No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe
Jump to a Section
  • At the Office
    • Ethics
    • HR Compliance
    • Leadership & Career
    • Well-Being at Work
  • Compliance & Risk
    • Compliance
    • FCPA
    • Fraud
    • Risk
  • Finserv & Audit
    • Financial Services
    • Internal Audit
  • Governance
    • ESG
    • Getting Governance Right
  • Infosec
    • Cybersecurity
    • Data Privacy
  • Opinion
    • Adam Balfour
    • Jim DeLoach
    • Mary Shirley
    • Yan Tougas
No Result
View All Result
Corporate Compliance Insights
Home Compliance

To Drive Due Diligence and Compliance, Don’t Overburden Your Suppliers

Robust due diligence can make life easier for vendors

by Dean Alms
July 10, 2023
in Compliance, Risk
supplier burden

Satisfying third-party due diligence and compliance requirements can be time-consuming, especially for your suppliers — and global regulations around supply chain due diligence are only growing. Aravo’s Dean Alms offers his advice: Make things easier on your suppliers, not harder.

Bribery and corruption, cybersecurity attacks and data spills, ESG concerns, geopolitical shifts and manmade or natural disasters pose complex and enduring risks to a company’s extended enterprise. Governing bodies at the state, national and international level have passed supply-chain and third-party due-diligence laws and regulations to mitigate these risks, with more on the horizon.

You, your suppliers and their suppliers may operate in multiple markets that have new or changing regulations and compliance expectations. Thus, it’s critical to remain vigilant and align with evolving anti-bribery and corruption (ABAC), financial reporting, cybersecurity and data privacy, ESG and trade laws, regulations and standards across global jurisdictions. 

Teams that manage risk and drive compliance should build and foster collaborative relationships with their supplier base and digitally enable each other to be reciprocal, transparent and efficient. As a result, these relationships will not only help fulfill their statutory obligations but also help their business needs and support enduring partnerships.

semitrucks
Compliance

Tracking Down Emissions When They’re Buried in Your Supply Chain

by Sarah Carpenter
February 22, 2023

Manufacturers are pressed from all sides to prove their environmental bona fides, but given the nature of manufacturing-related emissions, that means making sure their global supply chains are environmentally conscious. Assent’s

Read moreDetails

As supply chain risks and cyber threats rise, so do regulations

It’s our responsibility as corporate and global citizens to do what we can to drive positive change where we can to combat corruption, cyber risks, environmental exploitation and social injustice from within our extended supply chains. Complying in good faith with laws and regulations is part of this responsibility.

Examples of ESG due diligence laws include the U.S. Uyghur Forced Labor Prevention Act (UFLPA), the German Supply Chain Due Diligence Act (LkSG), the EU’s Corporate Sustainability Reporting Directive (CSRD) and recently enacted Canadian forced labor and child labor law. Add to that the pending disclosure rule changes from the SEC and International Sustainability Standards Board, which are expected to require more publicly traded companies to report their Scope-3 emissions. 

While ESG risks have risen, so have cybersecurity threats. Today, more than 80% of chief information officers say their software supply chains are vulnerable to cyber attacks. In this area, too, government agencies have acted, including a series of presidential executive orders and new electrical system standards — and proposed SEC regulations in the financial services sector.

And this is to say nothing of the continuing geopolitical tensions that ramp up the strain on supply chains, including Russia’s war in Ukraine, Chinese economic espionage and human rights abuses and malign Iranian actions in the Middle East, all of which have earned those countries economic and political sanctions along with trade embargoes and restrictions.

To drive compliance, carrots work better

How can companies comply with more supply chain laws and regulations to mitigate risks and drive continuous improvement throughout their value chains? How should they address their suppliers’ and vendors’ compliance obligations to fulfill their own legal or regulatory requirements?

To be sure, the answer isn’t simply to dump all the work off to your suppliers. Here are some best practices to drive due diligence and compliance without driving either you or your suppliers to your breaking points.

Nail initial supplier due diligence: Conduct a comprehensive initial assessment and obtain industry and third-party certifications, audits, supplier surveys and past performance evaluations. This approach establishes a strong foundation for both you and the supplier, benefiting future periodic reassessments and compliance with relevant laws and regulations.

Incorporate compliance KPIs into supplier performance management: Integrate regulatory compliance into ongoing performance management with suppliers. Establish, manage and assess adherence to relevant laws and regulations (e.g., FCPA, UFLPA, LkSG) by incorporating them into measurable KPIs for supplier accountability and maintaining legal standing.

Supplement initial due diligence reports with risk intelligence data: Ensure that the solution being used to manage supplier risks incorporates real-time insights to streamline onboarding and enrich risk reviews. This helps the organization prioritize third parties that represent the highest risk to the business.

Continuously monitor third parties to stay informed and vigilant: Continuous monitoring offers early warnings for potential risks to the business, facilitating prompt corrective actions with suppliers and accelerating supply chain resiliency.

The responsible path for most companies building a TPRM program for their extended enterprise is to think big, start small and grow fast. Think big and design a program accordingly, so you don’t end up with multiple fragmented solutions that lack visibility, data integrity, and clarity over your overall risk. Start small, as ESG, cybersecurity, and other risk areas will heighten, and applicable regulations will change. Grow fast by incrementally expanding your risk domains as needed. Finally, plan to build agile and resilient capabilities as you move through various maturity levels with your TPRM program, tracking success, delivering performance metrics and impacting the business. 


Tags: Due DiligenceSupply Chain
Previous Post

2023 Risk & Compliance Benchmark Report

Next Post

Why a Structured Program Is the Only Way to Reach Your Data Privacy Potential

Dean Alms

Dean Alms

Dean Alms is the chief product officer for Aravo overseeing product strategy, management, marketing and product design. He recently joined Aravo to build an organization that would expand the product portfolio and market reach of industry-leading apps in third-party risk management.

Related Posts

polluted water

PFAS Reporting Window Delayed, but Waiting to Act on ‘Forever Chemicals’ Could Be Risky

by Cally Edgren
June 9, 2025

Technical issues on government portal give companies short reprieve

drug cartel soldier camo

Leveraging Human Rights Frameworks to Combat Emerging Cartel Risks

by Nate Lankford, Matteson Ellis and Nisha Sawhney-Murkett
May 19, 2025

As enforcement priorities shift to cartels and foreign terrorist organizations, established human rights processes can identify and mitigate emerging legal...

supply chain shipping containers

‘You Don’t Want to Be the First Company to Not Comply’: How Trump’s Tariffs Are Shaking Supply Chains

by Cathy Siegner
March 31, 2025

The ripple effects of tariff policies extend far beyond simple cost increases, creating complex compliance challenges that span legal, financial...

merger concept figurines

When Money Isn’t Cheap, M&A Due Diligence Must Go Deeper

by Jim DeLoach
March 17, 2025

Today's dealmakers must scrutinize targets through multiple lenses to avoid costly post-acquisition surprises

Next Post
data privacy cameras watching

Why a Structured Program Is the Only Way to Reach Your Data Privacy Potential

No Result
View All Result

Privacy Policy | AI Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Research
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2025 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT
No Result
View All Result
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe

© 2025 Corporate Compliance Insights