What are some of the key challenges you are seeing within global supply chains at present?

At the present, I could talk all day about present challenges with supply chain – well…maybe not all day, but a solid 3-4 hours. One of the top challenges with supply chain that has been persistent in the field is insight into who a third-party is doing business with. The obstacle in having a successful Third-Party Risk Management program is you have a lot of leverage and can assess a direct partner very thoroughly, but maybe not so much who they are doing business with. You may be evaluating a third-party who indicates it’s a breach of their own internal policies to even disclose their third-party partners, subcontractors, etc. The first step in identifying a supply chain can be one of the most difficult ones.

 Beyond the first step in identifying the entities in a supply chain, comes another obstacle: what can I assess about them? Even the most robust of a TPRM program can require a third-party’s supply chain partner to attest to their method of operations, source of material, data security handling controls, etc. but in most cases, there isn’t a first-hand look under the hood to work with. In those cases, TPRM teams need to rely on external intelligence to gather as much information available about supply chain entities as possible. Some of this intelligence may be fantastic, and some other intelligence may be surface level at best; the accuracy and depth of intelligence you may be able to gather from a supply chain partner can also be heavily influenced by where that partner is operating, when we think about this topic on a global scale.

How can technology further advance TPRM and supply chain challenges?

One of the biggest benefits that technology brings us is access to knowledge. Knowledge is key in the world of Third-Party Risk Management, and when we’re considering what a third-party’s supply chain looks like and what risks they pose, technology can bring us answers in an efficient and swift manner. Global databases can let us know the “who” the supply chain partners would be (and can even bring clarity to different supply chain partners for different products/solutions a third-party may offer), while individual tools and products can provide insights to specific risk topics that may impact a supply chain partner (financial health, data protection/security protocol health, legal and compliance impacts, customer base, etc.).

When we have technology that supports the specific risk topics a TPRM program should be assessing, we can arm ourselves and our businesses with confidence in evaluating third parties and their supply chain partners. Not only will it allow TPRM teams to evaluate current risks, but with more enhanced technology solutions available, we can also start to look forward and provide certain likelihoods of downstream risks and provide more meaningful and accurate risk profiles to third party partners.

Where have you seen the biggest impact to supply chains as a result of recent events including Covid-19 and the war in Ukraine?

Ultimately, the biggest impact to the supply chain today is lack of resources, whether it be physical goods or personnel. Looking back at the COVID-19 pandemic, which affected the entire globe, we were all faced with mandatory quarantines and job halts. Even for entities whose personnel were deemed “essential”, solutions, products, and people were placed on standby to comply with government requirements and to ensure safety to employees. And it’s without a doubt that some entities, because of these requirements, had to make cutbacks if they wanted to keep their doors open. That may have included shutting down locations and laying off employees, shifting focus to top-selling products/solutions and eradicating other smaller offerings, or even shuttering their doors completely for a time. In any of the above situations, a loss of personnel meant strains on meeting business partner deadlines or even impossibility to fulfil contracts.

The effects of COVID-19 pandemic are still being felt across the globe, and now we must also consider the war against Ukraine. With the ongoing war, entities are not only faced with the loss of personnel due to COVID impacts, but a global shortage on certain materials due to the sanctions placed against Russia and instability of ongoing business with partners located in Ukraine. It is difficult to predict how long the lack of resources that has resulted from both these global-influencing events will persist or how severe the long-lasting effects will be, which also plays into the overall impact to supply chain.

In your view, how can organizations best plan forward with continued disruption to materials and transportation?

One of the first expectations to manage with a continued disruption of production and lack of resources to complete work in the supply chain, is to expect it. During this time and in planning for the future, contractual obligations with third parties in backup planning will be vital. If you run a business that may rely on an operations enhancement, program, product (basically anything that helps your business run), you should evaluate the contractual terms with that third-party and their ability to deliver. It may not be enough in this day to have the ability to end a contract early because a third party fails to deliver, at the end of that day you will still have an unfinished product or service.

                  While it’s a good idea to be bolstering your contractual obligations with your direct third parties, but it’s also important to be considering the obligations that your third party has to your business in the event their partners experience a disruption. Does your third party have good contingency planning in these unfortunate circumstances? Do they have additional partners they can turn to in the event of a disruption that can pick up work, provide materials, or complete gap services quickly? Enterprises should be looking internally at the options they have as well as how their third-party partners’ planning factors in going forward.

What do you see as the biggest threat on the horizon within TPRM?

The world of Third-Party Risk Management is still a newer one in the face of multi-operational entities. You’ll find some very well-known companies with thousands of employees that have never heard of a TPRM program, and you’ll find a start-up company with 20 employees and only operates in one county of state that has TPRM policies not only in place but highlighted as a pillar of their code of conduct. The biggest threat to TPRM is the recognition of its importance to a company’s success. When leaders understand that TPRM not only just reports on the risks of a third-party itself at an enterprise level but can also report on the downstream risks that will affect many different branches of their company (legal and regulatory compliance, likelihood of revenue profit/loss, reputational analytics, etc.), it becomes clear that TPRM is an invaluable tool at their business’ disposal.

To make it abundantly clear, the biggest threat within the world of TPRM is enterprises not taking the functionality seriously. TPRM should be used a one of the first lines of defence when considering who to go into business with and should be leaned on to look at a third party’s risks and gaps in the big picture as well as an individual point in time. In larger entities, it’s easy to have each business unit worry about their own zone of impact which can create inconsistencies in getting a third-party partner onboard, and a lack of communication and understanding between the different lines of business. With a well-established TPRM program, all the different zones of impact can be considered in one place. Don’t underestimate the high-quality bacon that a well-established TPRM program can bring to the table!