How a Coup in Central Africa Could Threaten America’s Defense Supply Chains

By Joshua Clarke and Trevor Howe, Senior Operational Resilience Consultants

Multiple supply chain risks converged this week, with Hurricane Idalia spreading chaos in the Southeastern U.S. and a coup – over 6000 miles across the Atlantic – in Gabon threatening further disruption – particularly for the aerospace & defense sector.

Gabon’s military seized power yesterday following a controversial presidential election. Supply chain leaders are tracking the fallout as the country is the world’s second-largest producer of an essential material, manganese ore. The coup heralds both an uncertain time for industrial and commercial activity in the country and potential disruptions to global supply chains.

The Criticality of Manganese

Manganese is crucial for several industries including aerospace and defense, energy production and storage, and automotive – among others – because of its use as an alloying agent, metal coating additive, and as a cheaper, more ethically sourced alternative to cobalt. The shutoff of Manganese imports could impact everything from batteries to guns to automotive transmissions. Interos’ analysis identified over 155,000 US companies likely to be impacted.

According to the U.S. Geological Survey (USGS): “Because manganese is essential and irreplaceable in steelmaking and its global mining industry is dominated by just a few nations, it is considered one of the most critical mineral commodities for the United States.”

Between 2018 and 2021, 67% of manganese ore imported to the U.S. was from Gabon, compared with 19% from South Africa and 12% from Mexico. The U.S. is 100% reliant upon imports of manganese ore for apparent consumption.

Second African Coup in a Month Threatens Regional Stability and Vital Exports

This past Wednesday, Gabonese soldiers announced on national television they seized power in the African nation of Gabon and arrested recently re-elected President Ali Bongo, whose family has held power in Gabon since 1967. The soldiers behind the coup announced that they have canceled the recently certified election results.

The military announced that the country’s borders would be temporarily closed. This resulted in the anchoring of 30 commercial vessels off the coast of Gabon while they awaited the resumption of activity at the Port of Libreville.

Gabon’s top export is crude petroleum, accounting for 60.7% of its exports at approximately 200,000 barrels per day, making it Africa’s seventh largest oil producer. But there is more concern around manganese ore, which is Gabon’s other primary export.

The ore accounts for almost 23% of the country’s export activity, valued at $1.34 billion annually. The French mining firm Eramet, reportedly the top producer of manganese worldwide (having produced 7.5 mega tonnes of ore in 2022), announced shortly after the coup that it would temporarily halt all operations in the country, including the transportation of already-extracted ore.

A Flexible Transition Metal

Manganese ore is a key component in steel and alloy production because of its structure as a transition metal, which allows it to improve the strength, workability and wear resistance of partner metals. Manganese consumption in the U.S. is overwhelmingly focused on the production of iron and steel products, with 90% of manganese ore directed to this use. Beyond these applications, manganese is utilized for:

  • Aluminum alloys – Manganese, alloyed with copper, silicon, tin, nickel and zinc, is used to create high-strength and lightweight structures in aerospace and defense applications.
  • Stainless steel – Manganese, alloyed with silicon and nitrogen, is used to create oxidization-resistant steel.
  • Batteries – Manganese oxide, usually a processed version of manganese, is utilized in dry-cell and alkaline batteries to prevent the formation of hydrogen in a battery, preventing possible combustion or explosion.
  • Copper alloy – Manganin, an alloy of copper, manganese, and nickel, is utilized to create shunt resistors, with a low-temperature coefficient and resistance to sulfur, these resistors are useful for creating large currents.
  • Potassium permanganate – Manganese is essential to the production of potassium permanganate, which is widely used in drinking water and wastewater treatment.
  • Manganese phosphate – This type of metal finishing is mostly used within engines, transmission systems and gears to provide smoother overall operation while increasing the service life of treated components.

While the U.S. does maintain a domestic stockpile, disruption to manganese ore exports from Gabon could pose a material risk to American manganese refineries and manufacturers dependent on raw and refined manganese products. Manganese supply disruptions would most affect the following industries:

According to the USGS, manganese ore is consumed mainly by five companies at six U.S. facilities with plants principally in the Eastern and Midwestern States. Analysis by Interos suggests that these firms directly supply more than 200 U.S.-based customers and indirectly almost 155,000 as tier-2 suppliers.

Action That Affected Companies Need to Take

Since the coup, many countries in the international community have called for a return to Gabon’s elected government and to stability. Russia and China called for a peaceful resolution to the conflict, while France condemned the coup and called for a “commitment to free and transparent elections”.

Regardless of the coup’s ultimate outcome, the situation in Gabon – and the impact uncovered by Interos, is a stark reminder of how geopolitical turmoil (and a high degree of reliance on single/highly concentrated sources) can intersect with natural disruptions, like Hurricane Idalia, to threaten supply chains a world away.

