Welcome to a podcast series on the fight to secure Supply Chains through cross-industry innovation. Exiger sponsors this series. In this series, we will explore the ongoing efforts of Exiger to lead the discussion and enhancement of Supply Chain Risk Management.
Over this series, I visit with Erika Peters, Senior Vice President and Global Head of Third Party & Supply Chain Risk Management; Tim Stone, Senior Director, Supply Chain Risk Management for Exiger Federal Solutions; Kim Lee, Director who focuses on risk and compliance; Nick Wildgoose, a Consultant at Exiger; Skyler Chi, Director and Deputy Head of Supply Chain and Third-Party Risk Management; Andrew Lehmann, Associate Director at Exiger; Jennifer Nestor, Vice President at Exiger, Americas and Public Sector; Theresa Campobasso, Senior Director for Defense Programs; Dan Banes President of Commercial Technology, and Mark Henderson, Director of Solution Design Lead.
In this episode 3, we discuss Supply Chain issues in the Information Technology & Telecommunications industry with Skyler Chi and Andrew Lehmann. Highlights of this podcast include:
· Unique vulnerabilities in this sector;
· Potential operational disruptions from one geo-region or single source in IT; and
· Hardware and software requirements in Supply Chain Risk Management.
Resources
Skyler Chi Profile
Andrew Lehmann Profile
Exiger Website
Exiger’s Supply Chain Explorer
Tag: Exiger
Welcome to a blog post series on Exiger’s fight to secure supply chains, sponsored by Exiger LLC. In this series, we will explore the ongoing efforts of Exiger to lead the discussion and enhancement of Supply Chain Risk Management. In Episode 3, I visit with Skyler Chi, Director and Deputy Head of Supply Chain and Third-Party Risk Management, and Andrew Lehmann, Associate Director, and discuss supply chain issues in the Information Technology & Telecommunications sectors.
We began with an overview of risks affecting the Information and Communications Technology (ICT) industry. This includes hardware and software manufacturers and service providers. Because of this dual nature, there are dual challenges for companies operating in the ICT space. Chi noted this is “largely due to their business involving so much storage of sensitive customer data and facilitating the transmission of that data worldwide. It also includes attack factors on the infrastructure they are setting up and supporting. This means that the industry has to contend with multiple types of third-party and supply chain risks.
Supply chain disruption in this industry is a critical risk factor. Lehmann noted a couple of ways to help prevent such attacks, stating a “starting point is getting a handle on whether or not you have an overreliance in your supply chain concentrated in one geographic area or perhaps one country in particular. And not just that, but you might have an overreliance on a single supplier, just one company, one manufacturing facility in one country that is specialized in producing equipment to your specifications.” So, you should look at “who are all of your direct suppliers, and then go a few levels deeper and learn more about their entire supply chain and find out how much of that is based in one country.” He pointed to printed circuit boards, where “90% of the manufacturing facilities are in Asia, primarily east Asia. More than half of those factories are in China, which gives you a lot of risks just in terms of that geographic concentration.”
In addition to the direct risk modeling, you should also consider geopolitical risk. Here think of Taiwan, one of the staunchest US allies in the world. However, it is under increasing pressure from China. The Russian invasion of Ukraine has awakened many peoples’ eyes to the risk of the overreliance on supply chain manufacturers from Taiwan. Can you diversify your supplier base in light of this information? It may well behoove you to do so sooner rather than later.
Chi noted this is “a seismic shift in how our clients think about globalization globally. Previously a company would order a server rack, not caring where the parts came from. Today we are now asking the questions and establishing frameworks for us to realize that we may need to diversify ourselves away from Taiwan’s semiconductor industry, for example, where 53% of global chips are manufactured.” That “mental shift in asking the right questions and training which we work with to ask those questions is creating real-world impacts.”
