Uyghur Forced Labor Prevention Act (UFLPA) & ESG Violations – Interos

CBP Implements UFLPA: The Newest Law Targeting Supply Chain Washing and ESG Violations

On Monday, the United States’ Uyghur Forced Labor Prevention Act (UFLPA) goes into effect. Focused on a controversial region in northwest China, the landmark law creates a presumption that any products “manufactured wholly or in part” in Xinjiang are made with forced labor. It bans all imports from the territory unless a company can prove otherwise.

The guidance sets out CBP’s agenda of enforcement and prioritizes investment in supply chain visibility technology and “digital traceability.” It also explicitly bans US companies from importing any products from a list of 20 newly named Chinese companies (many of which are based in Xinjiang), unless the importer proves the goods were not made with forced labor. The list of restricted companies is expected to grow as further labor violations are uncovered, and as named companies adopt aliases to evade detection. Interos is adding these restricted entities to our platform to help customers ensure they’re not in violation.

The law is the latest and boldest attempt to combat an increasingly common practice known as supply chain washing – the concealment of critical information about how products and services are sourced and sold.

While bad actors are certainly responsible for a significant amount of supply chain washing, even companies that believe they are acting in good faith can inadvertently violate sanctions, restrictions, and export controls through hidden unknown relationships in their supplier or customer networks.

Concerns Over Supply Chain Washing, Supply Chain Visibility, Rise 

The implementation of the UFLPA comes at a time when outcry over supply chain deception is high, as much of the world witnesses China’s persecution of the ethnic minority Uyghur population in Xinjiang. The U.S. has described China’s treatment of Uyghurs as genocide.

The UFLPA is part of a series of growing global regulatory actions requiring organizations to act on ESG hazards in their supply chains.

Global supply chains could be significantly impacted by the new law, since Xinjiang is one of the world’s largest producers of cotton as well as polysilicon, which is used to manufacture solar panels.

These growing regulatory dynamics are creating a new urgency to comply with the UFLPA and the many other anti-supply chain washing laws being passed around the world. In their enforcement strategy, US Customs and Border Protection (CBP) specifically cites supply chain washing as a concern, stating that “manufacturing processes and multi-tiered supply chains can further obscure the use of forced labor inputs by incorporating them into legitimate manufacturing processes… Such goods could then be exported from a third country to the United States as a means of obscuring or “laundering” the importation of tainted raw materials from Xinjiang.”

The shifts require organizations take a multi-pronged approach to reduce related supply chain risk.

UFLPA Forces Extra Due Diligence and Required Documentation

  1. To comply with the law and overcome the rebuttable presumption, importers with exposure to Xinjiang or need to be implement a heightened due diligence process for supply chain tracing. The UFLPA requires a significant, risk-based supply chain diligence program, including a written code of conduct, an ongoing monitoring and compliance program and plans on how to remediate violations. The evidence required to demonstrate supply-chain tracing is extremely detailed and requires very extensive mapping and documentation.
  2. A substantial portion of CBP’s guidance focuses on prioritizing “cutting-edge technologies to identify and trace goods made with forced labor, specifically those technologies that support enhanced visibility into trade networks and supply chains that source goods or materials made with forced labor.”
  3. The Forced Labor Enforcement Task Force (FLETF) has issued detailed guidance on “due diligence, effective supply chain tracing, and supply chain management measures” aimed at avoiding the importation of goods produced with forced labor in Xinjiang. CBP points to the Department of Labor’s Comply Chain as a template for a compliant due diligence program.
  4. Supply chain leaders should only expect the need for compliance to rise with future guidance, as CBP makes clear in their release of intent to gather “foreign corporate registry data to map the structure of multinational companies and their global corporate networks.”

Anti-Supply Chain Washing Laws are On the Rise Globally

The UFLPA is far from the only sign that global regulators are cracking down on supply chain washing.

The US Securities and Exchange Commission has proposed rules to dramatically increase ESG disclosure requirements, and is taking a much stricter approach towards enforcement, probing large investment firm’s so-called sustainability funds

Take the example of S&P: In late March S&P settled allegations that it violated U.S. sanctions on Russia when it continued to extend credit to Rosneft, the country’s leading oil and gas company. Or examine recent incidents where components sourced in the UK and Germany were found in Russian warfare machinery being used against the people of Ukraine.

It’s simply not enough to know just who is in your supply chain and what they are doing. You also need to know about where your own products end up.

Supply Chain Washing Can Occur Anywhere

Xinjiang is far from the only area of the world generating concern over supply chain washing:  On June 29, the Financial Times published a story highlighting evidence that strongly suggests that Russia may be using concealed/intentionally mislabeled shipments to export stolen grain from Ukraine through already-sanctioned ports in Crimea. Authorities admit confirming whether or not these shipments contain looted grain is difficult, and that ships containing sanctioned goods will often directly transfer cargo to other vessels once at-sea to avoid detection.

Despite these difficulties, accepting shipments of potentially sanctioned goods creates massive risk for large companies. In an interview with the Financial Times, Aline Doussin, a partner at Hogan Lovells, stated that even companies in locations that have not directly placed sanctions on Russia “might find that large multinational companies from those places stop trading with them over concerns that they were indirectly trading with sanctioned entities.”

German Law Shows Trend in Supply Chain Accountability 

Germany’s Supply Chain Law takes effect January 1, 2023. That law requires any company doing business in Germany to vet both their direct (Tier 1) and indirect (Tier 2) suppliers for compliance with core human rights and environmental protection measures – or face fines of up to 2% of their global revenue.

In analyzing companies subject to the German law, Interos found approximately 53% have problematic ESG scores using a proprietary scoring method that dynamically assesses an organization’s risk.

Although other European Union member countries are not yet in agreement on the terms of such legislation, it is likely the E.U. will follow with similar anti-supply chain washing laws in the near future.

ESG Supply Chain-related Disruptions Remain Expensive

The Interos 2022 Annual Global Supply Chain Report revealed that ESG-related issues currently cost companies, on average, $35 million per year – and those costs will rise as more anti-supply chain washing laws are enacted.

But many aspects of global supply chains are complex and opaque: most organizations only have visibility of their first- and second-tier suppliers.

Almost one-third (30%) of respondents to Interos’ annual survey said they would only know about an ESG violation in their supply chain if it occurred at their first tier of suppliers – not beyond.

Awareness of ESG issues in a company’s supply chain is no longer optional. Ignorance is not only costly financially and reputationally, but it can also put a company out of compliance with governmental regulations

Organizations must prepare for increasing scrutiny of ESG risks in their supply chains

The UFLPA is just one piece of a growing body of global legislation aimed at cracking down on unsound business practices, and the supply chain washing measures used to conceal them.

With new regulations being implemented every day, the already-high cost of noncompliance and poor supply chain visibility is only going to rise – but most organizations still report limited visibility of their suppliers, and a majority have ESG scores indicating noncompliance with some emerging laws.

Organizations will need to invest in capabilities and tools that give them continuous visibility over their direct and indirect suppliers and buyers. CBP’s guidance specifically states that the organization will invest in “enhanced supply-chain tracing technology that can connect imported goods to Xinjiang and other parts of the world at high-risk for forced labor. CBP also plans to invest in advanced search engines that may allow CBP to link known or suspected forced labor violators with their related business structures and transactions.”

As mentioned, Interos is adding the 20 entities named in Monday’s guidance to our automatically monitored entity list. We will continue to update our platform to assist with UFLPA compliance.

When it comes to sustainability and supply chain washing, the tide is clearly turning. Businesses that invest in powerful technology solutions and build robust compliance programs will be able to embrace this change with open arms. Those that ignore this wave of change, do so at their peril.