At this time of uncertainty, companies can ill afford to sit idly by. Those that are dependent on manganese ore, particularly aerospace & defense organizations, need to identify where it is sourced within their extended ecosystem and understand their level of dependence on Gabon and suppliers operating in the country.

With its artificial intelligence-based software, Interos is well positioned to support supply chain risk management programs for companies around the world trying to address this issue. Interos provides continuous monitoring of suppliers with timely alerts so that companies can both get ahead of potential supply chain disturbances and be among the first to react to them.

Navigating MOVEit: Six Lessons in Resilience for the Next Mass Supply Chain Attack  

The MOVEit computer virus recently surged back into the headlines with IBM and the Colorado Department of Health Care Policy & Financing confirming cyber-attacks that exposed the private health care data of millions of customers. The ensuing supply chain attacks have caused chaos for a growing number of victims spanning banks, hotels, energy giants and others. It’s no coincidence the events also saw the filing of five separate class-action lawsuits against Progress Software, the publisher behind the MOVEit file transfer application.

The breach, and the widening scope of damage, highlights the hidden risks posed by digital concentration risk – defined as high levels of dependence on massive, globally interconnected systems. In highly concentrated systems, a single vulnerability has the capacity to affect millions of entities. Various reports show at least 620 businesses and more than 40 million individuals have been impacted – over one-third via third party connections.

The incident underscores the constant battle to protect data and highlights the urgent need for a proactive approach to supply chain cybersecurity.

A Closer Look at the Attacks

Originating at IBM, the MOVEit attacks have affected hundreds of organizations, including the BBC, British Airways, Johns Hopkin’s University, multiple U.S.-based financial services firms, and even U.S. government agencies.

The breaches were carried out by exploiting SQL injection vulnerabilities, enabling hackers to access the server database. The CL0P ransomware gang was credited with the attack and has gone on a ransomware spree, contacting dozens of companies and demanding payments to prevent stolen information from being published online.

Six Steps to Respond Proactively

Though the situation is still unfolding, six key lessons have already emerged:

  1. Collaborate with Cybersecurity Teams & Identify Affected Third Parties: Engage procurement and cybersecurity teams to collaborate on guidance and developing vendor communications to determine which vendors use MOVEit. Unlike calls or surveys, automated platforms could identify likely affected vendors immediately and across sub-tier/extended supplier networks. Contact these critical vendors immediately and agree on mitigation strategies. If the enterprise maintains a legacy or manual systems, the only option may be issuing a manual questionnaire to vendors – which may take weeks to gather and analyze for vulnerability mitigation. If customer data has been exposed, take steps to notify them and review your vendor contracts for data breach notification requirements.
  2. Segment Critical Third Parties: Identify and group third parties and supply chain partners based on their criticality to continued operations – and their level of instability.
  3. Drill Deeper: Once critical third parties & supply chain partners have been identified, organizations need to drill deeper into risk sub-factors to understand their true vulnerability posture. When assessing vendors, it’s essential to consider everything from liquidity to cybersecurity breach history. Undertake exercises like threat modelling to further understand which vulnerabilities may pose the most risk to operations.
  4. Take Action: Develop an action plan to address findings. Long-term and short-term risks may require different remediation measures, such as focusing InfoSec teams on addressing specific CVEs.
  5. Perform Cybersecurity Due Diligence/Continuous Monitoring: In addition to immediate triage, it’s important to assess suppliers who furnish similar software to evaluate their cybersecurity practices as copy-cat attacks are a strong possibility. Again, automated risk assessment/monitoring applications will help here – provided they have insight across your supply chain.
  6. Stay Updated with Official Information: Monitor official information from Progress Software and other sources for updates.

Emphasizing Resilience by DesignTM

In a world of escalating supply chain cyber-attacks, the MOVEit breaches have highlighted the dangers of digital concentration risk and the need for robust third-party risk management practices. This incident is only the latest to emphasize the importance of proactively and continuously assessing enterprise supply chain cybersecurity backed by a robust incident response plan.

More broadly, the attacks stress the need for organizations to take control of risk for competitive advantage by ensuring resilient design in supply chain cybersecurity strategies. Per Interos’ latest annual survey of procurement leaders, cyber-attacks were the second-greatest concern for supply chain leaders, after supply shortages – costing large companies $43M a year, on average. Additional survey risk insights can be downloaded here.

By embracing Resilience by DesignTM, organizations can overcome risks, simplify their business, and deliver results. It’s not about avoiding the inevitable but about planning and reducing the impact and the time and resources required to restore normal operational performance.

