New York’s Fashion Act Has Potential Global Supply Chain Impact

Earlier this year, lawmakers in New York State unveiled the Fashion Sustainability and Social Accountability Act, which would require clothing companies with more than $100 million in annual revenue to meet environmental, sustainability and human rights standards in fashion supply chain.

Known simply as the Fashion Act, this proposed legislation aims to hold fashion companies that do business in New York accountable for their role in climate change and human rights abuses.

Most notably, the act would require these firms to map at least 50 percent of their supply chains to disclose impacts such as greenhouse gas emissions and chemical and water usage. Brands would also need to disclose median wages for workers while taking more responsibility for safe working conditions.

The bill is currently under discussion in state legislative committees. It is expected to be put to a vote later this spring.

Supply Chain Issues in the Fashion Industry Go Beyond New York

While the bill exists in New York, it could have a global impact on the fashion supply chain. All major brands who do business in the state would need to meet the standards or discontinue operations in a massive global market. There is also the possibility that other states or countries could create copycat legislation that requires the same  or more stringent standards.

The Faction Act goes beyond the standards set in California’s Garment Work Protection Act, which was first introduced in 2020 and signed into law in September of 2021. Under that law, businesses with more than 25 employees must pay garment workers a minimum wage of $14 per hour instead of piece-rate compensation.

The European Union is currently doing due diligence on mandatory human rights legislation. At the same time, countries including France, Germany, Australia and the United Kingdom have already created laws related to human rights and modern slavery in manufacturing.

The Role of Fashion Supply Chain Software in Facing ESG Challenges

According to the World Economic Forum, the fashion industry produces 10% of all humanity’s carbon emissions and is the second-largest consumer of the world’s water supply.

As the fashion supply chain’s economic and humanitarian issues have gained more attention in recent years, consumers largely want to purchase from ethical brands. Many fashion manufacturers will need to adopt new strategies if the Fashion Act goes into law, as some have purposely hidden or are unaware of the downstream issues in their manufacturing supply chain.

At Interos, our platform helps organizations understand the full risks of their supply chain regardless of the industry. Using artificial intelligence and machine learning, Interos leverages more than 80,000 data feeds to help companies map, monitor and model their supplier network. As consumers push for more ESG transparency, manufacturers will need this enhanced supply chain visibility to ensure all suppliers meet organizational goals. To learn more, visit

The Impacts of Removing Russia from the Supply Chain

Pressure on U.S., European and other companies to cut ties with Russia has been building over the past month since Vladimir Putin’s invasion of Ukraine.

Most of the public debate and media attention has been on companies that have closed their shops, offices, and factories and stopped selling to Russian customers. This growing list includes the likes of McDonald’s, Coca-Cola, Starbucks, Apple, H&M, IKEA, and Ford.

This is both a sales revenue and inbound supply chain story. It is a sales revenue issue because these companies will be foregoing income from Russian customers due to their decision to stop operating in the country. It is an inbound supply chain issue because, in many cases, they will either have to cease shipments of ingredients, raw materials, parts, and finished goods imported into Russia and/or cancel planned orders from suppliers manufacturing there.

However, the mass exodus from Russia is also an outbound supply chain story – and this arguably has more severe implications for Western companies.

Russia’s supply chain a major source of raw materials

Russia remains a relatively small economy by international standards. For example, it is slightly bigger than Australia in GDP despite having more than five times the population. The sales losses from shutting down operations there are something that most foreign firms will be able to absorb.

But Russia is also a significant exporter of essential commodities such as energy, metals, and crops that aerospace, automotive, industrial, food, and other manufacturing companies operating outside the country depend.

Russia is:

  • The world’s second-biggest exporter of crude oil and the largest source of natural gas
  • A significant producer of nickel, platinum, titanium, steel, aluminum, palladium, copper, and uranium
  • The world’s top wheat exporter, selling over 38 million tons globally

Additionally, Ukraine is a major exporter of corn, barley, and rye and produces more than half of the world’s supply of semiconductor-grade neon.

While most of these commodities are currently not the subject of Western government sanctions, supply availability and shipping delays are growing concerns, and prices have skyrocketed as markets exhibit significant volatility.

Given this situation, and amid uncertainty about how long the war will continue and how far-reaching its impact could be, many organizations have to rethink their sourcing strategies concerning Russia and Ukraine.

A case in point: on March 7, Boeing announced it was suspending its purchases of titanium from Russia, which accounts for around one-third of its total supply needs.

Getting visibility of Russian suppliers

Many U.S., European and Asian companies don’t want to be seen as supporting the Russian economy, let alone helping to fund its war machine. They are, consequently, reconfiguring their supply chains and sourcing strategies for both operational and reputational reasons.

