Companies are increasingly exposed to risk from their supply chains. A core set of compliance tools can help minimize their exposure.
Never before have companies been exposed to risk from their supply chains like they are today. Modern production chains are made up of complicated, expansive supply streams that reach across dynamic legal and regulatory environments. Manufacturing and production in these chains occurs in varied cultural contexts and political structures that are often unknown and foreign to companies further down the chain. Yet participating in these complex chains is integral to business today, and it is impossible for many companies to stay competitive without purchasing products that are created through this system. These companies further down the supply chain are effected by, and increasingly responsible for, activities further up the supply chain, but they are often unable to peer far enough up the chain to see the production practices and regulatory environments of all of the upstream suppliers/manufacturers. This situation poses significant risks.
Dynamic Regulatory Environment
Despite the challenges of obtaining multi-tier supply chain information, governments and regulatory bodies increasingly hold companies responsible for conduct occurring father and farther up the supply chain. Anyone with responsibilities touching on corporate risk or supply chain issues must stay alert to this growing responsibility, as supply-chain compliance issues can cause both legal issues and operational disruption.
Take, for example, forced labor issues. Forced and trafficked labor continues to be a persistent and pervasive supply-chain and human rights issue, particularly during the Covid-19 pandemic. U.S. federal law explicitly prohibits the importation of goods made with forced labor. In addition, companies may face liability in relation to lawsuits brought on a venture-liability basis. Under 18 U.S.C. § 1589 (b), “[w]hoever knowingly benefits, financially or by receiving anything of value, from participation in a venture which has engaged in the providing or obtaining of labor or services by any of the means described in subsection (a), knowing or in reckless disregard of the fact that the venture has engaged in the providing or obtaining of labor or services by any of such means, shall be punished as provided in subsection (d).” Venture-liability lawsuits are occurring with increased frequency and pose yet another area of exposure that should motivate companies to implement an effective supply-chain compliance program.
Hallmarks of an Effective Compliance Program.
Companies can respond to this risk exposure by utilizing the increasingly sophisticated and effective supply-chain compliance tools available to them. The precise mix of compliance tools necessarily varies among companies, and each company should conduct a thoughtful analysis to determine the appropriate “compliance suite” of tools that address the unique mix of risks, needs, and tolerances for risk within the organization. Regardless of these variations, however, a baseline set of compliance tools has emerged as the hallmarks of an effective compliance program. While this list is hardly comprehensive, companies should, at a minimum, include the following components of successful supply-chain compliance programs:
- Supplier Certifications/Questionnaires: As a prerequisite to engagement, suppliers should be required to fill out questionnaires addressing their ownership, internal policies, management of their own downstream suppliers, forced/trafficked labor, and compliance with labor laws and other human-rights laws. Suppliers should also sign stand-alone certifications stating their compliance with legal/regulatory laws and, where appropriate, with the company’s relevant codes of conduct and policies.
- Compliance Clauses in Supplier Contracts: Supplier contracts should include clauses incorporating the supplier’s agreement to engage in compliant and ethical business practices and memorialize the supplier’s agreement to cooperate with investigations/audits.
- Ethical and Business Codes of Conduct: Companies should develop codes of conduct to address ethical business practices and formalize expectations regarding compliant/ethical behavior and reporting mechanisms should a concern arise.
- Third-Party Due Diligence on Suppliers: Companies should develop a standard practice of conducting third-party due diligence on suppliers. There are several prominent due-diligence organizations that provide the service, and companies should know, at a minimum, if their potential suppliers are on watchlists, have problematic ownership (currently or historically), or have engaged in questionable practices.
- Independent Audit Rights/Programs: Companies should preserve the right to audit their suppliers and have the ability to do so. Some companies engage in a systematic audit program in which suppliers are audited on a set frequency, while others conduct only risk-based audits.
The importance of implementing compliance tools such as those above is not limited to reducing risk. For many companies, implementation of a supply-chain compliance program is a matter of public disclosure and, accordingly, reputation. Legally mandated public disclosure regimes, such as the California Transparency in Supply Chains Act and the U.K. Modern Slavery Act, require companies to disclose the efforts they are taking to combat forced labor in their supply chains, and the forthcoming EU Mandatory Due Diligence Law will require companies to address due diligence in their supply chains or face sanctions.
Information deficits and supply-chain complexity make risk elimination in today’s supply-chain environment a significant challenge. However, a thoughtfully developed supply-chain compliance program that, at a minimum, includes tools such as those outlined above puts companies on track to minimize that risk and ensure their supply-chains are as compliant and ethical as possible.
About the Author:
Marcus Haggard is an international investigations, white-collar defense, and litigation attorney in the White Collar & Investigations and Commercial Litigation practices at Perkins Coie. Marcus has represented high-profile individuals and corporate clients in the technology, retail, manufacturing, forest products, financial services, telecommunications, construction, and healthcare industries. He has a significant practice focusing on international supply chains, compliance, and anti-trafficking/anti-slavery efforts, and has worked with many of the largest corporations in the world to help ensure their international business activities are legally compliant and support human rights. His experience also includes conducting international and national investigations, representing individuals and corporate entities in criminal and civil enforcement matters, and handling complex litigation in state and federal courts. Marcus earned his J.D. from Georgetown University Law Center and his M.P.P. from Harvard University’s Kennedy School of Government. While in graduate school, Marcus interned at TRACE International, a prominent anti-bribery and risk-management organization.