Cyber-attacks and ransomware are inevitable – every organization will be impacted by one at some point – but with continuous multi-tier monitoring, and comprehensive recovery planning, we can minimize the damage and maximize profitability.

 

Forced Labor Regulations Materially Impact U.S. and European Supply Chains

By Geraint John

Forced labor is becoming an ever more impactful source of supply chain risk as new regulations on both sides of the Atlantic begin to bite.

In the United States, the Uyghur Forced Labor Prevention Act (UFLPA) has seen more than 4,600 imported shipments worth over $1.6 billion intercepted by U.S. customs officials in its first full year of operation. This week, U.S. customs added new Chinese companies to the list of those restricted from selling their products in America.

The law seeks to stop products associated with forced labor in China’s Xinjiang region from entering the U.S. Recently, a growing list of companies have been accused of flouting the legislation. They include the parent company of printer manufacturer Lexmark International, power tool maker Milwaukee Tool and Nike Canada.

In Europe, automotive firms BMW, Volkswagen and Mercedes-Benz have also been accused of using forced labor in their Chinese supply chains. If true, they would be in contravention of Germany’s new Supply Chain Due Diligence Act (SCDDA). The SCDDA came into force in January.

This specific complaint, brought by a Berlin-based non-profit, has yet to be proven. However, it is a stark warning to larger companies that they need to up their game when it comes to managing forced labor risk in their extended supply chains.

Regulations Address a Growing Global Problem

Forced labor is defined by the International Labour Organization (ILO) as “all work or service which is exacted from any person under the menace of any penalty and for which the said person has not offered himself voluntarily.”

According to a recent report, as many as 50 million workers worldwide may be enduring forced labor or “modern slavery” conditions. The report estimates this number has grown by 25% over the past five years. The report argues that this increase is due to global trade conducted by G20 developed nations.

A new Interos survey of 750 procurement leaders in North America and Europe underlines the significance of new supply chain regulations that seek to tackle this issue. It found that:

  • 80% of those in the U.S. and 71% in Canada see the UFLPA as having a significant or moderate impact on their organizations. Energy and A&D sectors were the most affected.
  • 61% overall think the SCDDA will have a significant or moderate impact. This rises to 77% in the energy and financial services sectors.

The UFLPA has a direct operational impact. Violations lead to the physical detention of shipments at entry ports, as well as cost and reputational implications. The SCDDA, meanwhile, gives the German government powers to levy fines of up to 2% of a company’s annual turnover. They may also be banned from competing for public contracts for up to three years.

Revealed: The Highest Risk UFLPA Goods

Of the 4,651 shipments detained by U.S. Customs and Border Protection (CBP) under the UFLPA to the end of June, 872 (19%) were denied entry, 1,849 (40%) were released and almost 2,000 were awaiting a decision.

But Interos’ analysis of CBP’s data reveals that shipments of specific products from certain countries are much more likely to be rejected than others. In particular:

  • Almost half (46%) of all shipments detained (worth $1.37 billion – 84% of the total value) were electronic products. However, just 3% of CBP decisions resulted in these being refused entry. The vast majority are shipped from Malaysia.
  • In contrast, customs rejected almost two-thirds of industrial raw materials and more than 62% of pharmaceutical and chemical products. Well over half of apparel, footwear and textiles met the same fate (see chart).
  • Vietnam has the highest proportion of shipments denied entry (49%), with 89% of raw materials and 69% of apparel, footwear and textiles rejected. This demonstrates that attempts to skirt the UFLPA by shipping from outside China don’t always work.
  • China itself is the second riskiest originating country for U.S. imports, with 40% of CBP decisions denying its shipments entry. Compare to an 11% rejection rate for Thailand and just 2% for Malaysia.
  • China’s highest risk category is apparel, footwear and textiles (64% rejected). This was followed by pharmaceutical and chemical products (62%) and raw materials (44%). At the other end of the scale, just 14% of agricultural products and 8% of consumer products were denied entry by CBP officers.

Products at Greatest Risk From UFLPA

Percentage of CBP decisions where shipments are denied entry, June 2022 – June 2023

Source: U.S. Customs and Border Protection

Polysilicon – a key raw material in the production of solar panels – is one high-risk product targeted by the UFLPA. More than 40% of the world’s supply of polysilicon comes from Xinjiang. Following previous action against Chinese imports, Vietnam is now the biggest exporter of solar panels to the U.S. Vietnam accounts for one-third of solar panel shipments in 2021.

Actions That Companies Need to Take

Companies can take similar actions to manage forced labor risk and comply with both the UFLPA and SCDDA. At a foundational level, they include establishing a robust risk management and due diligence system capable of identifying and remediating illegal practices.

