Welcome to a special five-part podcast series on innovation in managing third party risk. This week I am joined by James H. Gellert, the Chairman and Chief Executive Officer (CEO) of Rapid Ratings International Inc. (RapidRatings), the sponsor of this special series. Our conversation is around helping companies manage their third-party supply chains through assessing financial health. The RapidRatings approach is incredibly innovative, with a series of products and services that should be considered by the compliance practitioner. In Episode 1, we begin with a discussion of why managing your supply chain risk is so critical in today’s business environment.

Supply chain risk management as a discipline that has been evolving significantly but still has a long way to go. Gellert began by noting that supply chain risk really means all third-party risk. These risks are getting more diverse from a geographic perspective as well as from a technology perspective. It can come from more aggressive mergers and acquisitions (M&A) activity, organic company expansion or an organization simply getting more creative with outsourcing and working with different kinds of companies for different solution sets. It also means that this group of third parties have the ability to impact businesses, both positively and negatively.

Too many suppliers can certainly be inefficient. This means that many companies are trying to trim down the numbers of third-parties with which they are working. This could be through  adjusting time or implementing lean types of philosophies around supply chain. This makes  each third-party partner more important and criticality is something that can be measured in lots of different ways. Gellert said it raised such questions as: “How much money you spend on a company? How much access will your third parties have access to company information? How much access will they have to your IT systems? All of these things have led to the evolution of a much more complex supply chain that people have to manage and they contain more risks.”

I asked Gellert how managing the risk and supply chain is different than managing on the sales side? He began by noting that there is “definitely overlap when looking at third parties.” Yet the more sophisticated method is a “360 degree” approach which means to look all aspects of the relationship. In the anti-corruption world, the focus has typically been on the sales side. But it can also “mean suppliers all the way through to customers and intercompany affiliates and so forth.” Another approach from the compliance perspective has been upon knowing your customer (KYC). Gellert stated, “Customer risk is inherently more transactional than supply chain risk, in part because of who’s buying and who’s selling. When you are selling to someone, you are evaluating their ability to pay you. In this situation an organization needs to make sure that the company is one you want to do business with, that’s going to be able to pay you on time and in the terms that determined are economical for you”

However, “when you are looking at suppliers, you’re buying from them, whether it’s a supplier of a product or a vendor of a service. You may have a five-year product cycle, a 10-year product cycle. If the suppliers your company is embedding into that portion of your business are not strong for the long-term or are not resilient, then you have problems that you are baking into the ecosystem of companies with which you are working.” Gellert concluded, “I think probably the biggest difference in customer evaluation and supply chain evaluations, you need to be able to understand the risks of those companies over the long haul as well as the short-term risks. So, you can avoid the short-term problems that could arise from a weak supplier.” It also means that you are “baking in the most resilient and strong long-term partners to work with, as you possibly can, into your organization.”

One of the frustrations for compliance professionals is that they do not know how far down the third party or supply chain they should go to either evaluate or manage the risk. They may understand who to go to for a direct counter-party, their immediate counter party, their first party supplier or their first party sales agent, they may certainly understand managing that risk. I asked Gellert how about much farther down the chain a compliance practitioner should begin to look at that issue? He said it can be quite complicated but that is where a technological solution can help.

He began by stating, “it’s not just first tier, second tier, third tier supplier in your supply chain may affect you.” One of the reasons it is so difficult for the compliance professional is there are so many areas you must consider. Gellert said these can include, “fraud detection, anti-money laundering, anti-corruption considerations and making sure that no one appears in a sanctions list. All of these things get more difficult exponentially as you go deeper into a supply chain and the people on supply chain risks sides who have been looking at delivery risk and logistics and other operational aspects including finance and newer elements like cybersecurity It gets really hard when you’ve got to go to your supplier’s supplier.”

The bottom line is that there is not a really good answer for this except that collaboration between a company and its first-tier supplier is really essential to understand what the second and third tier supplier risks will be. Unfortunately, “many times organizations do not even know who their second tier supplier is for particular good or product or service because the tier one supplier has been delivering fine and there has been no need to find out how or where that tier one is getting the parts that they are bringing in.” Gellert conclude by noting, this “is changing but needs to change more. It really does start with collaboration and an understanding between the company and its tier one suppliers that understanding the risk deeper than that is going to be important and beneficial to everybody involved in that chain.”

Please join us tomorrow when we consider the issue of criticality in supply chain risk management.

This podcast series is sponsored by Rapid Ratings International, Inc. For more information, check out their website at www.rapidratings.com.