- With ongoing supply chain disruptions and uncertainty, companies continue to consider diversifying their sources for key supplies and inputs.
- Altering supply chains can bring new legal and regulatory risks, including potential sanctions violations and exposure to bribery demands.
- Directors should ensure that their companies are proactive in assessing the risks of new supply chain participants and that their compliance programs are designed to address supply chain-related misconduct.
Companies are rethinking their supply chains in response to geopolitical, economic and environmental developments. Fallout from Russia’s invasion of Ukraine (in the form of economic sanctions), COVID lockdowns, shipping disruptions, climate change, and environmental, social and governance (ESG) concerns have shown that reliance on single sources for supplies can create significant risk for companies. Bank of America found that references to supply chain issues in earnings calls increased 412% from Q1 to Q3 2021.
With uncertainty and potential for disruption likely to remain high for the foreseeable future, it makes sense to diversify sourcing for key supplies. However, that entails working with new suppliers, often in new geographic regions. That, in turn, gives rise to regulatory risks.
Switching Sources Carries Regulatory Risks
Economic sanctions: Sanctions may have encouraged diversification, but they also complicate the process of finding new suppliers.
The U.S., EU, U.K. and other countries responded to Russia’s invasion of Ukraine with financial and trade-related restrictions. The broad scope of these has caused significant disruption in supply chains, particularly in the energy sector, as a result of restrictions on purchases from Russian producers of materials such as aluminum, copper, nickel, palladium, petroleum and platinum.
Inconsistencies across different jurisdictions’ sanctions programs has made compliance particularly complex. Understanding to whom sanctions apply is critical. It does not suffice to check names on a country’s designated persons list. For example, U.K. restrictions can apply broadly to “persons connected with Russia.” The risk here is amplified because liability can attach even if the violation is not willful.
It’s critical that companies have strong sanctions compliance programs and that new commercial suppliers are screened effectively to ensure that they are located in regions that are not subject to sanctions and that the suppliers themselves are not subject to economic sanctions.
Anti-bribery and corruption measures: New supplier relationships may require import and export licenses and touch points with tax authorities or other government actors, and when companies interact with governments, there is bribery and corruption risk. Well-resourced U.S. regulators have a track record of investigating and enforcing the U.S. Foreign Corrupt Practices Act, and the U.K. Bribery Act creates a broad corporate offence for failing to prevent an associated party from committing bribery. Strong compliance programs can help prevent misconduct and can help companies to identify and correct misconduct where it occurs.
Tax evasion: New supply chains can also bring tax risks. Regulators in the U.S. and U.K. have examined supply chain structures for tax evasion. From 2004-2007, a heavy-equipment manufacturer faced scrutiny from U.S. regulators, who alleged that the company was able to reduce its taxes by $2.4 billion as a result of tax planning related to its supply chain. The investigation led to raids on the company’s offices, and the Internal Revenue Service ultimately sought $2.3 billion in payments from the company.
Companies subject to the U.K. Criminal Finances Act also need to assess their tax evasion risks and maintain appropriate policies to manage the risk of committing the corporate offence of failing to prevent the facilitation of tax evasion. U.K. tax authorities are known to visit large businesses to evaluate their prevention procedures related to supply chains.
Environmental, social and corporate governance (ESG) issues: Boards should also be cognizant of economic and reputational risk from failing to maintain adequate ESG standards. In supply chains, forced labor and human trafficking have gained significant attention. In June 2022, the Uyghur Forced Labor Prevention Act came into effect in the U.S., creating a presumption that goods produced in the Xinjiang Uyghur Autonomous Region of China, or with labor linked to specified Chinese government-sponsored labor programs, are produced using forced labor and thus prohibited from entry to the United States.
The U.S. law creates new reporting requirements for companies and forces companies to evaluate their supply chains for any connections to the targeted region. The legislation is already affecting supply chains. For example, the U.S. solar industry has had to adapt because the Xinjiang region produces almost half of the world’s supply of a crucial component in solar panels.
The potential reputational risk was highlighted, too, by an August 31, 2022, report by the United Nations High Commissioner for Human Rights finding widespread human rights violations in the region.
ESG risk is not limited to forced labor, though. Companies should consider the potential harm that could flow from being linked to a supplier that is tagged with other negative conduct, such environmental misconduct, workplace culture issues or links to authoritarian regimes.
How To Manage These Risks
Company boards should assure themselves that company management is taking appropriate action to address these potential risks.
Supply chain diligence is critical for each of the risks above. Companies should conduct due diligence to understand:
- who their suppliers are and where they, in turn, source their inputs.
- the direct and indirect ownership and control of your suppliers, in order to assess whether they have connections to sanctioned territories or parties.
They should ensure that appropriate questions are being asked when conducting due diligence on new suppliers/buyers; for example:
- where do they source key products/raw materials?
- who are their distributors and where are they located?
- where will they ultimately ship these goods?
- do they use sustainable business practices?
Conduct appropriate risk assessments:
For example, in assessing bribery and corruption risk in your supply chain, consider:
- where your supply chains operate and whether any of those areas are high-risk jurisdictions.
- whether your supply chain touches high-risk sectors, such as raw materials extraction.
- whether government-owned companies are involved; for example, you might consider enhanced due diligence measures if a government has interests in upstream suppliers or if government-owned entities are involved in providing licenses.
- how the company uses third-party intermediaries who may act or provide services on the company’s behalf.
Assess the strength of your suppliers’ due diligence processes by inquiring about:
- each supplier’s compliance framework, including policies and training.
- if and how suppliers’ employees can report concerns through whistleblower channels.
- the relationship between suppliers and state-owned companies.
- suppliers’ previous experience in your sector.
Negotiate for contractual protections to mitigate these risks. These provisions include:
- incorporating your company’s anti-corruption policies into suppliers’ contracts.
- ensuring suppliers’ payment terms are documented in the contract.
- ensuring that compensation is commensurate to the services performed.
Refresh risk assessments periodically to assess the risks posed by each of the factors above.
Ensure strong compliance programs.
- Company compliance programs should be built to include policies, procedures and training for employees around key risks: sanctions, bribery and corruption, and third-party relationships (suppliers, agents, consultants).
View other articles from this issue of The Informed Board
- Boards and M&A: Playing, and Winning, the Game of Regulatory Risk
- Navigating the Uncharted Legal Territory of NFTs.
- ‘Mission Critical’ Issues and ‘Red Flags’: What It Means for a Board To Exercise Oversight
- Podcast: Should Your Company Take a Stand on Political and Social Issues?
This memorandum is provided by Skadden, Arps, Slate, Meagher & Flom LLP and its affiliates for educational and informational purposes only and is not intended and should not be construed as legal advice. This memorandum is considered advertising under applicable state laws.