How Interos Can Help

The video below shows how Interos customers can quickly check their exposure to Xinjiang and the companies sanctioned in the UFLPA with just a few clicks – and how to setup continuous monitoring groups to receive alerts should their risk exposure change.

China Zero-Covid Policy Supply Chain Impacts

By Daniel Karns and Alberto Coria

A sharp increase in Covid cases and zero-Covid policies implemented across China resulted in massive shutdowns of city, ports, and business operations in Shanghai and surrounding cities. These shutdowns have impacted the movement of goods out of ports into mainland China where those goods are processed into consumer products. The implications of China zero-Covid policy supply chain disruption are immense. With no movement of goods, prices increase, labor shortages occur, backlogs at ports increase, and manufacturing operations stall as inventories deplete. 

The Impact of China’s Zero-Covid Policy on Domestic Supply Chains: An Overview

Road freight constitutes one of the key infrastructures and transportation services in China. Approximately 76% of all cargo and goods are moved from ports into mainland China via truckers. Despite being a key industry, trucking in China is only operating at about 20% capacity due to zero-Covid policies and city shutdowns in Shanghai, further compounding the fragmentation and inefficiencies already within the trucking industry. About 90% of truckers operate independently, meaning the driver owns their own truck and operates on contracts from companies needing goods transported to and from their facilities. 

Several economic factors result from such heavy market fragmentation. First, this creates an information/communication problem between truckers, suppliers, and manufacturers. Open-source intelligence indicates that truckers have no way of knowing where the demand is since there is no sole coordinating agent. This leads to inefficiencies and long lead times when sending and receiving goods. Different regions of China have different rules and regulations, further complicating coordination. 

For long-distance freight truckers, transporting goods has become considerably more arduous as Covid-related protocols now include negative Covid tests that are only valid for 24 hours and special permissions and licenses, and limited routes to travel. Truckers are also not allowed to travel to ports and cities experiencing Covid-19 outbreaks, which would include the busiest ports in China. Additionally, drivers now intentionally avoid high-contamination areas since contracting the virus would result in two or more weeks of no income. Second, wages for truckers decrease since drivers possess no bargaining power due to their independent operating status. Additionally, drivers will consistently underbid each other to win contracts to secure consistent work, further decreasing wages. 

The national average salary for a trucker in China lies just under 20,000 USD. Although it is above the national average of 15,000 USD, independent truckers have to incur all the costs when transporting goods. Toll roads in China rank as the most expensive in the world and pose additional costs on the transportation of goods. This further lowers the profit margin for drivers and impedes the delivery of wares. Drivers also must cover their own fees and costs incurred from meeting all regulations and being compliant, costing up to half of what the trucker would make.

In terms of sea freight, the impact of China’s zero-Covid policy on the supply chain is not much better. Globally, about 20% of the world’s roughly 9,000 active containers are anchored outside congested ports. Seven of the ten largest ports in the world are in China, indicating major consolidation risk in the event of shutdowns. Vessels waiting outside of Chinese ports account for about 27.7% of all vessels waiting outside ports globally. The number of vessels outside Chinese ports increased by 195% since February 2022, almost doubling its congestion in the span of two months. As of February 2022, Chinese ports had 260 vessels waiting outside the ports, jumping up to 506 vessels in April 2022. 

Backlogs and port closures also spurred a shortage of shipping containers since imports were no longer coming in with the empty containers. As a result, Chinese exporters are having to pay two to three times more than pre-pandemic costs to ship anything. The Freight Rate Index measures market rates for freight for different shipping lanes. Displayed by the visual below, the freight rates out of China are much higher than the global average and the highest among other shipping lanes.

Rail freight is also affected by the shipping shortage as well as restrictions and limited alternatives to move goods. There are two main routes for rail freight out of China: one goes through northern China into Siberia to get to Europe, and the other goes through Kazakhstan to get to Europe. However, trade restrictions and a myriad number of sanctions placed on Russia render both these routes obsolete as shipments coming through Russia to neighboring countries face severe hindrances and restrictions because of the ongoing war in Ukraine. If rail shipments move out of China, there are several dependencies that can prevent shipments from returning. This would in turn result in a loss of shipping materials/containers and raw materials required for the manufacturing of end-user products. Like sea freight, movement of goods by rail closely depends on the availability of shipping containers. Currently, the backlog on ports due to closures and backlogs have left many rail freight companies without any way of shipping or moving goods, highlighting a vulnerability within rail freight. 

Most airports in key ports and towns reached capacity or have suspended operations of air freight due to Covid restrictions and capacity limitations. Airports are also pausing movement of goods through the air and keeping cargo from being unloaded. Freight is being diverted from Shanghai into neighboring ports and airports but capacity in the surrounding cities is quickly filling up. 

  • Guangzhou and Xiamen airports have already suspended trucking services to Shanghai, Ningbo, and Hangzhou airports. 
  • Nanjing airport suspended import operations while Zhengzhou currently experiences seven days of backlog and takes three to four days to turn around processing. 
  • Shanghai airport has suspended all truck services, air cargo services, and most flights as well as requiring a government permit to travel to other locations.

The Impact of China’s Zero-Covid Policy on International Supply Chains: An Overview

Much of the impact of China’s zero-Covid policy on supply chains will likely come from China’s 2022 Shanghai lockdown, and will have long-lasting effects on the world’s supply chains. The lockdown will likely exacerbate inflation issues by reducing the supply of consumer goods and raising the rates on cargo shipments from China to western ports. The lockdown will also overwhelm ports in the United States and Europe with a surge of shipments once it is lifted. Additionally, the ongoing lockdown in Shanghai, as well as the movement restriction orders elsewhere in China, have reinvigorated the desires of many western procurement teams to better understand and diversify their supply chains. These effects are likely to continue being absorbed by the global economy up to through the first half of 2023. 

Shanghai’s port is expecting a surge in shipments once it reopens, as there are currently over 500 ships stranded at its gate. In addition to the shipping disruptions the Shanghai lockdown is creating, European and American companies are reporting that half of their logistics, warehousing, and supply-chain operations are being adversely impacted by the lockdowns occurring in China. Furthermore, nearby manufacturing hubs in Vietnam and Cambodia are suffering from a shortage of Chinese components for their electronic and textile manufacturing industries, and pharmaceutical companies in India such as Abbott India Limited and Mankind Pharma Limited are facing limited supplies.  

An important reference to analyze is last year’s lockdown at the Yantian port of Shenzhen, and how it caused logistical disruptions for the United States and Europe. In May of 2021, over 100,000 shipments were not allowed to enter or exit the Yantian port, which resulted in containers accumulating in factories and warehouses. Several weeks after the port opened in Shenzhen, ports in the United States and Europe experienced severe congestion and backlogs, which have only been cleared since the end of Q1 2022. The Shanghai lockdown is likely to have an even stronger effect on ports in the United States and Europe, as Shanghai is the biggest container port in the world and this year’s lockdown is much more heavily enforced by Chinese port authorities and the central government. Furthermore, Shanghai’s lockdown is affecting all forms of transportation and manufacturing in the city, causing the effects to be more widespread than the Yantian case which was primarily isolated to the port and production hubs.

When the Shanghai lockdown is lifted and resumes normal port operations, then ports in the United States and Europe will likely see a drastic surge in imports, potentially overwhelming their intake systems and procedures. Major American ports such as Long Beach and Los Angeles are already at full capacity due to lack of equipment, labor negotiations, and existing backlog from Covid-related supply chain issues. 

