Industry Focus - Manufacturing

Each industry segment has unique issues for its third-party risk management program. Learn what you need to know for the manufacturing sector.

Industry Focus - Manufacturing - Transcript

Elliot Berman: Welcome to another episode of Third Party Risk Perspectives. I am Elliot Berman from AML RightSource, and I'm here with Chris Sindik from Blue Umbrella. Chris, why don't you introduce yourself?

Chris Sindik: Sure. Thanks Elliot. My name's Chris Sindik. I'm the Senior Director of Third Party Risk and Due Diligence here at Blue Umbrella. So work with the team on actually researching our due diligence reports, changing our offering to meet client needs, and a lot of other very interesting projects around technology and screening and third party risk management.

Elliot Berman: Thanks, Chris. So in this episode I'd like to take a little bit of a different slant and look at things from an industry perspective. And the industry I thought we could talk about today is manufacturing. Give the audience a little bit of a sense of what's the scope of that? What kind of statistics do we have about due diligence and frame what we're talking about?

Chris Sindik: Yeah, certainly. And it Blue Umbrella, we have a variety of clients that we work with you know, some in the manufacturing industry and plenty of others that are in other industries, but, uniquely positioned to see what is happening for clients in that industry. And maybe to pull out some trends here and there as we find them.

And, I think that when we say manufacturing, first we want to recognize that there's a lot of different types of manufacturing out there. All the different products that are made, industrial, things that will go into the hands of consumers, business to business, whatever it might be. I know that there's a large net when we talk about the manufacturing industry.

I think in terms of, some interesting trends that we're seeing out there, and you think about the risks that various companies will face depending on, what exactly it is they're manufacturing. A couple of the common risks that we'll find are related to government connections or politically exposed or PEP relationships. By and large, using some general statistics here, it's about one in five reports in the industry that we'll see some kind of a government connection.

And even more common than that, about twice as likely to have some sort of business risks related with that particular third party that a company is thinking about doing business with. Government connections and PEP risks generally that would be that the company is owned by the government in some way, whether it's 1% or 100%. That is generally considered a risk factor if someone's working with the government and all the different bribery concerns that come along there.

Also, the other side of that, it could be, those business risks that I mentioned, and I think that the manufacturing industry is, very unique in that the supply chain that they're dealing with is one of the largest, of all the industries that we can think about. So it's not uncommon for us to find out that, a particular company and various parts of the world, and we write reports on companies in pretty much every country in the world. They're newly formed. Maybe they have financial problems. They have high debt. Their financial records are perhaps quite old.

They have obscure ownership. Sometimes it's a lot of shell companies. You want to know who company ABC is owned by, and it's owned by company XYZ and company XYZ is owned by another alphabet. You go through the list and that can be very difficult to know, is it a government? And sometimes it's, again, in parts of the world where records aren't kept online or ownership information is not transparent.

So it takes a lot of digging to find out who these companies are on the other side of the world that we're thinking about doing business with. And that's really where the rubber meets the road. Who are they and can they do what they say they're going to do?

Elliot Berman: So you just talked about some risks that are somewhat unique to manufacturing. And some challenges related to those risks. So how do we address the unique needs of our manufacturing clients?

Chris Sindik: I think it really does relate back to those unique parts, or those risk factors that are particularly concerning to the manufacturing industry. One is how far down the supply chain do you go? I mentioned it with ownership a little bit earlier. I see this trend in my career and I've been doing it for about 20 years or so now, is that it started with companies looking inside their own four walls, their own house and getting compliance and risk management handled there.

And then once that was established, okay, let's go outside our walls. Let's try to have some third party risk management. And then it was, okay, who are those suppliers suppliers? And then who are your supplier suppliers, and so on and so on. And there are some laws around that too, about how far down the chain do you have to go? So having to deal with that many layers and how many layers are you willing to go through, I think is really unique in the manufacturing industry.

Human rights is another huge part of the industry. People are making goods, in factories sometimes in parts of the world that maybe have very different standards of labor. What is the age at which you can start working? Is there forced labor? Is there child labor? And all the different, things that, that go along with that. And there's a huge reputational risk that's included with that. If people think that they're going to do business with a company that's engaging in human rights, they don't want to be associated with a company that, has that as a part of their way of operating.

How do we address these unique needs? I think that's getting back to the crux of the question after we've identified them. One is that, at Blue Umbrella, we have a great experience in the manufacturing hubs from a US and European perspective, and, in Asia and India and Latin America and in parts of Europe, et cetera, too. We really have a team that can dig into it and can get to that nth layer and peel back the onion to find ownership.

And two when it comes to human rights, we have a dedicated report scope that's focused on that, where we'll look at, some of the NGO lists that are out there. The government lists are out there by human rights watches and concerns. Where we can find these things out. We can also look at not just the company itself, maybe you're thinking about doing business with a subsidiary of a much larger company, and it's important to do some research on that larger company as well.

And maybe in the surrounding areas they've had issues in the past, and that's something that you definitely would wanna know about. The other part of that unique need that we address is having to manage an extreme amount of third parties. We've seen some clients that have, hundreds of thousands of third parties that they need to deal with and they need to manage, and they need to uncover risks on, but more importantly, remediate and mitigate those risks. And if it's 25, you can manage that with an Excel spreadsheet. That's fine. But when it gets to a quarter million, the spreadsheet's not gonna work so much in that circumstance.

