header image

From Supply Chain Due Diligence To Supply Chain Transparency

Tom Crooke, Harriet Lord 15 September 2020
15 September 2020    Tom Crooke, Harriet Lord

From Supply Chain Due Diligence To Supply Chain Transparency – Taking Corporate Responsibility Seriously

Download the pdf

Changing Tides:

The COVID-19 outbreak has fundamentally changed the way businesses around the world operate. Even as the world begins to take tentative steps out of lockdown, the impact of socially distanced workplaces, enforced home working and furlough schemes is likely to be felt for months, if not years, to come.

The pandemic has also had a profound effect on how businesses are judged. Companies have been subjected to intense scrutiny over their response to the virus, and what they have – or haven’t – done to protect their employees, suppliers and customers. Although we may see firms placing a renewed emphasis on corporate responsibility, in many ways COVID-19 has thrown into stark relief a range of pre-existing trends when it comes to supply chain transparency and ethics.

Download the pdf

Even prior to the pandemic, companies were increasingly confronted with abuses in supply chains – dangerous working conditions, forced labour, child labour, insufferable living conditions, environmentally damaging manufacturing processes, payments of bribes and corruption. In some parts of the world, the global trade of natural resources has funded conflict and instability. The complex nature of global supply chains allows businesses and consumers to feel remote from these abuses, and to feel removed from any responsibility to prevent similar occurrences in future.

However, pressure is growing on companies to take responsibility for the integrity and sustainability of the whole of their supply chains, from beginning to end. Pressure is also mounting for companies to demonstrate publicly and transparently that they are taking these responsibilities seriously.

International businesses have become accustomed to the requirement, driven by regulation, to root out any bribery and corruption, sanctions or money laundering risks. Wide-reaching exposés, from the Panama Papers in 2016 through to the Luanda Leaks in 2020, have brought global exposure to the systemic damage caused by bribery, corruption and money laundering.

Meanwhile, some terrible accidents have drawn increased public scrutiny to the human costs of ignoring or obscuring supply chain constituents. Labour and environmental conditions within the supply chain are becoming a matter of strategic importance, similar to anti-corruption and anti-money laundering obligations. This has prompted some companies to lead the way on full supply chain transparency, allowing their customers to interrogate the provenance of the items in their shopping baskets.

Supply chain transparency practices vary immensely among companies. Many companies’ due diligence is still focused on their direct suppliers; only very few are connecting and engaging with their direct suppliers to carry out deeper investigations along their entire supply chains and provide investors and consumers with detailed information about their findings. There’s a variety of reasons for this – full supply chain due diligence can be challenging, especially as supply chains don’t remain static but flex in line with variable factors such as local prices, weather and harvest conditions. It can also be costly – the more links in the chain a company investigates, the more cumbersome and time-consuming this will be. However, increasingly supply chain transparency and accountability are becoming a core part of companies’ missions; something that is expected by consumers and necessary for success.

There are also wider benefits to the business. Having a greater understanding and more granular data on its supply chain helps a company become more dynamic and more resilient to change. A company is going to be slow to react to a disruption in its supply chain – a fire or a bankruptcy, for instance – if it doesn’t even realise the affected producer is one of its ultimate suppliers. Timely and accurate supply chain information and communication reduce waste, enabling quick reactions to changes in demand and allowing manufacturers to ship only as much product as can be sold. Similarly, good supply chain data helps companies keep track of quality – when toy retailer Mattel had to recall large numbers of toys that had been contaminated by toxic lead paint in 2007, the incident was attributed to a contractor that had switched to an unapproved supplier to overcome a temporary supply shortage.[1]

 

Sharp shocks

The Rana Plaza factory collapse in Bangladesh in April 2013 was a wake-up call for many consumer businesses. That catastrophe led to the death of more than 1,100 workers and injured more than 2,500, in many cases leaving them unable to work. In the wake of the disaster, several Western retailers discovered that they had sold clothes sourced from the factory; even more woke up to the fact that they had very little idea where the clothes they sold actually came from. These retailers have since come under increasing public pressure to take responsibility for exactly where and how their products are made.[2]

The Rana Plaza collapse grabbed headlines, but it was by no means a one off. In 2012, a fire in Bangladesh’s Tazreen Fashions factory killed more than 100 workers;[3] in the same year, Pakistan’s Ali Enterprises factory also burned down, killing more than 230 workers.[4] In both cases, the disasters were linked to criminal negligence on the part of the factory operator, and in both cases the factories’ products were destined for Western markets.