One of the most prominent long-term effects that will manifest as a result of the Shanghai lockdown will be further price inflation on goods that are heavily reliant on Chinese sourcing and shipping, specifically those that rely on commodities such as copper and aluminum to be manufactured. As manufacturers in industries such as electronics or automobiles are deferring purchases of raw materials due to Shanghai’s lockdown, commodities have temporarily become cheaper, but will become more expensive as a surge in orders returns at the onset of Shanghai’s economy opening. 

The lockdown of Shanghai has also caused delays estimated to be at least several months for shipments going to semiconductor manufacturers and automakers in the US and Europe. The full impact is yet to be known, as 45 cities are under lockdown measures of varying severity. It is estimated that 1.3 trillion USD worth of Chinese inputs are used in the electronics and automotive sectors by the rest of the world, with Japan, South Korea, Vietnam, India, and Germany being the most exposed countries.

While the Shanghai lockdown is having a drastic effect on shipping logistics worldwide, China still has seven of the world’s ten biggest container ports (Shanghai, Ningbo-Zhoushan, Shenzhen, Guangzhou, Qingdao, Hong Kong and Tianjin). While slow to react, the other major Chinese ports listed are beginning to coordinate to import and export containers that have been diverted from Shanghai.

While many of the effects of China’s “zero-Covid” strategy are already being absorbed by the global economy, they are likely to continue for the remainder of 2022 and into the second quarter of 2023. It will be crucial to continue monitoring China’s domestic restrictions on the movement of goods and its primary port activities or traffic. 

Download our white paper to learn more about this topic: Second Order Disruptions China COVID Lockdown Analysis – Interos

The US Government’s Cyber Supply Chain Warning

By Stuart Phillips & Geraint John

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has urged government and commercial organizations to patch vulnerable software and IT systems more rapidly in response to a flurry of malicious attacks against the cyber supply chain.

Last week, CISA issued an emergency directive requiring all federal civilian agencies using VMware’s Workspace ONE Access and other products to either patch or disconnect these systems by 5 p.m. ET this past Monday.

Separately, CISA also warned that hackers were actively targeting unpatched versions of F5 Network’s BIG-IP systems used to manage network traffic.

These new alerts join several others issued in recent weeks regarding cyber supply chain risks.

Earlier this month, CISA and other national cybersecurity agencies warned that managed service providers and their customers were at a heightened risk of attack. In late February, CISA issued a wide-ranging “Shields Up” advisory in the wake of Russia’s invasion of Ukraine, warning that malicious cyber activity was likely to increase.

VMware and F5 vulnerabilities exposed

Commenting on one of these vulnerabilities, CVE 2022-22954, cybersecurity firm Mandiant said: “An attacker could exploit this vulnerability to perform a server-side template injection… An attacker would need to send a specially crafted request to the vulnerable system. A failed attempt at exploitation could potentially cause a crash of the application, resulting in a denial-of-service condition.” 

On April 13, VMware confirmed the exploitation of this vulnerability in the wild. On April 25, The Hacker News reported that a threat actor known as “Rocket Kitten” actively exploited this vulnerability to deploy the Core Impact penetration testing tool on vulnerable systems. 

Mandiant Threat Intelligence wrote that they consider this “a high-risk exposure due to the potential for arbitrary code execution with no user interaction required.”

VMware issued patches for this and other vulnerabilities in April and released additional fixes last week. CISA’s emergency directive suggests that many organizations have not quickly updated their systems.

And it’s not just government agencies that are at risk from these supply chain risks. 

“We also strongly urge every organization – large and small – to follow the federal government’s lead and take similar steps to safeguard their networks,” CISA said late last week.

Vulnerabilities extend into the cyber supply chain 

There are many reasons why organizations fail to update their software and hardware fast enough, but budget and staffing shortages are primary.

Proactive Chief Information Security Officers (CISOs) can quickly discover if they have an installed vendor with security issues and schedule patches or updates to mitigate the problems. 

The real challenge is knowing whether their cyber supply chains have critical suppliers or partners using compromised systems and then taking steps to address those vulnerabilities. 

An analysis of Interos’ global relationship mapping platform data reveals the scale of the challenge: 

  • 1,239 companies were identified using VMware’s Workspace ONE Access or F5’s BIG-IP products.
  • 88 of these companies use both vendors.
  • Of the top five direct buyers, more than half (58%) were U.S.-based and more than one-quarter (29%) were in the IT software and services sector.
  • The U.K., Canada, Australia, and India are also home to major direct buyers, with banks, consumer services firms, and healthcare providers.

Looking further upstream into the extended cyber supply chain:

  • The 1,239 companies using the affected VMware and F5 products directly supply more than 98,000 customers in the U.S., U.K, Germany, Canada, and other countries.
  • These 98,000-plus firms, in turn, do business with more than 600,000 firms at Tier 2. 

Mandiant’s 2022 M-Trends report, published last month, found that supply chain intrusions were the second most prevalent form of attack in 2021.

Almost one-fifth (17%) of intrusions involved a supply chain compromise – up from just 1% in 2020. The vast majority of these attacks were related to the SolarWinds breach

Last week, cybersecurity firm SentinelOne published an analysis of a new supply chain malware attack against the Rust development community.

CISOs must monitor supply chain risks

Predicting the next supply chain cyber-attack or disruption is a dark art. However, being aware of all your suppliers and their connections may give you a better chance to understand weaknesses in your cyber supply chain and mitigate risks. 

Gone are the days when sending a survey to a supplier every two years and asking only about cyber risk was a practical approach. 

The best CISOs actively contribute to operational resilience by continuously monitoring their entire supply chains for multiple types of threats – including vendor financial weakness – using a risk mapping and scoring solution such as the one developed by Interos. 

To learn more about Interos, visit Interos.ai

Redesigning Global Supply Chains to Build Greater Resilience

By Geraint John and Margaret D’Annunzio

The ongoing litany of supply chain disruptions is prompting many organizations to redesign their global supply networks to build resilience. New research published this week by Interos found that almost two-thirds (64%) of executives said their organizations planned to make “wholesale changes” to their supply chain footprints.

And it’s not only business leaders that are focusing on the need for greater supply chain resilience.

Heavyweight economic and political institutions are also weighing in on the issue and proposing a variety of (sometimes conflicting) solutions – as evidenced by two recent reports from the International Monetary Fund (IMF) and the U.S. government.

The latter’s “Economic Report of the President,” (Economic Report) published in April, devotes an entire chapter to “building resilient supply chains.”

This portion of the Economic Report robustly analyses the evolution of modern supply chains and discusses some of the failures associated with firms’ and countries’ increased reliance on outsourcing and offshoring.

The Economic Report suggests that some of main reasons for supply chain globalization since the early 1990s are: Greater access to foreign suppliers through IT advances and lower trade barriers; government subsidies for key manufacturing sectors; and short-term financial incentives for top executives.

It argues that although COVID-19 exacerbated supply chain risks and made them more obvious, the pandemic did not create the majority of vulnerabilities, nor will its end abate them.

“Because of outsourcing, offshoring, and insufficient investment in resilience, many supply chains have become complex and fragile,” the report notes.

Shining a Light on Concentration Risk

Interos’ own research found that concentration risk is of particular concern to senior supply chain executives. Almost 9 out of 10 of the 1,500 procurement, IT and IT security professionals surveyed by Interos in the first quarter of 2022 agreed they had too many suppliers located in one area of the world.

