The list of forced labor, ESG, and human rights regulations is growing at a rapid pace and has received increased attention in recent years, in part due to the adoption of the Uyghur Forced Labor Prevention Act (UFLPA), the European Supply Chain Act, and the German Supply Chain Act (Lieferkettensorgfaltspflichtengesetz or LkSG), among others. These regulations lay out the framework for increased and proactive monitoring of companies to take the necessary steps to eradicate modern slavery and human rights violations and remain competitive.
Compliance comes at a cost and requires the implementation of a wholesome approach to due diligence that can identify risk and manage third-party vendor relations. An initial step is to map out the supply chain to identify and mitigate forced labor risks and ensure companies are well-placed to avoid reputational and financial losses by focusing on every step of the production process, from raw materials to finished goods. Employing technical data analysis is the initial step to supply chain mapping and may require link analysis and human intelligence to comply with regulations.
Why is supply chain mapping so important in regulatory and political environments? And what does effective supply chain mapping look like? Let’s explore.
Supply chain mapping (SCM) refers to mapping suppliers at all tiers throughout the supply chain for a product, from raw materials to finished goods. SCM ensures that your organization is aware of the exact route and steps a product takes through each third-party supply chain partner. This process is critical to performing the most comprehensive due diligence for each vendor, but it requires input from suppliers and geopolitical navigation and can get very costly.
The ultimate goal of SCM is for an organization to have an up-to-date reference point for understanding its unique network of suppliers so that it can accurately and effectively prioritize and mitigate risk.
SCM is a critical step in a vendor diligence program that promotes visibility into supplier relationships and the origins of materials and shows regulators that companies are taking steps to mitigate risks and comply with evolving regulations. This is crucial in a time where few compliance violations go unnoticed and can have a lasting negative impact on an organization’s financials, legal standing, and reputation.
Thorough mapping can help organizations monitor suppliers in high-risk regions for key issues including:
- Forced labor
- Modern slavery
- Environmental violations
Mapping also gives compliance teams the insights necessary to make informed decisions regarding risk prioritization for certain vendors or jurisdictions. By prioritizing risk and having a firm understanding of what risks are most pressing and relevant to each business, organizations can then appropriately designate time and resources to those risks throughout the broader due diligence process.
Certainly, there is a moral obligation for businesses to contribute to initiatives focused on ending forced labor and enforcing human rights and environmental sustainability. But complying with the legislation in place, and taking the actions prescribed by regulatory bodies also mitigates supply chain risks by adopting new processes in both procurement and supplier management.
However, modern slavery is challenging to identify through traceability alone, and SCM cannot be viewed as a cure-all for supply chain-related human rights woes. SCM is an early step in establishing a strong foundation for further due diligence to be conducted throughout a company’s relationship with its vendors and suppliers. It ultimately sets companies up for a more thorough and streamlined due diligence process and makes tasks such as intelligence gathering easier for teams to facilitate. In turn, this speeds up data collection and analysis, identification of violations in individual supply chain branches, and any necessary reporting to governing authorities. Greater visibility into an organization’s supply chain can also help compliance teams get ahead of ethical and legal issues, as well as cross-border product seizures.
Due diligence informed by vendor data gained through SCM can save businesses from the potential costs of legal action and reputational damage that result from third-party relationships gone awry. A comprehensive due diligence program that includes supply chain mapping, human intelligence, and other critical techniques can uncover a deeper level of potential risks, creating a much clearer path to compliance and mitigation.
SCM alone may not be enough for companies to comply with regulations and address complex and multi-tiered supply chains. This is where enhanced due diligence and supply chain mapping come in.
For example, UFLPA requires special attention be paid to supply chains for imports of cotton, tomatoes, and polysilicon. Research has shown it is a fairly straightforward process to map the polysilicon supply chain and to identify forced labor exposure in Xinjiang than in other sectors, such as agriculture or textiles. For comprehensive reporting of UFLPA compliance, the US Customs and Border Patrol (CBP) requests documentation all the way down to raw material — this means companies need to be able to map their supply chains downstream to identify the source of all labor and materials, no matter how small.
US regulators have recently shifted some of their focus toward other industries, such as the automotive industry, after additional reports revealed that human rights issues lie deep within other supply chains and impact numerous major corporations. Researchers from Sheffield Hallam University and the Helena Kennedy Centre for International Justice published a report titled “Driving Force: Automotive Supply Chains and Forced Labor in the Uyghur Region” in December 2022, which unveiled the severity and depth of human rights issues in the supply chains of major manufacturers. The implications of major US auto manufacturers, such as General Motors and Ford, being complicit in abuse identified in the UFLPA could be staggering, given their economic impact and value across numerous countries.
The draft European Supply Chain Act, entitled the Corporate Sustainability Due Diligence Directive (CSDDD), requires EU companies to audit their suppliers along the entire global supply chain, including all direct and indirect business relationships. The aim is to ensure compliance with applicable human rights standards and environmental protection to promote a fairer and more sustainable global economy, as well as responsible corporate governance. In order to effectively report audits of their entire supply chains, EU companies need to be able to map their vendors through every step all the way back to the harnessing of raw materials.
