Emily Sadler
Emily Sadler

4 steps to minimise compliance risk in supply chains

posted by Emily Sadler
in Law
20 July 2022

Supply chains can present significant compliance risks – and violations can lead to regulatory investigations. Emily Sadler has some advice on how to keep staff and suppliers on the right track.

Short cuts were no doubt taken during the pandemic, but checking regulatory compliance across a supply chain, particularly when onboarding new suppliers, needs to be prioritised once again. In doing so, there are several areas of key risk to consider.

First are ESG and human rights issues, both within the workforce (eg the use of slave or child labour and discrimination) and broader impacts on local communities (eg forced relocation of indigenous populations).

Businesses may be required to take specific actions in relation to global supply chains under ESG-related or employment laws in different countries, such as the Modern Slavery Act in the UK, and regulations relating to minimum wages or working time for workers. Health and safety issues, such as forced overtime or a lack of personal protective equipment, should also be considered, along with global environmental standards relating to issues such as water usage, habitat preservation and pollution.

Remember, the collection, sharing and analysis of data created across the supply chain, while of tremendous value, will trigger obligations under data protection law, be subject to potential restriction under competition law, and face further legal and contractual constraints, including where the data qualifies as intellectual property.

Cybersecurity is also of paramount concern. Organisations need to be aware of every third party they interact with throughout the supply chain, from contracted maintenance companies to suppliers. Anyone with access to the organisation’s network or systems can be a risk.

It’s important to remember that cybersecurity must go far beyond installing anti-virus software on company computers: it needs to occur at every stage of the supply chain, and with every employee. In the digital era, the line between crime in the real and virtual worlds is severely blurred, so these risks need to be taken just as seriously as any physical security measure.

Here are four steps a business take to minimise its compliance risk:

1. Governance & leadership: Robust structures and processes should be implemented from the top, through which the board of directors, executive leadership and compliance professionals design, implement, maintain and oversee the business’s ethics and compliance programmes, and foster a culture of managing this within the organisation.

2. Risk assessments & due diligence: Risk assessments should be undertaken to identify key risks and applicable legislation pertinent to each stage of the supply chain, along with due diligence of suppliers, prioritising those operating in high-risk jurisdictions, environments and/or industries.

3. Supplier code of conduct: Businesses should have in place a values-based, user-friendly code of conduct that addresses the key ethics and compliance risks. Such codes will need to reflect the standards expected and grant rights to audit compliance with those standards.

4. The role of data & technology in making supply chains more resilient: Businesses should invest in technologies that allow them to connect with suppliers and make use of real-time data that can enable the whole supply chain to operate more efficiently on the basis of better-informed decisions. If personal data is to be shared, compliance requirements need to be addressed.

This will involve keeping a record of all processing activities; meeting obligations on lawful processing; complying with the principle of purpose limitation – not processing personal data in a manner that is incompatible with the original reason for collection; ensuring transparency for data subjects; and implementing appropriate and proportionate security measures to safeguard data against accidental losses, unauthorised access or cyber attacks. Additional measures may be required depending on the nature of the business, and different approaches may apply across individual countries.

Overall, targeted and tailor-made measures based on a thorough risk assessment will provide the best protection against regulatory risk stemming from each stage of the supply chain.

Emily Sadler is a partner in the commercial team at Paris Smith solicitors

East Midlands, East of England, London, South East, South West, Wales, West Midlands
£35,895 - £43,947
Animal & Plant Health Agency
Up to £500 per day OUTSIDE IR35
Castlefield Recruitment
CIPS Knowledge
Find out more with CIPS Knowledge:
  • best practice insights
  • guidance
  • tools and templates