To avoid doing business with Russia from outside the country, companies first need to understand who directly buys vital materials, components, and products. They also need to get visibility of other Russian-based entities they are indirectly connected to further upstream in their extended supply chains.

This is far easier said than done.

Analysis of Interos’ global relationship mapping platform highlights the following in respect of two major Russian-owned metals suppliers, for example:

  • VSMPO-AVISMA, a subsidiary of Russia’s state-owned arms manufacturer Rostec, is the world’s largest titanium producer, with over 30% global market share. According to our data, it is a Tier 1 supplier to 42 international companies, including Boeing and Airbus. One-third of these are U.S.-based and more than half (56%) are in the aerospace & defense (A&D) industry.
    • VSMPO-AVISMA and its subsidiaries are tier-2 suppliers to almost 3,000 companies outside Russia, including airlines and A&D firms. This group is also a tier-3 supplier to more than 112,000 firms worldwide, making industrial machinery, electronic equipment and other products.
  • Norilsk Nickel (Nornickel) mines 40% of the world’s palladium – used in semiconductor manufacturing and catalytic converters to reduce vehicle emissions – and is a leading nickel producer used to make stainless steel and electric vehicle batteries.
    • While Nornickel shows up in our platform as a direct supplier to only 11 foreign companies, it forms part of almost 56,000 supply chains at tier 2 and over 323,000 at tier 3. U.S.-based firms represent 52% of these connections at tier 2 and 41% at tier 3, with the UK accounting for a further 6-8% and India 5%.

Understanding foreign company dependencies

As well as understanding the domestic Russian producers they do business with, directly or indirectly, international customers also need to be aware of foreign-owned companies operating within the country.

To get a sense of these connections, the Interos Resilience Lab reviewed the list of over 400 major U.S., European, Japanese and other brands compiled by Professor Jeffrey Sonnenfeld and his colleagues at Yale University that have announced plans to leave, scale back, pause or stay in Russia.

Of the 50 companies we looked at with manufacturing-based supply chains, many operate within Russia to supply customers serving the domestic market. They include glass producers, industrial gases, bulk packaging, and tires – items typically made at a national or regional, rather than global, supply chain level. However, some of these companies also use the Russia supply chain as an export base.

Three illustrative examples:

  • A sizeable U.S.-based conglomerate has more than 60 European or UK customers that it supplies directly from Russia. It also supports over 17,500 customers as a tier-2 supplier and 86,800 as a tier-3 supplier. The equivalent numbers of U.S. customers are significantly higher at all levels.
  • An American metals producer with manufacturing operations in Russia supplies over 25,000 firms in the UK and Europe at Tiers 1-3, and over 57,000 in the U.S.
  • A multi-billion industrial products manufacturer with a key subsidiary in Russia serves more than 175,000 customers at Tiers 1-3 in the U.S., and 95,000 in the UK and Europe.

Procurement and supply chain leaders need to understand these connections and dependencies, whether because these sources may be subjected to disruption over the coming weeks or because they wish to avoid purchasing from Russia.

For continued updates on the supply chain impacts of the war in Ukraine, please see our Ukraine Crisis Resource Center.

Mandatory Cyber Reporting Benefits Everyone

On March 15, President Biden signed the Cyber Incident Reporting for Critical Infrastructure Act of 2022 into law as part of the larger 2022 Consolidated Appropriations Act. Known as the Cyber Incident Reporting Act, the law requires certain critical infrastructure entities to swiftly report specific cyber incidents and ransomware payments to the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency.

Interos believes this legislation is a significant step forward in improving national security accountability, especially in supply chain attacks. Let’s look at some of the key reasons why it will help to promote resilience in cyber security.

Mandatory reporting forces organizations to address cyber security problems

Many organizations have significant cybersecurity problems. While many companies make a substantial effort to promote resilience in cyber security, others don’t. 

Recent supply chain attacks have exposed organizations with little or no cyber-security staff and budgets. These companies gamble on the assumption that they will not have a cyber problem, or no one will find out about it. Mandatory reporting will remove that flawed approach and force organizations to face proper scrutiny for their lack of effort, which prevents your competitors from benefiting from scrimping on cyber efforts.

Mandatory reporting promotes a straightforward focus on resilience in cyber security

In the past few years, many organizations have decided not to report cyber incidents for various reasons, primarily legal. They often count on an indifferent public and lax enforcement environment. 

Mandatory reporting makes the response a standard procedure for all organizations. Before mandatory reporting, executives could decide not to report incidents, hide severe internal issues, and reasonably expect to face only minor fines. Often they were unpunished in any situation. An organization that does not report can now face severe financial penalties and civil action for non-compliance. Companies can now focus on mitigation rather than deciding how to respond to a cyber incident, saving you time and money.

