What COVID-19 taught us about supply chain risks

Global supply chains have been tested to the limit over the past 12 months. When Covid-19 engulfed Europe back in March last year, border closures and tightened controls triggered widespread delays. A surge in demand for essential items resulted in global shortages. Furthermore, lockdowns forced industries and manufacturers to shut up shop around the globe, with many going out of business.

Against this backdrop, supply chain management and compliance teams have come under increasing pressure, having to onboard and risk assess new third parties at a record rate and volume, just to stay afloat.

And supply chain disruption is not going away anytime soon. Analysis of Factiva, Dow Jones’s global news database, revealed that news reports of disruptions to the supply chain increased by almost 2000% following the onset of Covid-19.

Even now, media coverage is more than six times higher than pre-pandemic times. These events have forced companies to focus on their supply chain resilience and fully understand the risks material to their industry and the geographical markets they serve in the current Covid-19 world and beyond.

British businesses in particular are facing mounting supply chain risks. Brexit, coupled with the third national lockdown, has led to a significant spike in reports of supply chain disruption in December 2020 and January 2021.

With the British government set to introduce new checks and controls over the coming months, any organisation with complex, cross-border upstream and downstream third-party relationships and supply chain must be prepared for a new wave of disruption.

The past year has been a stark reminder of the fragility of the supply chain and wider third-party relationships; however there are steps business leaders can take to build resilience against future shocks.

Diversify risk profiles

Many organisations look to diversify their supplier base to mitigate risk. Taking a portfolio approach can be an effective strategy, ensuring that more than one supplier is in place for critical goods and services. But it is also essential to select third parties with diverse risk profiles. Having multiple suppliers in place does little to reduce risk if those businesses are themselves exposed to the same risk.

Compliance teams therefore need to ensure they have the fullest possible picture of their third and fourth parties. Too often, we see businesses only looking at the immediate counterparty, and not their broader network of suppliers.

The best third-party risk management programmes have introduced new checks to better understand their suppliers’ business continuity and infectious disease management plans. This could include adding pandemic preparedness and Covid-19-related risk questionnaires into the onboarding process, alongside gathering information relating to the broader network of companies their third parties rely upon.

These additional measures are ensuring companies conduct additional due diligence to assess whether the pandemic impact is a risk or opportunity to their operations, based on their jurisdiction, industry, and response.

Asking the right questions during times of volatility is non-negotiable. High turnover of suppliers could open the door to a flood of new third- and fourth-party risks, including bribery, corruption and modern slavery. Businesses need to invest in a robust and scalable third-party risk management process in order to keep pace with change, without cutting corners.

Digitise to de-risk

The pandemic has exposed a serious lack of digital literacy in the supply chain across sectors. The compliance teams that have coped best with these unprecedented levels of disruption are those that have access to good quality information, coupled with flexible procedures, embedded through risk-focussed software to screen and onboard and assess third parties quickly and effectively.

Such technologies can help organisations quickly scale up or scale down the number of third parties they work with, as well as offering more visibility into their network of third-party engagements.

But it’s also important to remember that risks are never static – particularly during such unpredictable times, when a previously stable and low-risk vendor or supplier could suddenly pose a substantially increased set of risks, given the evolving situation.

Automating the continuous monitoring process means that changes or red flags affecting the risk profile of all third-party engagements are flagged immediately – enabling businesses to address issues as soon as they arise and take pre-emptive action with third parties of a similar risk profile.

The use of negative news from reputable sources can be instrumental when identifying and managing supply chain risk. Adverse media coverage allows compliance teams to continuously screen and monitor their third parties against current, relevant data - including Covid-19-related risks.

Examples of such coverage includes: reports of companies suspending operations; being affected by supply chain disruptions; or having severe financial issues; all of which are important red flags. Adverse media monitoring is now recognised by regulators as an integral part of the third-party due diligence process, and helps organisations keep on top of potential risks as they emerge, in real-time.

The pandemic has taught us that technology-led compliance isn’t just best practice – it’s an essential standard, which will enable businesses to safeguard the integrity of their supply chains and wider third-party relationships, and maintain business continuity in this volatile environment.

Cut corners at your peril

The past 12 months have taught us a number of lessons about mitigating risk in the supply chain. Namely, the organisations that take a more proactive approach are less likely to experience damage to their brand, product and customer satisfaction in the event of disruption.

Furthermore, these companies are able to pre-empt circumstances which could lead to potential illegal or unethical behaviour across their third-party engagements.

Criminal liability and fines, disgorgement of profits, forfeiture of assets and loss in share value - these are the consequences companies face for failing to prevent illegal or unethical activity by the third parties with which they work.

Armed with complete knowledge across the breadth and depth of their supplier and third-party interactions, organisations can ensure greater resilience and minimise supply chain risk in the future.

After all, the supply chain is no stranger to disruption - natural disasters, geopolitical instability, price hikes and cyber-attacks are all threats that, beyond the current pandemic, business leaders need to prepare for.

Julia Salmond, is head of Third Party Risk Management, Dow Jones Risk & Compliance

---