Part I of this article addressed the concept of Supply Chain Integrity, which is increasingly being bunded with security under the banner ‘Supply Chain Integrity and Security’ (SCIS). SCIS is part of the broader domain of Supply Chain Risk Management (SCRM), which is undergoing its own renaissance thanks to distruptions to global trade and commerce arising from the COVID-19 pandemic and the war in Ukraine.
Part II of the article is continued here examines what we mean by the concept of Supply Chain Security, and how the field is evolving in response to the world’s changing geostrategic climate.
Supply Chain Security – a rapidly changing field
Supply Chain Security has undergone multiple expansions in scope to accomodate the evolving global threat environment, changes in international commerce, technological innovation and increasingly the 4th industrial revolution. However, this evolution has largely gone unreported by commentators in the field, with many books and articles on the subject failing to reflect the broad scope of risks now recognised by critical infrastructure and governments globally. As an example, Supply Chain Security traditionally focused on two main risks:
- Cargo Theft and Warehouse Theft, and,
- Product Diversion (see here for an explanation of product diversion, and here for a recent case study)
Practitioners in this area have largely focused around logistics, with security programs focusing on controls such as shipping container seals and GPS vehicle tracking. The events of September 11, 2001, helped sharpen this focus, with the USA enhancing a scheme to help mitigate supply chain security risks posed by terrorism (known as C-TPAT). Examples of equivalent national schemes include:
- Australian Trusted Trader
- Authorised Economic Operator Program (EU)
- Customs Trade Partnership Against Terrorism, C-TPAT (USA)
- Partners In Protection (Canada)
- Secure Trade Partnership (Singapore)
To coordinate a consistent global response and maintain safe and secure trade and commerce, the World Customs Organisation (WCO) introduced the SAFE Framework of Standards to Secure and Facilitate Global Trade in 2005, followed by the Authorized Economic Operators (AEO) Programme in 2007. This perspective on supply chain security is reinforced by various global standards including ISO28001, which is intended to complement the SAFE Framework. However, whilst risks like terrorism, theft and product diversion all remain relevant, Supply Chain Security has evolved even further in the past ten years to reflect geopolitical threats in the current operating environment.
Does this article resonate with you? Please vote below or subscribe to get updates on my future articles
Consequently, the USA, UK, Canada and Australia have all issued updated guidance on Supply Chain Security, which has expanded significantly from theft, diversion and terrorism to encompass the more complete spectrum of what the US Government calls ‘Supply Chain Threats’:
- Foreign Ownership, Control and Influence (FOCI – USA) or Hostile Ownership (UK)
- Software Supply Chain Attacks
- Insider Threats
- Supply Chain Integrity issues (refer Part I)
In addition to ‘security’ focused risks, a range of frauds can also materialise in the supply chain. For some organisations, it makes sense to address security, integrity and fraud issues in the supply chain within the same business function or framework, whilst for others they are separated to completely different parts of the organisation. However, common risks here include:
- IP or Trade Secrets theft
- IP licensing abuse and royalty frauds
- Product counterfeiting
- Product Tampering
- Product Extortion
- Manufacturing frauds
- Distribution frauds
- False End User frauds
- Vendor frauds
I have already written about a number of these supply chain frauds in other articles on @ForewarnedBlog (refer hyperlinks above). Future articles will also cover aspects of this topic.
Risks and business processes with a nexus to Supply Chain Integrity and Security
In any organisation, there are a number of business functions which commonly touch on aspects related to Supply Chain Risk Management. SCIS programs should try to leverage these resources where possible, either through use of common team to execute a process or through smart process design, which means a common process is used to address multiple distinct business requirements.
Examples here include due diligence and supplier audits which can be performed once and the results reused multiple times to comply with a range of regulatory obligations or business needs. Examples of risks with a nexus to SCIS that might be leveraged include:
- Geopolitical risk management
- Natural hazards (often managed by business continuity or crisis managers)
- Export Control and Trade Compliance
- Third Party Risk Management programs
- Supplier Integrity, Supplier Compliance and Business Integrity programs
- Bribery and Corruption risk
- Modern Slavery risk
- Economic and Trade Sanctions compliance
- Other Environmental, Social, Governance (ESG) risks
When designing your supply chain risk management program, look across your organisation into other areas or teams (such as procurement, finance, sustainability and compliance) to understand work already performed and identify opportunities to streamline processes and systems.
In addition to reducing your operating costs, this approach could improve your supplier’s experience when dealing with you. Sometimes from a supplier’s perspective, a customer can just become too much hard work, leading to increased prices (in an attempt to encourage you to find an alternate supplier) or severance of the relationship overall.
A common example I encounter is where a supplier is asked for the same information multiple times by different teams from the same buyer, leading to wasted effort and frustration. Managing third party or supplier relationships are exactly that – a relationship – so there needs to be an element of give and take by both parties.
- Curwell, P. (2021). Conducting a Country Risk Assessment for your key suppliers
- Curwell, P. (2021). End User Verification
- Curwell, P. (2021). In business, confidential information is a critical asset
- Curwell, P. (2022). Los Angeles rail hijackings – a form of cargo theft
- Curwell, P. (2021). Magazine article – “Supply Chain Integrity: Detecting Product Diversion”
- Curwell, P. (2021). Modern Slavery, Human Trafficking & People Smuggling? Part 1 & Part 2
- Curwell, P. (2021). Natural Hazards and Accidents, and their intersection with physical threats
- Curwell, P. (2021). Product Tampering: A form of workplace sabotage
- Curwell, P. (2022). Building your supplier integrity framework
- Curwell, P. (2022). Critical Minerals – what’s the problem here?
- Curwell, P. (2022). How can Insider Threats manifest in the Supply Chain?
- Curwell, P. (2022). Theft of fuel from HMS Bulwark – a diversion case study
- Curwell, P. (2022). Third parties defined – what are they exactly, and how should these risks be managed?
- Curwell, P. (2022). Ukraine and looming Russian sanctions – implications for supply chains
- Curwell, P. (2022). Vendor Fraud: what is it?
- World Customs Organisation (2005). SAFE Framework of Standards to Secure and Facilitate Global Trade, 2021 Edition, www.wcoomd.org
DISCLAIMER: All information presented on ForewarnedBlog is intended for general information purposes only. The content of ForewarnedBlog should not be considered legal or any other form of advice or opinion on any specific facts or circumstances. Readers should consult their own advisers experts or lawyers on any specific questions they may have. Any reliance placed upon ForewarnedBlog is strictly at the reader’s own risk. The views expressed by the authors are entirely their own and do not represent the views of, nor are they endorsed by, their respective employers. Refer here for full disclaimer.