Executive Briefings

Supplier Compliance Programs: The Gap Between Talk and Walk

Companies say they have effective supplier compliance programs in place. But reality says something quite different.

Supplier Compliance Programs: The Gap Between Talk and Walk

A recent survey by MetricStream finds 91 percent of respondents with some kind of compliance program. Yet half of companies reported experiencing an issue of supplier non-compliance. What's more, a close look at their efforts to keep tabs on suppliers uncovers some serious shortcomings.

MetricStream contacted more than 100 supply-chain professionals from a variety of industries, including healthcare, life sciences, technology, manufacturing, banking, food and consumer products, according to vice president Sonal Sinha. The great majority seemed acutely aware of the need for an effective supplier-compliance effort, given the ratcheting up of risk that we’ve seen over the past decade. Global economic swings have combined with a raft of natural disasters to make the supplier landscape more unstable than ever.

The survey also revealed a surge in local regulations that impact supplier behavior. Governments around the world have been imposing new rules on corporate ethics, bribery, corruption, the environment, waste and hazardous materials, and sourcing from conflict areas.

“As global supply chains get more and more complex, and the supplier base continues to evolve and expand, it [affects] the ability of organizations to stay on top of their risks,” says Sinha.

So when it comes to monitoring multiple tiers of suppliers around the globe, there’s little argument among multinationals about the need for heightened vigilance. Here, though, the devil’s in the details. For example, 50 percent of survey respondents said they gather supplier-compliance information when evaluating a potential supplier, and 26 percent do so while onboarding a new supplier. And just 19 percent amass such data when adding a new product or service to their supplier’s portfolio. Yet the failure to exercise diligence at that stage of the supplier-management process can lead to lax quality and safety controls, and cause harm to consumers.

Then there’s the 5 percent of respondents who claim not to gather supplier-compliance data at any stage. While the number might seem small, it can lead to huge consequences in global supplier chains. In fact, given the tangle of new regulations being imposed on companies worldwide, it’s astonishing to contemplate that any company would fail to exercise this basic level of protection in selecting and managing its suppliers.

Followup is where many compliance programs fall down. In the MetricStream survey, just over half of respondents said they do not define or track “action items” as a means of pushing their suppliers to become more compliant. Only about a fourth validate compliance data on a periodic basis, whether weekly, monthly, quarterly, biannually or annually. The majority seemed to feel it was enough to vet upstream partners at the beginning of the relationship. As if nothing could ever change, or new information about a supplier couldn’t possibly emerge.

Is it any wonder, then, that so many companies find themselves saddled with suppliers who brazenly violate sourcing guidelines, product-quality standards or human-rights measures? The lack of follow-through revealed by the MetricStream survey helps to explain the constant parade of headlines about terrible working conditions in offshore factories, or the presence of toxic materials in consumer products.

Why, then, this alarming gap between policy and results? Sinha ventures a couple of reasons. One is the continued reliance by companies on manual processes to manage supplier compliance. Critical watchdog efforts are being carried out through a mishmash of e-mails, spreadsheets and other legacy-type tools. Given that the average Fortune 500 company deals with huge numbers of suppliers on a global basis, “there are bound to be some gaps and breakdown in controls,” says Sinha. “Essentially, it’s a data-management issue – the inability on a timely basis to manage your workflows around what needs to be done.”

Secondly, she says, most organizations are failing miserably when it comes to followup. They might cover up to 80 percent of their supplier risk through initial surveys and assessments. But they’re not so effective when it comes to monitoring health and risk issues on an ongoing basis.

One of the most egregious examples of supplier lapses is the use of unauthorized subcontractors. Incidents such as the 2013 collapse of the Rana Plaza factory in Bangladesh reveal the practice of handing off work to manufacturers without the knowledge of the original client. Retailers and popular brands suffer severe embarrassment (at the very least) when their items are found in the rubble of a destroyed building where working conditions were sub-par. Many plead ignorance and point to their ostensibly strict guidelines for supplier behavior. Again, Sinha blames outmoded manual processes for the lack of visibility that led to the unauthorized outsourcing.

Companies have traditionally had a hard time keeping tabs on suppliers that reside far upstream in the supply chain. But many can’t even seem to control their first-tier contractors. Just 26 percent of the MetricStream survey respondents use basic risk-and-control mechanisms, while 24 percent conduct annual supplier audits, Sinha says.

Even a reliance on automated data systems isn’t enough. Companies still need to make occasional and unannounced site visits to offshore factories, to ensure that suppliers are complying with rules on quality and human rights. They can do this either through their own resources, or with the help of third-party monitoring organizations such as China Labor Watch.

However they choose to proceed, companies with global manufacturing and sourcing networks need to up their game. It’s not enough to say you have a compliance program in place. You have to execute on it – now and forever.

