Thu, Mar 12, 2020

The Role of Due Diligence in Mitigating the Impact of Coronavirus on Your Global Supply Chain

COVID-19 is wreaking havoc on global supply chains and business continuity plans of firms around the globe. Third parties spread across multiple jurisdictions up and down a company’s supply chain network are experiencing various levels of disruption. Despite the efforts of governments to minimize the impact of the epidemic, COVID-19 is likely to have a lasting effect on supply chains for several months if not longer beyond the pandemic’s peak.

Considering this unprecedented disruption, companies with global supply chains now face increased pressure to effectively manage their third parties. On the one hand, companies need to ensure the resiliency of the supply chain by rapidly identifying and possibly onboarding backup third parties to replace those that might be suddenly sidelined due to the effects of COVID-19. At the same time, however, companies need to continue to minimize their exposure to the legal and reputational risk inherent in relying upon third parties.

Here are several steps compliance officers can take to help meet both objectives.

  1. Understand your third-party ecosystem. This is a necessary first step to ensure you have a good baseline of who your third parties are and where they are located. Given that, as of now, some jurisdictions are harder hit than others, identifying where your third parties are located will help to build in potential redundancies and hedge against supply chain risk.
  2. Identify your critical third parties up and down the supply chain. Not all third parties are of equal importance. Some partners may provide you with a mission critical material, part or service. It is also important to not only focus on upstream suppliers, but also downstream third parties such as third-party logistics providers. Having your product delivered is of equal importance to getting it produced.
  3. Consider identifying important “fourth parties.” Fourth Parties—essentially the key third parties of your third parties—can become a serious liability to your operations if they are suddenly sidelined. Knowing who these key fourth parties are and where they are located could help minimize risk.
  4. Conduct proactive due diligence on potential alternate third parties. Screening potential backup third parties could help your firm minimize the time to onboard a new third party should a key supply chain partner be adversely affected by the epidemic. It could also prevent your firm from scrambling at the last minute if any red flags arise during your standard due diligence process.
  5. Diversify your third parties to minimize overreliance on impacted jurisdictions. Spreading your supply chain network across multiple jurisdictions could help minimize the impact of major disrupting events such as the COVID-19 pandemic.
  6. Consider assessing third-party business continuity plans during your due diligence process. Ensuring that your partners also have a plan in place to help them minimize any major disruptions will further shore up your firm’s supply chain resiliency. This step is critical for partners providing critical material, parts or services.

Unfortunately, the reality is that COVID-19 will continue to impact global supply chains for the foreseeable future, even after the pandemic peaks. While there is no silver bullet to avoid these types of major disruptions, compliance officers can proactively take steps to do their part to minimize the risk to their firm’s supply chain operations. Doing so will help ensure that your firm’s business continuity plans remain relevant during this major supply chain challenge.

Background Screening and Due Diligence

Comprehensive spectrum of background checks, screening and due diligence services.

Business Continuity, Resilience and Disaster Preparedness

In today’s fast-paced world, disruptions can happen anytime. Kroll’s full suite of business continuity, resiliency and disaster preparedness capabilities is designed to prepare your enterprise for unexpected risks and maintain competitiveness throughout the full lifecycle of any disruption.

Optimized Third-Party Cyber Risk Management Programs

Manage risk, not spreadsheets. Identify and remediate cybersecurity risks inherent in third-party relationships, helping achieve compliance with regulations such as NYDFS, FARS, GDPR, etc.