Kroll's Security Concepts Podcast

Steve is a senior manager in the Security Risk Management practice based in the New York office. He leverages over three decades of security experience in global supply chain security, crisis management, forensic investigation and operational security.

Daniel is an associate managing director in the Compliance Risk and Diligence practice based in the Reston, Virginia office. He currently chairs our firm's supply chain risk management services initiative.

Passages from the Episode

Impact of COVID-19 on Global Supply Chains and Personnel

“What have we seen as the overall impact of COVID-19 on supply chains around the world?” – Jeff Kernohan

“I think first and foremost, the biggest takeaway is really just the increase in the frequency of major unanticipated disruptions across the end-to-end supply chain. Some disruptions have always occurred in the supply chain. It's part and parcel having an outsourced service or a product provider. The rate at which disruptions came, the size of them, have really been a challenge for a lot of companies caught, I would argue, most companies off guard, where it became almost like a whack-a-mole type game – unfortunately with very dire consequences. The disruptions can occur on the supply side. Back in the early days, back in China for example, there were transportation and logistics disruptions, and they end up with demand side logistics as people shut down, as people stayed home and didn't buy anything, didn't go to restaurants or stores, etc.” – Daniel Hartnett

“Another area is the evolving nature and it's interactive effect, all these various risks that are disrupting the supply chain. You have new or newly leading risks, like financial risk of the suppliers. Obviously everyone's always been worried about a supplier, especially a key supplier going belly up, but what came to fore was that as the financial impacts really bit hard, especially the smaller and medium-sized suppliers, they can suddenly go belly up without notice and they leave larger corporations hanging and wondering what is going to happen to their deliveries. At the same time, you also have this sort of interactive effect going on. Here are a few examples:

• The virus outbreak has health risks for the population and employees that then drives business continuity impacts
• Companies shutting down, maybe they were deemed non-essential, or maybe they had an outbreak of COVID-19 within their facilities
• Major cyber security and data privacy risk being driven by all of this because everybody's working from home and companies might not have well-established IT or cyber security principles
• Uptick of contract disputes because of force majeure clauses being enacted because of disruption
• Economic downturn causing supplier financial risks which could lead to potential for corruption risks
• A company in a certain jurisdiction might want to bribe the government employee to be deemed an essential job so they remain open
• Challenges of security risks, theft of cargo or products along the way because of economic distress for these various jurisdictions, as well as IP theft
• If there are cashflow issues, depending on the company size, might be the nail in the coffin
• The rise of supply chain risk management within business strategy, where, supply chain risk, no longer really an afterthought or a defensive or responsive mechanism, but rather it's increasingly proactively incorporated into strategic supply chain decisions sometimes at the highest level” – Daniel Hartnett

“When we're talking about the people responsible for overseeing the supply chain, what are we seeing as the bigger impacts to them?” – Jeff Kernohan

“When COVID-19 first hit and everybody realized how long the shutdowns were going to last, most retailers started cutting staff. The security teams were hit exceptionally hard. I've spoken to numerous colleagues out in the field that have just been either furloughed or completely laid off due to COVID-19. A lot of these teams were decimated, and where there was a full staff of personnel before, now you're down to skeleton crew in some places and some places, nothing at all. It's really put a damper on their efforts that they had going forward to reduce losses and theft because they no longer have the personnel to deal with them. You can remove the position, but you don't remove the need. The need is still there, and it's actually been increasing now due to what's going on with Covid-19.” – Daniel Hartnett

Business Operations During COVID-19

“We've also seen in working with some of those essential providers out there is there is a dramatic increase in demand and trying to keep up with security during COVID-19. What are essential businesses’ major issues that they're seeing in trying to continue operating?” – Jeff Kernohan

“There probably hasn’t been as much of a layoff on the essential business side as you had on the non-essential business side. On the essential side where their teams may not have been downsized, but now they're seeing an increase in activity they're being strained. The economy is still in a place where people are not willing to increase payrolls right now and bring on additional staff. So, you're asking the existing teams to deal with an amount of work coming in, investigations, theft, all different types of risks that they just they've never had to deal with.” – Steve Palumbo

“Where does the actual supply chain risk management process now reside when we're looking at the importance to a business and their operations, in regard to the importance of supply chain risk management?” – Jeff Kernohan