Comment on This Article

A recent survey by MetricStream finds 91 percent of respondents with some kind of compliance program. Yet half of companies reported experiencing an issue of supplier non-compliance. What's more, a close look at their efforts to keep tabs on suppliers uncovers some serious shortcomings.

MetricStream contacted more than 100 supply-chain professionals from a variety of industries, including healthcare, life sciences, technology, manufacturing, banking, food and consumer products, according to vice president Sonal Sinha. The great majority seemed acutely aware of the need for an effective supplier-compliance effort, given the ratcheting up of risk that we’ve seen over the past decade. Global economic swings have combined with a raft of natural disasters to make the supplier landscape more unstable than ever.

The survey also revealed a surge in local regulations that impact supplier behavior. Governments around the world have been imposing new rules on corporate ethics, bribery, corruption, the environment, waste and hazardous materials, and sourcing from conflict areas.

“As global supply chains get more and more complex, and the supplier base continues to evolve and expand, it [affects] the ability of organizations to stay on top of their risks,” says Sinha.

So when it comes to monitoring multiple tiers of suppliers around the globe, there’s little argument among multinationals about the need for heightened vigilance. Here, though, the devil’s in the details. For example, 50 percent of survey respondents said they gather supplier-compliance information when evaluating a potential supplier, and 26 percent do so while onboarding a new supplier. And just 19 percent amass such data when adding a new product or service to their supplier’s portfolio. Yet the failure to exercise diligence at that stage of the supplier-management process can lead to lax quality and safety controls, and cause harm to consumers.

Then there’s the 5 percent of respondents who claim not to gather supplier-compliance data at any stage. While the number might seem small, it can lead to huge consequences in global supplier chains. In fact, given the tangle of new regulations being imposed on companies worldwide, it’s astonishing to contemplate that any company would fail to exercise this basic level of protection in selecting and managing its suppliers.

Followup is where many compliance programs fall down. In the MetricStream survey, just over half of respondents said they do not define or track “action items” as a means of pushing their suppliers to become more compliant. Only about a fourth validate compliance data on a periodic basis, whether weekly, monthly, quarterly, biannually or annually. The majority seemed to feel it was enough to vet upstream partners at the beginning of the relationship. As if nothing could ever change, or new information about a supplier couldn’t possibly emerge.

Is it any wonder, then, that so many companies find themselves saddled with suppliers who brazenly violate sourcing guidelines, product-quality standards or human-rights measures? The lack of follow-through revealed by the MetricStream survey helps to explain the constant parade of headlines about terrible working conditions in offshore factories, or the presence of toxic materials in consumer products.

Why, then, this alarming gap between policy and results? Sinha ventures a couple of reasons. One is the continued reliance by companies on manual processes to manage supplier compliance. Critical watchdog efforts are being carried out through a mishmash of e-mails, spreadsheets and other legacy-type tools. Given that the average Fortune 500 company deals with huge numbers of suppliers on a global basis, “there are bound to be some gaps and breakdown in controls,” says Sinha. “Essentially, it’s a data-management issue – the inability on a timely basis to manage your workflows around what needs to be done.”

Secondly, she says, most organizations are failing miserably when it comes to followup. They might cover up to 80 percent of their supplier risk through initial surveys and assessments. But they’re not so effective when it comes to monitoring health and risk issues on an ongoing basis.

One of the most egregious examples of supplier lapses is the use of unauthorized subcontractors. Incidents such as the 2013 collapse of the Rana Plaza factory in Bangladesh reveal the practice of handing off work to manufacturers without the knowledge of the original client. Retailers and popular brands suffer severe embarrassment (at the very least) when their items are found in the rubble of a destroyed building where working conditions were sub-par. Many plead ignorance and point to their ostensibly strict guidelines for supplier behavior. Again, Sinha blames outmoded manual processes for the lack of visibility that led to the unauthorized outsourcing.

Companies have traditionally had a hard time keeping tabs on suppliers that reside far upstream in the supply chain. But many can’t even seem to control their first-tier contractors. Just 26 percent of the MetricStream survey respondents use basic risk-and-control mechanisms, while 24 percent conduct annual supplier audits, Sinha says.

Even a reliance on automated data systems isn’t enough. Companies still need to make occasional and unannounced site visits to offshore factories, to ensure that suppliers are complying with rules on quality and human rights. They can do this either through their own resources, or with the help of third-party monitoring organizations such as China Labor Watch.

However they choose to proceed, companies with global manufacturing and sourcing networks need to up their game. It’s not enough to say you have a compliance program in place. You have to execute on it – now and forever.

Comment on This Article

Supplier Compliance Programs: The Gap Between Talk and Walk