On Tuesday, March 26th, Baltimore’s Francis Scott Key Bridge collapsed after being hit by a container cargo ship, which had lost power shortly before impact and made a mayday call. Most importantly, the devastating loss of lives cannot be overstated. Yet, it’s also critical that we learn from these events as much as we can. In this instance, the fallout is three-fold: in addition to the catastrophic loss of lives and significant infrastructural damage, the incident is predicted to cause significant supply chain disruptions. The collapse severed ocean links to the Port of Baltimore, which provides about 20,000 jobs to the area.

The Port of Baltimore is also the top port in the nation for automobile shipments and a major proponent of coal, tofu, and other goods, meaning significant delays and reroutes are on the horizon. Here’s what you can expect in terms of supply chain impact — and exactly where this incident serves as a stark reminder to verify your third-party risk management best practices so you can stay ready (not reactive) for when disruption occurs.

Here are a few critical reminders for risk professionals to keep on their radars regarding third-party risk management best practices:

• Vigorous Vendor Due Diligence: Risk professionals must thoroughly assess the capabilities, reputation, financial stability, and compliance with safety regulations of potential partners before entering into agreements. Comprehensive due diligence helps identify red flags and mitigate risks associated with unreliable or non-compliant third parties.
• Continuous Monitoring: Just as regular inspections are crucial for ensuring structural or procedural integrity, continuous monitoring is essential for overseeing third-party relationships. Risk professionals should implement monitoring mechanisms to track third-party vendors’ performance, adherence to contractual obligations, and compliance with regulatory requirements. Timely identification of issues allows for proactive intervention and risk mitigation measures.
• Clear Contractual Obligations: Clear and comprehensive contractual agreements are vital for delineating responsibilities, expectations, and liabilities in third-party relationships. Contracts should incorporate robust provisions related to risk management, data protection, security measures, indemnification clauses, and incident response procedures. Organizations can enforce accountability and mitigate legal and financial risks arising from third-party engagements by establishing clear contractual obligations.
• Contingency Planning: Despite thorough risk assessments and preventive measures, unforeseen events such as natural disasters or infrastructure failures can disrupt third-party operations and pose significant risks to organizations. Risk professionals must develop contingency plans and business continuity strategies to mitigate the impact of such disruptions. Contingency planning involves identifying alternative vendors, establishing redundant systems, and implementing recovery procedures to ensure continuity of operations in the event of a crisis.
• Liquidity Planning: Just like your contingency plan of action, ensure you don’t face financial constraints while production is impacted by strategically allocating funds. One way to do this would be to quantify these risks and simulate value-at-risk (which shouldn’t exceed your risk-bearing capacity).
• Stakeholder Communication: Effective communication fosters transparency and collaboration in third-party risk management efforts. Risk professionals should maintain open communication channels with internal stakeholders, third-party vendors, regulatory authorities, and other relevant parties. Transparent communication facilitates the exchange of information, facilitates risk awareness, and enables prompt response to emerging threats or concerns.

It’s critical to conduct proper risk assessments of your third parties/vendors to ensure they have a full backup plan (like a backup vendor) for these circumstances. If they turn out to be a single source for your service, you could be facing longer delays, bigger disruptions, and long-term consequences. Like anything, the earlier you understand and can assess the impact before it happens, the better prepared you are to recover and build back stronger.