“In the post-COVID-19 environment, supply chain risk management has really come of age. We're talking to more and more clients where it has bubbled up to the C-suite, and possibly even the board of directors. It's no longer just a concern internally in an organization, rather it becomes a factor even in daily briefings. The health of the supply chain, for example, or having a member of the board directors who's responsible for supply chain risk to make sure that the operations continues to flow without some type of business interruption has caused a lot of companies to rethink their supply chain footprint across the globe. This is absolutely a C-suite level decision and takes a long time to consider.” – Daniel Hartnett

“Supply chain risk is no longer given that secondary or tertiary cursory look, but rather it's actually a factor in there and almost as equal to probably the idea of cost savings, which historically has been almost the exclusive realm of supply chain footprint decisions. The idea of saving money because you can outsource to a lower cost country, for example, but you no longer have to look at the risk of that. The idea is that the realization that disruption can occur anywhere across the end-to-end supply chain.” – Daniel Hartnett

“Prior to COVID-19 most companies really only looked at their immediate partners—those true third parties that they were immediately contracting with. There wasn’t worry so much deeper into the supply chain. Global supply chains are extremely complex. They cross multiple jurisdictions in a networked fashion. There are a lot of companies being caught off guard by that, and that exacerbated the impact of a supply chain disruption. We realize now that you really have to look more broadly. It's very difficult to look across a full end to end supply chain, but there are things that companies obviously can do to expand their vision. There’s also the idea that consumers, the end consumer are also aware of supply chains and the risks to them.” – Daniel Hartnett

“Among the C-suite and a board of directors, there needs to be resilient supply chains because the consumers understand it. How many articles have we read about toilet paper and the supply chain and the production of it. Those types of things have raised awareness among the public of these issues in a way that before they never really were concerned about.” – Daniel Hartnett

Retail Supply Chain Security

“What are we saying for the retail, when trying to get product out there? What kind of impact are we seeing in their ability to provide this security due to some of the restraints that are in place today?” – Jeff Kernohan

“There are a lot of issues from a protection standpoint. With staffs being decreased and not having enough people, businesses aren’t paying attention to everything they need to pay attention to. We’re seeing an increase level in hijackings and an increase level in theft overall, just because there's such a need for these goods, especially on the essential side. There's no longer robust teams in place to provide that level of protection.” – Steve Palumbo

Minimizing Emerging Risks on Supply Chain

“What can these companies, and even the investors for these companies, do to minimize their exposure? How can they protect themselves to the emerging risk market on the supply chain?” – Jeff Kernohan

“First and foremost, the senior leadership of a firm and maybe the board of directors themselves have to ensure that supply chain risk management remains a key topic. For investors it's equally important. We're hearing more and more from investment firms that want to make sure that the risks over their supply chain for a potential acquisition or the portfolio companies is properly evaluated to make sure that they're not caught off guard by some kind of disruption layer on their own that will have a massive, massive impact upon the bottom line.” – Daniel Hartnett

“Companies need to emphasize a proactive approach, get away from that defensive, reactive mindset—reactive is a lot less effective. I would argue a lot less costly if you're going about it from that angle. There are a lot that companies can do to at least minimize their exposure, especially if there's some known risks out there. Firms also need to expand their view of what the supply chain risk management environment is. It's not just about the immediate partners. To start looking at the end-to-end supply chain or very least at your key partners and understand who their key partners are and so forth down the supply chain so that you can minimize your exposure to a disruption that may occur from one of them.” – Daniel Hartnett

“Continue to do comprehensive due diligence on any supplier. Know who your supplier is and know who their suppliers are, understand their physical security risks. Something that I would draw upon from my former military career is the notion of actively conducting supply chain risk exercises, and stress tests and tabletop exercises. These are great tools that are relatively cost effective, but you can find a lot of little problems that creep out by doing these and then put the team in place to actively mitigate them.” – Daniel Hartnett

“If you're going to be looking at risk for what's actually happening on the ground and how you're going to react to it, being proactive is key. If staffs are not in place right now to put those proactive things in place or to oversee the proactive measures, the audits of the physical security part or whatever you have in place. In tying back to the previous podcast where we talked about the virtual security director, the virtual security manager, I think this may be a good solution for a lot of the retailers out there that are in the supply chain that are seeing these problems. If you don't want to increase your payroll, however, you do have a solution that you can fall back on—bringing in a subject matter expert who can oversee your program, perform the tabletop exercises, know where the problems are and put programs in place that deal with those issues.” – Steve Palumbo

Talk to a Kroll Expert

Kroll is ready to help, 24/7. Use the links on this page to explore our services further or speak to a Kroll security risk management expert today via our contact page.