit to making improvements.
“These companies are also transitioning to just-in-case contingency plans to drive resilience,” Hensley said. “Over-reliance on critical suppliers operating in high-risk regions is risky: if you cannot access direct or indirect materials ‘just in time,’ you might source from less-reputable suppliers as stop-gap measures. This introduces further risks into your supply chain, which can compromise your commitments to ESG regulations and values.”
Hensley believes that technology can help companies improve their supply chains’ resiliency and ethics by making the process simpler and more automated.
“Our latest product, Aravo for ESG, automates the due-diligence process and enforces controls to ensure third parties are compliant with anti-slavery, conflict materials, environmental, health and safety, diversity, and other ESG mandates,” he said. “Aravo’s solution can alert organizations to potential hazards, such as natural disasters, geopolitical unrest, and information security threats, in real time, so they can assess their severity, determine impact points, and identify alternate suppliers to mitigate major operational disruptions.”
In the next three to five years, Hensley predicts that ESG regulations will continue to expand, requiring companies to be agile in their TPRM programs to track and mitigate risks.
“For example, the German Supply Chain Due Diligence Act comes into effect on January 1, 2023, followed by additional ESG laws in Europe,” he said. “In the coming months, the US Securities and Exchange Commission will likely issue new carbon disclosure requirements with far-reaching obligations for listed companies. These regulations, and global net-zero emissions goals, create a need for Scope 3 emissions tracking, and we believe there will be significant investment in this space soon. There will also be a larger focus on the ‘S’ and ‘G’ of ESG, with companies instituting programs to assess a wide range of issues, including human rights, labor laws, diversity, supply chain governance, anti-bribery/corruption, responsible sourcing, and measuring ESG across supply chains, including third parties.”