Interos’ recent survey found that nearly two-thirds of procurement leaders believe they have made significant or moderate progress on forced labor with their suppliers over the past three years (see chart).

Forcing the Issue on Forced Labor

Progress made with suppliers in the past three years

n=750 procurement leaders

Source: Interos Resilience Survey 2023

However, as with other ESG issues, one of the main challenges around forced labor is a lack of sub-tier supply chain visibility. This ranked as executives’ joint top barrier to progress alongside a lack of reliable data for setting and tracking goals.

To support their regulatory compliance efforts on forced labor, procurement leaders need to:

  • Use supply chain mapping and risk-scoring tools to pinpoint high-risk relationships with both direct and indirect suppliers in geographies prone to forced labor.
  • Ensure that existing direct and sub-tier suppliers are not on, or being added to, any restrictions lists, including those specific to the UFLPA.
  • Harness detailed risk intelligence to help identify and mitigate forced labor risks before selecting or onboarding new suppliers in China or other at-risk countries.
  • Keep a close eye on high-risk raw materials and products shipped by Chinese or other firms based in Vietnam, Malaysia, Thailand, Mexico and other countries on the U.S. CBP watchlist.

Supply chain regulations impose a heavy burden on companies. They require time, money and resources to ensure compliance. 79% of CPOs we surveyed agree with that view.

But the same proportion also believes that regulation forces their organizations to do a better job of managing supply chain risk. 70% say it even enhances their competitive advantage in the market.

So the message on forced labor, as with other types of supply chain risk, is that it pays to invest. Organizations can derive value from both complying with emerging regulations, but also proactively developing greater operational resilience.

G7 Confronts China’s Designs on Semiconductor Supply Chain

G7 leaders meeting in Hiroshima, Japan this past weekend were hardly short of major global issues to discuss. From Russia’s unprovoked war in Ukraine and the proliferation of nuclear weapons to the steady march of climate change — the potential scope of the agenda was vast. So it was significant that the leaders devoted part of the summit’s agenda and communiqué to the risks facing critical supply chains and the need for greater resilience.

Nowhere is this more concerning for the world economy than in the case of Taiwan. We are at a time of heightened tensions between the United States and China. An all-powerful President Xi Jinping is intent on reuniting the two rival Chinese republics. Consequently, the concentration of semiconductor manufacturing in Taiwan is the biggest geopolitical risk facing supply chains today.

Taiwan-based companies control more than 90% of the world’s production of advanced microchips. These chips are used in everything from high-end smartphones to cutting-edge military hardware. One company, Taiwan Semiconductor Manufacturing Co. (TSMC), dominates this niche and owns more than half of global chip-making market share.

A Chinese invasion or blockade of its neighbor across the Taiwan Strait would have a devastating impact on the global economy one far greater in scale and longevity than the havoc wrought on food and energy supplies by Vladimir Putin’s aggression last year. So it is right that G7 leaders focused on the issue.

Taiwan’s Supply Chain: Powered by Semiconductor Exports

Taiwan exported $479.4 billion of products in 2022. The U.S. was the second biggest importer after China, with 15.7% ($74.9 billion) of the total. Japan was fourth with 7% behind Hong Kong, while the other five G7 countries Canada, Germany, France, Italy and the U.K. made up a combined 4.3% ($20.9 billion).

Many different products are shipped to these and other nations in Asia-Pacific and beyond (see chart). But it is electronic components, and especially “integrated circuits/microassemblies” in other words, semiconductors that dominate the list. The latter accounted for $183.5 billion, or 38% of Taiwan’s total exports by value last year. Despite a falloff in demand for chips in recent months, this figure was up 17.7% on 2021, which in turn was up 22.4% on 2020.

Taiwan Exports by Commodity, Q1 2023. Electronic components are the largest category.

Dependence on Taiwanese supply chains among G7 countries is, as you might expect, extensive. An analysis of Interos’ global database of business relationships shows that:

  • U.S. companies have almost 70,000 direct (tier-1) relationships with Taiwanese suppliers. Companies in other G7 member countries have almost 10,000 between them.
  • When indirect multi-tier relationships are included, G7 member companies have more than 315,000 tier-2 and 750,000 tier-3 connections to Taiwanese firms.
  • Although tier-1 relationships with the two major Taiwanese semiconductor manufacturers, TSMC and United Microelectronics Corp. (UMC), are relatively small in number (led by the U.S. with around 220), as tier-2 and tier-3 suppliers these two companies are present in hundreds of thousands of supply chains in G7 countries.

 

The Likelihood and Impact of China Invading Taiwan

Two key questions that arise from discussions around the China-Taiwan situation are:

  1. How likely is it that China will seek to take Taiwan by force, and when might this happen?
  2. What impact would Chinese action against Taiwan have on the global economy and supply chains?

