In today’s edition of Daily Compliance News:
Welcome to a blog post series on Exiger’s fight to secure supply chains, sponsored by Exiger LLC. In this series, we explore the ongoing efforts of Exiger to lead the discussion and enhancement of Supply Chain Risk Management. In Episode 4, I visit with Jennifer Nestor, Vice President, Americas and Public Sector, and Theresa Campobasso, Senior Director for Defense Programs. We discuss supply chain issues in the defense industry.
We began with the role of the supply chain in the Defense Industrial Base (DIB). Nestor said, “the DIB is different from other sectors for several reasons, but two stand out. The first will be the unique relationship this sector has with national security missions. The DIB’s role includes defense research and development, production, delivery, and maintenance of military weapons systems, sensors, and other critical technology. This direct impact on US National Security means that the resilience and stability of the DIB and its supply chain are critical to ensuring US economic security and military technological superiority. Moreover, unlike other sectors, the US Defense Community’s ability to protect our nation rests greatly on the DIBs’ risk management efforts to fortify their supply chain, software, and hardware products. The second differentiator is the high rates of foreign adversary targeting that DIB companies experience as opposed to typical commercial organizations. This means that foreign intelligence actors like nation-states, organizations, or individuals employ aggressive actions like foreign investment, M&A activity, espionage, and supply chain and cyber operations to access the US critical infrastructure to steal sensitive information and disrupt our supply chains.”
We then turned to what is new for the supply chain in this area. The heightened pressure on supply chain security, specifically the higher regulatory standards related to supply chain due diligence, the increasing complexity of global supply chains, and, most importantly, the growing availability of data to support SCRM deep into the sub-tier supply chain. Nestor believes that the only way the DIB can ensure they support the Department of Defense’s (DOD) acquisition strategy is by investing in AI technology to map their supply chains and relationships throughout their programs. You can review both direct and indirect exposure to goods and materials from foreign adversaries and nation-state actors by performing supply chain illuminations. This allows you to map the sub-tier supply chain and provides insights regarding risks like counterfeit parts, IP compromise, and critical technology theft.
Campobasso noted an increase in executive orders and regulations over the last several years to address much-needed supply chain security reforms. Interestingly, many of these proposed higher standards put the responsibility on the DIB to prove and demonstrate this level of supply chain transparency and risk management. She cited the example of the “Uyghur Forced Labor Prevention Act, which requires vendors doing business with the government to establish evidence that goods are not the product of forced labor. Another example is the Feb 2022 DOD action plan to secure Defense-Critical Supply Chains.”
The DIB has responded to both these initiatives and challenges. Many large DIBs have moved to acquire an enterprise solution that gives them transparency and actionable intelligence beyond the first tier. Nestor said, “we are seeing the increased emphasis on risk management, and the DIBs are bringing large groups of often 20+ stakeholders to evaluate SCRM capabilities.” Moreover, this “cross-functional collaboration challenges both pre-sale and post-sale to gain consensus and determine how to manage the data and continuous monitoring, mitigate the risks and truly operationalize this increased capability.” Interestingly, the “DIB is also figuring out how to share the SCRM information with their sub-tier suppliers to drive accountability and how best to influence at that level.”
We conclude by considering how the DIB responds to this heightened level of risk insights. A truly effective SCRM solution is more comprehensive than just sanctions or watchlist checks. Campobasso noted that Exiger has a long history of assisting the Defense community to uncover hidden risks, helping to manage those risks, and making supply chains more transparent and secure, mainly through technological innovation and solutions. Specifically, the TRADES framework enables DIBs to measure SCRM program progress over time to ensure appropriate Return on Investment (ROI). Nestor concluded that there is still some organizational change resistance to these innovations. However, she believes that the key is to involve as many key stakeholders across the business and bring consensus to your project.
Join us tomorrow, where we will spotlight the energy sector.
Resources
Jennifer Nestor Profile
Theresa Campobasso Profile
Exiger Website
Exiger’s Supply Chain Explorer
You probably know what a knuckle sandwich is, but what’s a suck it a sandwich? Listen and learn since there is a story behind the title, as usual.
Whether you believe it or not, much of your life is spent in fear, worry, being scared, etc… that shows up when you are triggered and move into a fight, flight, or freeze mode. Don’t believe me, but when you are angry, anxious, or avoiding… those are all rooted in fear.
What you want is usually on the other side of fear.
In this #jammingwithjason #podcast, I share some of my fears and how I was able to push through. I rode a bull, got a straight-edge razor shave from a barber, and scuba diving even when I feared drowning.
We either push through fear, or we sit on the sidelines, waiting, waiting, waiting… afraid while life passes us by.
And when you push through, you release the fear and can move on with your life. Going through can also lead to some of the most exhilarating and surreal moments of our life.
What scares you that you can push through this week?
FOR FULL SHOW NOTES AND LINKS, VISIT:
LIKED THE PODCAST?