Concentration is a Big Concern

“My organization has too many suppliers concentrated in one area of the world and this is of concern to us”

n=1,500; Source: Resilience 2022: The Interos Annual Global Supply Chain Report 

The White House report cites several examples of highly concentrated supply chains:

  • Taiwan (and its dominant manufacturer Taiwan Semiconductor Mfg. Co. [TSMC]) produce 92% of the world’s supply of advanced semiconductors
  • China manufactures 73% of lithium-ion batteries and has a 97% global market share of ingots and wafers used to make solar panels
  • China also has a dominant position in the battery raw materials: lithium and cobalt, of which it refines 60% and 80% of global supply, respectively

Recent analysis of Interos’ global relationship mapping database found that while TSMC, as a contract manufacturer to the semiconductor industry, has a relatively small number of direct customers in the U.S. and Europe (Apple being the largest), its importance at tiers 2 and 3 is enormous.

And a new Interos report on rare-earth elements (REE) – which are also important inputs to computer chips and electric vehicles, among other products – noted that China controls 84% of the global market, with over 100,000 U.S. companies and more than 50,000 European firms having the top 21 Chinese REE suppliers in their extended supply chains.

Will Reshoring Really Bring Resilience?

One potential solution to fragile and concentrated global supply chains that gets plenty of airtime is reshoring production back to “home countries”.

Respondents to Interos’ annual survey said that, on average, they expected to reshore or nearshore around half (51%) of foreign supplier contracts in the next three years.

The White House’s Economic Report argues that “at least some domestic production of critical goods” such as semiconductors and batteries is required – in part for national security reasons.

However, the IMF, in its equally detailed analysis, takes a somewhat different view, noting that, on average, 82% of Western firms’ intermediate inputs are already sourced domestically. It argues that “policy proposals to reduce dependence on foreign suppliers, especially in strategic sectors… may be premature, if not misguided.” Instead, the IMF advocates greater diversification in international sourcing – that is to say, increasing the number of suppliers and locations used.

Interos’ survey findings appear to support this view, with more than 60% of executives saying their organizations plan to increase the number of firms in their supply chains over the next three years, compared with 15% or less that expect to reduce them.

Supplier Diversification is Happening

How the number of companies in organizations’ supply chains will change

n=1,500; Source: Resilience 2022: The Interos Annual Global Supply Chain Report 

 

Even if managers do successfully make the business case for bringing product manufacturing back onshore, they still face a number of challenges – not the least of which is developing a local supply base.

French sportswear brand Salomon is a case in point. It decided to make its running shoes in a highly automated plant in France after many years operating in Asia, but found it was still reliant on suppliers of soles and other parts in China and Vietnam.

Improving Supply Chain Visibility & Resilience

Despite their differences, the IMF and White House reports do agree on some things. Chief among these, perhaps not surprisingly, is the need for government policy to support companies in their resilience-building efforts.

Interventions include:

  • Improving transportation infrastructure, such as major ports
  • Reducing international trade costs, and in particular non-tariff barriers
  • Convening and coordinating firms to develop standards and find industry-wide solutions
  • Aggregating and disseminating data that help companies better understand their supply chains

On this latter point, both reports emphasize the importance of supply chain visibility.

“Visibility into supply chain relationships is necessary to identify vulnerabilities in supply chains, so that firms can properly plan for disruptive events,” notes the White House report.

Interos’ survey found overwhelming support among executives for technology to solve this problem.

Although less than a fifth said their organizations were already using intelligent, automated solutions to understand interdependencies at multiple tiers, three-quarters expected to have such technology in place within the next 12 months.

To download a copy of Resilience 2022: The Interos Annual Global Supply Chain Report, click here.

New York’s Fashion Act Has Potential Global Supply Chain Impact

Earlier this year, lawmakers in New York State unveiled the Fashion Sustainability and Social Accountability Act that would require clothing companies with more than $100 million in annual revenue to meet environmental, sustainability and human rights standards in their supply chain.

Known simply as the Fashion Act, this proposed legislation aims to hold fashion companies that do business in New York accountable for their role in climate change and human rights abuses.

Most notably, the act would require these firms to map at least 50 percent of their supply chains to disclose impacts such as greenhouse gas emissions and chemical and water usage. Brands would also need to disclose median wages for workers while taking more responsibility for safe working conditions.

The bill is currently under discussion in state legislative committees. It is expected to be put to a vote later this spring.

How the Fashion Act Expands Beyond New York

While the bill exists in New York, it could have a global impact. All major brands who do business in the state would need to meet the standards or discontinue operations in a massive global market. There is also the possibility that other states or countries could create copycat legislation that requires the same – or more stringent – standards.

The Faction Act goes beyond the standards set in California’s Garment Work Protection Act, which was first introduced in 2020 and signed into law in September of 2021. Under that law, businesses with more than 25 employees must pay garment workers a minimum wage of $14 per hour instead of piece-rate compensation.

The European Union is currently doing due diligence on mandatory human rights legislation. At the same time, countries including France, Germany, Australia and the United Kingdom have already created laws related to human rights and modern slavery in manufacturing.

Fashion Industry Faces ESG Challenges

According to the World Economic Forum, the fashion industry produces 10% of all humanity’s carbon emissions and is the second-largest consumer of the world’s water supply.

As the fashion industry’s economic and humanitarian issues have gained more attention in recent years, consumers largely want to purchase from ethical brands. Many fashion manufacturers have purposely hidden or are unaware of the downstream issues in their manufacturing supply chain.

At Interos, our platform helps organizations understand the full risks of their supply chain regardless of the industry. Using artificial intelligence and machine learning, Interos leverages more than 80,000 data feeds to help companies map, monitor and model their supplier network. As consumers push for more ESG transparency, manufacturers will need this enhanced supply chain visibility to ensure all suppliers meet organizational goals.

Mandatory Cyber Reporting Benefits Everyone

On March 15, President Biden signed the Cyber Incident Reporting for Critical Infrastructure Act of 2022 into law as part of the larger 2022 Consolidated Appropriations Act. Known as the Cyber Incident Reporting Act, the law requires certain critical infrastructure entities to swiftly report specific cyber incidents and ransomware payments to the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency.

Interos believes this legislation is a significant step forward in improving national security accountability, especially in supply chain attacks. Let’s look at some of the key reasons why it will help to promote resilience in cyber security.

Mandatory reporting forces organizations to address cyber security problems

Many organizations have significant cybersecurity problems. While many companies make a substantial effort to promote resilience in cyber security, others don’t. 

Recent supply chain attacks have exposed organizations with little or no cyber-security staff and budgets. These companies gamble on the assumption that they will not have a cyber problem, or no one will find out about it. Mandatory reporting will remove that flawed approach and force organizations to face proper scrutiny for their lack of effort, which prevents your competitors from benefiting from scrimping on cyber efforts.

Mandatory reporting promotes a straightforward focus on resilience in cyber security

In the past few years, many organizations have decided not to report cyber incidents for various reasons, primarily legal. They often count on an indifferent public and lax enforcement environment. 

Mandatory reporting makes the response a standard procedure for all organizations. Before mandatory reporting, executives could decide not to report incidents, hide severe internal issues, and reasonably expect to face only minor fines. Often they were unpunished in any situation. An organization that does not report can now face severe financial penalties and civil action for non-compliance. Companies can now focus on mitigation rather than deciding how to respond to a cyber incident, saving you time and money.

Mandatory reporting will help future legislation reflect actual threats faced by organizations

Organizations will often complain about governments proposing ineffective and challenging laws to comply with within the real world. However, it can be impossible to create legislation that improves national security and benefits the private sector without a correct view of cyber threats. Governments need to know what the real cyber threats are to legislate effectively, which ultimately helps your organization and industry.