Until these tragedies occurred, there was virtually no public information that allowed consumers to trace the link between these factories, the companies sourcing from them, and the shoppers buying these products. Companies viewed the identity of supplier factories as sensitive business information and argued that disclosure would undermine their competitive advantage.

 

Conscientious consumers have begun to take more notice of where the goods in their basket come from. Some ethical programmes, such as the FairTrade movement, have existed since the 1960s. However, ethical consumer spending is reaching new heights. According to 2019 study, ethical consumer spending in the UK has increased almost fourfold in the past 20 years, significantly outstripping comparative growth in all other UK household expenditure.[5]

 

COVID-19

The COVID-19 pandemic has already led to a complete paradigm shift across many aspects of corporate culture. However, less attention has been paid to how the outbreak has simply accelerated changes which were already well underway. The shift towards working from home and flexible working patterns had been discussed in boardrooms and newspapers for decades; the enforced lockdowns across much of the world has made these practices universal for the first time. Similarly, as shown above, the focus on corporate responsibility and ethical concerns over supply chains is nothing new, but the pandemic has shown these concerns can make or break reputations, especially in a crisis.

For example, in July, fashion group BooHoo was the target of various allegations concerning conditions at one of their suppliers, based in Leicester, England. Although the reports contained familiar themes – such as workers being paid below minimum wage – a major focus was the allegation that BooHoo’s supplier had forced employees to continue to come to work during the lockdown. Leicester was subsequently forced to remain in lockdown due to high infection rates, even as the rest of the country began to ease regulations, with speculation that conditions at the city’s garment factories may have played a role. BooHoo subsequently announced a full independent review of its supply chain, including a commitment to spend GBP 10 million on addressing instances of malpractice.

Even as lockdown measures are eased, companies’ behaviour will remain under scrutiny. It is hard to imagine that the inevitable wave of inquiries and investigations won’t include close examinations of how companies adapted their supply chains and upheld ethical standards.

Forcing businesses to take note

The business model of a typical multinational corporate extends well beyond those assets and individuals directly owned or employed by the company. These companies are heavily reliant, and therefore to some degree indistinguishable, from their third-party relationships and elongated supply chains.

Supply chain due diligence has been driven by government regulations. The 1977 US Foreign Corrupt Practices Acts (FCPA) and 2010 UK Bribery Act obliged companies to place greater scrutiny on how their business deals were being made, extending a company’s obligations beyond its immediate employees and requiring them to vouch for the integrity of their suppliers, distributors, vendors, consultants, partners and intermediaries.

 

A significant proportion of high-profile bribery cases worldwide have involved bribes paid by third parties…In January 2020, Airbus reached a joint settlement with the US, French and British authorities and agreed to pay a USD 4 billion fine to settle an international bribery and corruption investigation. Airbus was accused of supporting a global network of third-party sales agents who paid substantial bribes to secure contracts for Airbus in 16 countries around the world. Other companies have tackled similar challenges – in 2019, Ericsson agreed to pay USD 1.2 billion to settle a bribery case brought by the US Department of Justice. The company had turned a blind eye to millions of dollars of payments made on its behalf by third-party agents and consultants to government officials. In 2017, Rolls Royce paid a GBP 671 million settlement to resolve charges that intermediaries had made payments to secure contracts for the company in 12 countries.

