Today’s world of supply chain risk is transformed. Thanks to the rise of Internet technology and “the cloud,” companies now source services in their supply chains, as well as goods. That means more companies now have more suppliers, fulfilling a wider assortment of needs — each one, a potential source of risk.
What’s more, the nature of that risk has expanded. Regulators now hold businesses to a higher standard of accountability for misconduct in their supply chain. Enforcement of anti-corruption laws is the foremost example (consider how often intermediaries are mentioned in enforcement actions over the Foreign Corrupt Practices Act), but companies can also run afoul of regulators over trade sanctions, product safety, and many other issues.
How are companies managing this increased risk and how can compliance programs move from piecemeal efforts at due diligence to a more disciplined, effective program that tames overall third-party risk?