Mandatory reporting forces organizations to prioritize compliance over secrecy

When attacks happen, organizations should act quickly and decisively to mitigate the threat. This effort includes policy changes, hardware changes, personnel changes, using a modern operational resilience platform, and more. It can be difficult for the cyber team to act freely without mandatory reporting. Imagine trying to order thousands of laptop hard drives because of a successful ransomware attack and being told by your leadership to slow down the replacement effort because it would arouse suspicions. 

Other issues include asking internal stakeholders to make significant changes immediately without telling them why it is critical. It is also impossible to reach out for help from public forums, vendors, industry groups, government resources, etc. Mandatory reporting allows cyber response teams to act without constraint, which will mitigate the threat in the fastest manner possible.

Mandatory reporting forces vendors to be more responsive to vulnerabilities

Unfortunately, bad publicity about a vendor’s cyber vulnerabilities and the resulting loss of sales are the primary drivers to fix these defects. Mandatory reporting brings these problems into the spotlight, forcing vendors to make fixes promptly. 

Mandatory reporting gives your organization awareness of a vendor’s issues. If issues have not yet been announced, or no customer has complained publicly, vendors would likely prefer to roll out new features rather than fix existing problems. Unless you become aware of a vendor’s issues, you cannot be proactive in patching or reevaluating your relationship with that vendor before you suffer an attack.

Conclusion: Standing together to promote resilience in cyber security

Mandatory reporting of cyber incidents will continue to be a controversial subject. Still, Interos believes compliance is in everyone’s best interest, and everyone should join together to report these events in a standard and timely manner. 

The new legislation’s reporting requirement gives an organization the freedom to respond as it is an expectation, not a choice, and an opportunity to educate the public and government on how outside forces plague their company, while also encouraging companies to have better cybersecurity solutions and vendors to resolve issues faster. This sea change will benefit your organization.

To see a demo of the Interos Operational Resilience platform, please check out https://www.interos.ai/resources/interos-product-overview/.

Expanded analysis on Europe – Ukraine supply chains shows hidden connections

A comment from a Volkswagen executive in the Wall Street Journal this week sums up the challenge facing many European and international companies when it comes to the crisis in Ukraine. “Ukraine is not central to our supply chain, but suddenly we discovered that when this part is missing, it is.”

The war has already taken an extraordinary toll on individuals, families, and communities in Ukraine. Another added layer of anxiety comes from employees and businesses not knowing the full extent of their commercial ties and dependencies on Russia or Ukrainian supply chains in their extended supplier networks.

European reliance on Russia/Ukraine supply chains is greater than it seems

Bad intelligence derived from opaque supply chains can have perilous implications on businesses and individuals. For instance, data from Interos’ global relationship mapping platform shows that less than 250 German companies have direct tier-1 suppliers in either country. But, when the focus is expanded to include their suppliers’ suppliers the number of connections jumps massively.

Germany-based firms across all industry sectors have:

  • Tier-2 connections with more than 1,600 suppliers in Ukraine, and over 7,500 in Russia
  • Tier-3 connections with more than 12,200 suppliers in Ukraine, and over 18,200 in Russia

Broadening the focus to the European Union as a whole plus the UK, the number of tier-2 and tier-3 connections with Russian and Ukrainian suppliers is greater still:

  • More than 8,200 European firms have tier-2 suppliers in Ukraine, and over 38,000 have tier-2 suppliers in Russia
  • More than 109,000 European firms have tier-3 suppliers in Ukraine or Russia

A survey of German supply chain and procurement executives conducted by Gartner last year found that 80%  of companies thought they had good visibility of tier-1 suppliers (more than three-quarters of companies, parts and locations known). However, only 7% said the same about tier 2, and only 5% about tier 3.

Given these findings, the fact that a company like VW is unaware of its risk exposure to the war Ukraine until critical parts stop arriving at its car factories should come as no surprise.

In a lean and just-in-time industry like automotive, where every part is critical no matter how cheap or small, the impact of disruption is more immediate than in other sectors. Which is why VW stopped production at its plants in Zwickau, Dresden and elsewhere this week.

Visibility helps companies respond to crisis

European supply chain leaders – like their counterparts in the U.S., Asia and elsewhere – may not have all the data they need to optimize their scenario modelling and risk mitigation strategies, but they are working towards improving  these capabilities.

Gartner’s 2021 supply chain risk and resilience study found that “better supply chain visibility” was the biggest area for improvement. 70% of the sample ranked it in their top three. 40% said it was their number one priority.

  • Almost two-thirds of respondents (64%) said they were working on multi-tier mapping now, compared with only a fifth (19%) who said they had processes in place previously.
  • Almost three-quarters (73%) said they were looking at technologies to help them map their multi-tier supply chains and improve visibility – compared with just 11% who had already done so.
  • More than half (57%) said that having “better supply chain risk tools/technologies” was a top 3 priority for improving risk management in their businesses.

Many of these improvement efforts and investments will not come in time to enable European companies to avoid supply chain disruptions stemming from the war in Ukraine. It is also unlikely that most businesses have insulted themselves from the impact of sanctions imposed on Russian firms as a result of Putin’s invasion.

This horrific and unjustified conflict has already upended decades of conventional thinking about war and international business, as well as the supply chains that underpin them. The data on tier visibility shared above is crystal clear evidence that despite limited immediate connections, deeper analysis shows just how interconnected and interdependent our economies, businesses, and people are.

Greater awareness of the level and nature of that interdependence is essential to building a supply chain and business community that can withstand immense shocks and continue to provide essential services and information in times of crisis.

Continue to follow the Interos Crisis Resource Center and Blog as the crisis evolves in Russia and Ukraine. We will continue to post supply chain information and insights as they become available.

Impact of government sanctions on Russia’s supply chain

Western governments continue to take actions to isolate and weaken Russia’s supply chain and overall economy in the wake of its invasion of Ukraine. On Monday, the United States took the aggressive move of sanctioning the Russian Central Bank. This will prevent American firms and citizens from doing any business with it.

The comprehensive ban includes the National Wealth Fund of the Russian Federation and the Ministry of Finance of the Russian Federation. As well as restricting U.S. business, the sanctions also ban any foreign financial entity from sending U.S. dollars to the Russian Central Bank, the finance ministry or the National Wealth Fund.

Other prominent sanctions

Other prominent sanctions include:

  • Full blocking sanctions on Russian defense entities. These will make it incredibly difficult for them to build aircraft, fighting vehicles, electronic warfare systems and ammunition.
  • Export controls targeting oil refining, which provide a key revenue source for the Russian government.
  • Adding any firm that supports the Russian and Belarusian military to the restricted Entity List. This would ban all firms that work with these two military operations from also working with American firms.
  • Banning Russian aircraft from entering and using domestic U.S. airspace.
  • The creation of an international investigative team aimed at seizing the financial resources of Russian oligarchs. These oligarchs provide critical financial support to the Russian government.

European and allied governments are acting in concert on most of these sanctions; even the typically neutral Swiss joined the group of nations imposing sanctions on Russia.

These are extremely restrictive measures meant to prevent Russia from stabilizing the dramatic plunge of the ruble by selling other nations’ currency. Russia will have a difficult time stabilizing its banks and even the most basic necessities will soon be unaffordable to many of its citizens.

The Russian Central Bank joins a select group of world central banks that have been cut off from dollar transactions. This group includes Iran, Venezuela and Syria.

Governments have also delisted Russian banks and cut them off from trade financing. Under U.S. and most European Union sanctions, any entity that is 50% or more owned, whether directly or indirectly, by one or more blocked person is subject to the restrictions, even if it is not explicitly listed on the sanctions list.