Opinions among commentators and analysts on the first question vary widely. Some see an invasion occurring as soon as later in 2023, to sometime in the 2030s, to never. China’s official policy is one of peaceful reunification. However, U.S. intelligence reports suggest that President Xi has ordered the People’s Liberation Army to develop capabilities to seize the island by military force by 2027.

A geopolitical risk assessment of conflict between China and Taiwan by Interos concluded that the likelihood of an invasion in the next 2-5 years was “roughly even odds (45-55%).” The assessment also noted that “the majority consensus [among government policy makers and think-tank experts] appears to be that there will be an armed conflict over the island.”

On the second question, Interos’ analysis identified that a partial blockade or full invasion could disrupt ocean and air cargo shipments from Taiwan. Our analysis also raised the possibility that Taiwan could be completely cut off from international trade.

Potential Supply Chain Scenarios for Semiconductor Disruption

A tabletop exercise conducted last year among U.S. government and business leaders by the RAND Corporation centered specifically on the likely impact to advanced semiconductor supply chains. Participants were asked to consider two potential scenarios in which China imposed a “coercive quarantine on Taiwan”:

  1. Uncontested, China acquires a significant portion of global semiconductor capacity. This leaves the U.S. and other countries with a choice of continuing to buy from Taiwanese suppliers or imposing sanctions on China.
  2. China faces resistance in its attempts to take control of Taiwan’s fabs. This leads to a rapid loss of access to the country’s semiconductors, and triggers U.S. and other government action to ration limited supplies.

Unpalatable outcomes from these two scenarios included a fundamental change in the balance of global power in China’s favor, and an extended economic depression for most of the world. Unsurprisingly, given the impact on multiple industries (see graphic), business participants were keen on ensuring continuity of supply even if this meant relying on semiconductor firms such as TSMC under Chinese control.

How Loss of TSMC Would Impact Different Industries.

Military action against China, whether by Taiwan or the U.S. and its allies, was not considered in this simulation. But a recent assessment by The Economist laid bare the imbalance in military capabilities between China and Taiwan. The analysis also articulated the dire consequences of military conflict over the island state. This included “incalculable damage to the world economy” as a result of disruption to semiconductor supply chains.

The threat of war looms large over the Indo-Pacific region. Hence efforts in recent weeks by Japan and other G7 countries, including the U.S., to take some of the heat out of relations with China. In their communiqué, the G7 leaders emphasized that actions designed to boost economic and supply chain resilience were about “de-risking, not de-coupling” from China.

Some Major Players Begin Diversifying Chip Capacity Away From Taiwan

In practice, de-risking means diversification. Since their 2022 meeting in Germany, the response of G7 countries to semiconductor concentration risk has been to tempt advanced chip-making capacity away from Taiwan through vast public subsidies. The U.S. has led the way with its CHIPS and Science Act, but Japan, the European Union, and the U.K. have all followed suit, albeit with fewer billions of dollars to throw at the problem.

Over the next five years these industrial policies should result in new fabs, supply chains, and skilled workforces being developed in multiple geographies. However, Taiwan is set on keeping much of its domestic semiconductor “shield” intact, both in terms of manufacturing and R&D. Aside from contributing 15% of Taiwan’s GDP, the industry serves as vital leverage for Taiwan in its efforts to maintain independence from China.

Confidence in this strategy in waning in some quarters.  \Warren Buffett’s Berkshire Hathaway recently announced that it had sold the remainder of its $4.1 billion stake in TSMC. This is in spite of the fact that the shares were purchased as recently as November last year — and that TSMC is regarded as one of the world’s best-managed companies.

“I don’t like its location,” Buffett told analysts. “I feel better about the capital that we’ve got deployed in Japan than in Taiwan.”

Action CPOs Should Take to Prepare for Potential Disruption

To reduce the exposure of their organizations to semiconductor concentration risk, chief procurement officers should do the following:

  • Assess your dependence on Taiwan by understanding the relationships you have with Taiwanese suppliers. Include both the direct, tier-1 relationships and those at tiers 2, 3 and beyond. Chip makers such as TSMC and UMC are often present at this sub-tier level.
  • Evaluate the extent to which key semiconductors, electronic components, and other items you depend on from Taiwan-linked supply chains are single- or sole-sourced. Identify where you have viable alternative options already in place.
  • Develop a strategy aimed at diversifying your supply base to other geographies. Consider sourcing from new suppliers and/or by working with existing partners to utilize alternate and emerging capacity.
  • Conduct scenario plans and risk simulations – like the one run by British telecommunications group BT last year. These can gauge the impact that disruption to Taiwanese semiconductor supply chains might have on your business.
  • Continuously monitor your Taiwan-dependent supply chains for geopolitical, operational, financial, and cyber risk events.

