News & Insights

Supply Chain 360°: Best Practices for Assessing and Monitoring Third-Party Relationships

Virtually every business, large or small, relies on a supply chain of some scale. Since the COVID-19 pandemic, large enterprises with expansive, often international supply chains, have been forced to engage in new third-party relationships to maintain normal business operations and keep pace with production needs. The sudden disruption of supply chains has opened the door to a surfeit of new entrants, significantly raising the risk of illegal third-party behavior.

Moving into 2022 and beyond, regulators around the globe will likely continue to focus on this area and expect organizations to conduct thorough risk screenings on all business partners. Meeting these new challenges demands more thorough third-party supply chain risk screenings of all business partners than had been customary in the past. The challenges this presents for businesses as well as regulatory bodies are substantial and call for greatly enhanced, analytics-driven, end-to-end third-party screening solutions.

Faced with today’s realities of constantly evolving risk, organizations need to engage in comprehensive monitoring of everything from relationships and workflows, spending and procurement, to potential conflicts of interest, and ethical and sanctions violations to appropriately identify and address third-party risk. Fortunately, the tools necessary to meet these and other related challenges are operational and available today.

Rising Risk & Supply Chain Challenges

The critical nature of third-party supply chain security is abundantly evident in efforts by the US government to protect supply chains that support critical infrastructure, such as energy and transportation. As in the corporate environment, reliance on an established, recognized framework is a cornerstone of effectiveness.

The National Institute of Standards and Technology (NIST), part of the US Department of Commerce, is charged with developing technology, measurement, and standards for everything from the smart electric power grid and electronic health records to atomic clocks, computer chips, and innumerable products and services. For example, two recent cybersecurity supply chain projects developed by NIST are Executive Order 14028, Improving the Nation’s Cybersecurity and the National Initiative for Improving Cybersecurity in Supply Chains.

Business enterprises face many of the same types of threats to their own supply chains. Whether ethical, economic, political, or environmental, the potential “threat surface” continues to expand.

Disasters such as floods and earthquakes, which are highly unpredictable, exemplify geographic and environmental problems. The pandemic has also dealt a harsh blow to many regular suppliers at the economic level, from bankruptcy to economic recession. Sudden civil unrest or political turmoil can also derail an ongoing supply chain relationship. Perhaps the greatest threat posed by third-party exposure is at the level of unethical business practices. The disruption and disarray wrought by the pandemic, coupled with escalating geopolitical turmoil, opened the door to widening corruption and bribery.

The spread of forced labor, child labor, and other unethical labor practices by insufficiently vetted third parties pose potentially devastating reputational risks, to say the least. The need for powerful tools to meet these challenges has become incorporated into the cost of doing business. Several EU member states, including France, the Netherlands, and Germany, already operate under national policies for supply chain due diligence and ethical sourcing.

Germany’s “Act on Corporate Due Diligence in Supply Chains” (or “Initiative Lieferkettengesetz”), which is expected to be implemented in 2023, calls for large companies to assume responsibility for identifying risks of human rights violations and environmental destruction at direct suppliers and, if necessary, also at indirect suppliers. None of those due diligence schemes, however, have the breadth of a proposed directive adopted by the European Parliament in 2021.

The EU Directive on Mandatory Human Rights, Environmental and Good Governance Due Diligence, if ratified, would substantially redraw the scope of oversight of human rights and environmental due diligence, with material sanctioning powers spanning EU and non-EU businesses and their supply chains. After a two-year process, the European Commission has released a long-awaited draft of the directive. If the European Parliament and European Council approve this directive — a process expected to take a year or more — EU member states will have two years to transpose the directive into national law and begin enforcement.

New Uyghur Human Rights Law in US – Significant Implications for Supplier Compliance

 ​Washington has demonstrated an appetite for challenging how businesses manage their supply chains and the degree of corporate reporting accountability that company leadership can be held to.

In late December 2021, President Biden signed into law the Uyghur Forced Labor Prevention Act, a bipartisan bill that bans imports from China’s Xinjiang region unless the importer can prove they were not made with forced labor. The legislation came into force in June 2022. It applies to “all goods, wares, articles, and merchandise mined, produced, or manufactured wholly or in part” in Xinjiang, a sprawling region in China’s far west, where, beginning in 2017, the Chinese government has carried out a mass “reeducation” campaign against Uyghurs and members of other ethnic groups.

Numerous independent sources estimate that more than 1 million people in Xinjiang have been detained in camps, with some released, some transferred to prison, and others pressured to work in factories. In its annual human rights report released in March, the Biden administration declared China’s treatment of the Uyghurs a genocide, formalizing its dire assessment of Beijing’s campaign of mass detention and sterilization of minority groups in Xinjiang.

Under the 1930 Tariff Act, it is illegal to import into the United States any goods made in whole or in part by forced labor. The new law addressing the Uyghur matter prohibits all imports from Xinjiang “unless US Customs and Border Protection certifies by clear and convincing evidence that goods were not produced with forced labor.”

With this legislation now in effect, it will be crucial for importers and related organizations to prove compliance with CBP and Forced Labor Enforcement Task Force (FLETF) guidance on due diligence. Proper due diligence in relation to the UFLPA should include effective supply chain tracing and management practices, as well as risk assessments, ongoing monitoring, independent reviews, and performance reporting, among other compliance activities prescribed by regulators.

The Importance Of End-to-End Third-Party Screening

Critical components of effective end-to-end third-party supply chain due diligence are widely acknowledged. Intensified focus on third-party relationships calls for comprehensive monitoring of relationships across their full lifecycle, including screening of all parties, not just those at higher levels of risk. Importantly, close consideration of the full gamut of exposure requires detection of anti-bribery and corruption as well as ties to forced labor/human rights violations per the new laws outlined above in the US, Germany, and EU.

It is precisely these and other threat vectors that are targeted by IntegrityRisk’s new end-to-end

third-party screening solution, Supply Chain 360° conducted in partnership with SEC-cited compliance analytics and audit specialist Lextegrity. Combined with IntegrityRisk’s highly trusted Enhanced Due Diligence (EDD) expertise and programmatic product set, the result is a robust, industrial-strength SaaS-based suite of tools that are readily integrated to complement a business’s existing compliance structure, including multi-tiered, intermeshed platforms comprising legacy and newly acquired systems.

The result is a unique blend of analytics-driven screening for the most complex environments. The solution addresses the full host of risk parameters, including but not limited to:

  • Supply chain workflows and ongoing spend monitoring
  • Detection of fraud and corruption and sanctions violations
  • Conflicts of interest
  • Human rights/forced labor ties
  • Corporate registration, regulatory and litigation records, including global public records

research and analysis, as well as

  • Inquiries with knowledgeable, in-country sources regarding subject’s background, business practices, reputational status, and other red flags

Proactively Protecting Your Supply-Chain Assets

Businesses face historically unique challenges today when it comes to supply chain compliance. It has become imperative for businesses with cross-border supply-chain exposure to employ the most enhanced third-party due diligence protocols available to identify inherent risks rapidly and accurately to their supply chain.

To learn more about the powerful Supply Chain 360° solution available through IntegrityRisk, contact us today.