Having a software, ours is called Status, we think it's the market leader, can really handle that massive third party population and it has those automations in place. Because if it's something that's manual, even if you're using software, that the time saving is not there. You have to have something that's automated and talks to other systems via API, and can send out questionnaires automatically and has monitoring built in and scoring because it really does need to be an automated solution to actually show its value and to save time. Not just move an inefficient process to an inefficient tool.

Elliot Berman: What are some of the trends you're seeing new laws, enforcement actions things like that, that are particularly focused on the manufacturing sector?

Chris Sindik: I think one of the things that's starting to make a little bit more noise in the manufacturing industry is cybersecurity risks. I think that, about half of organizations have had some kind of a data breach or cybersecurity in the last couple of years is what I've seen some statistics on. So it's growing in popularity and with that large supply chain a company may have controls over their own systems and, maybe they're first tier suppliers, but when it gets down the line over and over again, maybe those controls diminish each time.

And that can create problems for the company that is hiring them. And, the press and regulators like to put the big name in the headlines, not some supplier fifth tier down the line. That was actually the cause of the security breach. That's something that I think is starting to make waves in the manufacturing industry.

Outside of that, I think tariffs are a huge concern right now for the manufacturing industry. Whiplash as we've seen it sometimes where there's massive tariffs and then they get backed off a week later and who's subject to them and who's not. And that can create a lot of stress to find new suppliers and in countries where maybe it wasn't your first choice and you gotta do a lot of different things about that to make sure that you're getting a quality product. And it's not gonna create a liability to the company.

There are some other laws that are out there, the extended producer responsibility, EPR, about knowing the entire supply chain that are coming through and how much that is going to have teeth. Do companies need to build those systems up? Do they need to create that transparency in their process? It's probably good to do, certainly from a business and risk management perspective. But there's only so many hours in the day.

That along with environmental laws that are being proposed, are they gonna stay? Are they gonna go? And overall, I think another major point is about enforcement. In these trying economic times that we're seeing, sometimes third party risk management, compliance, ethics, et cetera, is seen as a cost center. And if a company is investing heavily in their third party risk management program and someone sees it, maybe there's a change in executive leadership and say, why are we spending so much on this? We haven't had an incident in the last 10 years. If we cut it by 25% and we still have no incidents, that's a win to them.

But, there are other ramifications with that. It's always a trend, unfortunately, it seems like in the risk management space to do more with less. So again, that's where technology can come in to help fill the void sometimes and to help with headcount and, use some technology and automations to help save time.

Elliot Berman: Are there other due diligence and technology approaches beyond what you've talked about that we view as being particularly effective in the manufacturing space.

Chris Sindik: I think one of the best ones, and this is tried and true probably not new to many of our listeners is the risk-based approach. When you have a very reliable risk scoring framework to say medium, low and high. And, the high risk third parties are going to get the most attention and the low risk third parties are gonna get the least and, medium, somewhere in the middle.

And that's it at a very philosophical level, but what does it mean in a practical level? Does high risk means that the executive team's gonna fly down to the third party and do a factory tour? Maybe in some situations, depending on the relationship and the spend involved too, but a lot of times it's much more lower scale as we all know.

Where it's what type of report are we gonna order? Are we gonna do screening? How often are we gonna do a renewal? How often are we gonna do monitoring? And that really relates back to the resources and the budget that's there. I think the biggest failure that can be done when it comes to DD and technology approaches is building something that you're never gonna use.

If you build something and it's not quite as automated as it could be, or streamline, or future proof, at least it's up there and it's running. I think the worst way to go about it is to build something that creates bottlenecks. In the program where it's unrealistic to start out with, really trying to match the policy, the program, the due diligence, the technology with what you can do in a day. You don't want to get put in a situation where it's trying to put 10 pounds of sugar in a five pound bag.

There just aren't that many hours in the day for people to do things, so focusing your efforts in a way that, you can ultimately do it and execute on it in a repeatable, consistent reasonable way I think is the best way to go about it. But, I think the risk-based approach is tried and true but also the realistic based approach is always needed there to make sure that the program is fit for the company, its scale and its risk appetite.

Elliot Berman: Chris, any last thoughts about this topic?

Chris Sindik: I just say that, it's definitely an industry that has been under the microscope in recent years and in recent weeks too. It really is the backbone for a lot of different services that are provided out there and one that we're seeing a lot of thought about when it comes to manufacturing. Just because if people aren't gonna get their products and services on time, this is when they start to look at the manufacturing process and supply chain slowdowns globally. Whether it's coming outta the pandemic or tariffs or whatever it might be. Something that, that consumers are starting to pay more attention to.

And ultimately I think that it can be not just a legal risk and the, some of the things that we've talked about, but a reputational risk too where consumers and, other businesses are voting with their wallets. And having a program that you know is defensible and you're doing things the right way can really bring a value to the company. And I don't think that can be overstated.

Elliot Berman: Chris I really appreciate your insights and I'm looking forward to our next conversation. I know that you and I have talked about doing some episodes on other industry sectors and and possibly some geographies, so I look forward to those. And thank you very much for today's session.

Chris Sindik: Thanks so much and thanks to our listeners. Thanks for joining us.