Mandatory reporting will help future legislation reflect actual threats faced by organizations

Organizations will often complain about governments proposing ineffective and challenging laws to comply with within the real world. However, it can be impossible to create legislation that improves national security and benefits the private sector without a correct view of cyber threats. Governments need to know what the real cyber threats are to legislate effectively, which ultimately helps your organization and industry.

Mandatory reporting forces organizations to prioritize compliance over secrecy

When attacks happen, organizations should act quickly and decisively to mitigate the threat. This effort includes policy changes, hardware changes, personnel changes, using a modern operational resilience platform, and more. It can be difficult for the cyber team to act freely without mandatory reporting. Imagine trying to order thousands of laptop hard drives because of a successful ransomware attack and being told by your leadership to slow down the replacement effort because it would arouse suspicions. 

Other issues include asking internal stakeholders to make significant changes immediately without telling them why it is critical. It is also impossible to reach out for help from public forums, vendors, industry groups, government resources, etc. Mandatory reporting allows cyber response teams to act without constraint, which will mitigate the threat in the fastest manner possible.

Mandatory reporting forces vendors to be more responsive to vulnerabilities

Unfortunately, bad publicity about a vendor’s cyber vulnerabilities and the resulting loss of sales are the primary drivers to fix these defects. Mandatory reporting brings these problems into the spotlight, forcing vendors to make fixes promptly. 

Mandatory reporting gives your organization awareness of a vendor’s issues. If issues have not yet been announced, or no customer has complained publicly, vendors would likely prefer to roll out new features rather than fix existing problems. Unless you become aware of a vendor’s issues, you cannot be proactive in patching or reevaluating your relationship with that vendor before you suffer an attack.

Conclusion: Standing together to promote resilience in cyber security

Mandatory reporting of cyber incidents will continue to be a controversial subject. Still, Interos believes compliance is in everyone’s best interest, and everyone should join together to report these events in a standard and timely manner. 

The new legislation’s reporting requirement gives an organization the freedom to respond as it is an expectation, not a choice, and an opportunity to educate the public and government on how outside forces plague their company, while also encouraging companies to have better cybersecurity solutions and vendors to resolve issues faster. This sea change will benefit your organization.

To see a demo of the Interos Operational Resilience platform, please check out

SEC’s Bold ESG Proposal Requires Bolder Actions

Fittingly, less than 24 hours after marking the Spring Solstice in North America, we’ve reached a true inflection point in the march to create smarter, healthier businesses and a better planet.

Today’s proposal by the Securities and Exchange Commission (SEC) to require businesses to begin measuring and disclosing greenhouse gas emissions in a standardized way is a huge milestone in the evolution of Environmental, Social and Governance (ESG) awareness here in the U.S. and around the world.

It’s also a momentous catalyst for ensuring greater visibility and resilience across your supply chain.

Per the proposed ruling, companies are obligated to disclose their direct (Scope 1) and indirect (Scope 2) greenhouse gas emissions and, crucially, emissions generated by their suppliers, called Scope 3 emissions. While the requirement for Scope 3 emissions will only be limited to companies above a certain size, their inclusion reflects a greater concern than ever before on the effect of extended supply chains on the global climate.

The ruling will be available for public comment for 60 days before a final ruling is handed down.

Strong Message Needs Strong Response

Regardless of outcomes, the announcement marks the most significant intention to overhaul corporate disclosure rules in decades and sends a strong message to businesses everywhere that climate change action is now among the most pressing concerns and priorities for Wall Street’s top regulator and investors.  Despite its reputation for lagging behind Europe on ESG matters, this announcement indicates that the U.S. is taking these issues just as seriously.

Today’s news certainly doesn’t come as a shock. According to POLITICO, thousands of companies already voluntarily provide emissions data to CDP, a nonprofit repository of corporate climate reporting. And in the U.S., nearly 32 percent of companies even disclose their supply chain emissions to CDP.

Over the past several months, I’ve participated in several climate, ESG and investor-related conferences, including Blackstone’s CEO Council last week. This issue – and the need for greater supply chain visibility – is right up there with Russia’s invasion of Ukraine as the most important conversations taking place among leaders across business, government and civil society.

It also follows a host of societal and business trends we’ve been following for the past few years as activist consumers and investors push for greater action and transparency on climate, social justice and economic equity issues.

And they’re putting their money where their mouth is. Sustainable investing is on the rise globally, with assets under management having surged from $30.7 trillion in 2018 to $35.3 trillion in 2020, according to the Global Sustainable Investment Alliance.

To put that into context, that $35.3 trillion is equal to the combined GDPs of the world’s two largest economies – the U.S. and China. And its rate of growth surpasses both.