It is important to note that most sanctions are still not targeting energy exports, and even the U.S. Treasury ban on ruble exchange makes exceptions for certain energy-related payments.

Latest moves to hit Russia’s supply chain follow SWIFT action at the weekend

Last Saturday evening, the U.S., along with the E.U., UK, Canada, France, Germany and Italy announced its plan to ban select Russian banks from the Society for Worldwide Interbank Financial Telecommunication (SWIFT) system, a high-security network (messaging system) that facilitates cross-border payments among 11,000 financial institutions in 200 countries.

SWIFT is the principal method for financing international trade, so the removal of Russian banks will have implications for supply chain leaders when their organizations are attempting to buy products or services from firms located in Russia (see “Explainer” below).

The White House Released a joint statement reading: “This will ensure that these banks are disconnected from the international financial system and harm their ability to operate globally.”

The European Union, US, UK and Canada have banned seven banks from SWIFT. They are considered to be those most involved in financing the war and closely tied to President Vladimir Putin and it includes Russia’s second largest bank, VTB. Other entities include Bank Otkritie, Novikombank, Promsvyazbank, Rossiya Bank, Sovcombank and VNESHECONOMBANK (VEB). Sberbank and Gazprombank are likely exempted because most of the payments related to energy flow through them. Eliminating their participation in SWIFT would make it virtually impossible to process funds to pay for Russian oil and gas, which Europe relies heavily on.

Around 40% of Europe’s natural gas supplies come from Russia, and Germany and Italy are among the biggest users of SWIFT.

The SWIFT system processes around 10 billion financial messages a year, is based in Belgium and overseen by the G10 central banks. Russian transactions account for 1.5% of all of SWIFT’s global transactions annually. The U.S. and Germany are the biggest users of SWIFT to communicate with Russian banks.

 

Financial restrictions a key element of wider economic sanctions package on Russia’s supply chain

The selective removal of Russian banks is part of an effort designed to “collectively ensure that this war is a strategic failure for (Russian President Vladimir) Putin.” This follows steps taken late last week by the E.U. and at least six other countries to impose more significant economic sanctions against Russia.

The countries imposing these sanctions announced the launch of a “transatlantic task force.” The task force will “ensure the effective implementation of our financial sanctions by identifying and freezing the assets of sanctioned individuals and companies that exist within our jurisdiction.”

Their action targeted its largest banks, as well as freezing the assets of certain Russian oligarchs and their families. It also directly targeted President Putin and his foreign minister, Sergey Lavrov, and other members of Russia’s security council.

Putin has accumulated over $600 billion in foreign reserves in an attempt to insulate his country from the economic crisis it experienced after the Crimea invasion and 2014 sanctions. But this strategy has failed. It is clear that Putin did not expect such quick, severe and coordinated steps to be taken against Russia.

The West has taken unprecedented steps to prevent Russia from using these reserves to undermine sanctions. To date, all 10 of Russia’s largest financial institutions – which collectively hold nearly 80% of the Russian banking sector’s total assets – have been targeted.

Looking just at the newly U.S.-sanctioned Russian financial institutions, an analysis of Interos’ global relationship data found over 920 distinct related entities in our platform. The majority of the entities directly affected are in the U.S. (8%), followed by the UK and Ukraine (6% each). The industries directly affected by these sanctions are primarily oil and gas (20%). Next are banks (18%) and other firms operating in global capital markets (6%). These numbers will grow exponentially as more sanctions are announced. Russian companies will continue to lose liquidity in equity markets and in their ability to raise capital around the world.

—–

Explainer: How SWIFT works

Example: A German company buys a product from Russia. They transfer money from their German bank account to the Russian company’s account using its SWIFT code.

The German buyer sends a message via SWIFT to the Russian company. The message says that the transfer of the money is incoming, and that it can access the funds.

Russian banks that cannot process these payments will be unable to facilitate international business. Their deliveries of oil, gas and other commodities would stop.

No robust alternatives to this system are available to Russia in the near term. After the 2014 invasion of Crimea and concerns about its dependence on SWIFT, the Central Bank of Russia developed its own payment system. This was titled the System for Transfer of Financial Messages (SPFS). The Russian government subsidizes SPFS to encourage usage of it. It includes 400 Russian bank users (more than in SWIFT) and accounts for around 20% of domestic transfers. However, only about a dozen foreign banks use it, including only one Chinese bank.

Continue to follow the Interos Crisis Resource Center and Blog as the crisis evolves in Russia and Ukraine. We will continue to post supply chain information and insights as they become available.

Supply Beacon Vol. 5 – Russian Invasion of Ukraine Spurs Supply Chain and Cyber Concerns

Guidance: As the invasion of Ukraine continues to unfold, global supply chains are in a highly fluid state – we will be updating this blog with additional insights as more details of sanctions/counter-sanctions related to specific industries, countries and/or commodities are imposed.  Please look to our blog posts and customer communications for guidance on how to use the Interos Operational Resilience Platform to track the ripple effects on your supply chains.

Coordinated sanctions on Russia will impact both financial and physical supply chains

Summary: Following the Russian invasion of Ukraine on Thursday, the UK and US governments announced more significant and sweeping sanctions against major Russian banks, and defense equipment manufacturers. They also announced restrictions on the export of key technologies and other products. This sanctions package is far greater in scope and coordination than any predecessor, and is meant to cut off capital flows and access to technology critical to Russia’s modernization and advancement of its military and aerospace/weapons industries.

The response was organized with solidarity among allies, and the EU, Australia, New Zealand, Canada, Taiwan and Japan followed with their own sanctions on Friday. Canada cancelled all export permits in addition to naming 62 individuals and entities. Taiwan has not yet detailed all the tools it plans to employ, but the country’s inclusion is of critical importance since it is a global leader in the production of semiconductors – which many of the aforementioned countries have now banned exporting to Russia.

Additionally, the UK government banned Aeroflot from landing in the UK, suspended all flights to Moscow,  and will stop exports of high-tech items and oil refinery equipment. The EU is meeting late Friday to seek approval to freeze the assets of President Putin himself and of Sergey Lavrov, his foreign minister. The German government took the bold decision to put the Nord Stream 2 gas pipeline, which connects Russia with Germany, on hold.

The EU has thus far opted not to ban Russia from the Swift high-security network that facilitates payments among 11,000 financial institutions in 200 countries which would greatly impair their ability to pay for energy. However the restrictions leveraged on financial institutions are the most comprehensive in history to be enacted on an economy the size of Russia’s. The range of measures includes freezing the assets of certain Russian oligarchs, their families, and financial institutions, while also banning exports to Russian military organizations.

The sanctions against Russian banks will immediately disrupt Russia’s economy. The technology and industry restrictions could cripple many of the country’s leading companies, since they will choke off Russia’s imports of technological goods critical to operating as a modern economy.

The new restricted lists include a Russia-wide denial of exports of sensitive technology, focusing on the Russian defense, aviation and maritime sectors. In addition to robust restrictions on the Russian defense sector, the U.S. is imposing Russia-wide restrictions on sensitive U.S. technologies produced in foreign countries using U.S.-created software, technology or equipment. This novel use of the FDPR (Foreign Direct Product Rule) includes Russia-wide restrictions on semiconductors, telecommunications, encryption security, lasers, sensors, navigation, avionics and maritime technologies.

President Biden said the U.S. was “building a coalition of partners representing more than half of the global economy” that would limit Russia’s ability to do business in dollars as well as euros, pounds and yen.

In total, the sanctions will ban about $1 trillion in Russian financial assets from flowing through U.S. and allied financial markets.