We then turned to the question of to whom should this message be directed? Chi said this was an interesting question, as it got down to “management philosophy at core.” Historically the answer would be “supply chains deal with purchasing, and purchasing is done by procurement. This meant that procurement would be the risk stewards and the risk owners that have the responsibility to look into the issues.” However, that type of thinking has greatly evolved and indeed, “overwhelmingly what we’ve seen over the last two years is that various stakeholders from across the business have really formed working groups and can consistently communicate with each other.”
All of this has helped to do away with siloes. Now “procurement is working with the IT security professionals to perform vendor reviews of software bills of material for the hardware vendors that any given firm may be purchasing.” There has also been an evolution of the Board’s thinking about the supply chain and procurement. Chi related that it had been a “collective group effort across some of the world’s largest enterprises working together. It can include the background subject matter expertise of IT, security of procurement, or even diversity and inclusivity with vendors that you might be purchasing from, which is typically seen as outside of risk management function.” It is bringing “all stakeholders in the business, putting their budgets on the line to make those decisions.”
We conclude with the role of the Board of Directors. Boards must start asking questions about their organization’s supply chain risk and risk management strategy. Chi believes a key role for a Board is to “set the tone at the top of any given organization, align the shareholders’ values and provide the strategic vision of any given enterprise.” But he cautioned that most boards’ “lack of risk detection” around the supply chain could be a limiting factor. He emphasizes that Boards should “prioritize the governance framework of the firms that they oversee to the real-world risks of what that means to their organizations.”
Join us tomorrow, where we will put the spotlight on the Defense Industrial Base.
Resources
Skyler Chi Profile
Andrew Lehmann Profile
Exiger Website
Exiger’s Supply Chain Explorer
Welcome to a podcast series on the fight to secure Supply Chains through cross-industry innovation. Exiger sponsors this series. In this series, we will explore the ongoing efforts of Exiger to lead the discussion and enhancement of Supply Chain Risk Management.
Over this series, I visit with Erika Peters, Senior Vice President and Global Head of Third Party & Supply Chain Risk Management; Tim Stone, Senior Director, Supply Chain Risk Management for Exiger Federal Solutions; Kim Lee, Director who focuses on risk and compliance; Nick Wildgoose, a Consultant at Exiger; Skyler Chi, Director and Deputy Head of Supply Chain and Third-Party Risk Management; Andrew Lehmann, Associate Director at Exiger; Jennifer Nestor, Vice President at Exiger, Americas and Public Sector; Theresa Campobasso, Senior Director for Defense Programs; Dan Banes President of Commercial Technology, and Mark Henderson, Director of Solution Design Lead.
In this episode 2, we discuss Supply Chain issues in manufacturing and consumer markets with Kim Lee and Nick Wildgoose. Highlights of this podcast include:
- Key challenges in Supply Chain Risk Management in the manufacturing and consumer sectors;
- How manufacturing and consumer sectors can improve their approach to managing Supply Chain risk; and
- The evolving supply risk areas in the manufacturing and consumer industry sectors.
Resources
Kim Lee Profile
Nick Wildgoose Profile
Exiger Website
Exiger’s Supply Chain Explorer
Welcome to a blog post series on Exiger’s fight to secure supply chains, sponsored by Exiger LLC. In this series, we will explore the ongoing efforts of Exiger to lead the discussion and enhancement of Supply Chain Risk Management. In Episode 2, I visit with Kim Lee, Associate Managing Director who focuses on risk and compliance, and Nick Wildgoose, a Consultant at Exiger. We discuss supply chain issues in the manufacturing and consumer markets.
We began with some of the key challenges in this sector. First, the manufacturing sector is incredibly diverse. It can be from electronics, automotive, clothing, and food, which are all vastly different, but a common denominator is the need to be cost-efficient. This makes cost-efficiency relevant to all in the supply chain. Over the past few years, Lee noted that she has seen supply chains in manufacturing and consumer sectors challenged “like never before with well-accepted practices put to the test.”
