Regulations Prescribe Minimum Baseline Behavior in Dealing with Abusive Regimes
In response to abusive actions by foreign governments and businesses, democratic governments may impose sanctions and regulations that circumscribe dealings with abusive regimes or companies. For the Russian invasion of Ukraine, this includes prohibitions on the export of oil or importing of certain high-tech equipment to Russia. In response to China’s cultural genocide, forced assimilation, and forced labor of its Uyghur population, the Uyghur Forced Labor Prevention Act (UFLPA) was signed into law. This forbids importing of any goods mined, produced, or manufactured wholly or in part in the XUAR (i.e., the Xinjiang Uygur Autonomous Region) unless “clear and convincing” evidence is produced demonstrating that no forced labor was used in producing the goods. Section 1502 of the Dodd-Frank Act of 2010 requires companies to report on their use and sourcing of tin, tantalum, tungsten, and gold (3TG) from the DRC (Democratic Republic of Congo) region. There are many other regulations in the US, Europe, and elsewhere intended to constrain abusive actions.
Beyond regulatory requirements, there are reputational concerns. Recently companies still doing business in Russia have been publicly shamed through efforts such as the Yale Chief Executive Leadership Institute List of Companies.1
Going Beyond the Minimum Behaviors Required by Law
These types of regulations are intended to curtail funding to ongoing wars and incentivize regimes to stop abusive practices, with varying degrees of success.2 Companies that are committed to corporate social responsibility typically aim to go beyond the minimum behavior prescribed by law. But companies also have obligations to investors, shareholders, and employees, to ensure the company remains competitive, financially viable, and prosperous. Sometimes a company is forced to balance ethical goals with financial and competitive considerations. For example, deciding how far they will bend their own policies and principles in order to do business in China. In that case, it may be hard to walk away from what will soon be the world’s largest economy3 but it also may be difficult to submit to the censorship required to do business in China or to ignore human rights abuses by the Chinese government.
Using a Rifle Instead of Shotgun
To be effective, measures to punish abusive practices and reward good practices need to be accurately targeted. For example, one way to comply with conflict mineral regulations is to stop sourcing from the DRC region altogether, in order to avoid the burden of due diligence imposed by the SEC rule. However, there has been near-universal condemnation of that approach, as it amounts to a de facto embargo, impacting millions of people in the region whose livelihood depends directly or indirectly on legal mining operations that are not financing the conflict. A more targeted approach requires granular, accurate, up-to-date visibility into product components and inputs and the actual sources and working conditions across a multi-tier supply chain.
Being a good global citizen drives the need for granular accurate up-to-date supply chain intelligence. The challenge, of course, is how to do this economically. Here we discuss some of the challenges and practical means of maintaining the necessary surveillance and mitigating abusive practices in your supply chain.
Product Inputs Visibility
To comply with US and EU Conflict Mineral Regulations, RoHS, REACH, WEEE,4 and other regulations dealing with product contents requires a manufacturer to maintain precise up-to-date knowledge of all of the input materials and components in every product they make, including the quantities of each material, as this impacts which regulations apply. The fully exploded BOM (bill-of-material) may contain thousands of items for a complex product and a company may have thousands of different types of products. BOMs change throughout their lifecycle as ECOs5 and design changes occur after a product is released to manufacturing, not just during development. In these cases, tools to automate the compliance process are essential and should be an integral part of engineering and supplier management processes such as:
- Engineering Workbench Integration — Integrate compliance into developers’ tools and systems, such as those used for selecting parts, materials, and suppliers during the design process. Integrate with ECO tools.
- New Part and Material Introductions — Have new parts and material introductions trigger an inquiry process and require compliance for approval.
- ECO Process — Have ECO submissions trigger an inquiry process to check whether compliance has been affected by the change.
- Engineer Performance Management — Make compliance with conflict minerals and other regulations a part of engineer and designer performance metrics.
- Sourcing Workbench Integration — Integrate with sourcing tools and systems, such as supplier discovery, RFQ, and contract authoring.
- Supplier Contracts, Code-of-Conduct, and Training — Include clauses in contracts that are explicit about the conflict minerals (and other) data expected from suppliers. Incorporate compliance in supplier training programs.
- Supplier Management Integration — Integrate with supplier management tools and systems, such as supplier performance management, supplier risk management, and supplier quality management.
- Supplier Performance Management — Ensure scorecards and quarterly reviews with suppliers include conflict minerals compliance and other sustainability and social responsibility requirements.
- Supplier Qualification — Onboarding of certain types of suppliers should automatically trigger a conflict minerals inquiry process and require compliance for approval.
