Welcome to a special six-part podcast series, sponsored by Exiger, on the TRADES Framework, a conceptual, strategic and practical guide for Third-Party and Supply Chain Risk Management designed by Exiger to help organizations achieve supply chain resiliency and optimize risk management at any phase of maturity. Exiger was founded to fight financial crime, fraud and terrorist financing by introducing technology-enabled solutions to the market’s biggest supply chain, risk, investigation, litigation, and compliance challenges. A global authority on risk and compliance, Exiger serves the world’s largest banks, Fortune 1000 companies and government agencies and regulators. In this first episode, we consider transparency with Skyler Chi and Tim Stone.
The TRADES Framework is an important evolution in a rapidly evolving ecosystem of third party and supply chain risk management. There are a wide variety of risks that could be in your Supply Chain, including both distributor risks and vendor risks. The urgency of establishing best practices in this area was driven home most forcefully during the Coronavirus pandemic as governments at all levels were trying to secure the vaccines, Personal Protective Equipment (PPE) and pharmaceuticals that were needed. There has also been legislative initiatives with such laws as the German Supply Chain Act starting to gain momentum. Of course modern slavery issues that were talked about before as well and the ESG revolution.
Tim Stone related that “T is for “Transparency of Current State”. There are different levels of transparency. He focused on Entity Level where the goal is to identify the full third-party ecosystem. Another way to think about it is “taking stock”. This stage involves illuminating your current state of affairs and identifying your vendor ecosystem.
The next step is how to build this initial tier of reliably accurate, validated, and de-duplicated entities that are mapped to business units, products, and use-case. You want as comprehensive a supplier and third-party ecosystem as possible. So how do you gain this transparency?
The first step is to identify, your internal supply data elements. You need to review your organization’s contracts and other paperwork, as well as engaging stakeholders across an organization in a fact-finding exercise, to arrive at a golden source of suppliers and vendors, and then mapping those entities to the products, business units, and use-cases across the organization. Next you should review external supply data elements.
“Transparency” is also about illuminating risk, which here means identifying the risks posed by the entities in a client’s supply chain. These risks are either inherent or imposed. Determining inherent risk, is where Exiger’s AI-powered due diligence platform, DDIQ, shines. DDIQ finds and categorizes risk information about focal companies and people. The platform searches hundreds of structured (e.g., watchlists) and unstructured (e.g., media) data sources and performs thousands of targeted queries – using proprietary search strings associated with different risk types and specific risky entities – to isolate and categorize risk information about a focal entity.
Next is imposed risk, which is “an aggregate view of a company’s upstream reliance on certain countries, such as China, for its receipt of goods. This extent of a higher risk country’s upstream footprint in a company’s supply chain is indicative of greater risk.” It also includes risk through downstream supply chain risk analysis to isolate where a company’s products are ultimately ending up.
Transparency also speaks to the governance and accountability associated with third-party (TP) and Supply Chain Risk Management (SCRM). There is a Strategic Level and a Program Level. As Skyler related you should create and document a TP&SCRM mission statement and purpose explanation, understand how mature your program is and create a baseline analysis of the program’s maturity. You then develop and maintain policies and procedures, which provide guidance and determine the right risk-area stakeholders and governance forums.
From this point, you should work to determine communication and workflows to operate the TP&SCRM program. This can be done through several steps, including data sourcing and right-sized technology aligned to the TRADES framework to ensure a single source of truth for each third party, supply chain, and overall program; continuous evaluation and improvements of the framework and periodic refreshes or reviews to assess industry/risk changes and best practices. Finally, it would lead to the creation of principles and guidance to help company stakeholders take risk-related decisions and actions.
Join us in our next episode, where we discuss the Risk Methodology with Theresa Campobasso and Matt Hayden.
Exiger TRADES Framework