Fri, Sep 28, 2018

The Hidden Threats in Your Supply Chain

While natural disasters or civil disorder are viewed as the most disruptive and costly supply chain risks, fraud or breaches of environmental or human rights laws are far more common – and often more damaging – than geopolitical black swan events.

In fact, they are becoming a much greater concern for international corporations, as evidenced in Kroll’s 2017/18 Global Fraud and Risk Report, which shows these insidious supply chain risks are on the rise.

Because supply chain and procurement functions are typically quietly embedded in any given international corporation’s key processes, they are a potential source of fraud and reputation risk. This is reflected in responses from the companies queried in our survey, where more than 30% indicated that vendors and suppliers were the key perpetrators of fraud incidents. This is up four percentage points from last year’s survey.

This article briefly outlines some of the most common supply chain risks that Kroll has seen in our engagements and offers strategies that organizations can use to identify and mitigate risks in a proactive way:

 

Unethical Business Practices

In the last year, investigative media exposed numerous instances of forced and child labor, land-rights issues, and poor working conditions in the supply chains of prominent international brands. This often resulted in protracted internal investigations and fundamental damage to brands. For example, a chemicals company supplying the cosmetics and car manufacturing industries was named in the media as using suppliers of mica who source this mineral from illegal mines in India using child labor. Half a dozen of the world’s leading car manufacturers were then attacked by pressure groups for not doing enough to prevent this. In another case, a leading Australian newspaper group was the target of a number of NGOs over their Korean supplier’s history of gross environmental destruction in remote West Papua, Indonesia.

 

Corruption and Bribery

Corruption and bribery are pervasive not only in emerging economies or third world countries, but also in more developed jurisdictions as well. Kroll recently assisted a client, the subject of an FCPA investigation, with a detailed forensic audit of the company’s books and records to examine payments to commercial agents and government representatives in 33 countries, while also carrying out extensive on-site document and accounting analysis in Libya, Angola, Brazil, and Russia.

 

Dealings with Sanctioned Entities and Organized Crime

Relationships and business activities deep in the supply chain can expose organizations to a host of risks, including links with organized crime and dealings with sanctioned individuals or entities. For example, recent in-house Kroll analysis found significant numbers of vessels used in worldwide commerce are beneficially owned or controlled by politically exposed persons, with others controlled by state-owned enterprises, potentially putting organizations at risk for dealing with sanctioned entities.

One recent case is also instructive: A whistleblower from the Singapore regional headquarters of a Japanese conglomerate informed management that an Indian vendor and one of its employees were colluding to fabricate work orders for non-existent repairs. The fraud represented significant annual losses, and subsequently led to the discovery of further vendor issues in Southeast Asia and beyond, including possible links to organized crime.

 

Product Contamination

Small contract violations can turn into big problems that can damage a company’s bottom line and brand. Take, for example, the case where an apparel company’s factory in Asia stops destroying blemished product and/or overruns. Instead, a factory owner, manager, or employee allows this product to enter unlicensed markets and sales channels around the world, damaging the brand owner’s margins and reputation. In another case, UK and European retailers discovered that some of their suppliers fraudulently allowed horse meat to enter their supply chain and to contaminate various beef products; they were forced into large product recalls and urgent and costly reviews.

 

Trade Secret and Intellectual Property Leaks

Brand owners that fail to properly evaluate the physical, IT systems, applications, and overall information security in use by their vendor face the risk of losing product and process technologies, as well as other trade secrets. In fact, contracted manufacturers themselves can become competitors. This was the case when a manufacturer of highly engineered and patented rubber bushings established a second business by producing an unlabeled version of the same product.

 

Supply Chain Risks are Amplified When Complexity and Complacency Converge

While these incidents may seem unusually complex, and therefore difficult for the respective companies to have detected, they are anything but unusual in today’s global risk environment. This in fact is the new norm in supply chain risk, and it demonstrates the increasing demands placed on global businesses to understand precisely who they are working with and what their activities are, no matter how distant a supplier may seem from day-to-day operations. Yet despite these risks and challenges, more than a quarter of global respondents said they have not adopted anti-fraud measures such as due diligence on partners, clients, and vendors.

Many cases involve third-country suppliers based in emerging markets, particularly South and Southeast Asia – and for good reason. Supply chain visibility in these regions is extremely challenging. Weak rule of law, unreliable corporate information, regular use of insulating proxy companies between controversial entities and global suppliers, and the profusion of third-country subcontractors ostensibly domiciled in relatively lower-risk countries such as Hong Kong, the UAE, and Singapore all contribute to this opacity.

Even long-term vendors or contract manufacturers present their own sets of risks. Management may often become too trusting or in some cases complacent about closely monitoring such relationships. At the other end of the spectrum, supply chain onboarding processes and audits at most corporations are typically insufficient to detect such issues, especially in multi-regional supply chains and for those operating in multiple emerging market environments.

 

Lessons Learned Translate Into Proactive Risk Mitigation Strategies

Lessons learned from recent incidents highlight the fact that many corporations share the same vulnerabilities when it comes to identifying unethical or fraudulent third parties. They also provide a road map for building more effective compliance programs.

  • Establish risk-based compliance programs. One-size-fits-all compliance can waste resources and often miss critical red flags of problematic behavior.
  • Seek independent verification of vendor integrity. Over-reliance on self-certification does not offer real assurance as to a vendor’s integrity. After all, a third party may sign your supplier code of conduct, but do they really comply?
  • Monitor historical relationships. Over time, the risk profile and compliance of a third party can change significantly and this should trigger additional scrutiny
  • Enforce audit rights or ask hard questions. This is especially critical when the relationship with a supplier starts to sours.
  • Centralize compliance processes. Many larger organizations have not centralized their processes and therefore struggle to properly identify their third parties. This makes applying a consistent approach to detect and monitor potential supply chain fraud extremely tricky and can have some distressing consequences. For example, all too often, we have seen a business unit continue to do business with a third party while the rest of the group may have decided to stop the relationship after issues were identified.

Once an organization has a firm grip on its supplier universe, protecting itself from fraud and reputational risk becomes a less daunting task. A common sense, risk-based approach should ensure that an appropriate level of due diligence is conducted on higher risk suppliers and a simple escalation process needs to be in place to ensure that potential breaches are investigated and dealt with in a proactive manner.



Compliance Risk and Diligence

The Kroll Investigations, Diligence and Compliance team partners with clients to anticipate, detect and manage regulatory and reputational risks associated with global ethics and compliance obligations.