Interos insight: Looking just at the newly U.S.-sanctioned Russian financial institutions, an analysis of Interos’ global relationship data found over 920 distinct related entities in our platform. The majority of the entities directly affected are in the U.S. (8%), followed by the UK and Ukraine (6% each). The industries directly affected by these sanctions are primarily oil and gas (20%), followed by banks (18%) and other firms operating in global capital markets (6%). The second tier of this supply chain of these 47 organization results in over 91,000 entities that could be affected, with more entities in the second tier located in other counties as Germany (over 7000).

This is a rapidly changing situation and, over the coming days, weeks and even months, we should expect the details of sanctions and export controls to be further refined and, if Putin continues his invasion, even harsher controls to be put in place. We will continue to analyze the complex ripple effects that these new restrictions will have globally, across industries’ supply chains. Additionally, our Resilience platform will be updating relevant policies and restricted lists/entities on an ongoing basis to reflect additional risks in customer supply chains.


Russian escalation raises concerns about state-sponsored cyber attacks on Western companies

Summary: Russia’s invasion of Ukraine, and the imposition of sanctions by the U.S. and European nations in response, have raised concerns about a large scale cyber attack against Western companies – and several Ukrainian government websites have already been taken offline.  A spate of ransomware and other attacks against U.S. and European firms in sectors ranging from logistics (Expeditors International) and mobile communications (Vodafone Portugal) to fuel distribution (Marquard & Bahls) were reported in February, causing severe disruption to services and supply chains.

While these attacks have generally been blamed on cyber criminals rather than nation-state actors, the Cybersecurity & Infrastructure Security Agency (CISA) recently posted a “shields up” warning to U.S. organizations, urging them to take steps to protect critical assets against possible Russian government attacks. Similarly, the UK’s National Cyber Security Centre has advised British companies to ensure their cyber defense measures are up to date.

Interos insight: Aside from energy and other critical infrastructure, companies in the aerospace and defense (A&D) industry are an obvious target for state-sponsored attacks, whether for denial of service or intellectual property theft. As well as their strategic importance to national security, they are vulnerable because of high levels of concentration risk in the sector as a result of the specialized products A&D firms rely on.

Concentration is a well-understood, but vitally important and often ignored risk in supply chain security. It refers to a cluster or a shared supplier within a supply chain. A cyber attack against Western companies could have disastrous effects.

If a shared prime A&D supplier were disrupted by a Russian cyber attack, it could have a strong ripple effect across the entire sector – much as the shutdown of Taiwanese chip makers during Covid-19 caused U.S. automotive production lines to grind to a halt.

To gauge the extent of concentration risk in A&D, Interos took the 2021 top 100 list of defense contractors published by the industry publication Defense News and used our global relationship data graph of more than 350 million entities to map their extended supply chains.

Of the 83 companies whose relationships we could map with a high degree of confidence, we found 1,755 common suppliers – that is to say, those that were used by at least two contractors. This included six of the top 20 suppliers to the industry, one of whom had 27 separate connections. And the list doesn’t only include component and material suppliers, but also banks and financial institutions. Indeed, 29 of the 83 A&D companies use the same bank, according to our data.

Most of the top 100 shared suppliers had solid cyber and financial risk scores, based on the Interos i-Score model. However, as we moved further down the list some issues started to appear. Suppliers based outside of Western Europe and the U.S./Canada may not be responding as one might hope to a “shields up” alert.

While criminal hackers pose a real threat to companies with inadequate cyber security measures, those that are state-sponsored – whether by Russia or other malevolent forces – can draw on vast resources and are therefore likely to be more successful in disrupting critical supply chains.


Uyghur Forced Labor Prevention Act set to have a significant effect on supply chains

 

Summary: In last month’s Beacon, we discussed the newly enacted U.S. Uyghur Forced Labor Prevention Act (UFLPA), which was signed into law on December 23, 2021, as part of the U.S. pushback against Beijing’s treatment of the Uyghurs and other persecuted minorities in China’s Xinjiang Uyghur Autonomous Region (the XUAR).

The effects on some supply chains would be significant since Xinjiang is one of the world’s largest producers of cotton and polysilicon, which is used to manufacture solar panels. The Act mandates that cotton, tomatoes, and polysilicon must be among the high-priority sectors in addition to building upon U.S. Customs and Border Protection’s existing “withhold release order” against all cotton and tomato products produced in the XUAR.

The Act requires the FLETF (Forced Labor Enforcement Task Force) to issue guidance on “due diligence, effective supply chain tracing, and supply chain management measures” aimed at avoiding the importation of goods produced with forced labor in the XUAR within 180 days of the UFLPA’s enactment on June 21, 2022.

Companies with supply chain exposure to the XUAR should expect compliance with the UFLPA to require significant supply chain diligence and documentation obligations. These requirements are likely to be strict given the already high bar on diligence established by the FLETF (and CBP established through continued partnerships with NGOs and other stakeholders focused on ending forced labor from global supply chains).

Interos insight: We identified over 2,000 companies that are directly connected to organizations using Uyghur labor and over 115,000 connected indirectly at the second tier of the supply chain.

Clients can use Interos’ to immediately illuminate companies in their existing supply chain that violate this law and easily screen for problematic organizations as they evaluate potential alternative suppliers of affected products and raw materials.


German Supply Chain Act will impact hundreds of non-German companies

Summary: Germany’s new Supply Chain Due Diligence Act comes into force on January 1, 2023. From that date, companies with at least 3,000 employees that have a headquarters or statutory seat in Germany, or those that have a branch in Germany employing at least 3,000 employees, will be required to take action to comply with the legislation.

The law requires both German-based companies (regardless of their legal structure) and foreign companies doing business in Germany to establish due diligence procedures to ensure compliance with specified core human rights and some environmental protections in their supply chains. Significantly, companies must not only conduct ongoing audits of their own business operations, but also those of their direct (tier-1) and, to some extent, indirect (tier-2 and beyond) suppliers.

And it’s not just the biggest companies that will be affected by the legislation. From January 1, 2024, the Act’s provisions will be extended to firms with 1,000 employees based in or doing business in, Germany.

Although other European Union member countries are not yet in agreement on the terms of such legislation, it is likely the E.U. will follow with similar laws in due course.

Interos insight: In its first year of implementation, the law will apply to over 600 German companies and hundreds of foreign firms. The number will grow to over 3,000 companies in the second year.

Interos’ proprietary ESG risk score dynamically assesses an organization’s risks as well as its place in a customer’s supply chain. When assessing suppliers to Germany, for example, we found that about 37% had potentially problematic ESG scores.

Some of the attributes that make up Interos’ country-level ESG score include:

  • Environment risk: CO2 emissions, biodiversity and protected areas, climate change performance index, and net zero commitments
  • Social risk: Global Slavery Index, gender gap, mineral risk score, and digital access index
  • Governance risk: Human rights, freedom index, counterfeit goods risk, political terror score

Supply chain implications of China’s zero-tolerance approach to Covid-19 infections

Summary: China’s zero-COVID policy may increase pressure on the global economy by prolonging supply chain disruptions and intensifying the impact of inflation. Supply chain bottlenecks were expected to “materially ease in the early months of this year,” with downward pressure on producer and input prices and shorter lead times, according to Katrina Ell, a senior economist for Asia-Pacific at Moody’s Analytics. “But given China’s zero-Covid policy and how they tend to shut down important ports and factories — that really increases disruption.”

The US Federal Reserve and the International Monetary Fund have both issued similar warnings. The IMF also revised up its near-term projection for inflation “in response to the anticipated slower resolution of supply issues”.

