SUPPLY CHAIN RISK MANAGEMENT: LEGAL AND REGULATORY CHALLENGES
R&C: What do you consider to be among the key risks permeating global supply chains? Have any particular vulnerabilities been uncovered or highlighted over the last 12-18 months?
Turteltaub: There has been a lot written already about fragility exposed during the coronavirus (COVID-19) pandemic, especially when it comes to just-in-time procurement models. From a compliance perspective, the depth of the risk probably will not be fully realised for another year or so. Companies worked very hard, often heroically, to patch holes in their supply chain and keep the pipelines flowing. That meant onboarding a host of new suppliers quickly and often without the due diligence that was typical in the past. From a compliance perspective, there is a lot of risk there. Without the standard due diligence, which was not possible because of travel bans and other pandemic restrictions, there is a great deal less insight into issues such as human trafficking and modern slavery, conflict minerals, and who the ultimate beneficial owner may be. Over the next year or so, I think we will start seeing the cracks in the chain as companies realise that the vendor who bailed them out was not as reputable as they would have liked. That will likely lead to enforcement actions, and for organisations paying attention, a push to catch up on some of the due diligence they missed. One other thing to remember is that these days the supply chain is not just hard goods. There is a digital supply chain as well, and in it is a high level of data risk. Moving customer data poses great risk of running afoul of the General Data Protection Regulation (GDPR) and other regulatory schemes. In addition, with companies and their supply chains so integrated, there is an increased risk of a data breach and ransomware.
Jan-Mar 2022 Issue
Society of Corporate Compliance and Ethics