The German Supply Chain Act (LkSG), a nationwide corporate law, came into effect in January 2023 and obliges German companies to comply with nine high-level requirements to protect people and the environment, including establishing a risk management system, assuring internal compliance, and taking remedial action, among other protective supply chain measures. Not only German companies, but also those with German suppliers need to be able to report on supply chain compliance by mapping their third-party partners from raw materials to finished products.
Continuous monitoring and ongoing evaluations of supplier relationships are crucial elements of effective third-party due diligence and can help companies get the most value out of their supply chain mapping exercises.
We recommend that organizations conduct ongoing screening and assessment of new and existing suppliers, which includes:
- Questionnaires and site visits: Visiting supplier headquarters, identifying manufacturing facilities, and/or locations of identified third parties, and supplying periodic questionnaires can give an organization insight into their supplier’s operations at that specific point in time. Engaging in these practices on a set basis can ensure that if changes are present, your compliance team can be notified and proceed with investigation or remediation promptly.
- Ongoing monitoring and audits: While regulations require reporting during a set period, conducting ongoing monitoring within your supply chain maps can help increase the likelihood that potential violations are identified early on.
- Mapping location and geography: Understanding the climate and prevalent issues in your supplier’s geographic location can help organizations make better-informed decisions regarding its products and potential transit routes. This includes identifying transshipment and processing or rerouting through various jurisdictions active in China and/or the Asia Pacific region.
- Mapping spending: Resilience is an important consideration when identifying and assessing suppliers. No one business relationship should have a dramatic impact on a supplier’s operations. Through the mapping process, it should be asked, “What happens to any businesses involved if ties are cut?” Ideally, each connected vendor in the supply chain map should be able to stand alone, proving resilience and good health of operations.
- Entity risk: Individual entities can present varying degrees of risks, depending on numerous factors. Organizations must identify any connections that may present complications. This can be done through conducting sanctions and watch list checks, link analysis, or investigations into regulatory enforcement actions.
IntegrityRisk’s SCM investigative methodology often includes link analysis research, which works critically in line with the mapping process. Once information has been collected in partnership with the company, we provide a map illustrating connections and relationships within the supply chain.
Link analysis allows us to conduct due diligence on complex supply chains, navigating and visualizing cross-border corporate hierarchies, ultimate beneficial ownership, and subsidiary structures. IntegrityRisk ultimately uncovers inputs from Xinjiang or other geographic hotspots for forced labor that would otherwise remain hidden through complicated tiers of upstream and downstream affiliates.
For example, if a company at high risk for modern slavery violations appears on the corporate network visualization of another company, we can ascertain that the latter entity’s supply chain is also at risk. In addition, when conducting supply chain due diligence, IntegrityRisk runs its identified suppliers through our own proprietary database that includes 3,000+ entities and individuals associated with Xinjiang/XPCC to determine whether the subject has any relevant connection.
Utilize a system that combines technology and subject matter expertise to map the supply chain and then identify the risks. As noted above, political and trade relationships can result in violating some regulations while trying to comply with others if not foreign relationships are not navigated correctly.
Human intelligence (HUMINT) can utilize foreign-language capable and thoroughly trained analysts to mitigate political and trade risks, while technological intelligence monitors and analyzes supplier data. HUMINT is used in conjunction with supply chain mapping and link analysis to ensure that a due diligence investigation does not solely rely on one source of information or depend too heavily on one form of research. In conducting investigative due diligence on companies and individuals, IntegrityRisk closely analyzes insight garnered from discreet local inquiries to inform the supply chain mapping process and vice versa.
Supply chain mapping applies significantly for each of the prior-mentioned regulations, and new ones are expected to arise, including forced labor legislation in early phases in Mexico and Canada. To fulfill the requirements set forth by governing bodies, supply chain mapping allows companies to confidently report on compliance from every vendor in their supply chains from beginning to end.
High-priority sectors that forced labor regulations target include:
- Cotton and cotton products
- Silica-based products
- Tomatoes and downstream products
While companies in these industries should be particularly aware of the regulations that apply to them and their vendors, every business should conduct supply chain mapping to stay informed of compliance and violations for every third-party partner.
Worth noting is that supply chain due diligence can be hindered by certain political and commercial relationships and foreign legislation. For instance, the Chinese Data Security Law (DSL) prohibits domestic businesses and individuals from granting foreign judicial or law enforcement organizations access to Chinese data without prior approval. According to the DSL, commercial data must be categorized according to its relevance in both public safety and national security.
With countries around the globe enacting their own unique legislation, often specific to their culture and political climates, there are potential instances of interference and conflicting priorities for companies operating in multiple jurisdictions. If not managed properly, UFLPA compliance may constitute a violation of China’s Anti-Foreign Sanctions Law (AFSL). The AFSL gives the Chinese government authorities and private individuals and entities the legal justification to act against people or organizations directly or indirectly involved in the promotion or implementation of discrimination against Chinese businesses. In order to comply with the UFLPA, contacting suppliers and asking for sourcing information can lead to legal issues under the AFSL, and subsequent reputational defamation.
The right solution to supply chain compliance requires a unique combination of technical data analysis, supply chain mapping, and human intelligence to create a best-in-class supply chain due diligence process. To learn more about supply chain mapping and due diligence with IntegrityRisk, contact us today.