You’ve just opened up your fancy new Supply Chain Transparency software and you’re met with warning lights and exclamation points. There’s so much data, so many warnings and you don’t even know where to start. First, understand that you’ve taken an important first step in your supply chain transparency journey, and don’t just take my word for it, the legislation written around this problem specifically calls out that mapping and understanding your supply chain is the first and most important step to mitigating your risk. But, now that you’ve got all this data, what do you do with it? Let’s talk about it.
Define your Scope
Even the smallest, most direct supply chains begin to balloon exponentially once you start looking at upstream suppliers. A map like this gets unruly fast:
Supply chains are massive and legislative bodies understand that its impossible to track down every lead and turn over every stone. Mapping your supply chain does not then lock you into having to take action on every distant risk or warning uncovered. Quite the opposite, mapping your supply chain is a documentable action item for most supply chain transparency legislation and a legitimate starting point in and of itself for a lot of the newer laws. The fact is, these connections and risks exist whether or not you uncover them and ignorance of them is not a defense against seizures or holds by governing bodies. There’s no point putting your head in the sand. That being said, you also don’t need to follow up on thousands of potential risky relationships.
Every company is going to prioritize differently, but having a defined scope based on clear parameters is going to help prevent you team from getting overwhelmed, provide an actionable plan for key executive supporters, and create a workable framework for your reporting requirements. The way you define your scope is up to you, but here are some parameters to consider:
- Tier - Supply chains generally consider upstream suppliers in “tiers”. Your direct suppliers are your Tier 1 suppliers. Their suppliers are your Tier 2 suppliers and so on and so forth. Consider only focusing on risks directly affecting your Tier 1 suppliers to start and expanding your tier scope over time.
- Risk - In addition to Sanction Warnings, FRDM risk ranks both your Tier 1 and the upstream trading partners. You could, in order to triage risk warnings, risk rank your suppliers and trading partners and only tackle sanction warnings on entities above a certain overall risk score.
- Spend - A high risk supplier is always problematic, but your exposure is minimal if your spend with them is low. Consider ranking by spend in order to tackle your highest exposure first. This also looks great for reporting (e.g. “We’ve proactively contacted suppliers accounting for 90% of our high risk spend.”)
Once you’ve defined your supplier scope, lets start looking at which warnings are going to be important to focus on based on your business model.
Categorize the Risk
FRDM provides a variety of Sanction Risks in order for you to make the decisions that best fit your business model. You can view a comprehensive list of the warnings FRDM surfaces here. There is no-size-fits-all response to each and every sanction risk. Different companies with different business models will have different sanction risks that are more important to them. Here are a few different sanction risks and relationships that may be treated differently:
Work internally and with your FRDM account manager to decide what sanctions and relationships are most important to you (and possibly even build custom reports to track these high priority alerts). Most companies are going to be worried about Forced Labor risks, but some might also have restrictions on what sort of entities with whom they can do business. FRDM surfaces warnings for a vast array of potentially problematic situations in your supply chain, figure out what is most important to you so that you can hone in on meaningful action.
Standardize your Procedure
Now that you have a defined scope and a list of your high priority warnings. Figure out what you want to do on each of these. As above, this may look slightly differently for all companies, but let’s put together a generic game plan right now.
- We’ve decided to start by only reaching out to all Tier 1 suppliers with direct Sanction Warnings.
- Out of 1,000 suppliers, 60 have direct Sanction Warnings.
- Out of those 60, only 15 account for 80% of the spend within that subgroup.
- We have decided on a two-tiered approach to action on these 60 entities.
Here’s what we’ve decided to do:
- Reached out to all 60 suppliers with a link to join FRDM’s Supplier Link in order to share documentation and relevant company information. (Read more about supplier link, here.)
- Asked all 60 to take the Human Rights and Forced Labor modules within Supplier Link.
For the 15 suppliers that account for 80% of the at risk spend:
- Reached out directly to ask for:
- Affidavits confirming the warnings are known about and resolved.
- Bills of Sale or other evidence confirming severed relationships or other proof of change of behavior
- Confirmation any warnings are not relevant to your supply chain in particular.
We can now track how many suppliers have joined the portal. How many have taken the assessments, and how many have uploaded documentation.
Collect the Evidence
Now that we’ve got a process in place and we’ve reached out to the suppliers in question, this part is easy. FRDM Supplier Link is going to document any actions taken by your suppliers:
You’ll know if they’ve joined the portal, completed a module or uploaded documents. From here, you can request more documentation, expand your module requests to your suppliers and track their progress. Once it’s time to report on your processes, work with your FRDM Account Manager to build custom data extracts and reports to not just report on FRDM risk analysis, but also on the effectiveness of the policies you’ve put in place.