With today’s announcement, the race is on for diligent, transparent, consistent and accountable ESG reporting.

From Compliance to Competitive Advantage

And let’s be clear: This is not just about compliance anymore. Rather this is all about competitive advantage. Companies that embed and integrate ESG into their operating and business models to enhance operational resilience, drive efficiencies, satisfy consumer demands and reinforce their values to employees will gain significant competitive advantage. And those that back these actions with clear visibility into their suppliers’ actions across their extended supply chain will be the undisputed market leaders of the next decade and beyond.

In a comprehensive report issued by the University of Oxford, 88 percent of companies that embraced ESG reported higher operational performance, while over 90 percent experienced lower cost of capital and over 80 percent saw improvements in stock performance.

Driving optimal ESG business performance requires not only integrating sustainable practices and measures within your own operations but also working diligently with your suppliers which, in many cases, may bear most of your exposure. Scope 3 emissions are a great case in point. In most FMCG companies, for instance, including giants like Coca-Cola, more than 80 percent of carbon footprints resides within their supply chain.1

And for most of these businesses, it’s not so much a carbon-awareness problem as much as it is a data and visibility problem.

Interos Study Shows Deficits in Visibility and Data

Our own recent study on supplier sustainability at Interos shows that companies want sustainable supply chains but lack the data and visibility into their partners’ operations to truly meet their sustainability goals. The survey shows that 37 percent of responding businesses struggle to obtain the data to measure supplier sustainability accurately.

Additionally, 74 percent of businesses responding to the Interos study say they rely on manual methods and self-reporting. And perhaps most alarming, 41 percent of organizations report that ESG-related risk factors had caused detrimental impacts to their business in the past two years. ESG disruptions cost companies an average $35 million in lost revenue annually, and untold millions more in brand and reputation impacts.

With more than half of companies lacking supply chain visibility across their extended ecosystems, organizations face the possibility of both ESG reputational risks as well as regulatory risks as governments across the globe ban supply chain exposure to issues like human rights violations.

Whether it’s unethical child labor practices in China creating business concerns for H&M2 or environmental recklessness in the Amazon region creating problems for McDonald’s, Walmart, and Costco3, these days the C-Suite is working hard to gain real visibility into risks lurking deep in the supply chain that could cause serious negative repercussions back at headquarters.

In my own recent conversations with business and government leaders, it’s clear that more and more C-suites and boardrooms are focused on greater visibility and transparency. The power of transparency is that it turns doing the right thing into a massive business opportunity.

This goes beyond the investment world; this goes straight to the core of the corporate world and the myriad extended supply chains of finance, manufacturing, energy, aerospace and defense, pharma, automotive and beyond.

Done right, we can encourage the creation of a better, healthier, and safer global economy. We can help re-build trust in the global supply chain. We can reveal and reward the good, as well as see the bad and put a higher cost of doing business on pursuing environmentally unsound ways of operating.

The SEC has given us more reason to do just that.

  1. Coca-Cola’s GHG emissions worldwide 2020 | Statista
  2. H&M and Other Brands Face Backlash From Chinese Consumers – The New York Times (

The Supply Chain Implications of the Russian Energy Ban

The Biden Administration issued an executive order earlier this month that bans the import of Russian oil, liquefied natural gas, and coal to the United States and prohibits any United States citizen from initiating any new investment in the Russian energy sector, regardless of where that person is located. 

This is another punitive step as the United States ramps up its pressure on Russia for Vladimir Putin’s attack on Ukraine.  

The Downstream Impacts of the Russian Energy Ban 

Record high gas prices have fueled already high inflation and will have significant implications on policy, earnings, and many supply chains for the foreseeable future. According to the International Energy Agency, U.S. imported approximately 700,000 barrels of oil per day from Russia in 2021.

The United Kingdom is gradually detaching itself from Russian energy, and the European Union is cutting gas imports from Russia by two-thirds this year. Although the economic impact from the loss of Russian energy is much more significant for Europe than for the U.S., other supply chain consequences exist. 

Understanding Russian Energy Buyers

Data analysis by Interos found over 120 distinct U.S. entities that directly buy from Russian firms in the oil, gas, and consumable fuels sector. Looking further into the supply chain, the number of relationships grows to over 33,000 U.S. entities for Tier 2 suppliers and 157,000 for those at Tier 3. 

Most of the direct buyers of Russian energy are in the same or similar industries, but, notably, some are in sectors as diverse as software, retail, and food products. 

The relatively high numbers of U.S. buyers connected to Russian energy suppliers beyond tier 1 are significant considering how little the country directly depends on Russian energy. 

