SUPPLIERS ARE TOP RISK MANAGEMENT CONCERN AMID THE COVID-19 PANDEMIC

A global crisis calls for a fresh due-diligence review of your company's third-party partnerships

The worldwide coronavirus pandemic has disrupted life in just about every sense of the word, from personal health concerns and social distancing to shelter-in-place mandates and business closures.

But in the corporate world, life plods on. Critical concerns about ongoing sales and revenue, keeping personnel employed, safety issues inside the workplace, and uncertainty about the future are making business leaders lose a lot of sleep these days. 

An added element that global organizations should genuinely be concerned about is the ongoing viability of the supply chain. The pandemic is affecting different parts of the world at varying levels, so it's vitally important to be continually vigilant in how the crisis is affecting your third-party suppliers, and how those supply chain partners are behaving and maintaining legitimacy in these uncertain times. 

The healthcare industry is on the front line of the global supply chain battle, as it feverishly addresses an unprecedented demand for personal protective equipment. The shortage of (Personal Protective Equipment) PPE has forced many organizations – out of sheer desperation – to seek and purchase supplies from just about any outside source that can produce what's needed.  

This panic buying has led to unscrupulous manufacturers who are producing and flooding the market with sub-standard products that, aside from being grossly overpriced, are putting an untold number of lives in peril. Further, the global demand for PPE has fostered rising occurrences of bad actors who see lucrative opportunities for bribery, tax evasion and money laundering in the midst of crisis and confusion. 

The pandemic has thrown many other industries into complete disarray as well, which will naturally open the doors for opportunists to do what's necessary to take advantage of the situation. And if your organization happens to be affiliated with these bad actors, the long-term effects can be potentially devastating, affecting the organization's reputation, and resulting in untrusting customers, lost business, loss of market value, a decrease in share price, litigation, and any number of regulatory penalties.

Crisis Situations Require Enhanced Due Diligence 

A Third-Party Risk Management Program is not a passive process. It requires time and effort continually, and, as we've witnessed during the present global crisis, the risks associated with Third-Party partnerships are continually evolving.  

Those outside risks can be found on many operational levels, from a supplier's present working conditions and the protection of customer data to safeguarding the company's intellectual property and suspicious changes in pricing and payment terms, among others. 

Here are several items to consider in re-evaluating the company's relationship with Third-Party partners during this critical period: 

• Essential Workers – Is the company observing the latest guidance related to safety practices for that personnel still working on the production lines? Is the company providing PPE protection and following social distancing on the factory floor? 
• Remote Workers – Is the supplier's staff working from home now? How do you know those staff members, working on your behalf, are behaving correctly and completing their work? Who is overseeing the production of at-home workers?  
• Customer Data – If staff is working remotely, how are they accessing vital company data? Is the at-home network protected? Can it be accessed and infiltrated by unaffiliated outside parties?  
• Information Sharing – Has the supplier addressed the protection of intellectual property concerning at-home workers? Are the various corporate (and at-home) communication channels safeguarded, including email accounts, online chats, direct messaging, video conferencing and phone calls? 
• Product Quality – Can the supplier still provide proof of product viability, including compliance with safety, quality, labelling and other standards?  
• Production, Component and Logistical Costs – Has the supplier altered its various costs in response to the crisis? Has it provided acceptable reasons for the changes? Are these additional costs verified and justified?  
• Relationships with Agents – Are the agents that assist in your global supply chain maintaining business integrity during the crisis? Are there unreasonable changes to pricing, terms and delivery dates? 
• Regulatory Compliance – Is the supplier complying with local, regional and national mandates recently enacted as a result of the pandemic? 

Remember, your organization is only as safe as the least protected component of your Third-Party supplier network. It's vital to ensure adequate protection against the rising number of risks associated with the recent worldwide crisis. 

The Need for Leadership in These Challenging Times 

Desperate times call for desperate measures, and these are most undoubtedly desperate times. An organization where leadership, management and workforce do not take the third-party risk seriously will eventually suffer the consequences brought on by lack of action. And to those organizations that do practice effective risk management: Passive engagement in times of crisis is simply not enough. 

The key to effective risk management during these times is proactivity. Asking difficult questions now can save you from answering accusatory questions later. Questions company management might immediately consider include: 

1.    Are our suppliers equipped to protect our sensitive information against today’s risks? 2.    How sophisticated are our cloud and social media security?

3.    Are our suppliers capable of adapting to regulatory compliance changes?

4.    Are proper redundancies in place to ensure our information is protected against disaster?

5.    Will we be prepared if one of our suppliers unexpectedly shuts down a line or closes their doors?

6.    Do we have the adequate tools to vet new or replacement suppliers properly?

7.    Who owns the risk management process internally? What additional resources do they need to succeed in the current situation?

8.    Do we have a set methodology for addressing incidents involving our suppliers?

9.    Do we maintain an accurate and complete interactive inventory of our suppliers?

10. Can we identify warning signs with suppliers?

11. Do we have a well-communicated reporting process? 

The coronavirus pandemic has created crisis and uncertainty on levels that we've never experienced. And crises are breeding grounds for bad actors who see opportunity in the midst of uncertainty. Ongoing due diligence of third-party partners in times of crisis is vital to safeguard the long-term interests of the organisation and protect it from an increasing number of outside risks.