Moreover, from the macroeconomic perspective, COVID restrictions have disrupted every part of our supply chain, including air, ocean, and land freight, resulting in shortages.
Further, there have been factory shutdowns and labor shortages, which have impacted supply chains. The second type of macroeconomic factor is geopolitical. “The Russian invasion of Ukraine Russia is front and center of everyone’s mind, but there are also the China-US trade wars. In Australia, there are growing tensions between Australia and China, which has resulted in shortages in the supply chain to different degrees. These have been striking at the heart of the entrenched supply chain policy of centralizing distribution.”
Wildgoose noted that while most supply chains had responded to these issues, additional costs have been associated with the results. One of the biggest challenges is the cost of more thorough due diligence in looking at supply chain partners below tier one. This means understanding the multi-tier nature of your supply chain is critical. Before COVID-19, the only criteria was generally cost. But was, Wildgoose noted, “Suddenly COVID comes along, and you can’t operate your manufacturing lines, your consumer, sector stores without PPE, and suddenly it’s become strategic. It would be best if you also reassessed your risk management aspects. I think the other thing that companies have realized is that they need technology and data to look at this better, bring together the silos across the organization, and link up their approaches.”
Lee added that it is “a perfect time now for organizations to revisit their supply chain, risk management framework and ensure that it is fit for purpose, well communicated and understood.” This will help organizations in the current geopolitical environment manage the increasing expectations from consumers and regulatory expectations that continue to be challenging factors for manufacturing and the consumer sector. She added, “does your organization understand how far down the supply chain they have evaluated risks?”
Moreover, your organization should have a clear framework that sets out what you want to achieve. This should incorporate your risk appetite and tolerances, particularly in countries with a high perception of corruption. Other key risk areas include modern slavery and resilience, and operational efficiency. Having such a framework is important to ensure that everyone in your organization understands where the company stands and how to approach a supply chain risk management program consistently and coherently. Lee raised another issue which is around technology. The effective use of technology is fundamental to the success of your supply chain risk management program. With thousands of suppliers, you need to understand your risk profile.
We concluded by looking down the road at where supply chain risk management for manufacturers might be headed. The risks in this area are expanding. It could be cyber-attacks directed at your organization through a supply chain or ransomware claims which could bring your organization to a grinding halt by depriving your organization of key raw materials. Another key area is around climate change reporting risk, aka climate risk, from a supply chain point of view in the consumer and manufacturing sectors. Wildgoose said, “somewhere between 80 to 90%, quite often, of an organization’s carbon footprint is in its supply chain. Unless you understand your multi-tier exposure, how are the CEOs standing up to say, they’re going to achieve a net-zero?” Additionally, the financial community is looking at more disclosures around the impact of climate risk on companies. Indeed, the investment community, such BlackRock, Inc., have said that “sustainability is a competitive material issue that needs to be addressed as well.”
Join us tomorrow as we spotlight supply chain issues in IT and telecommunications.
Resources
Kim Lee Profile
Nick Wildgoose Profile
Exiger Website
Exiger’s Supply Chain Explorer
Welcome to a podcast series on the fight to secure Supply Chains, through cross-industry innovation. This series is sponsored by Exiger. In this series, we will explore the ongoing efforts of Exiger to lead the discussion and enhancement of Supply Chain Risk Management.
Over this series, I visit with Erika Peters, Senior Vice President and Global Head of Third Party & Supply Chain Risk Management; Tim Stone, Senior Director, Supply Chain Risk Management for Exiger Federal Solutions; Kim Lee, Director who focuses on risk and compliance; Nick Wildgoose, a Consultant at Exiger; Skyler Chi, Director and Deputy Head of Supply Chain and Third-Party Risk Management; Andrew Lehmann, Associate Director at Exiger; Jennifer Nestor, Vice President at Exiger, Americas and Public Sector; Theresa Campobasso, Senior Director for Defense Programs; Dan Banes President of Commercial Technology, and Mark Henderson, Director of Solution Design Lead.