Until new semiconductor capacity comes online in the U.S., Japan, Germany, South Korea, and elsewhere, companies will continue to over-rely on Taiwan-based suppliers. However, it is important to be prepared for, and to support the creation of, a more diversified global supply chain for microchips – as it is with other critical products and raw materials that are heavily concentrated in particular geographic locations.

First Republic, SVB: Why Bank Failures Disrupt Supply Chains

By Kate Anderson, Scott DeGeest and Teddy DeWitt

Amid the coverage of the evolving U.S. banking crisis that has claimed Silicon Valley Bank (SVB), Signature Bank, and First Republic Bank (FRB), and is now threatening PacWest, one aspect has remained largely hidden – the potentially massive supply chain impact of these failures.

Make no mistake, a banking crisis is also a supply chain crisis.

Interos data suggests that, thanks to the supply chain ripple effect, over 600,000 U.S. firms will be indirectly affected by the collapse of SVB and FRB alone.

Our research also indicates that, by considering banks as part of a larger supply chain and monitoring specific risk indicators, organizations – and especially their procurement leaders – can anticipate potential problems and banking failures well in advance.

So why are these banks failing? What does it mean for the broader supply chain? And what can organizations do about it?

The Banking Sector: A Supply Chain of Capital

As banks experience greater volatility, a tougher business environment and fleeing depositors, it becomes more difficult for them to obtain capital to distribute to their customers.

Much as supply chain disruptions limit access to vital goods, disruptions in the banking supply chain limit access to vital capital. This, in turn, impacts a whole range of day-to-day banking services that businesses rely on, including liquidity management, accounts payable services, lines of credit, foreign exchange services, and lending.

As with SVB, capital supply chain failures ultimately extend far beyond the financial sector and into the wider economy. Even companies not directly reliant on the bank’s capital were affected when they discovered that suppliers and service providers that banked with SVB were at risk. For example, users of Rippling a major payroll platform suddenly discovered that their operations were threatened by that supplier’s reliance on SVB.

Despite these impacts, companies seldom view financial crises through a supply chain risk lens. This is an oversight that, if corrected, could enable them to anticipate and prepare for these significant disruptions, rather than simply reacting after the event.

The importance of this kind of anticipation has become all too clear in the last few weeks and is likely to remain so given the prospect of additional volatility in the short to medium term – with regional bank stocks like PacWest continuing to slide.

So how can organizations use Interos’ data to understand the pinch in the capital supply chain that portended the collapse of FRB, for example?

Using Interos Supply Chain Data to Identify the Banking Capital Market Pinch

Volatility is a measure of how much a stock price moves over time. Increasing volatility indicates higher perceived risk, and can be an indicator that the overall risk, and potential vulnerability, of the business has increased.

Chart 1: Stock Volatility of Regional Banks

Chart showing the volatility of regional bank stocks from Mar 1 to April 26, with First Republic experiencing significantly higher volatility than others.

Source: Interos Analysis

In addition, an analysis of metrics from the Interos platform showed FRB’s liquidity access steadily decreasing from June 2022, driven by an increase in its use of non-financial trades (see chart 2).

Chart 2: Liquidity Access Score for First Republic Bank

Chart showing First Republic's declining liquidity access in the weeks leading up to its failure.

Source: Interos Analysis

Identifying the Ripple Effects on the Wider Supply Chain

Capital constraints ripple through the broader supply chain ecosystem, as was evident during the collapse of SVB, and now FRB.

Interos’ resilience platform documents 3,000 direct (tier-1) business relationships for SVB and FRB. But it also shows almost 600,000 indirect (tier-2) connections. These are companies that don’t bank directly with SVB or FRB but have a supplier that does.

For example, suppose Acme Corp. banks with SVB and provides IT services to Bravo, Inc. A failure in SVB would potentially disrupt payroll for Acme Corp., which might limit the services that Acme can provide to Bravo.

Without visibility into its extended supply chain, Bravo would be unable to anticipate the ripple effects of this failure.

Once a firm at the center of a capital supply chain disruption has been identified, the Interos platform enables procurement professionals to identify which tier-1 and tier-2 suppliers rely on that firm for vital goods and services.

How Organizations Should Respond to Potential Bank Failures

To respond to a capital supply chain disruption and get ahead of future problems, procurement organizations should do the following:

  • Identify essential tier-1 and tier-2 suppliers that use regional banks.
  • Coordinate contingency plans with these suppliers to address liquidity crunch issues and concerns about inventory management in the event that their banking partners experience a credit pinch.
  • Review the recent credit history of capital suppliers (regional banks) to look for signals of distress such as increases in non-financial trades.
  • Monitor the financial situation of your own banking partner(s) for any declines in access to liquidity.