Even for those companies in which a Tier 1 supplier is not specifically dependent on Russian energy or impacted by the import ban directly might experience disruption further down the line. 

This could result from indirect relationships and dependencies that they may not be aware of. It also underscores the complexity and interconnectedness of global supply chains and the importance of having tools to identify and evaluate a company’s broader risk exposure. 

Impacts Felt in the United States

Although the US does not import enough Russian energy to significantly impact the Russian oil industry on its own, the move is still impacting energy prices and further pressuring other countries.  Indeed, many energy companies are severing relationships beyond what the EO requires.  

Although Europe is indeed more dependent, oil is a global commodity. It is traded almost exclusively in US dollars and these changes will affect the entire supply chain, both in terms of prices paid and further delivery delays. This will have a far-reaching impact on the energy and marine sectors.  

Stakeholders with connections to the energy and shipping sector will be immediately impacted and are required to examine their operations, supply contracts and charter parties to determine if the EO applies to them 

We expect even more restrictions to be imposed as the invasion sadly continues. 

For more information on the supply chain impact on the crisis in Ukraine, please visit our Ukraine Crisis Resource Center. 

Expanded analysis on Europe – Ukraine supply chains shows hidden connections

A comment from a Volkswagen executive in the Wall Street Journal this week sums up the challenge facing many European and international companies when it comes to the crisis in Ukraine. “Ukraine is not central to our supply chain, but suddenly we discovered that when this part is missing, it is.”

The war has already taken an extraordinary toll on individuals, families, and communities in Ukraine. Another added layer of anxiety comes from employees and businesses not knowing the full extent of their commercial ties and dependencies on Russia or Ukrainian supply chains in their extended supplier networks.

European reliance on Russia/Ukraine supply chains is greater than it seems

Bad intelligence derived from opaque supply chains can have perilous implications on businesses and individuals. For instance, data from Interos’ global relationship mapping platform shows that less than 250 German companies have direct tier-1 suppliers in either country. But, when the focus is expanded to include their suppliers’ suppliers the number of connections jumps massively.

Germany-based firms across all industry sectors have:

  • Tier-2 connections with more than 1,600 suppliers in Ukraine, and over 7,500 in Russia
  • Tier-3 connections with more than 12,200 suppliers in Ukraine, and over 18,200 in Russia

Broadening the focus to the European Union as a whole plus the UK, the number of tier-2 and tier-3 connections with Russian and Ukrainian suppliers is greater still:

  • More than 8,200 European firms have tier-2 suppliers in Ukraine, and over 38,000 have tier-2 suppliers in Russia
  • More than 109,000 European firms have tier-3 suppliers in Ukraine or Russia

A survey of German supply chain and procurement executives conducted by Gartner last year found that 80%  of companies thought they had good visibility of tier-1 suppliers (more than three-quarters of companies, parts and locations known). However, only 7% said the same about tier 2, and only 5% about tier 3.

Given these findings, the fact that a company like VW is unaware of its risk exposure to the war Ukraine until critical parts stop arriving at its car factories should come as no surprise.

In a lean and just-in-time industry like automotive, where every part is critical no matter how cheap or small, the impact of disruption is more immediate than in other sectors. Which is why VW stopped production at its plants in Zwickau, Dresden and elsewhere this week.

Visibility helps companies respond to crisis

European supply chain leaders – like their counterparts in the U.S., Asia and elsewhere – may not have all the data they need to optimize their scenario modelling and risk mitigation strategies, but they are working towards improving  these capabilities.

Gartner’s 2021 supply chain risk and resilience study found that “better supply chain visibility” was the biggest area for improvement. 70% of the sample ranked it in their top three. 40% said it was their number one priority.

  • Almost two-thirds of respondents (64%) said they were working on multi-tier mapping now, compared with only a fifth (19%) who said they had processes in place previously.
  • Almost three-quarters (73%) said they were looking at technologies to help them map their multi-tier supply chains and improve visibility – compared with just 11% who had already done so.
  • More than half (57%) said that having “better supply chain risk tools/technologies” was a top 3 priority for improving risk management in their businesses.

Many of these improvement efforts and investments will not come in time to enable European companies to avoid supply chain disruptions stemming from the war in Ukraine. It is also unlikely that most businesses have insulted themselves from the impact of sanctions imposed on Russian firms as a result of Putin’s invasion.

This horrific and unjustified conflict has already upended decades of conventional thinking about war and international business, as well as the supply chains that underpin them. The data on tier visibility shared above is crystal clear evidence that despite limited immediate connections, deeper analysis shows just how interconnected and interdependent our economies, businesses, and people are.

Greater awareness of the level and nature of that interdependence is essential to building a supply chain and business community that can withstand immense shocks and continue to provide essential services and information in times of crisis.

