No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe
Jump to a Section
  • At the Office
    • Ethics
    • HR Compliance
    • Leadership & Career
    • Well-Being at Work
  • Compliance & Risk
    • Compliance
    • FCPA
    • Fraud
    • Risk
  • Finserv & Audit
    • Financial Services
    • Internal Audit
  • Governance
    • ESG
    • Getting Governance Right
  • Infosec
    • Cybersecurity
    • Data Privacy
  • Opinion
    • Adam Balfour
    • Jim DeLoach
    • Mary Shirley
    • Yan Tougas
No Result
View All Result
Corporate Compliance Insights
Home Risk

Mapping Efforts to Mitigate Supply Chain Risks

Managing third-party relationships key to rising compliance requirements

by Ty Francis
July 17, 2024
in Risk
europe supply chain

International regulations and guidance continue to emphasize the role of due diligence in mitigating the risks posed by a company’s operations. While the EU’s new due diligence rules have been hailed by some as landmark and will usher in a new regulatory layer, LRN’s Ty Francis says meeting the increased regulatory scrutiny on supply chains could start with turning to tried-and-true third-party risk practices.

The European Union’s recently passed Corporate Sustainability Due Diligence Directive (CSDDD) mandates large companies in the EU address issues relating to forced labor and environmental damage in their supply chains.

This directive requires companies to thoroughly audit both their “upstream” partners involved in design or manufacturing and “downstream” partners responsible for transportation, storage and distribution of products. Business organizations have expressed concerns that the directive will impose additional regulatory layers, potentially impose severe sanctions, disadvantage European firms compared to international competitors and deter investment in Europe.

The rules, which were softened to gain acceptance from some EU members worried about excessive bureaucracy, will take effect in 2028 for companies with over 1,000 employees and a global turnover exceeding 450 million Euros. (Originally, the proposal targeted EU companies with more than 500 employees and 150 million euros in turnover.)

The law obliges companies to prevent, cease or minimize potential or actual harm to human rights and the environment, including issues like child labor and biodiversity loss. It also necessitates remediation of any adverse impacts caused. Financial entities are required to assess only their upstream partners.

Additionally, companies must develop strategies for transitioning to a low-carbon economy. Penalties for noncompliance can reach up to 5% of a company’s global turnover.

International regulations growing

Despite adjustments, Germany did not support the final version of the EU’s directive. The EU’s largest economy had already taken more steps toward regulating corporate supply chains with its own legislation, the Supply Chain Duty Act (Lieferkettensorgfaltspflichtengesetz” enacted in June 2021. This law, which targets companies based in Germany with at least 3,000 employees, is set to broaden its reach this year, lowering the employee threshold to include companies with at least 1,000 employees.

The German legislation applies to all types of suppliers, requiring companies to proactively monitor direct suppliers while adopting a more reactive approach to indirect suppliers, based on substantiated claims or incoming news of violations. It mandates the establishment of a risk management system, regular risk assessments and the implementation of preventive measures to mitigate any adverse human rights impacts within their supply chains. Additionally, companies must create avenues for complaints, allowing rights holders and whistleblowers to anonymously report any violations.

Like the EU’s new directive, the effectiveness of the German law will hinge on thorough implementation and the willingness of companies to adjust to these new regulations, ultimately pushing forward corporate accountability on a broader scale.

Canada, too, has joined the fast-growing group of regions making supply chains a priority, with its Fighting Against Forced Labour and Child Labour in Supply Chains Act, also referred to as the Modern Slavery Act (MSA), going into effect Jan. 1, 2024.

Back in the United Kingdom, the recently introduced “failure to prevent fraud” offense under the Economic Crime and Corporate Transparency Act mandates significant changes for organizations in the UK. This offense, likely to be implemented sometime in 2024, could expand corporate criminal liability and simplify the prosecution of organizations for fraud committed by employees or third parties that benefit the organization. 