In this episode 1, we discuss Supply Chain issues in the healthcare industry with Erika Peters and Tim Stone. Highlights of this podcast include:
- Key challenges for Supply Chain Risk Management in healthcare;
- Lessons learned from Covid-19 on Supply Chain in healthcare; and
- The evolving areas for Supply Chain Risk Management in healthcare.
Resources
Erika Peters Profile
Tim Stone Profile
Exiger Website
Exiger’s Supply Chain Explorer
Welcome to a blog post series on Exiger’s fight to secure supply chains, sponsored by Exiger LLC. In this series, we will explore the ongoing efforts of Exiger to lead the discussion and enhancement of Supply Chain Risk Management. In Episode 1, I visit with Erika Peters, a Senior Vice President (SVP) with close to two decades of experience working across the financial, corporate, and government industry, and focus on the firm’s supply chain and third-party risk management practices, and Tim Stone, Senior Director, Supply Chain Risk Management, for Exiger Federal Solutions. We discuss supply chain issues in the healthcare industry, including hospitals, life sciences, pharmaceuticals, medical devices, and medical services.
We began with critical supply chain risk management challenges in the healthcare industry. Peters said the “way I think about the healthcare sector and how it differentiates from the other sectors is that the ultimate risk is trying to mitigate fatalities. This means thinking about the third parties that healthcare companies must work with and then their supply chain makes it one of the most extremely critical industries to be thinking about. In the current post-pandemic era, it is one of the timeliest topics. Equally important is that if you must switch out a key vendor, the entire process can take between 12-18 months, putting your organization in a bind. This means you need to put a rigorous process in place and then follow that process.”
Stone noted key lessons learned on healthcare industry supply chain issues from the pandemic. He stated that the federal government created a Joint Acquisition Task Force in the Department of Defense (DoD) during the pandemic. This was an interagency push to source products across various pandemic-related areas like therapies, vaccines, ingredients, testing, materials and equipment, personal equipment, and even items such as no-touch thermometers. The task force illuminated dozens of product areas across those different sectors, then used market intelligence tools to identify companies in each industry. Further, they used modeling to estimate production capacity and entered information into the Exiger software product DDIQ to risk-rank based upon these and other inputs.
This led to the finding of supply chain fragility. This is because many components in the healthcare supply chain come from state-owned enterprises, and many of these are from China. Even when the team began to focus on migrating to India, it turned out that many underlying components came from China. Another problem discovered was the concentration of raw goods and manufacturers. Stone noted, “we saw otherwise obscure examples of concentration risks arise during COVID that you had never thought about before. In Malaysia, for example, we realized it was a top producer of nitro gloves that owns about 65% of the market. This led to COVID-driven disruptions, which impacted our ability to get nitro gloves. This was the way the world turned and focused on supply chains and where goods are ultimately sourced.” Just-in-time supply chains saw similar if not more disruptions as well.
We then turned to how the healthcare industry supply chain can improve its approach to managing risk. Here Peters noted there were two key areas. The first is programmatic, and the second involves a technological solution. Companies need to create a genuinely risk-based program, for instance, looking at entities that will cause an operating room to shut down or prohibit a company from getting materials required for medicines. These critical entities need to have the most in-depth due diligence; taking that strategic risk appetite and having it trickled down to the tactical level is an important way of making sure that the people at the bottom who are doing the actual work that they are hitting the right risk lens that the company wants to take.
The other piece is to have technology in place to facilitate this and that “we need to improve on that technology.” She noted, “we get to this higher level of more of a predictive posture, which is the golden standard where we need to be. We need to have these teams looking at their risk and bringing it into one view of this entity, especially these critical ones.” It looks at a wide variety of risks, from legal/regulatory to geopolitical to operational. It is doing so quickly and efficiently so the front-line supply chain professionals can make decisions for their organizations’ long-term care and health.
