Sun, Apr 3, 2016

Issues in Identifying and Removing Supply Chain Risk and Fraud

Supply chain risk is a vast, complex, and fascinating subject. This article aims to present just a few practical aspects of supply chain risk management.

I have spent the last 15 years helping clients from a wide range of industries manage specific aspects of their supply chain risk — namely, how to successfully identify and mitigate the risk of exposure to corruption, bribery, sanctions, and money laundering. Add to these the risks of fraud, financial default, commercial disputes, involvement in illegal activities, unethical business practices, conflict minerals, child labour, and criminal exploitation and you are still only scratching the surface of the plethora of supply chain pitfalls every multinational could be exposed to on a daily basis.

The consequences of getting it wrong are varied, can be business critical, and include:

  • Business continuity issues leading to loss of revenue
  • Failure to uphold your company’s ethics and code of conduct
  • Reputational fallout that directly impacts share price
  • Regulatory breaches leading to fines
  • Greater vulnerabilities to fraud
  • Brand dilution and loss of intellectual property
  • Grey market and counterfeiting issues

Regardless of their specific geographic spread and sector of activity, most companies face similar supply chain challenges. Similarly, the ones that best manage these risks all tend to apply the same basic principles.

Don’t put all your eggs in one basket
While this seems obvious, companies all too regularly forget that some form of supply chain diversification remains one of the crucial ways to mitigate a whole range of risks.

Supply chain vulnerabilities greatly increase when companies become over-reliant on a particular country or region. For example, a country could be unexpectedly hit by sanctions, embargos, or negative macroeconomic changes, and an entire region could suffer from black swan events such as a widespread pandemic or natural disaster. Focusing on too small a set of suppliers can also be risky, leaving you in a weak negotiating position and vulnerable to suppliers’ ability to deliver goods or services crucial to your wider business. For a global retailer sourcing a great number of fresh vegetables from Sri Lanka, a sudden breakdown of relations with India leading to a trade embargo would instantly create the risk of empty shelves. Likewise, the Ebola outbreak caused significant disruptions to companies reliant on regular deliveries of raw materials from southwest Africa. More recently, wholesalers and retailers of seafood are scrambling to find alternative suppliers of frozen fish and shellfish in the wake of widespread outrage at the sub-human working conditions recently exposed in parts of this supply chain. This resulted in the European Union considering a possible ban of Thai seafood.

If it appears too good to be true…
This old adage runs just as true for suppliers as it does for other commercial relationships. All too often, we see clients waste time and effort pursuing suspiciously advantageous commercial relationships, only to later find that all is not quite as it first appeared.

“Too good to be true” situations remain a clear indicator of fraud. For example, at a time when crude oil prices were at an all-time high, multiple airlines were approached by intermediaries all claiming that they could secure aviation fuel at market-defying prices. Some of our more pragmatic airline clients wanted a second opinion: “This feels like an attempt to defraud us, but can you look into it in case it turns out to be a legitimate offer.” Other companies, to their regret, only dismissed these fraudulent approaches after investing a considerable amount of time and resources in trying to secure deals with ultimately fictitious counterparties.

In another scenario, a car parts manufacturing company entered into a relationship with an Asian partner to set up a new manufacturing facility in China. The cost of moving production to this site was a fraction of the next nearest offer. It took the car parts manufacturer nearly three years to discover that their new Chinese partner was also using the facility that they had funded to industrialise the hitherto smaller scale counterfeiting of their products.

Stay ahead of regulatory changes
While many supply chain risks remain the same, legal and regulatory obligations to address these risks are ever-changing, and the trend for the last 10 years has been all one way: greater regulatory pressure and greater penalties. Along with a raft of new national anti-bribery and anti-corruption legislation, anti-trafficking, anti-slavery, and anti-labour abuse acts are coming into play. Most significant of these is the UK’s Modern Slavery Act, which became law on March 26, 2015, came into force on October 29, 2015, and has wide-ranging extraterritorial applications. This UK law consolidates previous UK legislation tackling slavery and child labour and human trafficking offenses, and demands that organisations make public the steps they are taking to ensure that modern slavery offences are not taking place in their supply chain.

