Supply Chain

Continuing Complications in Supply-Chain and Third-Party Risks

Rapid responses and resilience are essential amid economic and geopolitical disruptions and regulatory challenges

Friday, February 24, 2023

By Skyler Chi


In 2022, it became clear that effective supply chain risk management (SCRM) is not a luxury but a necessity. The year saw numerous disruptions to global supply chains, including the Russian invasion of Ukraine, the Log4Shell vulnerability, and concerns over rail strikes. These disruptions were compounded by the added complexity of new regulations such as the Uyghur Forced Labor Prevention Act (UFLPA).

It is not surprising, then, that 79% of boards surveyed by EY believe that improving risk management will be crucial for creating value in the next five years.

As the risk and compliance environment continues to evolve in 2023, businesses must prioritize robust supply-chain and third-party risk management to protect their operations from future challenges. To do this, companies need access to the data and tools that enable them to proactively strengthen their SCRM posture. By taking action now, businesses can be better prepared for whatever the future may bring.

The Case for SCRM

In 2022, global supply chains faced numerous disruptions, testing the resilience of almost all businesses.

Russia’s Ukraine invasion in February resulted in significant and immediate effects on personnel, with longstanding implications for the global economy, vendors and the supply chain that are still being felt today. Following the invasion, companies needed to quickly ensure the safety of personnel on the ground, then look to their suppliers to see the full impact of the invasion on the company.

Adding to the complexity came the subsequent global sanctions on Russian entities and businesses, with organizations working quickly to identify the impact of cutting ties with sanctioned entities. The swift action that was required demonstrated the importance of supply chain visibility and of robust SCRM processes that would allow businesses to respond quickly.

ESG principles are likely to be emphasized, Exiger’s Skyler Chi writes.

Throughout last year, cyber supply chain vulnerabilities became a major concern. In September, Microsoft confirmed two zero-day vulnerabilities, and earlier in the year, Log4Shell showed the impact that widespread vulnerabilities in a company’s software supply chain can have. Without access to real-time cyber exploration and monitoring tools, impacted vendors are difficult to detect and analyze. Firms globally have found it difficult to quickly respond to, assess, and mitigate these vulnerabilities in near real time without the use of technology-enabled tools.

Regulatory action, such as the UFLPA and NDAA Section 889, has placed greater pressure on businesses to have visibility into their supply chains. The UFLPA requires companies to perform adequate due diligence on their suppliers to ensure they are not importing goods made from forced labor in China’s Xinjiang region. NDAA 889 prohibits government contractors from providing telecommunications and surveillance goods from certain Chinese entities to the federal government. Compliance responsibilities fall on businesses, thus emphasizing SCRM’s importance.

What Is to Come 

The effects of an economic downturn are ongoing, notably including layoffs in the tech sector. As these conditions persist, companies will look to cut costs and as such, run a leaner supply chain. Moving back to just-in-time SCRM can have a significantly negative impact on businesses, especially with heightened regulatory pressure. Companies will need to find a balance between cutting costs and ensuring compliance.

Environmental, social and governance (ESG) issues are expected to become a key focus in the context of supply chains this year. This is particularly relevant in view of U.S. and European regulations that prohibit the use of goods made with forced labor. As a result, ESG principles are likely to be emphasized within supply chains in various regions.

Additionally, the Russia-Ukraine conflict has highlighted the potential impact of global supply-chain disruptions. Tensions between China and Taiwan should have organizations paying attention to the potential for further geopolitical disruption in Southeast Asia, considering how it might impact supply chains and what alternative solutions might be necessary to mitigate risks.

Begin Preparation Today

Organizations shouldn’t wait for widespread disruption or a shutdown of company systems to strengthen SCRM postures. It should be a top priority for all, and acted upon with haste.

Beyond the benefits of having a clear, overarching view of an organization’s supply-chain ecosystem, a robust SCRM program and framework can help increase returns on investment. By providing the flexibility to act quickly and respond when supply chain disruptions occur, or when new regulations come into effect, organizations have the ability to better overcome disruption and continue business as usual.

Robust supply-chain mitigation strategies, including bridging and buffering, can help an organization prepare for what’s to come. Bridging means bridging the gap with suppliers to ensure communication is strong before, during and after any type of crisis, including climate-related events. Buffering means having inventory reserves to act as a buffer, or alternative supply sources, should primary suppliers face disruption. Proactively implementing these mitigation strategies can help a business respond with agility in the face of disruption.

Evolving with the Risks

As supply chain disruptions become more complex, the technology used to detect and mitigate associated risks is also advancing. These developments, such as the ability to perform sub-tier illumination and modeling from a command center, can greatly enhance SCRM. In the near future, increased predictability will be a game-changer for SCRM.

As risk and compliance landscapes continue to evolve, businesses must aim to remain one step ahead. With robust SCRM practices, companies can weather the storms ahead and best position themselves to succeed in the face of evolving threats.

Knowledge is key. Knowing where you stand today, the risks and regulations on the horizon, and being armed with real-time visibility into your supply chains can ensure your organization can thrive for years to come.  


Skyler Chi is the head of enterprise accounts, based in the New York office of Exiger.


BylawsCode of ConductPrivacy NoticeTerms of Use © 2024 Global Association of Risk Professionals