Posted by: Erika Peters, Managing Director and Supply Chain and Third Party Risk Management Practice, Leader, Exiger and Pete Viksnins, Associate Managing Director, Exiger
It has never been more important for management, much less Compliance teams, to have a truly clear picture of the strands of the modern supply web. The idea of a supply web as opposed to a chain is not a new one, but it helps us better understand the variety of third parties with whom businesses interact every minute of every day around the world. Having a strong understanding of that web has always made good business sense – after all, keeping quality high with dependable logistics and relatively low cost contributes directly to the bottom line. However, given geopolitical realities, things will never remain as simple as keeping a sharp eye on Cost of Goods Sold.
Enter the escalated war in Ukraine led by former KGB Colonel Putin (let us remember that 2022 is not the first time Russian troops have stepped into Ukraine, even within the 21st century), and the resultant tsunami of economic sanctions and trade controls that have followed, changing on almost a daily basis at this moment. And, of course, the business world is in an uproar over the need to rapidly understand where sanctioned entities or people might appear in their supply web.
But frankly, this is not a new expectation from governments – think also of the US UFLPA, the Uyghur Forced Labor Prevention Act that seeks to exclude the results of forced labor in China’s Xinjiang Uyghur Autonomous Region from global supply chains. Or perhaps the recent enactment of a law in Germany on human rights diligence or the UK’s Modern Slavery Act and its corollaries like the similar act in Australia. These and similar legislation around the globe require businesses to take reasonable measures to assure themselves that their goods and services have not been procured through the use of forced labor or other similar concerns. Of course, anti-corruption compliance personnel are deeply familiar with the imperative to assess business partners, as most FCPA settlements involve liability for third party actions.[1]
Further, obvious current trends are also expected to increase the pressure for companies to know their supply chains intimately – such trends include new ESG / climate change regulation, increasing cybercrime attacks, and the increasing use of cryptocurrency, for example.
Transparency Challenges
So, what’s the challenge? There are actually a few – for example, the goods or services themselves don’t typically bear a handy label that reads “Made in Xinjiang” or perhaps “Manufactured with components from sanctioned entities.” Particularly for commodities like cotton or petrochemicals, there is typically not a quick and reasonable way to discern their origin.
Further, suppliers are also aware of sanctions and legislation – and may have an interest in obscuring the origins of the goods or services being supplied. Thus, the phenomenon of “supply chain washing.” Just like money laundering, suppliers may engage in the familiar steps of placement, layering, and integration to make their goods or services appear as if their source is legitimate and legal. An insightful study published by Sheffield Hallam University called “Laundering Cotton” shows some of these steps via analysis of shipping data. The report’s thesis is as follows: “Based on international trade and customs data, we conclude that at the same time as Xinjiang cotton has come to be associated with human rights abuses and to be considered high risk for international brands, China’s cotton industry has benefited from an export strategy that obscures cotton’s origin in the Uyghur Region.”
These supply chain challenges exist alongside related trends like cybercrime, cryptocurrency crimes, and pandemic-related fraud. Many of us have seen the headlines about issues like the ransomware attack on Colonial Pipeline in the US, the seizure of $3.6 billion of laundered stolen cryptocurrency (that had in fact been stolen in a 2016 hack), or the plethora of pandemic-related frauds where various parties defrauded the Paycheck Protection Program or PPP. What may not be as evident, though, is that the precursors to such crimes are often played out, to our everlasting annoyance, on each of our individual smartphones and e-mail accounts every single day. The phishing e-mails that lead to huge business email compromise (“BEC”) schemes and the robocalls warning of serious consequences because of allegedly unpaid tax debt or student loan issues are truly incessant, and require our vigilance. And, from a business perspective, companies need both preventive and detective controls that must be dynamic because the risks evolve every minute.
How are businesses expected to stay on top of all these threats? Large or small, almost no business can afford to keep knowledgeable specialists in each of these fields on the payroll, much less to access and analyze the relevant data that changes every minute. Information Technology departments alone are swamped with the task of maintaining data security in the current era, particularly where many are still working from home and using a panoply of different devices for both business and personal purposes.
Technology Solutions
The solution, to some extent, mirrors the threat – as technology and geopolitical trends seem to enable criminals, so, too, can we take advantage of the environment to combat crime. Criminals and tyrants alike do not like to see light shone into dark corners. And the unity with which the world has come together to say to aggressors / abusers, “we’re mad as hell and we’re not going to take it anymore,” has been amazing to see, fueled by both technological connection and compassion.
Thus, we now use technology such as natural language processing, data visualization techniques, and analysis of both structured and unstructured data to shine light into the dark corners of global supply webs and untangle the risk presented by various business partners. While we’ve used these technologies for years now, they are reaching the point of maturity and sophistication where it IS possible in one click to identify whether your suppliers have connections to regions where forced labor is used, whether their data security is keeping up with the times, or if your supplier has an undisclosed connection to a government official that might impact your business’ anti-corruption compliance program.