If you’re the kind of person, who likes to help others, share this with your friends and family. If you found value, the will too. Please leave a review [https://itunes.apple.com/us/podcast/jamming-with-jason-mefford/id1456660699] on Apple Podcasts to reach more people.
OTHER RESOURCES YOU MAY ENJOY:
My YouTube channel [https://www.youtube.com/c/jasonleemefford] and make sure to subscribe
My Facebook page [https://www.facebook.com/jammingwithjasonmefford]
My LinkedIn page [https://www.linkedin.com/in/jasonmefford/]
My website [https://jasonmefford.com]
STAY UP TO DATE WITH NEW CONTENT:
It can be difficult to find information on social media and the internet, but you get treated like a VIP and have one convenient list of new content delivered to your inbox each week when you subscribe to Jason’s VIP Lounge at: https://jasonmefford.com/vip/ plus that way,, you can communicate with me through email.
Welcome to a podcast series on the fight to secure Supply Chains through cross-industry innovation. Exiger sponsors this series. In this series, we will explore the ongoing efforts of Exiger to lead the discussion and enhancement of Supply Chain Risk Management.
Over this series, I visit with Erika Peters, Senior Vice President and Global Head of Third Party & Supply Chain Risk Management; Tim Stone, Senior Director, Supply Chain Risk Management for Exiger Federal Solutions; Kim Lee, Director who focuses on risk and compliance; Nick Wildgoose, a Consultant at Exiger; Skyler Chi, Director and Deputy Head of Supply Chain and Third-Party Risk Management; Andrew Lehmann, Associate Director at Exiger; Jennifer Nestor, Vice President at Exiger, Americas and Public Sector; Theresa Campobasso, Senior Director for Defense Programs; Dan Banes President of Commercial Technology, and Mark Henderson, Director of Solution Design Lead.
In this episode 3, we discuss Supply Chain issues in the Information Technology & Telecommunications industry with Skyler Chi and Andrew Lehmann. Highlights of this podcast include:
· Unique vulnerabilities in this sector;
· Potential operational disruptions from one geo-region or single source in IT; and
· Hardware and software requirements in Supply Chain Risk Management.
Resources
Skyler Chi Profile
Andrew Lehmann Profile
Exiger Website
Exiger’s Supply Chain Explorer
Welcome to The Hill Country Podcast. The Texas Hill Country is one of the most beautiful places on earth. In this podcast, Hill Country resident Tom Fox visits the people and organizations that make this the most unique areas of Texas. Join Tom as he explores the people, places, and activities of the Texas Hill Country. In this episode, I visit award-winning author Loren Steffy about his first work of fiction, The Big Empty. Some of the highlights include:
· What led to Steffy writing a work of fiction?
· Character development in the book.
· Financial, power, water, and economic themes in the book.
· How did Steffy draw out the 2 co-stars of the book?
· How did Enron get into the book?
· What’s next for Steffy?
Resources
Loren Steffy Blog
Loren Steffy Website
The Big Empty
Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to more fully explore a subject. This week, Matt and Tom take a deep dive into the recent speech by Kenneth Polite, the Assistant Attorney General for the Criminal Division. Every compliance professional needs to read his remarks in-depth as they give significant insight into what the DOJ expects in compliance programs and CCOs involved in enforcement actions. Highlights include:
Resources
Matt in Radical Compliance
In today’s edition of Daily Compliance News:
Welcome to a blog post series on Exiger’s fight to secure supply chains, sponsored by Exiger LLC. In this series, we will explore the ongoing efforts of Exiger to lead the discussion and enhancement of Supply Chain Risk Management. In Episode 3, I visit with Skyler Chi, Director and Deputy Head of Supply Chain and Third-Party Risk Management, and Andrew Lehmann, Associate Director, and discuss supply chain issues in the Information Technology & Telecommunications sectors.
We began with an overview of risks affecting the Information and Communications Technology (ICT) industry. This includes hardware and software manufacturers and service providers. Because of this dual nature, there are dual challenges for companies operating in the ICT space. Chi noted this is “largely due to their business involving so much storage of sensitive customer data and facilitating the transmission of that data worldwide. It also includes attack factors on the infrastructure they are setting up and supporting. This means that the industry has to contend with multiple types of third-party and supply chain risks.
Supply chain disruption in this industry is a critical risk factor. Lehmann noted a couple of ways to help prevent such attacks, stating a “starting point is getting a handle on whether or not you have an overreliance in your supply chain concentrated in one geographic area or perhaps one country in particular. And not just that, but you might have an overreliance on a single supplier, just one company, one manufacturing facility in one country that is specialized in producing equipment to your specifications.” So, you should look at “who are all of your direct suppliers, and then go a few levels deeper and learn more about their entire supply chain and find out how much of that is based in one country.” He pointed to printed circuit boards, where “90% of the manufacturing facilities are in Asia, primarily east Asia. More than half of those factories are in China, which gives you a lot of risks just in terms of that geographic concentration.”
