The cost of doing business with third parties is not always visible from the purchase orders. The actions suppliers take can have reputational and legal consequences. A manufacturing company’s ecosystem can require coordination between hundreds of vendors and suppliers to bring their products from concept to consumption. In the case of the largest manufacturing companies in the U.S., Microsoft, GE, and Boeing, to name a few, tens of thousands of third party companies could be associated with bringing their products to the market. Organizations rely on vendors and suppliers to lighten up internal processing and remain competitive.
“Big businesses rarely publish data on its supply chains, but a few pioneering brands outline the scale of their supply bases. The fast-moving consumer goods company Proctor and Gamble states that it has over 75,000 suppliers. Retailing giant Walmart counts over 100,000 suppliers. French oil company Total buys from over 150,000.” – Forbes
The global nature of today’s small and massive manufacturing businesses subjects them to an ever-increasing number of regulations. To comply with these standards, mitigating risks stemming from third parties becomes essential, while the unwillingness to adopt a robust third party due diligence process will almost certainly lead to company dissolution, acquisition, or other undesirable consequences.
Risk Factors:
- Reputational
- Financial
- Compliance
- Legal
- Operational
- Security
Depending on the type of manufacturing company, typical vendors and suppliers could include raw material producers, logistics providers, financial institutions, and distributors.
Services and Products Typically Provided by Third Parties
- Financial institutions
- Machines and equipment
- Conveyor systems and components
- Manufacturing and assembling services
- Farming tools, equipment, and machines
- Cleaning machines and equipment
- Plant design and installation services
- Printing machinery and equipment
- Industrial furnaces and ovens
- CAD CAM services
- Waste management and control services
- Packing and lamination machinery
- Air compressors, accessories, and parts
- Chemical reactors and process tanks
- Welding equipment and machinery
- Food Processing plants and machinery
- Distributors
- Retailers
- Raw material producers
- Apparel and textile machinery
- Pollution control devices and machines
- Chemical plants and machinery
- Casting, molding and forging machines
Working with international vendors and suppliers necessitates vendor due diligence to address risks associated with proper licensing, human rights violations, product safety, and other matters of business integrity. When vendors and suppliers are located in different jurisdictions than manufacturers, it is imperative to understand and follow the rules, policies, data, standards, and regulations specific to these other regions. This balancing act of regional differences in compliance is often a key challenge in the manufacturing sector, where certain specialized industrial parts or services may only be available in certain countries, or, in some cases, from certain companies.
Additional Considerations
- Navigating language, communication and time zone barriers
- Cultural differences in business practices
- Product importation and customs clearance
Current and New Industry Challenges
Supplier and Vendor Management
A looming challenge facing organizations is gaining a clear picture of their third-party relationships and the associated risks. Some organizations may not know their vendors are outsourcing to secondary parties, whose business practices could still impact the organization’s reputation. By determining how and where third-parties and their activities could adversely affect the organization, companies can mitigate their business risk by creating a comprehensive view of their risk landscape.
Risk Landscape:
- Suppliers
- Products
- Commodities
- Geographies
Enterprise Cyber Threats
To conduct modern day business and remain competitive, manufacturers require the ability to securely share sensitive data, including valuable trade secrets, among supply chain partners. And the more suppliers and vendors a manufacturer interacts with, the greater the opportunity for cybercriminals to exploit the supply chain to gain access to information, steal funds, and cause a potential public relations nightmare.
The 2013 Target data breach is a prime example of attackers targeting third parties to gain access to a company’s database. The cybercriminals involved stole credentials from an HVAC company hired to perform work at several target locations. From this entry point, the hackers were able to gain access to the Target customer service database, install malware, and acquire data from 41 million customer payment accounts. The infamous data breach cost the retailer $290 million.
Top concerns of industrial production companies as cited in a 2018 report by Kaspersky Lab:
- Damage to products/services
- Injury or death of employees
- Loss of customer confidence
- Damage to company brand or reputation
- Loss of proprietary or confidential information
- Violation of regulatory requirements
- Loss of contracts or business opportunities
- Environmental damage
- Injury or dealt of non-employees/local residents
- Impact on national security
Industry 4.0
Manufacturing organizations have an increased cyber threat risk because of Industry 4.0 and the Industrial Internet of Things. Existing operational practices, legacy systems, and specialized talent gaps will contribute to organizational vulnerabilities including cyber attacks.
Emerging technologies like cloud computing, the IoT, third party hosted apps, and automation all pose an increased risk of exposure to threat actors. While the innovations triggered by these technologies are viewed as beneficial and necessary by some manufacturers, all organizations should asses their third party network for risks.
Risk Management Magazine reports the most expensive incidents involving the supply chain stem from third-party risks. A recent report conducted by Kaspersky Lab polled organizations on their IT security spending and found the following costs associated with cybersecurity threats.
“For enterprises, the average cost of one incident from March 2017 to February 2018 reached $1.23 million. That is 24% higher than losses from 2016–2017 and 38% higher than losses from 2015–2016. As for small and medium businesses, they lose $120,000 per cyber incident on average — $32,000 more than a year ago.”
Ensuring Supplier Compliance and Mitigating Risk for Manufacturers
Addressing supply chain regulatory compliance can be challenging for manufacturers sourcing global vendors and suppliers. These third party networks cross borders, and each party is required to follow the laws, regulations, and guidelines specific to its location and industry. Violations of compliance regulations such as Anti-Money Laundering (AML) requirements, the Foreign Corrupt Practices Act (FCPA) and the Federal Trade Commission (FTC) Act can result in legal punishment including federal fines. Mitigating associated vendor and supplier risks while ensuring compliance is paramount to continued business success.
Once a third party is vetted, you still need to actively monitor the relationship to ensure you are aware of potential problems before they put your organization at risk. Having an effective strategy for evaluating and monitoring third-party risk is essential for manufacturers looking to do business with other companies and consumers around the globe.
The complex nature of supplier due diligence requires far more than automation software can provide. The human element is what’s needed to unravel and analyze nuanced relationships to support a robust third party due diligence process. Automated software may be able to produce large quantities of information, but it’s useless without the human insight needed to connect the dots. And since we aren’t at a place where automated due diligence software powered by AI and machine learning can rival human intelligence, collaboration between human creativity and technological solutions is crucial for greater visibility into supplier compliance and third party risks.
Prescient’s third party due diligence reports for manufacturers helps take the guesswork out of screening service providers by providing quick, actionable insights that are easy to read and consume. Limit your company’s exposure to external risks with a report that only tells you what you need to know in clear and concise terms. Contact us today and take the next step to secure your manufacturing organization from vendor and supplier risks.