How does an organization conduct due diligence on vendors during a pandemic? It’s a question that supply chain professionals are asking more often these days as their organizations shift production in response to changes in suppliers’ operations and customer demand. “Performing due diligence during [the COVID-19 pandemic] isn’t easy, with no travel budgets and many plants secured to outside visitors,” said Sarah Rathke, partner with Squire Patton Boggs and an expert in complex supply chain disputes.
Yet, effective due diligence remains critical. “A supplier’s noncompliance with applicable regulations can result in the purchaser’s own product violating regulatory requirements,” said Rob Ware, a partner with Thompson Hine with broad experience in supply chain management. Ensuring a suppliers’ compliance with regulations also reduces the risk that an action against the supplier leads to a plant shutdown or other disruption, he added. In addition, many buyers, whether corporate or consumer, want to ensure the companies with which they do business reflect their own values.
While it may be tempting to assume a firm is too small to attract the notice of regulators, that’s a risky strategy. Once you’re on the regulators’ radar, it doesn’t matter whether your company is General Motors or a mom-and-pop business, said Jack Ulrich, founding member of the defense contracting and regulatory compliance practice group with Kotz Sangster. If conducting appropriate due diligence is beyond the company’s resources, it should consider engaging outside experts.
Match due diligence to risk
A first step in conducting due diligence is calibrating it to the level of risk posed by the potential supplier, Ware said. The risk typically increases if the supplier is a foreign entity in a high-risk country, provides a critical input for your company’s business, and/or your company’s regulatory compliance expressly depends on the supplier’s adherence to regulatory requirements, he added.
One area of supplier compliance that’s sometimes overlooked is the Foreign Corrupt Practices Act (FCPA), Ware said. The FCPA makes it “unlawful for certain classes of persons and entities to make payments to foreign government officials to assist in obtaining or retaining business.”
Some companies assume FCPA compliance applies only to the selling side of their businesses (i.e., they’re concerned about bribes and kickbacks paid by local distributors or sales agents). However, suppliers can present risks, as well, Ware said. Consider a supplier that bribes a government official to avoid inspection reports or ignore noncompliance with labeling requirements. “This conduct could become the basis of an FCPA violation for a U.S. purchaser,” Ware said.
In theory, suppliers that violate the FCPA would be able to offer more favorable terms. “Companies need to be vigilant when considering a supplier that is able to offer pricing or shipping terms that are out of line with similarly situated competitors,” Ware said.
Another risk comes from shell companies posing as legitimate suppliers to attempt to funnel money to people or countries with which American businesses aren’t allowed to trade, Ulrich said. One step to addressing this risk is checking any of the various databases that identify restricted and/or denied parties, which are those engaging in activities considered contrary to U.S. security and/or foreign policy interests. Look for both the company and the individual’s name, search for the company’s true owner and watch for any relationships with government entities, he advised. Then, “devote your time and energy to the most likely problemchildren.”
The “agency question,” is also an area of concern, Rathke said. “Some cultures have a looser sense of who can act as an agent of the company,” she said. It’s not unheard of for a company to assume an individual is employed by a specific firm only to later discover that’s not the case—perhaps when the company disclaims them and says it didn’t agree to a transaction in the first place. “You need a letter of representation from the company,” she added.
Conduct supplier assessments—virtually
Historically, ensuring a supplier was complying with applicable safety, environmental, labor and other regulations required, among other steps, a plant visit. That may still be possible within the U.S. and can be a prudent move, Rathke said. “You want to make sure they’re not down to such a skeleton staff that it’s hazardous.”
Plant visits outside North America often remain difficult, as many plants are restricting foreign visitors. One step is to work with a law firm in the region, Rathke said. Many are familiar with the local manufacturing environment and are used to working with U.S. companies.
A robust virtual audit can also help compensate for the lack of a site visit. This can start with an International Organization for Standardization or quality questionnaire that’s conducted virtually, said Azaz Faruki, principal in the strategic operations practice of Kearney, a global consultancy. Remote assessment tools used with mobile cameras can provide a view of manufacturing operations, while interviewing a cross-section of the supplier’s employees can offer a diverse look at its capabilities and help uncover red flags.
Pacing is a key factor in effectively onboarding suppliers. “Too often, due to the dynamic nature of the need for supplies, the process is being rushed, and this can result in costly mistakes” as steps are overlooked, Faruki said. Moreover, taking time to develop a relationship—even virtually—rather than taking a strictly transactional approach can help engender trust.
On the flip side, an overly lengthy, cumbersome onboarding process can leave suppliers with a negative impression, said Apurva Nair, managing director, private equity practice, with management consulting firm, SSA & Company. “Be reasonable,” he said. Onerous paperwork and endless bureaucracy tend to turn off many capable suppliers. “Make the supplier onboarding process lean and intuitive,” he added.
Effective due diligence requires both a robust evaluation system and diligent, ongoing implementation, Ware said, adding that you want to avoid a check-the-box mentality. The best questionnaires and intelligence-gathering processes won’t matter without staff that are trained to evaluate the results. Likewise, even savvy and motivated supply chain personnel can’t make informed decisions if they don’t have the tools and processes needed to generate the necessary information.
Beef up inspections
Even with these steps, a company will want to pay greater attention to product inspections, especially if the products can pose a safety risk, Rathke said. That may mean beefing up quality control personnel and allowing more time to conduct inspections, she added.
Companies also may want to work with their insurance carriers to update their risk analyses, Rathke said. The goal? To uncover any regulatory risks the company hasn’t protected against and to consider obtaining insurance coverage for it.
Despite a company’s best efforts, it may discover an irregularity within its supply chain. The best defense tends to be voluntary disclosure, Ulrich said, adding that many government agencies have voluntary disclosure programs. “If you discover something, disclose the error; don’t just end the relationship. Hiding it gets you in way more trouble.”
Contact Faruki at firstname.lastname@example.org, Rathke at email@example.com,Ulrich firstname.lastname@example.org, Nair at email@example.com,and Ware at firstname.lastname@example.org.
Consider financial regulations, such as the Foreign Corrupt Practices Act, when evaluating suppliers.
Use technology, like virtual meetings and mobile cameras, to virtually assess suppliers’ operations.