In addition to the direct risk modeling, you should also consider geopolitical risk. Here think of Taiwan, one of the staunchest US allies in the world. However, it is under increasing pressure from China. The Russian invasion of Ukraine has awakened many peoples’ eyes to the risk of the overreliance on supply chain manufacturers from Taiwan. Can you diversify your supplier base in light of this information? It may well behoove you to do so sooner rather than later.
Chi noted this is “a seismic shift in how our clients think about globalization globally. Previously a company would order a server rack, not caring where the parts came from. Today we are now asking the questions and establishing frameworks for us to realize that we may need to diversify ourselves away from Taiwan’s semiconductor industry, for example, where 53% of global chips are manufactured.” That “mental shift in asking the right questions and training which we work with to ask those questions is creating real-world impacts.”
We then turned to the question of to whom should this message be directed? Chi said this was an interesting question, as it got down to “management philosophy at core.” Historically the answer would be “supply chains deal with purchasing, and purchasing is done by procurement. This meant that procurement would be the risk stewards and the risk owners that have the responsibility to look into the issues.” However, that type of thinking has greatly evolved and indeed, “overwhelmingly what we’ve seen over the last two years is that various stakeholders from across the business have really formed working groups and can consistently communicate with each other.”
All of this has helped to do away with siloes. Now “procurement is working with the IT security professionals to perform vendor reviews of software bills of material for the hardware vendors that any given firm may be purchasing.” There has also been an evolution of the Board’s thinking about the supply chain and procurement. Chi related that it had been a “collective group effort across some of the world’s largest enterprises working together. It can include the background subject matter expertise of IT, security of procurement, or even diversity and inclusivity with vendors that you might be purchasing from, which is typically seen as outside of risk management function.” It is bringing “all stakeholders in the business, putting their budgets on the line to make those decisions.”
We conclude with the role of the Board of Directors. Boards must start asking questions about their organization’s supply chain risk and risk management strategy. Chi believes a key role for a Board is to “set the tone at the top of any given organization, align the shareholders’ values and provide the strategic vision of any given enterprise.” But he cautioned that most boards’ “lack of risk detection” around the supply chain could be a limiting factor. He emphasizes that Boards should “prioritize the governance framework of the firms that they oversee to the real-world risks of what that means to their organizations.”
Join us tomorrow, where we will put the spotlight on the Defense Industrial Base.
Resources
Skyler Chi Profile
Andrew Lehmann Profile
Exiger Website
Exiger’s Supply Chain Explorer
The Compliance Life details the journey to and in the role of a Chief Compliance Officer. How does one come to sit in the CCO chair? What are some of the skills a CCO needs to success navigate the compliance waters in any company? What are some of the top challenges CCOs have faced and how did they meet them? These questions and many others will be explored in this new podcast series. Over four episodes each month on The Compliance Life, I visit with one current or former CCO to explore their journey to the CCO chair. This month, my guest is Mark Beyer, the Ethics and Compliance Officer at Pedernales Electric Cooperative.
In this concluding episode, Beyer discusses his move to Pedernales Electric Cooperative, the largest electric distribution cooperative in the US. He moved to the role in no small part because of his love for the Texas Hill Country (much like the host Tom Fox-see The Hill Country Podcast). In addition to moving into the CCO chair, Beyer found the risks in such a non-profit electric cooperative very different than a publicly traded for profit enterprise. Beyer has also continued to expand his Compliance Toolkit while sitting in the CCO chair.
Tool No. 11 was the lesson that the CCO could not, should not and did not do everything in the compliance arena. The ‘who’ of doing it is quite important. The company’s customers are a rural base in the Hill Country of Texas and relationships are very important.
Tool No. 12 was expanding his compliance remit to include privacy. Simply because you are a US centric business, does not mean privacy rights do not exist. While they may not rise to the level of GDPR, they exist even in Texas.
Resources
Mark Beyer LinkedIn Profile
Pedernales Electric Cooperative
Welcome to a podcast series on the fight to secure Supply Chains through cross-industry innovation. Exiger sponsors this series. In this series, we will explore the ongoing efforts of Exiger to lead the discussion and enhancement of Supply Chain Risk Management.
Over this series, I visit with Erika Peters, Senior Vice President and Global Head of Third Party & Supply Chain Risk Management; Tim Stone, Senior Director, Supply Chain Risk Management for Exiger Federal Solutions; Kim Lee, Director who focuses on risk and compliance; Nick Wildgoose, a Consultant at Exiger; Skyler Chi, Director and Deputy Head of Supply Chain and Third-Party Risk Management; Andrew Lehmann, Associate Director at Exiger; Jennifer Nestor, Vice President at Exiger, Americas and Public Sector; Theresa Campobasso, Senior Director for Defense Programs; Dan Banes President of Commercial Technology, and Mark Henderson, Director of Solution Design Lead.
In this episode 2, we discuss Supply Chain issues in manufacturing and consumer markets with Kim Lee and Nick Wildgoose. Highlights of this podcast include:
Resources
Kim Lee Profile
Nick Wildgoose Profile
Exiger Website
Exiger’s Supply Chain Explorer