Supplier Practices and Working Conditions
The behavior expected of suppliers is typically spelled out in a supplier code-of-conduct document and measured by the supplier and internal company metrics to meet the company’s CSR goals. Enforcement requires continual monitoring of supplier compliance, which can be extremely labor-intensive. A large enterprise has dozens to hundreds of categories of suppliers, each with varying compliance requirements. For example, a supplier of software-as-a-service may need to prove that they are protecting user data and privacy, whereas an office cleaning services provider may need to show that their onsite workers are vetted, documented, diverse, and fairly paid. A company that has tens of thousands of suppliers will need a system that knows the different compliance requirements of each supplier and automates compliance checking processes, such as the sending out of questionnaires and the checking of certifications. There are a number of different supplier and third-party management systems available to help automate these processes, such as Aravo, Coupa, SupplierSoft, HICX, Ivalua, Trust Your Supplier, and supplier.io (supplier diversity).
Onsite audits may be required for key suppliers’ factories to ensure that safe working conditions, no abusive labor practices, and living wage requirements are met. It would be naïve to trust that all suppliers will tell the truth all the time in survey responses. In fact, the suppliers who are breaking the rules have the highest incentive to provide deceptive, incomplete, or false responses to surveys. For this reason, audits are sometimes necessary. These often need to be onsite audits, preferably unannounced. However, onsite audits are expensive and time-consuming. Thereby a risk-based approach is needed. This entails assessing the risks posed by each supplier, such as their impact on your business and likelihood of non-compliance based on things like location, past history, and so forth. A risk-based approach allows a company to prioritize suppliers based on the risk they present, enabling limited compliance monitoring and auditing resources to focus on managing the riskiest suppliers.
Audits are not only expensive for the buyer firm. Suppliers may have hundreds of customers asking for audits, which can become overwhelming for them. To solve both sides of the equation, there are industry-wide initiatives and third-party auditors. An example of an industry-wide initiative to share audit resources and practices between companies is the Joint Audit Cooperation for ICT (Information and Communications Technology) suppliers.
There are industry-focused third parties that provide sustainability audits, such as Valmet in the pulp, paper, and energy industries. There are also cross-industry third-party audit and related services providers, such as DQS CFS and Sedex which also provides a platform for sharing multi-tier, responsible sourcing data. The big three testing firms (SGS, Bureau Veritas, Intertek) also do audits, such as SGS’s ISO 26000 assessment, and offer CSR services beyond audit as well. There are firms that specialize in sustainability audits such as ELEVATE and QIMA. There are affordable alternatives to onsite audits, such as EcoVadis, which provides standardized CSR ratings of suppliers, based primarily on verified documentation.
Accurate Supplier Plant Locations
A large company’s supply chain is constantly changing. Suppliers may move production from the certified plant to another of their plants. Or they may at some point in time start subcontracting production to another supplier without informing the customer. Or they may inform the buyer, but the change in location is never entered by the buyer into their system. A better way to keep track of the actual location of production is to use the ‘ship from’ location contained in shipment documents such as load tenders, bills of lading, and commercial invoices. By tracking the actual pickup location for a shipment, the buying company can see when the location of production has changed. That can alert the buyer that they may need to do additional compliance checks on the new location. Infor Nexus Control Center is an example of a system that takes this approach to maintaining an accurate map of the supply network.
Mapping and Monitoring Multi-tier Supply Chains
Things get more complicated when there is a need to track multiple tiers of the supply chain. Apparel brands discovered in the 1990s that the public held them responsible for the behavior of their entire supply chain, not just their immediate suppliers. That is one reason many of them decided to boycott Uzbekistan cotton harvested using forced labor. There are platforms that can help in mapping out multi-tier supply chains such as Resilinc, Achilles, Supply Risk Solutions, and Amerigo.
Meeting the Needs of Now, Preparing for the Future
The Russo-Ukraine war is just the latest event pushing enterprises to conduct business ethically in their supply chain. Doing so can be an overwhelming undertaking. Fortunately, there are many solutions and services that can help maintain granular, accurate, up-to-date supply chain intelligence and take the appropriate actions. We expect the demands for responsibly managed supply chains will only increase over time. Investing in these types of systems and processes will enable companies to do business ethically and profitably now and in the future.
1 The Yale CELI List of Companies is a list of 800 large corporations, grading them from A to F on the extent to which each company has stopped doing business in Russia since the start of the Russo-Ukraine war. — Return to article text above
2 While sanctions are often not effective (see Evidence on the Costs and Benefits of Economic Sanctions), there are success stories. A recent example of a successful action (a boycott, not a government-imposed sanction) was the boycott of Uzbek of cotton and textiles by 330 apparel manufacturers and retailers. The boycott ended because the previous widespread practice of forced labor in picking Uzbek cotton has ended. — Return to article text above
3 China is already the world’s largest economy as measured by purchasing power parity. Some economists predict China’s economy will become the largest in the world by about 2030, as measured by nominal GDP. — Return to article text above
4 Comparison of US and EU Conflict Mineral Regulations, RoHS = Restriction of Hazardous Substances Directive, REACH = Registration, Evaluation, Authorisation, and Restriction of Chemicals, WEEE = Waste Electrical and Electronic Equipment Directive — Return to article text above
5 ECO = Engineering Change Order — Return to article text above
To view other articles from this issue of the brief, click here.