Regulations such as the Foreign Corrupt Practices Act (FCPA), the UK Bribery Act, and the Dodd Frank Wall Street Reform and Consumer Protection Act (specifically Section 1502 on conflict minerals) have compelled companies to extend their compliance and monitoring efforts beyond the four walls of the enterprise and into the far reaches of their vast and global supply chains.
No longer can an organization be ignorant if a downstream supplier is found to be noncompliant with a regulation or company policy. Ultimately, the blame—and any financial, brand, and reputation loss—lies with the company who has the relationship with the supplier, or the suppliers’ suppliers.
The state of supplier compliance
Companies are increasingly engaging suppliers in emerging markets for cost-savings and efficiency, but with these benefits come multiple compliance risks. In a 2012 Deloitte survey, 70 percent of executives said they were extremely or very concerned about compliance and integrity-related risks in emerging markets. At the same time, only 40 percent of these executives were extremely or very confident in the ability of their company to manage these compliance risks when engaging vendors, and only 36 percent were this confident when their company worked with third-party agents.
Unfortunately, companies still view supplier compliance as a costly burden. If they pursue compliance, it is primarily with the intent of avoiding lawsuits and regulatory penalties. However, many supplier compliance programs have proven to yield measurable benefits. A compliance report from the US-China Business Council recounts how one United States company with business operations in China evaluated approximately 300 local distributors’ compliance with the FCPA regulation. In doing so, the company was able to eliminate two-thirds of these distributors, consequently increasing their profit margins by 17 percent.
So, if supplier compliance management can be seen not just as a necessary, regulatory-mandated activity, but also as something that can generate value for the business, the question becomes: How does one create a culture of compliance across the supply chain?
Treat supplier compliance as an extension of your own business processes
Suppliers may be third-party organizations but they are also extensions of your enterprise, helping drive your business by performing tasks that you cannot or do not perform in house. So, it’s important to enforce compliance standards, policies, and activities in the supply chain with the same level of diligence, urgency, and commitment that is applied within your organization.
It starts with the tone at the top. The Board of Directors, and other top executives need to understand the importance of supply chain risk management and compliance, and its effect on business risks. Getting their support and resources is valuable. Some executives choose to send out a personalized letter with the organization’s training, education, and certification processes to all suppliers, or at least the highest-priority ones. This letter highlights the importance of compliance and confirmation that the suppliers understand the requirements.
Another step in creating a truly compliant and risk-aware supply chain is to choose the right suppliers based on a third-party risk assessment. Know who you’re doing business with, beyond just your tier 1 suppliers. Vet each one carefully, and conduct effective due diligence. Find out who your suppliers’ suppliers are. Get to know their corporate and compliance objectives, and only choose those suppliers whose objectives align with yours. It may be tempting to focus more on a supplier’s costs than their commitment to compliance, but a noncompliant supplier could end up costing you much more in the long run.
Once a supplier signs a contract, make sure that they are well-trained and educated on your compliance policies and controls. Maintain the policies in an online repository that suppliers can refer to easily. This is important because, ultimately, compliance comes down to awareness, which can only be created through strong communication, training, and education programs. Use these programs to reinforce the strong message of compliance throughout the business and across all levels of the supply chain.
Motivate your suppliers to comply
When an employee within your organization demonstrates high quality and consistent performance, he or she is usually recognized and rewarded. On the other hand, if a supplier complies consistently with policies and regulations, few people take notice. Yet if these same suppliers fail to comply or make a mistake, all eyes are on them.
If suppliers are an extension of your organization, then treat them as such. In a recent conversation with a large retailer, I learned that the company motivates its suppliers with both monetary and nonmonetary incentives based on their conformance to the retailer’s programs and processes. Incentivizing suppliers to do business in a more compliant manner, and to report deficiencies, can often strengthen compliance. Find ways to reward your suppliers for compliance performance.
Also, try to motivate them by simplifying compliance as much as possible. For instance, you could make sure that compliance manuals don’t run into hundreds of pages with complex requirements. Supplier compliance works best when you state your goals and outline your policies in a clear and succinct manner.
Finally, make compliance more collaborative than didactic. Share compliance performance data in real time with your suppliers. Offer them some insights into your own compliance best practices. Encourage them to disclose deficiencies, and work closely with them to resolve these issues, instead of penalizing them. This will prompt suppliers to be more open and transparent with you.
Be flexible in your approach
One of the biggest challenges compliance officers face is in trying to balance differences between global regulations and local mandates. Practices such as gift-giving, which is considered unacceptable and noncompliant in the United States, may be an integral part of local culture in another country. So, when developing compliance policies for your suppliers, take these cultural differences into consideration.
The best thing to do would be to create a federated model of policy implementation. At the corporate level, establish policies and procedures that focus on key compliance issues and risks across the supply chain. At the supply chain level, allow some amount of flexibility in how these compliance policies are adapted to local and cultural requirements, as long as they don’t contradict the “spirit” of the original policy.
Also, establish a common, standardized taxonomy across the supply chain for reporting compliance controls and activities. This way, data from various supplier locations can be rolled up to the corporate level, to provide a clear, consistent view into the overall compliance level and areas of concern across the global supply chain. Technology can be a valuable enabler of this model.
Manage supplier compliance on a risk basis
All suppliers don’t need the exact same level of controls or compliance monitoring. For instance, a supplier in the United States may not need as much anti-bribery compliance monitoring as a supplier in India or China, where the risk of bribery is higher. Similarly, a supplier that doesn’t maintain sensitive customer information will not need to implement the same level of information security controls as one who does.
The key is to ask the right questions. What are you using the supplier for? What type of information does the company deal with (e.g., confidential customer information)? When was the supplier last evaluated? Is the supplier located in a high-risk area (e.g., the Congo region, where conflict minerals is a major issue)?
Based on these questions, conduct a compliance risk assessment of each supplier. Evaluate and score the responses to gauge the risk profile of each supplier. Rank the suppliers accordingly—if a supplier is low risk, they wouldn’t need to be audited as often as a high-risk one.
Use a data-driven approach for analyzing supplier compliance. This requires that you leverage past supplier data as well as predictive analytics to simulate and model potential supplier compliance risks. These insights can be used to forecast and remediate compliance issues before they occur.
Incidents such as the horse meat scandal, worker exploitation at supplier factories, and high-profile instances of corruption and bribery highlight how quickly things can escalate when suppliers are not effectively managed, trained, and monitored. In a highly competitive and public environment, where a single misstep can be detrimental to the company’s brand, valuation, reputation, and very survival, it’s imperative for companies to collaborate closely with their suppliers towards strengthening compliance with various regulations using a risk-based approach. Those companies that position supply chain compliance as a core business activity to be embedded into each supplier’s processes as well as broader supplier relationship management efforts, only stand to gain.
Article Source: Quality Digest