Continue to follow the Interos Crisis Resource Center and Blog as the crisis evolves in Russia and Ukraine. We will continue to post supply chain information and insights as they become available.

Impact of government sanctions on Russia’s supply chain

Western governments continue to take actions to isolate and weaken Russia’s supply chain and overall economy in the wake of its invasion of Ukraine. On Monday, the United States took the aggressive move of sanctioning the Russian Central Bank. This will prevent American firms and citizens from doing any business with it.

The comprehensive ban includes the National Wealth Fund of the Russian Federation and the Ministry of Finance of the Russian Federation. As well as restricting U.S. business, the sanctions also ban any foreign financial entity from sending U.S. dollars to the Russian Central Bank, the finance ministry or the National Wealth Fund.

Other prominent sanctions

Other prominent sanctions include:

  • Full blocking sanctions on Russian defense entities. These will make it incredibly difficult for them to build aircraft, fighting vehicles, electronic warfare systems and ammunition.
  • Export controls targeting oil refining, which provide a key revenue source for the Russian government.
  • Adding any firm that supports the Russian and Belarusian military to the restricted Entity List. This would ban all firms that work with these two military operations from also working with American firms.
  • Banning Russian aircraft from entering and using domestic U.S. airspace.
  • The creation of an international investigative team aimed at seizing the financial resources of Russian oligarchs. These oligarchs provide critical financial support to the Russian government.

European and allied governments are acting in concert on most of these sanctions; even the typically neutral Swiss joined the group of nations imposing sanctions on Russia.

These are extremely restrictive measures meant to prevent Russia from stabilizing the dramatic plunge of the ruble by selling other nations’ currency. Russia will have a difficult time stabilizing its banks and even the most basic necessities will soon be unaffordable to many of its citizens.

The Russian Central Bank joins a select group of world central banks that have been cut off from dollar transactions. This group includes Iran, Venezuela and Syria.

Governments have also delisted Russian banks and cut them off from trade financing. Under U.S. and most European Union sanctions, any entity that is 50% or more owned, whether directly or indirectly, by one or more blocked person is subject to the restrictions, even if it is not explicitly listed on the sanctions list.

It is important to note that most sanctions are still not targeting energy exports, and even the U.S. Treasury ban on ruble exchange makes exceptions for certain energy-related payments.

Latest moves to hit Russia’s supply chain follow SWIFT action at the weekend

Last Saturday evening, the U.S., along with the E.U., UK, Canada, France, Germany and Italy announced its plan to ban select Russian banks from the Society for Worldwide Interbank Financial Telecommunication (SWIFT) system, a high-security network (messaging system) that facilitates cross-border payments among 11,000 financial institutions in 200 countries.

SWIFT is the principal method for financing international trade, so the removal of Russian banks will have implications for supply chain leaders when their organizations are attempting to buy products or services from firms located in Russia (see “Explainer” below).

The White House Released a joint statement reading: “This will ensure that these banks are disconnected from the international financial system and harm their ability to operate globally.”

The European Union, US, UK and Canada have banned seven banks from SWIFT. They are considered to be those most involved in financing the war and closely tied to President Vladimir Putin and it includes Russia’s second largest bank, VTB. Other entities include Bank Otkritie, Novikombank, Promsvyazbank, Rossiya Bank, Sovcombank and VNESHECONOMBANK (VEB). Sberbank and Gazprombank are likely exempted because most of the payments related to energy flow through them. Eliminating their participation in SWIFT would make it virtually impossible to process funds to pay for Russian oil and gas, which Europe relies heavily on.

Around 40% of Europe’s natural gas supplies come from Russia, and Germany and Italy are among the biggest users of SWIFT.

The SWIFT system processes around 10 billion financial messages a year, is based in Belgium and overseen by the G10 central banks. Russian transactions account for 1.5% of all of SWIFT’s global transactions annually. The U.S. and Germany are the biggest users of SWIFT to communicate with Russian banks.


Financial restrictions a key element of wider economic sanctions package on Russia’s supply chain

The selective removal of Russian banks is part of an effort designed to “collectively ensure that this war is a strategic failure for (Russian President Vladimir) Putin.” This follows steps taken late last week by the E.U. and at least six other countries to impose more significant economic sanctions against Russia.

The countries imposing these sanctions announced the launch of a “transatlantic task force.” The task force will “ensure the effective implementation of our financial sanctions by identifying and freezing the assets of sanctioned individuals and companies that exist within our jurisdiction.”

Their action targeted its largest banks, as well as freezing the assets of certain Russian oligarchs and their families. It also directly targeted President Putin and his foreign minister, Sergey Lavrov, and other members of Russia’s security council.