Network effects, high volatility, and liquidity crunch issues will continue to be a problem for regional banks – with PacWest just the latest example – in the near term.

Owing to their smaller and often more concentrated deposit bases, regional banks are more susceptible to supply chain disruption from capital flight.

Interos’ approach to this type of risk, as described here, integrates financial data with supply chain network data and news alerts to flag potential problems in advance and provide guidance on navigating the aftermath of a crisis.

Global Supply Chains Braced for Further Disruption Over French Pension Protests

By Klaudia Kokoszka and Geraint John

Companies doing business in France should expect further disruption to supply chain operations after the country’s Constitutional Council ruled today that controversial pension reforms could proceed into law.

The move by President Macron’s government to increase the state pension age from 62 to 64 has led to mass protests and strikes across France in recent weeks. The protestors include trade unions, political activists, and citizens opposed to the change.

Hundreds of thousands of people took part in demonstrations on Thursday, ahead of the council’s decision. One group of protestors stormed the headquarters of luxury goods giant LVMH in Paris.

The protests of the past month have impacted oil refineries, utilities, railways, and financial services firms, among others.

French Protests Are Spread Across the Country

France currently has one of the lowest retirement ages among developed economies. French people, on average, stop work four years earlier than in countries such as Germany, Spain, the U.K., and the U.S. Despite this, the proposed reforms have attracted strong opposition, some of it violent, in many parts of the country.

Interos analysis of data from the Armed Conflict Location & Event Data Project (ACLED) shows that protests have taken place in more than 450 different locations across France (see map). Numbers involved range from a few dozen people in small towns to tens of thousands in major cities such as Paris and Nice.

Examining the Supply Chain Impact of Protests

A map of France on which hundreds of recent protests are plotted.

Source: Interos Insights using data from Armed Conflict Location & Event Data Project (ACLED), 2023. Image Copyright: © OpenStreetMap,Data is available under the Open Database License. 

Almost five million businesses have operations in the areas affected, according to Interos’ data. The biggest impacts of labor demonstrations so far have been property damage, disrupted operations, and transport problems. Some of these have already had ripple effects along supply chains.

Strikes at oil refineries owned by Esso and TotalEnergies had a negative impact on global markets in March. 500,000 barrels of daily processing capacity – 0.5% of global oil consumption – are thought to have been affected.

Disruptions at a lesser scale have occurred at nuclear, thermal, and hydropower plants operated by firms such as Engie and EDF. These disruptions have reduced French power capacity by 15.6 gigawatts.

This week, the transit of goods flowing on the Rhine river was disrupted for the second time during the protest period. Workers cut power to the Kembs lock south of Strasbourg, France and near the German and Swiss borders. This has halted all river traffic through the area since Wednesday evening. The Rhine remains one of Europe’s busiest rivers and a disruption of this type could heavily impede cross-border trade.

To illustrate the scale of supply chains at risk, according to Interos insights, the affected firms mentioned in this article have at least 360 direct customers, 68 thousand second-tier customers, and 18 million third-tier customers. Even small changes in supply chains of this magnitude may cause notable ripple effects.

French Action Part of a Global Pattern of Unrest

The events in France are part of a growing trend of labor strikes, public protests, and general civil unrest across Europe and around the world this year.

In Germany, protests and strikes have taken place in nearly 70 different locations since mid-March. They have been primarily concentrated in the airline, rail, postal, and public education sectors.

Industrial action has also taken place in the U.K. in these and other sectors such as healthcare in recent weeks. There workers are demanding substantial pay increases to counter high inflation and the cost-of-living crisis.

Italian trade unions, meanwhile, have organized a national rail strike today against what they see as worsening working conditions and insufficient pay.

In Israel, thousands of people continue to protest against judicial reforms initiated by the Netanyahu government. Political grievances have also been motivators for protests in Nigeria and Peru in recent months. These have created a moderate risk to global trade in commodities, particularly petroleum and precious metals.

How Organizations Should Respond to Supply Chains Disrupted by Protests

Procurement leaders and organizations with supply chain operations in France and other affected regions should:

  • Ensure they have visibility of both critical direct (tier-1) suppliers and indirect (tier 2, 3+) suppliers that could be impacted by strikes and civil unrest.
  • Keep communication lines open with key supply partners in order to get early notification of any disruptive events.
  • Review alternative sources of essential materials, parts, products, and services from suppliers in other geographic areas.
  • Monitor geopolitical events and risks in France and other strike-affected countries especially closely over the next few weeks.

