Managing Compliance in the Supply Chain
G U E S T A R T I C L E
For companies to successfully operate in these markets, it is essential that they understand and comply with the product and supply-chain laws and standards that exist at the local, national, and international levels. Adding to these demands is the ever-increasing list of monitored substances that requires organizations, as well as their suppliers and importers, to keep track of the substances, chemicals, and minerals used in their products, and then evaluate them against the relevant regulations. Noncompliance with these requirements can prove costly.
To meet these demands, organizations are establishing definitive strategies for compliance. By adhering to regulations and standards with the right processes and best practices, companies can improve both risk and supply-chain management. Moreover, by integrating compliance and due diligence efforts, they can assess their supply-chain risks more effectively, and build robust strategies for responsible sourcing.
There are many challenges in adhering to product-compliance requirements from authorities such as the U.S.Securities and Exchange Commission (SEC) and the European Chemical Agency (ECHA), as well as the mandatory CE marking and conformity declaration requirements of RoHS.
Most recently, conflict minerals laws have been creating multiple regulatory challenges. To be compliant, companies covered under these regulations must trace the origin of conflict minerals and smelter information, conduct a reasonable country of origin inquiry (RCOI), and maintain approved supplier lists. They also must gather additional information about their supply chains regarding the use of forced labor, human trafficking, slavery, and other violations.
Similarly, REACH and RoHS make it imperative for companies to identify supplied parts from their bill of materials (BOM), document the presence of substances of very high concern (SVHC) above a certain threshold, and send requests for declarations to their suppliers.
Managing all the data associated with these compliance activities has become a formidable task due to the ever-growing supplier base and the need to track sub-suppliers and their suppliers. The issue is often complicated by the communication chaos in the supply chain, and the lack of accurate supplier responses to surveys and other queries.
As the supply chain expands and the list of applicable regulations increases, companies need to be aware of the risks related to sourcing, and execute a robust supplier governance and compliance program.
Preparing for compliance
Regulations such as RoHS, REACH, and the conflict minerals rule call for greater transparency in supply chains. Companies who prepare well when responding to these regulations are better positioned than others to handle future regulatory developments. They also become more aware of the risks related to sourcing and are therefore better able to execute a robust, supply-chain compliance and governance program that can be expanded to manage compliance with new regulatory requirements.
Below are the key best practices that make up an effective compliance program:
1Improve supply chain awareness
Perhaps the most important factor in compliance is understanding the supply chain, including all suppliers, sub-suppliers, components, materials, factories, and products, as well as the relationships between them. By mapping these components in a centralized system, companies gain a greater understanding of their product and supply chain, and are able to identify and mitigate risks quickly.
As the scope of business expands across geographies, organizations must be prepared to respond to local, national, and international laws, and understand how each of them is applicable to the supply chain. Often, the fear of noncompliance drives organizations to react to new regulations in a knee-jerk manner without sufficient knowledge of the regulations or their applicability. To avoid this situation, organizations would do well to stay informed about regulatory updates and changes, and then quickly assess how these requirements apply to the supply chain.
3Detect gaps and inefficiencies
Once organizations have a clear understanding of the supply chain and applicable regulations, the next step is to assess the gaps and inefficiencies in compliance, and respond to them in a timely manner. Often, a mix of activities such as audits, tests, and assessments are used to identify gaps in compliance efforts. These activities are usually conducted at various intervals for various regulations. For compliance with the conflict minerals rule, one assessment per annum serves the purpose. However, for REACH and RoHS compliance, the assessments, audits, and tests need to be conducted based on changes and updates to the regulation or BOM. Organizations also need to consider other factors such as changes made to suppliers and business units, as well as expansion to new geographies. All this information helps to build a holistic product and supply-chain compliance program.
4Ensure data quality
When it comes to compliance data management, simple tools such as spreadsheets might work for a small organization with less data. However, as the organization matures, the data also become more complex. At this point, using spreadsheets to manage multiple data points such as material name, CAS number, substance name, and weight can become cumbersome. A centralized technology system with pre-built data templates makes the process much simpler and more structured. Organizations can use industry-standard templates (like the conflict minerals reporting template) to measure and better understand regulatory requirements, while also closing compliance gaps, if any. These templates help highlight areas of noncompliance, and prevent their recurrence.
5Make the compliance process repeatable
Because compliance is not a one-time activity, it has to be done right. The program strategy and management must be defined in a way that is repeatable for all people involved, whether they are internal stakeholders or suppliers. Regulatory authorities want to see complete compliance documentation with high-quality data. Thus, organizations would do well to ensure that data gathered once through surveys, assessments, audits, test results, and other activities are accessible to all departments to help them in their respective supplier-compliance or assessment processes. With a centralized compliance management system, this objective can be achieved easily.
New regulations come with complex challenges, but if interpreted and complied with effectively, they can help an organization build credibility and brand value. In fact, regulatory compliance efforts can be a source of competitive advantage. However, many organizations use multiple, fragmented compliance-management systems that lead to duplication of time, effort, costs, and resources, and that make it difficult to derive important risk intelligence from consolidated data.
This is where technology can help. By leveraging a robust compliance management solution, organizations can not only streamline compliance management, risk management, document management, and reporting, but also integrate multiple product compliance management initiatives. A good system provides the transparency and visibility needed to respond promptly to various regulatory requirements.
In a nutshell, a smart technology solution for compliance management can help:
- Map product information, including chemicals, composition, materials, and components, to supply chain information, including details of factories, laboratories, suppliers, and sub-suppliers
- Respond to regulatory changes through automatic alerts on updates or changes to standards and regulations that affect the changing business environment (this helps companies in not only adhering to laws, but also mitigating risks proactively)
- Automate and improve communication with suppliers on assessments, declarations, testing results, policies, and other documents and processes
- Simplify the design, scheduling, and execution of compliance assessments for various regulations
- Accelerate the investigation of risks and open issues
Rapidly changing industry regulations and standards have made it imperative for companies to establish a clear strategy for compliance management, subject to the nature and design of regulatory changes and the level of risk involved. Companies are often better able to respond to changing regulatory requirements by adopting an automated solution that is efficient and user friendly to concerned stakeholders and suppliers worldwide. Such a solution should also provide real-time visibility into compliance across all the tiers in the supply chain, and help stakeholders understand the impact of risks on strategic and organizational goals.
About the author:
Swapnil Srivastav, a product marketing, presales, and purchase professional is currently working with the MetricStream marketing team on the third-party management solutions. She has more than six years experience in supply chain governance, supplier risk and strategy. Prior to joining MetricStream Srivastav worked at Robert Bosch with the direct material purchase team on supplier strategy, negotiations, purchase, and cost reduction projects.
This article has been produced with permission. Title picture is not associated with the original writing.