Stone concluded that down the road, supply chain professionals in the healthcare sector “can improve the bottom line, through greater fluidity, greater understanding of their supply chains, greater ability to on the fly to gauge the credibility of vendors, and have that due diligence information at their fingertips through technology.” It will also help avoid a lot of fraud, waste, and abuse and create a more well-oiled machine from a supply chain perspective.
Join us tomorrow when we spotlight the manufacturing and consumer markets.
Resources
Erika Peters Profile
Tim Stone Profile
Exiger Website
Exiger’s Supply Chain Explorer
In this episode of the FCPA Compliance Report, I am joined by Exiger Board Chair Michael Beber. He returns to the podcast to talk about the current state of Special Purpose Acquisition Corporations (SPACs).Highlights in include:
· SPACs in 2021 by the numbers.
· Uses and misuses of SPACs.
· Money being invested in SPACs.
· Why SPACs can still be such a powerful tool.
· What will be the SPAC market like going forward?
Resources
Elizabeth Holmes was found guilty this week on 4 of 11 charges against her. The jury was unable to reach agreement on the remaining seven charges against her. Multiple media outlets have reported on the verdict. They include the Verdict itself in the Wall Street Journal (WSJ); what the verdict means for Silicon Valley, in the New York Times (NYT); questions on the victims of the Theranos fraud in Bloomberg and, of course, the lingering questions or how or even will Holmes serve any time, as reported in Fortune. Others have questioned whether the guilty verdict is an indictment of the entire Silicon Valley “fake it ‘til you make it” culture, as reported in The Verge.
I had two recent podcasts on the trial, Holmes and Theranos. The first, with white collar defense lawyer Kevin O’Brien, looked at the trial itself, the prosecution and defense cases as well as whether Holmes testimony hurt or helped her defense. The second, with Exiger President Brandon Daniels, considered the types of due diligence which you should engage in when considering a major investment. Both episodes were well received, pointing to the ongoing fascination with this major fraudster and how to parse out some lessons learned for the compliance professional.
From the testimony it was clear that Holmes knew exactly what she was doing all along. As reported by The Verge, “When it came to the investors, prosecutors had Holmes dead to rights. Unlike with the patients, she was in the room. There were emails and recordings. Holmes’ ties were clearer, and what she knew was clearer, too. The easiest part of this case to prove was about money, and that was where the prosecution spent the bulk of its time. Did Holmes lie to investors? The jury thought so on three counts”. In other words, the Theranos blood testing scam never did work.
But what are the lessons for the compliance professional? Daniels made clear in his podcast there were several lessons not only for companies looking to invest but in multiple business relationships such as potential joint venture partners, funded development partners and other types of business partnerships and ventures. He pointed out one thing to look at is your potential partner’s supply chain purchases; check it and challenge it. With Theranos, if someone saw the supply chain relationships with traditional blood testing equipment, it would lead him/her to ask, “Why is that occurring?” So why would Theranos be purchasing a competitor’s equipment?
If the answer came back the equipment is for testing and development comparison, why were those purchases at scale? Why did Theranos need so much of its competitor’s testing equipment. We now know it was because Theranos was testing blood samples on the Siemens blood testing equipment and claiming it was done on Theranos equipment. If it was for comparison purposes, you would not have expected Siemens’s equipment to have been purchased in such large numbers.
Another area for due diligence is whether the potential partner has the production capacity to build the units that they intend to achieve. This is critical when you are moving from protype to a commercial enterprise, as Theranos did with Walgreens. Of course, Walgreens not only failed to do the basic due diligence required on the Theranos blood testing machine but actually removed experts from its pre-acquisition due diligence team who raised such questions.
Another difficult area in investment due diligence is how to evaluate the founder(s) of a startup as potential post-acquisition or post-merger leadership candidates. Many startups have a leader who has a vision. Holmes did have a vision. I am firmly convinced that Holmes had a vision of a bloodless draw for testing. But often visionaries are not really execution people. They may not even be operational people, but they are visionaries.