 

More recent legislation has broadened supply chain diligence requirements to encompass human rights concerns. In 2015, the UK Modern Slavery Act included a requirement, modelled on Californian legislation, for companies to consider slavery risks and labour abuses occurring along their whole chain of operations. In 2017, France introduced legislation that obliged larger companies to implement plans to prevent human rights abuses in their supply chains.[6]

In 2010, the US passed Section 1502 of U.S. Dodd Frank Act, the conflict minerals provision, which requires publicly-listed US companies to mitigate against the risk that by buying certain materials, they are inadvertently financing fighting in conflict-stricken areas around the world.[7] In 2017, the EU adopted a similar conflict minerals regulation, the due diligence and disclosure obligations of which come into effect in January 2021.[8]

 

 

 

However, even regulators admit that a compliance-based approach to due diligence is not fully effective and that integrity concerns need to be integrated into a company’s core culture.[9]

From compliance to candour

The first move to supply chain transparency came in the late 1990s and early 2000s when US college students began putting pressure on suppliers to disclose the details of the factories producing US college clothing. The campaign, United Students Against Sweatshops (USAS), encouraged universities to include supply chain disclosure as part of their licensing agreements with companies supplying university branded clothing.[10] In 2005, Nike went a step further by publishing information about all of its supplier factories for all products, not just those linked to university contracts.[11]

In April 2019, H&M became the first global fashion retailer to publish details on individual suppliers for each of its items of clothing. Customers can access this information through the online store and can also check the origin of a specific garment when shopping in physical stores, by using the H&M app to scan the price tag on each product. This is a massive undertaking: the H&M group sells an estimated three billion articles of clothing per year; and it works with around 800 suppliers in 40 countries worldwide. At the moment, information provided is relatively limited. H&M shoppers can find out the name of the supplier or subcontractor where a garment was made, the factory address, and the number of workers employed there.[12]

Companies in other sectors are pursuing similar programmes. British supermarket Marks & Spencer hosts an interactive map on its website, which allows interested customers to see supplier factories by location, and access data on the product, work force statistics and registered address of each supplier.[13] In 2019, Nestlé published supplier data for its top 15 raw materials and stated that it was committed to achieving full supply chain transparency.[14] In future, Nestlé intends for all its products to have a QR barcode that can be scanned to access information on suppliers.[15]  

Whilst none of these programmes yet includes an assessment of working conditions or accreditation of the supplier factories, they are important first steps towards supply chain transparency, consumer consciousness and corporate accountability.

 

A moving target. One of the big challenges of end-to-end supply chain due diligence is that supply chains can be very dynamic and sourcing arrangements can change quickly. Some companies are pioneering tech solutions, including blockchain technology, to improve the accuracy of their supply chain information. A potential downside to a tech-focused approach is that it may risk excluding some producers: the beginning stages of many supply chains have yet to be digitised, and there are large numbers of businesses that still operate a paper-based system. However, when abuses are uncovered in supply chains, ignorance is not really a sufficient excuse. If journalists and charities can find out about abuses taking place in a supply chain, it’s a fair argument that the company should be able to find out first.

 

What does effective supply chain due diligence look like?

Many companies already have a standard due diligence process to identify corruption, fraud and money-laundering risks in relation to their business partners. There is no reason not to apply the same level of rigour to rooting out human rights risks in a company’s supply chain. In fact, these integrity risks are often interlinked and can be investigated simultaneously within an enhanced due diligence investigation.

The core principals of an effective supply chain due diligence programme are:

1. Data capture and consolidation: Having a current and accurate understanding of third parties is crucial for effective supply chain due diligence. Use a third-party management system to organise the information and ensure it is easily accessible to everyone who needs it.

2. Risk assessment: It is probably not practical to conduct full investigative due diligence on all third parties in a supply chain. Most companies use a risk-based approach to rank their external partners, allowing them to focus more attention on their riskiest relationships. Criteria that a company may use to assess their third parties include the nature and size of the relationship with the third party, and in what industry and country the third party is operating. During the risk assessment process, company information should also be screened against a risk and compliance database – initial red flags, such as political exposure, may increase the risk profile of a third party.