And though it doesn’t rise to the level of federal legislation, across the Atlantic, the DOJ’s Criminal Division in its updated evaluation of corporate compliance guidance makes clear, a well-designed compliance program should apply risk-based due diligence to third-party relationships.

It is clear that compliance with international standards means strengthening due diligence, including conducting sober assessments of risks posed by third parties, be they business partners, suppliers or others.

shipping containers in colorful stack
Compliance

Using AI to Elevate Supply Chain Due Diligence? Don’t Forget to Pair It With Human Analysis.

by Samuel Logan
March 18, 2024

Computer programs can’t queue in line to retrieve information from local offices

Read moreDetails

Expectations of organizations

The EU’s new provision could ask organizations to intensify their training efforts, particularly for employees in higher-risk positions. This includes detailed case studies within training materials to help employees recognize and understand potential fraud scenarios. The aim is to ensure that individuals are well-informed about the nuances of the offenses and the organization’s specific vulnerabilities to fraud.

And for third parties, well, due diligence is crucial, such as agents acting on the organization’s behalf. The act will demand that organizations conduct due diligence not just for transactions and contracts but also for the ongoing monitoring of third parties. This could include integrating fraud due diligence into existing processes like anti-bribery and anti-corruption checks.

Some broader requirements could see organizations asked to conduct comprehensive fraud risk assessments, potentially revising existing assessments to better cover outward fraud and implement effective audit and monitoring systems for fraud, particularly focusing on medium- and high-risk third parties. Asking third parties to comply with your own policies and procedures, and even going the step further and requiring them to undertake training to ensure they are aware of your code of ethics, may be a prudent risk mitigation exercise.

Overall, with the impending requirement for more structured training and rigorous third-party due diligence, organizations must prepare for a thorough overhaul of their current fraud prevention strategies to align with the new legal landscape set by the UK’s corporate transparency act. This involves a proactive approach to training and third-party interactions, ensuring that all possible measures are taken to prevent fraud.

Also in January, the UK’s Financial Reporting Council (FRC) introduced the updated 2024 UK Corporate Governance Code, emphasizing the board’s responsibility to manage risks, including those associated with third-party suppliers. Boards often lack a clear view of the risks and assurances provided by these third parties.

The code stresses the importance of evaluating the quality of controls managed by third parties. Typically, third-party questionnaires are used to assess these controls, but they may not offer enough assurance to meet the new code’s standards.

In addition to companies performing stringent due diligence before engaging any key third-party service provider to ensure they have robust controls, they should also maintain a detailed inventory of these third-party suppliers to identify and assess their risk levels, to align with the recent updates.

Risk management & due diligence: sides of the same coin

While every business is at risk of exposure to modern slavery, we believe companies can mitigate this risk through good policy, processes and practice. The recent reforms highlight the need for stringent oversight of controls by key suppliers, but are organizations ensuring some of their higher-risk suppliers are aligned with their own controls, code of conduct or internal training?

Organizations have been performing third-party risk management (TPRM) and third-party due diligence (TPDD) for the longest time. But how should organizations up their game? Before we look at this, we need to understand the difference between the two.

TPRM is a broad, ongoing process that involves identifying, assessing and controlling risks presented by third parties (vendors, suppliers, partners) throughout the duration of a relationship. This includes risks in areas like cybersecurity, compliance, operational processes and reputational impact. TPRM is continuous and aims to mitigate risks by implementing controls, monitoring third-party performance and ensuring that the third party aligns with the organization’s standards and regulations on an ongoing basis.

TPDD, on the other hand, is often a component of TPRM but is generally a preliminary step taken before entering into a contract or relationship with a third party. It involves a detailed examination and assessment of the third party to understand the potential risks and benefits of the partnership. Due diligence includes reviewing the third party’s financial status, business operations, legal compliance and reputation. It’s a critical phase to ensure that the collaboration will not negatively affect the organization’s integrity or financial position.