Putin has accumulated over $600 billion in foreign reserves in an attempt to insulate his country from the economic crisis it experienced after the Crimea invasion and 2014 sanctions. But this strategy has failed. It is clear that Putin did not expect such quick, severe and coordinated steps to be taken against Russia.

The West has taken unprecedented steps to prevent Russia from using these reserves to undermine sanctions. To date, all 10 of Russia’s largest financial institutions – which collectively hold nearly 80% of the Russian banking sector’s total assets – have been targeted.

Looking just at the newly U.S.-sanctioned Russian financial institutions, an analysis of Interos’ global relationship data found over 920 distinct related entities in our platform. The majority of the entities directly affected are in the U.S. (8%), followed by the UK and Ukraine (6% each). The industries directly affected by these sanctions are primarily oil and gas (20%). Next are banks (18%) and other firms operating in global capital markets (6%). These numbers will grow exponentially as more sanctions are announced. Russian companies will continue to lose liquidity in equity markets and in their ability to raise capital around the world.


Explainer: How SWIFT works

Example: A German company buys a product from Russia. They transfer money from their German bank account to the Russian company’s account using its SWIFT code.

The German buyer sends a message via SWIFT to the Russian company. The message says that the transfer of the money is incoming, and that it can access the funds.

Russian banks that cannot process these payments will be unable to facilitate international business. Their deliveries of oil, gas and other commodities would stop.

No robust alternatives to this system are available to Russia in the near term. After the 2014 invasion of Crimea and concerns about its dependence on SWIFT, the Central Bank of Russia developed its own payment system. This was titled the System for Transfer of Financial Messages (SPFS). The Russian government subsidizes SPFS to encourage usage of it. It includes 400 Russian bank users (more than in SWIFT) and accounts for around 20% of domestic transfers. However, only about a dozen foreign banks use it, including only one Chinese bank.

Continue to follow the Interos Crisis Resource Center and Blog as the crisis evolves in Russia and Ukraine. We will continue to post supply chain information and insights as they become available.

Russia/Ukraine: Aerospace & Defense Face Heightened Cyber Risk

Russia’s invasion of Ukraine and the imposition of sanctions by the U.S. and European countries has raised the cyber risk profile of aerospace and defense companies. Amid continued financial and economic fallout, there are concerns about an escalation in cyber-warfare that is fueling worries among western companies of a large-scale retaliatory cyber attack.  Several Ukrainian government websites have already been taken offline. Recent ransomware and other attacks against U.S. and European firms ranged from logistics (Expeditors International) to mobile communications (Vodafone Portugal) to fuel distribution (Marquard & Bahls) and food products (KP Snacks). All of these incidents caused severe services and supply chain disruption.

Authorities have attributed these attacks to cyber-criminals rather than nation states. Still, the Cybersecurity & Infrastructure Security Agency (CISA) recently posted a “Shields Up” warning to U.S. organizations. It urges them to take steps to protect critical assets against possible Russian government attacks. The UK’s National Cyber Security Centre also advised British companies to ensure their cyber defense measures are up to date.

Interos Insight on Cyber Risk

In addition to energy and critical infrastructure providers, companies in the aerospace and defense (A&D) industry are obvious targets for such attacks, both for denial of service and intellectual property theft. Their strategic importance to national security is one obvious reason, but another is high levels of concentration risk in the sector due to specialized products A&D firms rely on.

Concentration is a well-understood, but vitally important and often ignored risk in supply chain security. It refers to a cluster or a shared supplier within a supply chain. A cyber attack against Western companies could have disastrous effects.

If a shared prime A&D supplier were disrupted by a Russian cyber-attack, it could have a strong ripple effect across the entire sector – much as the shutdown of Taiwanese chip makers during Covid-19 ground U.S. automotive production lines to a halt.

Looking Inside the Numbers

To gauge the extent of concentration risk in A&D, Interos took the 2021 top 100 list of defense contractors published by the industry publication Defense News and used our global relationship data graph of more than 350 million entities to map their extended supply chains.

We found that this group of top defense contractors have 1,755 suppliers in common. This included six of the top 20 suppliers to the industry. One of these six suppliers had 27 separate connections to the top defense contractors. And the list doesn’t only include component and material suppliers, but also banks and financial institutions. Indeed, 29 of the A&D companies use the same bank, according to our proprietary data. The over-reliance of many defense companies on a limited number of suppliers makes them vulnerable to disruption if those shared suppliers are compromised. That compromise could come in many forms: a cyber attack, operational failure, or other unforeseen event. Most of the top defense contractors’ shared suppliers had strong cyber and financial risk scores, based on the Interos i-Score model. However, those scores began to weaken further down the list.