 

(note: lower index means longer lead time)

Interos insight: What was once the “perfect storm” – a confluence of circumstances leading to a rare event – has become the norm. The pandemic has exacerbated supply chain issues, and disruptions have lasted much longer than expected. Inventories in many industries would have reverted towards more typical levels by now, but policy decisions such as China’s zero-COVID rules have caused additional production delays as major cities or regions are shut down practically overnight.

Inflation, a byproduct of many other interdependent factors, makes the pain and real costs for supply chains much worse. Although no human or artificial intelligence system will be able to bring every unknown risk to the forefront, Interos’ supply chain mapping platform can help customers quickly identify where exogenous, unexpected policy decisions might negatively impact their ability to deliver products to customers in accordance with predictable pricing and timescales.

That’s this month’s Supply Beacon. Looking to learn more about supply chain risk and operational resilience? Check out interos.ai. Got a suggestion for next month’s newsletter? Send us the scoop at [email protected] or tweet us at @InterosInc!

Supply Chain Disruption from the Russian Invasion of Ukraine

*The statistics in the blog below have been updated following a deeper analysis of the supply chain. We are continuing to monitor the highly volatile situation in Ukraine and will update this piece accordingly as new information becomes available. 

A Russian invasion of Ukraine has the potential to cause extensive and debilitating supply chain disruption across the globe. This may result in rising input costs to a heightened threat of cyber attacks.

Russia, Ukraine Key to Global Economy

Today thousands of U.S. and European companies do business with suppliers in Russia and Ukraine. Many of them could be at risk during a prolonged military conflict. Analysis of global relationship data on the Interos platform reveals critical findings:

  • More than 2,100 U.S.-based firms and 1,200 European firms have at least one direct (tier-1) supplier in Russia.
  • More than 450 firms in the U.S. and 200 in Europe have tier-1 suppliers in Ukraine.
  • Software and IT services account for 13% of supplier relationships between U.S. and Russian/Ukrainian companies. Consumer services represent another 7%.  Trading and distribution services account for about 6%, while industrial machinery counts for about 4%. Oil, gas, steel, and metal products account for other everyday items purchased from the two countries.

The proportion of U.S. and European supply chains that include tier-1 Russian or Ukrainian suppliers is relatively low. This increases substantially when incorporating indirect relationships with suppliers at tier-2 and tier-3.

  • More than 190,000 firms in the U.S. and 109,000 firms in Europe have Russian or Ukrainian suppliers at tier-3.
  • More than 15,100 firms in the U.S. and 8,200 European firms have tier-2 suppliers based in Ukraine.

Supply chain and information security leaders in U.S. and European organizations should review their dependence on Russian and Ukrainian suppliers at multiple tiers. This is a key first step in assessing risk exposure in the region and ensuring operational resilience.

Supply Chain Disruption: 4 Major Risks

The many connections between US, European, Russian, and Ukrainian businesses highlight the potential for supply chain disruption.

In the event of a Russian invasion of Ukraine, four major areas could spark supply chain disruption:

Commodity price increases

Energy, raw material, and agricultural markets all face uncertainty as tensions escalate. Russia provides over a third of the European Union’s natural gas, and threats to this supply could force up prices when companies and consumers are already facing higher energy bills. Natural gas supply pressures likely would spike volatility in other energy markets too. By one estimate, an invasion could send oil prices spiraling to $150 a barrel, lowering global GDP growth by close to 1% and doubling inflation. Even lower estimates of $100 a barrel would cause input costs and consumer prices to soar.

Food inflation is another risk that may cause supply chain disruption. Ukraine is on track to being the world’s third-largest exporter of corn, and Russia is the world’s top wheat exporter. Ukraine is also a top exporter of barley and rye. Rising food prices would only be exacerbated with additional price shocks, especially if Russian loyalists seize core agricultural areas in Ukraine.

A conflict could continue to squeeze metal markets. Russia controls roughly 10% of global copper reserves and is also a significant producer of nickel and platinum. Nickel has been trading at an 11-year high, and further price increases for aluminum are likely with any disruption in supply caused by the conflict.

Firm-level export controls and sanctions

U.S. and European export controls could exacerbate commodity cost pressures. The use of such controls to restrict certain companies or products from supply chains has soared over the last few years. While many have been aimed at Chinese companies, a growing number of Russian firms have been earmarked for export controls for “acting contrary to the national security or foreign policy interests of the United States.”

Not surprisingly, U.S. companies and business groups are urging the government to be cautious in how it applies any new rules. Prominent Russian companies already on a U.S. restrictions list include Rosneft and subsidiaries, and Gazprom. Extending export controls and sanctions to Gazprom’s subsidiaries, other energy producers and key mining and steel market firms could further impact supply availability and input costs.

U.S. and E.U. export controls would also likely target the Russian financial sector, including state-owned banks, as a deterrence tactic. U.S. officials have noted that any sanctions would be aimed at the Russian financial sector for a “high impact, quick action response.”

Cyber security collateral damage and supply chain turmoil

Entities linked to malicious cyber activity may also face further repercussions from the U.S. and its partners. Ukraine is certainly no stranger to Russian cyber aggression. Russia has twice disrupted the Ukrainian electric grid, first in December 2015, leaving hundreds of thousands of Ukrainians in the cold, and again the following year. But destructive attacks on the country’s infrastructure could also spark significant collateral damage in global supply chains.

In 2017, the NotPetya attack on Ukrainian tax reporting software spread across the world in a matter of hours. The attack disrupted ports, shut down manufacturing plants, and hindered the work of government agencies. The Federal Reserve Bank of New York estimated that victims of the attack, including Maersk, Merck, and FedEx, lost a combined $7.3 billion.

This figure could pale compared to the global supply chain impact of a Russia-Ukraine military conflict, which would inevitably include a cyber element. Whether Russia would target its cyberwar playbook at U.S. or E.U. targets in retaliation for any support to Ukraine remains hotly debated. But the Cybersecurity Infrastructure and Security Agency (CISA) has been urging U.S. organizations to prepare for potential Russian cyberattacks, including data-wiping malware, illustrating how the private sector risks becoming collateral damage from geopolitical hostilities.

Geopolitical instability

Cyberwarfare would be unlikely to remain within Ukraine’s borders. Thus the destabilizing effect of a Russian invasion could have wider geopolitical ramifications. In Europe, a refugee crisis could emerge, with three to five million refugees seeking safety from the conflict. In Africa and Asia, rising food prices could fuel popular uprisings. Of the 14 countries that rely on Ukraine for more than 10% of their wheat imports, the majority already faces food insecurity and political instability.

China is watching closely to see how the world responds if Russia invades Ukraine. The superpower has its own aspirations of seizing territory and extending its sphere of influence. Taiwan’s defense minister has remarked that tensions over Taiwan are the worst in 40 years. A Russian invasion could further embolden China to enlist military tactics against Taiwan. In addition to far-reaching geopolitical implications, this would have a significant impact on electronics and other global supply chains.

How to Stop Supply Chain Disruption

Many of these risks may not materialize and represent a worst-case scenario. But executives should think carefully about the potential impact of a Russia-Ukraine military conflict. These leaders need to ensure appropriate contingency plans for their most critical supply chains and riskiest suppliers in the region.

Risk mitigation strategies include:

  • evaluating required levels of inventory and labor in the short to medium term;
  • discussing business continuity plans with key suppliers; and
  • preparing to switch to, or qualify, alternative sources for essential products and services.

With the right technology to enable proper analysis, planning, and execution, it is possible to mitigate significant risk, ensure operational resilience, and avoid supply chain disruption. For more information about the Interos platform and how it can help with this process, visit interos.ai