While TPDD is about thorough vetting before entering into a partnership, TPRM focuses on continuously managing and mitigating risks throughout the relationship. Both are essential for maintaining healthy, compliant and profitable business relationships, but to ensure that your third party and supplier is aligned with your organization’s values and code, we should be offering our suppliers and third parties ethics and compliance training.

Training third parties and suppliers, especially key employees within those entities, on the same content your organization uses can be crucial to ensure alignment in values and messaging. It is now imperative that your vendor community understands the values and ethical behaviors expected of them, while representing your organization and providing your team the ability to audit vendor performance.

Key international supply chain regulations
Location Current regulation Date Key requirements
Germany Supply Chain Due Diligence Act (Lieferkettengesetz) 2023 Companies with more than 3,000 employees (reducing to 1,000 employees from 2024) must establish risk management systems, take preventive measures against human rights and environmental risks and establish complaint procedures.
EU Corporate Sustainability Due Diligence Directive (CSDDD) TBD Companies with over 1,000 employees and turnover of EURO 450M are required to identify and prevent adverse impacts on human rights and the environment across their global supply chains.
UK Economic Crime and Corporate Transparency Act (“Failure to Prevent Fraud” Provision) TBD Organizations would need to demonstrate that they have adequate procedures in place to prevent fraud by persons associated with them, similar to the “failure to prevent bribery” offense under the Bribery Act 2010.
USA California Transparency in Supply Chains Act 2012 The law applies to retail sellers and manufacturers doing business in California that have annual worldwide gross receipts exceeding $100 million. Covered companies must disclose on their websites the efforts they undertake, if any, regarding audits of suppliers to assess compliance with company standards for trafficking and slavery in supply chains.
Canada Fighting Against Forced Labour and Child Labour in Supply Chains Act/Modern Slavery Act (MSA) 2024 Companies based or doing business in Canada must detail the steps taken during the previous financial year to prevent and reduce the risk that forced labor or child labor is used by them or in their supply chains. They will meet two of the following three criteria for at least one of its two most recent financial years:
>$20M or more in assets
>$40M in revenue
>250 or more employees
Editor’s note (advertising relationship disclosure): CCI publishes timely and informative articles on a variety of topics every week. When we publish an article by an author associated with a vendor or service provider that advertises with CCI, we disclose that relationship.

Tags: Supply Chain
Previous Post

What Dramatic UK Election Results Might Mean for Compliance

Next Post

Empathy Is More Than a Buzzword

Ty Francis

Ty Francis

Ty Francis MBE is chief advisory officer at LRN. A CCEP, Francis formerly was executive vice president at the Ethisphere Institute, and he once served as vice president of the New York Stock Exchange.

Related Posts

supply chain shipping containers

‘You Don’t Want to Be the First Company to Not Comply’: How Trump’s Tariffs Are Shaking Supply Chains

by Cathy Siegner
March 31, 2025

The ripple effects of tariff policies extend far beyond simple cost increases, creating complex compliance challenges that span legal, financial...

news roundup header image papers

Internal Audit Group Prepares New Third-Party Topical Requirement

by Staff and Wire Reports
March 7, 2025

Most organizations expect to increase fraud budgets

mineral mining operation

Why Critical Minerals Demand a Compliance Revolution

by Rebeca Vergara Gaona
February 11, 2025

Corporate compliance lessons could help strengthen intergovernmental mineral agreements before problems arise

news roundup bundled papers

Audit Leaders Struggle to Keep Pace With AI Demands

by Staff and Wire Reports
January 31, 2025

‘Forever chemicals’ present in most manufacturing supply chains; global political shifts poised to upend corruption enforcement

Next Post
empathy concept sharing emotion between two people

Empathy Is More Than a Buzzword

No Result
View All Result

Privacy Policy | AI Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Research
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2025 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT
No Result
View All Result
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe

© 2025 Corporate Compliance Insights