Supply chain’s rise in prominence brings regulatory compliance into focus

Editor’s note: Leadership Lens, appearing online at scmr.com on the second Tuesday of each month, offers insight into leadership issues and how to address them. If you are interested in future topics, you can see a full list of upcoming topics on our Editorial Calendar.

As the supply chain has risen in prominence among C-suites, its leaders have gained new insights into the organization, and influence in the overall organizational strategy.

It has also come with new scrutiny. Scrutiny around spending. Scrutiny around customer experiences. And scrutiny concerning regulatory compliance.

“[Anti-bribery and corruption] laws are the legal frameworks established by various governments to combat unethical practices such as kickbacks, bribery, and other forms of corrupt practices in the public and private business sectors,” explained Sandeep Bhide, vice president of product management for ProcessUnity, in a recent Supply Chain Management Review 6 Questions With … feature. “The desired goal of the laws is to prevent such practices so that business can be conducted in a fair manner with high integrity and appropriate transparency.”

And that is just one area, which often flies under the radar of compliance. Sarbanes-Oxley Act (SOX) compliance is a financial concern. A more visible category is ESG—environmental, social, governance—requirements.

“Not only are supply chain networks vast, but so too are the considerations relevant to the concept of ‘ethical’ or ‘responsible’ sourcing,” said Tom Plotkin, special counsel at law firm Covington. “When we think of responsible sourcing, we tend to think of the most critical human rights issues like forced and child labor, but there are myriad other considerations, like broader labor rights, safe and fair working conditions, and impacts on communities. There are also environmental considerations, ethical and governance considerations, and questions about the social impacts more generally. Taking all of these concepts into account and considering how varied and complex they can be when layered onto large global supply chains, scaling becomes the biggest challenge.”

ESG, ethical sourcing and anti-corruption are just the tip of the iceberg when it comes to compliance. There is are also Securities and Exchange Commission requirements for public companies, there are a myriad of local and state regulations that differ by industry, and federal laws such as tax regulations.

What is regulatory compliance?

Simply put, regulatory compliance is when supply chains adhere to relevant regulations. It sounds simple, but in today’s supply chain environment, it is anything but.

Metricstream, which provides compliance solutions in various industries, says that regulatory compliance starts with the Holy Grail of supply chain: visibility.

“Perhaps the most important factor in compliance is understanding the supply chain, including all suppliers, sub-suppliers, components, materials, factories, and products, as well as the relationships between them. By mapping these components in a centralized system, companies gain more awareness of their product and supply chain, and are able to identify and mitigate risks quickly,” the company wrote.

Next, companies should understand and evaluate regulations, Metricstream noted. With most supply chains global in nature, that means understanding regulations in all areas the supply chain operates, not just in your home jurisdiction. Too often, supply chains respond to regulations in a “knee-jerk manner without sufficient knowledge of the regulations or their applicability,” the company said. Avoid this by becoming informed of what applies and how to comply.

Supplier management vs. supplier compliance

Many organizations address regulatory compliance through their supplier management programs. But to risk management firm RiskOptics, they are not the same thing.

“Supplier management is about the performance of your suppliers and implementing initiatives to streamline communications and drive efficiencies with those suppliers. It encompasses the entire lifecycle to ensure high performance and a mutually beneficial relationship,” it wrote. “Supplier management uses KPIs, metrics, and scorecards to monitor defect rates, lead times, and order accuracy. These tools help drive efficient supplier management by setting targets and establishing timelines for corrective actions.

Related Podcast

 

Talking Supply Chain: Resilience, technology and the White House

When the supply chain moved into the mainstream due to the high number of disruptions and rising inflation that drove up prices, consumers demanded answers. The Biden administration responded by creating the White House Council on Supply Chain Resilience. But what is that? Melanie Nuce Hilton, senior vice president of community engagement at GS1 US, joined Talking Supply Chain host Brian Straight to discuss the council, its purpose, and what it may be able to achieve as it prepares a report on the state of the supply chain for later this year.

Listen

 

“On the other hand, supplier compliance is related to regulatory compliance and assuring that your suppliers meet the same standards that your business does. It protects your business from compliance issues and cybersecurity risks that your supply chain and service providers could cause,” RiskOptics added.

RiskOptics said companies need to enact governance, risk and compliance (GRC) strategies.

“This involves conducting regular internal audits and leveraging tools like Excel, Microsoft solutions, and specialized software like AuditBoard to monitor your partners’ and suppliers’ compliance and security posture. These practices are integral to maintaining the health of your entire ecosystem,” it said. “For businesses relying on SaaS solutions, ensuring that these services are SOX-compliant is a key aspect of risk control. By systematically assessing the business processes, internal and external auditors can provide valuable insights into the compliance levels of suppliers.”

Data’s key role

The access to data and the evolution of artificial intelligence is making compliance easier in 2024. Data can help identify compliance gaps. “Often, a mix of activities such as audits, tests, and assessments are used to identify gaps in compliance efforts. These activities are usually conducted at various intervals for various regulations,” Metricstream said.

A key point to this, however, is ensuring data quality. Larger organizations collect massive amounts of data and it is important to analyze that data appropriately. Spreadsheets likely won’t enable effective regulatory compliance, so Metricstream advises looking for software that can parse the data correctly.

Plotkin said that follow up with suppliers is also an important part of the process.

“With respect to audits, it is helpful to have agreement from the supplier that it will comply with various requests to monitor for compliance with forced labor-related commitments,” he said.  “Potential forms of audit can range from information and document requests to announced and unannounced onsite inspections. Increasingly, companies are also reserving the right to request supply chain documentation in the event of a detention at the U.S. border. Related to audits, it is also helpful to reserve the right to require corrective action and remediation in the event of non-compliance.”

As complicated as the supply chain seems, compliance is even more complex. From local to global regulations, from ethics to corruption, organizations have a myriad of challenges in ensuring compliance. Building a regulatory compliance program starts in the same place that all supply chain success begins: visibility. And it should permeate the organization, becoming a team effort, from sales to logistics and everywhere in between.

The current state of forced labor awareness in the supply chain illustrates this point effectively, and offers a cautionary tale when it comes to regulatory compliance.

“I think that the current state of information on supply chain forced labor risks creates potentially significant legal exposure for companies,” explained Plotkin. “Simply put, there is a lot of information coming out about forced labor in supply chains. Information can come from any number of sources, including academic studies, NGO reports, media investigations, government publications, and emerging supply chain sustainability technologies. It can be difficult for companies to keep pace with this emerging information, assess its accuracy, and understand whether and to what extent it impacts the company's own supply chains.”

SC
MR