The number of ways that a global supply chain can run afoul of the law are staggering. "We laugh when a company says it has no violations," said Catherine Cantasano, senior director of trade compliance with Globecomm Systems Inc.

Cantasano was part of a panel on managing trade compliance, at the annual conference of the Council of Supply Chain Management Professionals in Denver. She said companies shouldn't approach the issue in a manner that will intimidate employees, regardless of how much is at stake. "Your objective is to fix it."

How can you head off problems in the first place? By implementing a painfully detailed program that scrutinizes your supply chain internally, upstream to suppliers, and downstream to end customers.

Start off by having a clear governance process in place, recommended Greg Chalkley, director of global trade services with Maxim Integrated Products Inc. Make sure your rating scale is the same for everyone involved, so that you can accurately identify the source of your highest risk.

An effective risk-assessment initiative will examine all written policies and procedures, as well as internal controls. It will look at customers, company locations, type of business, products and services, distribution channels, supply-chain position, financial and credit standings and countries served. Chalkley said there are a number of global trade-management websites that can assess risk levels tied to various countries.

A typical risk assessment will start with a chosen area of business. It will proceed to examine such elements as distribution and logistics, the individuals and systems that pose the highest risk of non-compliance, and the controls in place to prevent it. It will generate a list of what could go wrong, determine the likelihood of any given event occurring, and decide whether that particular issue warrants further review.

Consider, too, the impact of mergers and acquisitions, which threaten to burden a company with the target company's checkered history. "You're on the hook for their sins," said Chalkley.

If all that sounds expensive and time-consuming, think of the $1.34bn that Siemens paid in 2008, to settle charges that it had bribed officials and maintained slush funds in order to win lucrative public-works contracts. What's more, said Chalkley, "the fines paid are probably half the cost of litigation."

So what makes for a good compliance program today? In Chalkley's words: "Management commitment, continuous risk assessment, written operational policies and procedures, ongoing compliance training and awareness, "˜cradle-to-grave' monitoring and auditing, recordkeeping, a program for reporting problems and violations, and follow-through and corrective actions."

Got all that?

Cantasano laid out the basics of a trade-compliance audit. The targeted business unit and personnel need to be informed in advance, so that they can provide the required documents. The company should develop a tracking log for document reports, especially if multiple audits are underway. It also needs to prepare audit templates with interview questions, transactional review checklists and the appropriate report formats. Each business unit must knowledge all written procedures before the audit begins.

Having identified any gaps or inconsistencies in compliance, the company should write up a draft audit report, then conduct a briefing with the affected parties to discuss the findings. That step gives the business unit under examination the chance to address any inaccuracies. Finally, the unit commits to corrective actions, executive management gets briefed on the audit's findings and recommendations, and the company tracks progress toward fixing any problems that were uncovered.

Catherine Walters-Shaw, international trade compliance senior manager with Lockheed Martin Corp., raised the issue of data security. As companies increase their reliance on collaborative tools - Microsoft SharePoint, blogging, streaming, shared document sites, Web conferencing, to name a few - they heighten the risk that sensitive details will be leaked to unauthorized parties.

"We need to know if we're protecting our information," said Walters-Shaw. "Virtual meetings are so commonplace - you almost forget to ask, who's on the call?"

Some of the best solutions in a trade-compliance program are the simplest ones. Walters-Shaw said key documents relating to controlled exports should be clearly marked. Companies should print banners that warn against posting relevant data. Employees signing into the system for the first time should be required to sign a document verifying that they are aware of their responsibilities for protecting confidential data. Other measures include pop-up reminders on computer screens ("Are you sure you want to send that information?") and encryption.

International trips should be vetted to ensure that the employee isn't traveling to a prohibited country, or carrying any devices containing unprotected technology or technical data. When receiving visitors from other countries, the host company needs to know whether they are authorized, whom they are meeting, and what information is being shared.

Proper training, of course, is key. It begins with an assessment of who needs to be trained, and which high-risk areas are to be addressed, said Cantasano. A good training plan will specify a timeline, the frequency of each course, the use of mandatory "on-board" training for all new hires, and methods to be used, whether online, in the classroom, interactive videos or other means. Quarterly training is required for those who are actively involved in complying with the U.S. State Department's International Traffic in Arms Regulations (ITAR).

And don't forget the due diligence that's required at the supplier end. "Companies do so much on customers," said Cantasano, "but often nothing for suppliers." The major components of a bill of materials must be properly classified. Supplier details on certification forms include type of legal entity, business size, adherence to a code of conduct, and any history of violations or malfeasance.

New export-regulation reforms place "higher fences around fewer items," Cantasano said. "[Regulators] want to make sure that those items that are most sensitive "¦ have got a compliance program. Previously, a lot of compliance focused on items that really didn't matter."

Don't sweat the small stuff? The saying hardly applies to international trade compliance, where even the smallest misstep can have very big implications for your company.

Comment on This Article

Keywords: supply chain, supply chain management, international trade, trade compliance, supply chain risk management, supply chain planning, sourcing solutions