This does not mean that these top defense contractors are currently impacted by a new cyber threat from Russia. But the existing level of concentration risk revealed in the data, which is not atypical, could magnify the damage of a large scale cyber attack.

Because CISA’s “Shields Up” warning was directed to US companies, suppliers based outside of Western Europe and the U.S./Canada may not be responding in the way that is necessary. Criminal hackers pose a significant threat to companies with inadequate cyber security measures. State-sponsored hackers can draw on vastly bigger resources. They are therefore likely to be more successful in disrupting critical supply chains.

During this time of war, companies should make taking care of any employees affected by the devastation their first priority. And regardless of how the potential cyber threat posed by the immediate crisis plays out, companies need to monitor their supply chains for cyber risk and other sources of supply chain risk. Software supply chain attacks grew by more than 300% in 2021 compared to 2020. We expect them to increase even further in the coming years. A careful and continuous assessment of a supplier’s security posture, and their overall risk profile, will be critical to helping insulate organizations and their stakeholders from supply chain cyber attack or other disruptions.

Continue to follow the Interos blog as the crisis evolves in Russia and Ukraine. We will continue to post supply chain information and insights as they become available.

Critical Questions for Business Leaders with Commercial Ties to Russia and Ukraine

Over the past few days, we’ve been in close contact with a range of customers and businesses who are trying to determine the best path forward as the conflict escalates in Ukraine and as more multinational companies decide to dissolve, cut back or suspend operations in Russia.

As we engage these leaders and provide technical and in-kind support to help vulnerable and displaced communities devastated by this invasion, I wanted to take a moment and share some of the challenges facing our commercial and government partners at the moment and the counsel we are providing. Our hope is that some of this is helpful as you think through your own considerations.

CEOs and other prominent business leaders are confronting tough questions about their commercial connections to Russia. These questions can be difficult to answer given the complex interdependencies of today’s global supply chains. Consumers and employees want to know whether business relationships with the Russian government or Russian companies will be discontinued. Many more want to better understand how the invasion has impacted companies or their suppliers.

Large companies quickly curtail Russian operations

CEOs must be prepared to to answer these questions and some already have taken action. BP is expecting to take a $25 billion hit after its decision to cut ties with the Russian state-owned energy firm, Rosneft. Twitter has ceased selling ads in Russia and has added special labeling to tweets sharing Russian state-produced media. YouTube blocked Russian channels from earning ad dollars. Several prominent law firms and lobbyists have dropped Russian clients. Meta has established a special operations center and is prohibiting Russian state media from running ads or monetizing on its platform anywhere in the world. And just within the last 24 hours we’ve seen Delta, DHL, UPS, FedEx, Dell, Maersk and Shell announce significant measures to curtail operations in Russia.

While not all companies can move swiftly, CEOs need to communicate their organizations’ status and intentions with all critical stakeholders. This includes identifying business partners in Russia and employees from Russia who perform work delivered abroad. It also requires a clear rationale for firms who are not immediately severing ties with Russian commercial connections.

According to a recent LumApps/CMS poll, 76% of employees surveyed said they want to work for companies with a strong social impact. Employees will be carefully watching the actions their companies and organizations take. Business leaders should over-communicate to employees all efforts in the name of transparency.

Key questions you need answers to:

As the war in Ukraine continues, business leaders should also answer the following questions to ensure operational resilience, and maintain trust with their employees and customers:

  • Do you have long-term plans to accommodate impacted employees in Russia and Ukraine?
  • Have you developed a plan to work with relief organizations in Ukraine?
  • Do you have visibility into your supply chains beyond first- and second-tier suppliers?
  • Have you evaluated required levels of inventory and labor in the short to medium term?
  • Are you actively discussing business continuity plans with key suppliers?
  • Do you have contingency plans in place to switch to, or qualify, alternative sources for essential products and services?
  • Are you prepared for cyber attacks?
  • Are you in close contact with your people and suppliers in other parts of Eastern Europe?
  • Are you tracking new sanctions and export controls from various markets?
  • Are you in contact with your elected officials in the U.S. and Europe as conditions continue to evolve?
  • Has your organization developed an integrated communication plan that includes timely updates to employees, customers, suppliers, investors, government officials and media?

With proper analysis, planning, and unyielding  compassion for every person and business caught up in this tragedy, it is possible to mitigate significant risk, ensure operational resilience, and avoid supply chain disruption.

Interos will continue to update our blog with updated supply chain data and insights as the events in Ukraine evolve. Please check back frequently and reach out to help provide visibility into your supply chain to ensure all business relationships meet company standards. Most important, keep the people of Ukraine in your thoughts. The world can and must help all nations find a path to peace.