The push for more ethical behavior in supply chains isn’t necessarily altruistic in nature, but largely because it has a real impact to a company’s bottom line. At the same time, risk-management teams are acutely aware of two main drivers that could lead to an unexpectedly red bottom line:

1. The unabating regulatory requirements being imposed on companies at both the direct and third-party relationship levels. For example, the German Supply Chain Act envisions fines for failure to assure that the supply chain doesn’t include modern slavery or human trafficking. In the U.S., the Uyghur Forced Labor Prevention Act (UFLPA) and related regulations place similar expectations on companies for taking reasonable efforts to exclude goods and services generated by forced labor in China’s Xinjiang Uyghur Autonomous Region. These two examples require quick implementation, with results to be demonstrated within the next six to 12 months.   
    
2. The need to protect an organization's reputation from the impact of poor supply chain social risk-management processes, where damage to the organization's reputation can lead to the loss of brand value and customers. Activist investors are no longer a fringe group, but are exercising great leverage to require companies to truly understand their supply chains from a social risk perspective.

The global increase in regulations makes visibility of the supplier and vendor base a high priority, requiring quick mitigation strategies. Investments in vendor and supply chain risk transparency are critical, in response to the modern-day speed of information and impact of social media. A negative post can go viral around the world in hours. All these factors mean that organizations need to invest in systems and processes that provide transparency and insight into their vendors and supply chains. A recent global market study of over 300 risk management professionals by Exiger and Stax Inc. found that 77% of large companies saw the need to monitor risks of suppliers down to Tier 3 or deeper.

Labor-related supply chain risk management must account for prohibitions on child labor, forced labor, slavery, disregard of occupational safety and health obligations, withholding of adequate wages, and bans on the right to form trade unions. These are all part of the “S” in ESG, and are no longer just a “nice to have” element of an ethics program, but rather a supply chain imperative.

Despite companies becoming aware of the need to do something, the challenge for many is identifying how to do this at scale, when they often need to screen thousands, and sometimes tens of thousands, of suppliers. This is compounded by the fact that the regulations increasingly require them to carry out appropriate due diligence activities throughout the multi-tier supply chain, where they suspect that poor labor practices may exist. Many companies have historically relied on manual processes, which means they’ve had to choose among less due diligence, longer supplier onboarding or monitoring timelines, and a higher risk appetite for unknown exposure that could be brought to light by the consumer, instead of being proactively controlled by the organization.

Another significant challenge is the ability to analyze disparate data from multiple sources, particularly given that it changes from day to day. Shipping data, for example, changes at least daily as new shipments are loaded or unloaded, while in the past few weeks Russia and Belarus sanctions have changed at nearly the same frequency. Key supply chain social risk source data can be both dynamic and voluminous.

As with many pressing questions, technology can enable solutions — provided that it can scale in line with the overall digitization of the supply chain.

Any fit-for-purpose solution should include the following four key attributes:

• Due diligence on critical suppliers should include data on direct owners and ultimate beneficial owners. It’s imperative to dig into supply chains beyond the first-tier supplier, to avoid issues of “supply chain washing,” where the true origin of goods is obscured. All due diligence results should include a risk assessment process to flag only high-risk suppliers for further mitigation as needed. This is both a regulatory expectation as well as fundamentally economic, as resources should be aligned to combat the areas of greatest risk.
   
• The tools to help this process should be appropriately scalable and make use of a mix of data sources, including social media, to minimize the chance of significant social issues going undetected. For example, does your existing solution pick up on foreign-language social media posts, indicating poor working practices in a factory? Have you considered the potential indicators provided by supplier financial distress or ownership structure in your consideration of social issues in your supply chain? All other things being equal, entities with opaque ownership structures might not be transparent about, or caring of, their workforces.
   
• A comprehensive risk analysis carried out with direct suppliers should also be capable of supporting a risk-prioritized approach, to understand which links in the multi-tier supply chain warrant further investigation. It should also seek to uncover product-relevant parties within the supply chain that present significant risk exposure. Mapping of the supplier’s suppliers should be highly automated; any effort attempted manually would rapidly overwhelm a human analyst. Such an analysis should also include the ability to automatically issue appropriate questionnaires (or other risk-reducing steps) to high-risk suppliers and supply chains once they have been identified. 
   
• The solution needs to support the ongoing audit and reporting capabilities that are required under global regulations. They need to be easily integrated into the overall performance metrics used in supplier relationship management. Information generated by due diligence results can be a powerful part of the operational toolset — the more you know about your suppliers, the better off you’ll be in protecting yourself from liability associated with improper behavior. You’ll also be better armed with information when negotiating your next transaction.

As organizations are asked to do more with less, they’re becoming increasingly dependent on third parties to operate the business. The vendor base can comprise tens of thousands of entities, so investing in technological solutions now is the only way to make it through regulatory reporting requirements, and proactively manage consumer concerns. The pressure to purchase technology should not undermine the importance of finding a solution provider that has the appropriate subject matter expertise and global capability to support a multinational.

Erika Peters is global head of third party and supply chain risk management at Exiger LLC.

Read more of SupplyChainBrain's 2022 Supply Chain ESG Guide here.