3. Layered due diligence: Many companies use a layered approach to due diligence. For the lowest-risk partners, the red flag screening conducted during the risk assessment phase may provide sufficient assurance. However, for higher-risk partners, most companies will conduct tiered enhanced due diligence:

  • Public record due diligence – detailed open-source research on an individual or organisation against multiple public sources in multiple languages. This will include an investigation of company documents; a review of local and national civil and criminal litigation records; an analysis of any regulatory action against the company or associated individuals; sanctions and watchlist checks; checks of bankruptcy or insolvency records; political exposure analysis; local and foreign-language media analysis; and social and professional network analysis.
  • Investigative due diligence – sometimes public record analysis is not enough to provide the granularity of information needed to be sure of the track record or integrity of a partner. This may be the case when there is limited information available in public sources, perhaps because of censorship in the country where the partner operates or because the partner has a very small profile. It may also be the case where there is conflicting information online or where negative rumours are identified but not substantiated. In these instances, companies often conduct investigative due diligence, enlisting human intelligence sources to elicit feedback on the third party’s reputation and provide expert regional insight and contextual analysis.

4. Risk mitigation: once due diligence has established a clear assessment of a partner’s risk profile, risk mitigation may be required. In the most severe cases, this may involve terminating a third-party relationship, but generally risk mitigation includes the provision of training and guidance to third parties and creating an internal risk plan to ensure appropriate management of the relationship.

5. Continuous monitoring: Due diligence needs to be an ongoing process. Changes to a third party’s ownership or adverse events involving the third party may suddenly significantly increase the risk associated with the relationship. The most effective way to conduct continuous monitoring is to adopt a third-party management system that is able to screen partners’ details against a risk and compliance database on an ongoing basis.

6. Regular review: supply chain risk management should not be static. An organisation’s risk tolerance may evolve over time, or the nature of a company’s relationship with a third party may change, exposing it to greater risk. In addition to ongoing monitoring, companies should regularly review the basic principles underlying their risk scoring and periodically refresh their enhanced due diligence on key partners.

 

Supply chain diligence should be a C-suite concern

Supply chain due diligence is no longer the sole preserve of the supply chain manager or compliance officer. Increasingly, as tracking technologies make it possible for firms to provide a large degree of transparency to customers, market-leaders are making a virtue of the provenance of their produce. This means that the quality, safety, ethics and environmental impact of a supply chain can have a significant impact on the overall success of a company, and it is no longer acceptable to maintain a tactical degree of separation from producers in a supply chain. Today’s consumers expect companies to take responsibility for the social impact caused by their commercial operations, and adverse events affecting third parties can have a big impact on a company’s reputation.

A commitment to an ethical, humane and sustainable supply chain needs top level buy-in within a company, with clear backing from the Board and real champions at senior executive level. The company’s leadership must then empower internal teams with the resources they need to maintain proper oversight of upstream suppliers, and there has to be a company-wide culture that genuinely identifies an ethical supply chain as a priority. Any companies not yet taking this seriously will have a lot of lost ground to make up.

 


References

[1] 2007 Annual Report, Mattel

[2] ‘Why Won’t We Learn from the Survivors of the Rana Plaza Disaster?’, The New York Times, 24 April 2018

[3] ‘Bangladesh textile factory fire leaves more than 100 dead’, The Guardian, 25 November 2012

[4] ‘More Than 300 Killed in Pakistani Factory Fires’, The New York Times, 12 September 2012

[5]Twenty Years of Ethical Consumerism’, The Co-Op, 2019

[6] ‘Tighter standards of conduct for supply chains’, The Financial Times, 16 November 2017

[7] https://www.sec.gov/answers/about-lawsshtml.html#df2010

[8] https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32017R0821&from=EN

[9]Transforming culture in financial services’, Financial Conduct Authority, March 2018

[10] USAS

[11] ‘The Transparent Supply Chain: from Resistance to Implementation at Nike and Levi-Strauss’, Journal of Business Ethics, 19 May 2011

[12]Sustainability Report 2018’, H&M Group

[13] Marks and Spencer interactive supplier map

[14] Nestle - supply chain disclosure

[15] ‘Carrefour – Nestlé Blockchain: Technology for food transparency with Mousline!’, Nestle, April 2019

To discuss this article or other industry developments, please reach out to one of our experts.

Tom Crooke
Tom Crooke Director Email Tom
Harriet Lord
Harriet Lord Director Email Harriet

CYBER INCIDENT RESPONSE: PERSPECTIVES FROM INSIDE THE RISK ECOSYSTEM

In our latest report, we examine a cyber incident from the perspective of several key stakeholders.

Download Report