Companies need to be aware of the supply chain risks inherent in shifting vendors.

The notion of reconfiguring global supply chains has gained traction in recent years as a means of avoiding costly disruptions. The COVID-19 pandemic, geopolitical and trade disputes, rising labor costs and natural disasters have all highlighted the need to build resilience by shifting one’s supply chain footprint. As a result, companies are rethinking their supply chain strategies, to include concepts such as reshoring, near shoring, and even “other shoring.”

Make sure to identify any claims of unethical business practices not just with your supplier, but with your supplier’s suppliers too.
Make sure to identify any claims of unethical business practices not just with your supplier, but with your supplier’s suppliers too.

However, if not done carefully, reconfiguring a supply chain can inadvertently expose a firm to risks stemming from its new vendors. Even divesting from a current vendor could pose problems. Therefore, companies should factor in the following types of vendor risk categories when evaluating any supply chain shift.

  1. Country risks. Understanding a jurisdiction’s internal dynamics is an important component to assessing supply chain risk. For example, is the country at risk of any economic, political, social or labor instability? Can the local infrastructure support your needs? Don’t just focus on a new jurisdiction—your firm and any of its remaining partners in your current jurisdiction could be at risk of local retaliation, such as accusations of illegal business practices.
  2. Geopolitical risks. International trade disputes and conflicts pose some of the most serious threats to global supply chain operations. Identifying and assessing any geopolitical challenges simmering under the surface will better prepare you to meet them in the event they burst onto the scene. For each geopolitical risk, it is important to know not only its likelihood, but also its potential impact.
  3. Regulatory risks. It is important to understand whether your new partner has engaged in any illegal activities which could subsequently impact you. Does your new vendor conduct business operations in sanctioned jurisdictions or with banned parties? Has it been involved in acts of bribery or corruption? What about its overall regulatory record, which may reflect a culture of non-compliance?
  4. Financial risks. The financial health of your new supply chain partners will determine their ability to meet your needs. If a supplier is in a precarious financial situation, such as on the verge of bankruptcy, it could increase the chance of a future supply chain disruption. This is especially of concern if your new vendor is a sole source provider or critical supplier.
  5. Cyber security risks. Understanding the cyber security capabilities of any entity that connects to your firm’s servers or information technology systems is critical in the current environment. As supply chains digitize and integrate their processes, the chance of a security incident occurring somewhere along a supply chain will only increase.
  6. Data privacy risks. Consider whether your new vendors are compliant with the growing number of data privacy regulations around the globe. Most well-known are the European Union’s General Data Privacy Regulations (GDPR) and the California Consumer Privacy Act (CCPA), both which hold organizations responsible for the actions of their vendors. Failure to ensure data privacy compliance across your vendors could put your firm at substantial risk.
  7. Security risks. Engaging new partners who are unable to guarantee the physical security of your products and personnel can create obvious problems. Can they protect your products from theft, tampering or damage during production, transportation and storage? What about the safety of their own labor force? Do your new partners have adequate business continuity plans, to deal with disruptions such as local outbreaks of COVID-19?
  8. Intellectual property (IP) risks. Like security risks, how will your partners protect your IP? Are there adequate controls in place to limit exposure to your IP to only those that require it? Ensure that your contracts adequately stipulate the practices your partners must take to safeguard your IP. Don’t forget current partners being let go, as they could decide to steal your IP out of revenge.
  9. Contractual risks. When divesting of current vendors, you need to be sure you’ve fully assessed your contracts with them. Be careful not to overlook any obligations that could have financial or regulatory implications if you breach them, or, at the very least, be aware of the costs you could incur so you aren’t blindsided.
  10. Reputational risks. In today’s environment, protecting your firm’s brand is a critical but challenging task, as consumers are increasingly aware of the concept of supply chains and the ultimate origin of products. Be sure to identify any claims of unethical business practices, such as labor or human rights violations or environmental pollution. And don’t forget your supplier’s suppliers further up the supply chain.

Reconfiguring a supply chain is a major decision. A critical early step is to identify the inherent risks in shifting to new supply chain partners. Given the broad and often insidious nature of vendor risk, successfully identifying and mitigating such risks likely requires specialized skills and capabilities. Only then can firms build a more resilient supply chain.

daniel hartnett kroll
Daniel Hartnett

About the author
Daniel Hartnett, CPIM, is an associate managing director at Kroll, a division of Duff & Phelps. He is currently leading the firm’s enterprise-wide efforts to address clients’ supply chain risk challenges.