Daniels noted, “maverick leaders, who have a unique vision, a unique idea, and then tap into a fundamental, almost primal need in a market are always going to get a lot of attention. Especially ones that are cult to personality which Elizabeth Holmes rightly has in place.” But even here, you need to ask some direct questions. Does the company really have the expertise at the very top to understand that what they are attempting to do is possible? Moreover, do they have the capacity, the expertise, the fundamental understanding of the component of the device, or the innovation that would be necessary to know if full scale production is even possible
A key step in the production process is a prototype. Is there a minimum viable product (MVP) that can be built and tested? This would help inform if key management personnel have “a fundamental understanding of how the core parts of the process work? Do they have an understanding how they lived the market need? Finally, have they prototyped the product to the point where you could actually demonstrate that it will work, even if you’re eons away from it being productized and scaling?” From there you should move on the to having a “seasoned medical professional, a seasoned medical device expert either in-house or as a company partner and the right management team to assess whether or not what they were doing is viable is so important.”
Theranos also serves as an excellent example of the mandates from the Department of Justice (DOJ) in Mergers and Acquisitions (M&A) in a best practices compliance program. You must start with pre-acquisition due diligence but that is only the starting point. The data you glean in pre-acquisition due diligence should serve as your baseline for ongoing monitoring of any company you acquire in the post-acquisition phase. It is this coupling of pre-acquisition due diligence with the post-acquisition phase in a best practices compliance program which is another key lesson from Theranos.
In investment due diligence, due diligence tends to be a point-in-time which looks at the dynamics of the business, but you need to couple due diligence on an ongoing basis because the risks you assess today may well change tomorrow. Daniels noted, “you have to continuously monitor the issues to make sure that your investments decisions in terms of production, your decisions in terms of your capabilities are sound and there is continuous monitoring.”
The Holmes verdict will be studied as a part of the overall story of Theranos. There are many lessons to be learned from Theranos for the compliance professional. But perhaps we should start with one of the most basic forms of due diligence. If it sounds too good to be true, it probably isn’t true. Or if you want to channel your inner Ronnie Reagan, “Trust but verify” even in due diligence.
In this episode of the FCPA Compliance Report, I visit with Brandon Daniels, President of Exiger. Brandon is a long-time favorite on the FCPA Compliance Report, and he always brings a unique perspective to a variety of compliance topics. In this episode, we look at the Theranos case from a very different angle than the criminal fraud trial of Elizabeth Holmes. We consider the due diligence lessons from Theranos. Highlights of this podcast include:
- What is the difference between ongoing due diligence v. point in time due diligence?
- How does Due Diligence on potential investments different (or not) from DD on other types of 3rd parties?
- What areas should you look at in DD of potential business partners/investments?
- How do you perform DD on leaders or senior management of potential business partners/investments?
- What should people or skill sets be on your DD team? For instance, would you suggest being on a DD team to evaluate Theranos?
- How do you evaluate the risk, or are you simply trying to ID red flags?
- Does DD provide insight into the leader of potential business partners/investments continuing after the deal is done?
Resources
Brandon Daniels on Exiger website
Pre-investment, IPO, and Fund-Raising DD
In this Episode of the FCPA Compliance Report, I am joined by Laura Tulchin, Director at Exiger. We take a deep dive into ESG and compliance, both now and in the future in a fascinating episode about 2020, the year everything changed. Highlights of this podcast include:
- Why has ESG become such an important topic?
- What does ESG mean?
- Why should ESG be headed by the CCO and compliance?
- How does ‘Hearts and Minds’ apply to ESG?
- What risk management tools can facilitate ESG?
- What do compliance professionals and companies need to be focusing on down the road regarding ESG?
Resources
Laura Tulchin on LinkedIn