Know who you are dealing with
Many supply chain risks can be identified, and hopefully mitigated, by simply ensuring that all third parties are put through a systematic risk assessment process followed by a proportionate and adequate level of integrity due diligence. This should always include:

  • Some form of disclosure or due diligence questionnaire
  • An internal information-gathering exercise to ensure no one within your organisation is already aware of potential issues in the background of the third party
  • An appropriate level of know your customer checks based on the risk associated with the third party
  • Ongoing monitoring of the relationship

Don’t forget to ask the obvious questions
Sometimes, just asking the right question will allow you to spot clear risks that could otherwise have gone undetected and unaddressed:

  • Do you know the identity of your suppliers’ ultimate beneficial owner(s)?
  • Can you see a clear rationale for their business model or invoicing structure?
  • Are you aware of their full range of service and countries of operations (and are you happy that these are compatible with your organisation)?
  • Do you know the extent to which your suppliers are dependent on local officials (for permits and authorization or as a sales channel)?

In Bulgaria, the head of operations of a large multinational happily divulged on a conference call with the company’s U.S.-based legal counsel and a prospective supplier of medical equipment, that the firm had secured a dominant position in a certain segment of the market after gifting a flat in Varna to a local government official. Likewise, failing to realise that your Turkish distributor is planning to distribute your goods or services to Iran (in full compliance with Turkish law) can lead to unplanned and unwanted exposure to a raft of sanctions.

Accept that your entire organisation needs to maintain a consistent level of control and vigilance

Your supply chain risk mitigation measures are only as good as the weakest part of your wider organisation. Picture a scenario where a holistic and well-managed compliance program is in place in all your core operating companies. All suppliers are put through a comprehensive risk assessment program, self-certify their adherence to your code of conduct, and are monitored on an ongoing basis. The program is centralised and supervised by a team in your corporate headquarters, constantly evolving, and is acknowledged to be a model of best practice. Despite this, if just one of your subsidiaries fails to implement these same measures, your entire program is potentially at risk.

Examples of the risks of having an inconsistent approach across a large organisation are not hard to find. Walmart, a company widely lauded for having a best-in-class anti-bribery and anti-corruption program in the United States, made the headlines after being fined for compliance deficiencies in its Mexican operation. Likewise, HSBC found out the hard way that compliance in newly acquired Latin America subsidiaries was nowhere near as stringent as that of its core operation.

A similar failure occurred at a UK company I was working with. This entity maintains a rigorous and comprehensive screening program for all its suppliers and overseas commercial agents. However, the company found, to its dismay, that a potential distributor who had failed its vetting process — after due diligence identified suspicious payments to government officials to secure contracts in India — had later been approved as a distributor by one of its overseas subsidiaries. This subsidiary did not run the same level of checks on its third parties, and the group did not share the results of due diligence conducted by each entity. The outcome here was that a distributor rejected by one group company still ended up representing another group company in India — the market where specific corruption allegations had already been identified and documented.

Aim for a holistic approach
I suggest “aim for” a global and cross-divisional approach to supply chain risk management because in larger organisations, this is likely to be a long-term aspirational goal rather than an immediately achievable tactical win. In many situations where a serious supply chain issue is identified, there is often some part of the affected organisation that will have been, at least in part, aware of signs that things were not quite right with particular suppliers. Your procurement team might have had problems during the on-boarding process, your in-country team might have become aware of unflattering rumours about the supplier, the quality of the goods or services might have been a concern for one of your operating units, or your accounts payable team may have spotted worrying patterns in the supplier’s invoices.

Aligning the knowledge of your commercial teams, who typically have a relationship with the supplier, and the risk awareness of your control functions (compliance, brand protection, legal, internal audit) will go a long way towards identifying and removing risk and fraud in your supply chain.

The cost of getting it wrong not only includes financial losses, fines, and legal costs linked to supply chain fraud and breaches of anti-bribery and anti-corruption legislation, but also serious reputational damage to a company’s brand, particularly where human tragedy of labour force abuse is uncovered in the supply chain.

This article originally appeared in Fraud Intelligence.

Compliance Risk and Diligence

The Kroll Investigations, Diligence and Compliance team partners with clients to anticipate, detect and manage regulatory and reputational risks associated with global ethics and compliance obligations.

Intelligence, Transactions and Due Diligence

When organizations worldwide need intelligence, insight and clarity to take decisive action, they rely on Kroll.