With inflationary pressures stemming from Russia’s war in Ukraine and other sources continuing to be felt in many economies, it is possible that civil unrest could spread further across Europe in the near term. Organizations therefore need to be ready to respond quickly to additional disruption along their extended supply chains.

More ‘Critical’ Firms Face Tougher Cyber Laws

By Geraint John

Companies in critical industries on both sides of the Atlantic face more stringent cybersecurity regulations as governments seek to boost national security and operational resilience.

New laws passed in the U.S. and Europe call for rapid reporting of significant cyber attacks and ransom payments, improved cyber risk management practices, a greater focus on supply chain partners such as IT and cloud services providers, and stronger collaboration between the public and private sectors.

Crucially, the legislation also extends the range of firms covered from those operating core infrastructure. That includes everything from water and transport to services such as banking, telecommunications, and healthcare, along with manufacturers of food, chemicals, pharmaceuticals, medical devices, and other “essential” products.

White House and SEC Work to Improve U.S. Critical Infrastructure Cybersecurity

In the U.S., the Biden Administration published its National Cybersecurity Strategy at the beginning of March. The first of its five pillars is titled “Defend Critical Infrastructure.” The strategy is aimed at both federal agencies and private-sector companies.

The strategy document argues that “the lack of mandatory requirements has resulted in inadequate and inconsistent outcomes.”

As well as targeting critical infrastructure providers, it also pledges to “drive better cybersecurity practices in the cloud computing industry and for other essential third-party services” that these organizations depend on.

In March 2022, President Biden signed into law the Cyber Incident Reporting for Critical Infrastructure Act, which requires companies to report certain types of cyber attacks to the Cybersecurity and Infrastructure Security Agency (CISA) within 72 hours and ransom payments within 24 hours.

CISA is currently working on implementing the reporting requirements, which must take effect by September 2025 at the latest.

Separately, the Securities and Exchange Commission (SEC) is expected to finalize its Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure rules in April. These will require public companies to report “material” incidents within four business days. They must also provide updates on previous cyber attacks.

European Union Upgrades its Main Cybersecurity Directive

In Europe, the new Network and Information Security (NIS2) directive came into force on January 16th. It replaces the first-iteration NIS law, which has been operating since 2018. NIS2 is designed to strengthen security requirements, reporting obligations, and supply chain cybersecurity.

NIS2 also provides for stricter enforcement, with administrative fines of up to €10 million or 2% of global revenue for non-compliance.

Like the U.S. legislation, NIS2 expands its scope to a broader range of “critical sectors and services,” including information and communications technology (ICT) providers.

The new directive joins a raft of other new European Union laws, including the Digital Operational Resilience Act (DORA) for financial services and the Critical Entities Resilience (CER) Directive, which addresses physical security and terrorism, as well as cybersecurity.

E.U. member states have until October 17th 2024 to transpose NIS2’s measures into national law.

A European Parliament briefing document on NIS2 argues that companies need to invest more in cybersecurity. It cites study data suggesting that E.U. organizations spend on average 41% less on cybersecurity than their U.S. counterparts.

Interos Analysis: Cyber Risk Status in Energy and Healthcare Firms

To assess the impact of this spending gap, and to identify where cybersecurity practices are most in need of improvement, Interos conducted an analysis of cyber risk scores for the top 10 U.S. and European (E.U. plus U.K.) electric utilities, energy, and healthcare (pharmaceutical manufacturing) companies using our newly enhanced cyber risk model.

This analysis found that:

  • Overall company cyber risk scores – calculated from 20 subfactors and 91 attributes at both a firm and country level – vary widely. They go from a low of 59/100 — in the case of a European oil company — to a high of 82/100 for a European renewable electricity generator. The median score of 66 equates to only a “medium” level of cybersecurity protection.
  • At the firm level, U.S. and European companies are on a par, with both having a median score of 62/100. U.S. electric utility and energy companies score four points higher on average than their European counterparts, while in healthcare (pharma) the reverse is true. Again, all scores indicate medium levels of risk, which suggests plenty of room for improvement in cybersecurity practices.
  • The weakest areas of firm-level cybersecurity are in software-as-a-service bill of materials (SaaSBOM) vulnerabilities (average score 35/100), advanced persistent threat (APT) group activities (43/100), and compliance with public cybersecurity standards and frameworks (47/100) – a key element in the new legislation. There is also a big variation of scores between companies in web application security, web encryption, network filtering, e-mail security, and software patching.
  • At the country level, European firms score two points higher on average than those in the U.S. (82/100 against 80/100, indicating low cyber risk). The U.S. is rated significantly higher for its digital infrastructure (92 vs 65), and somewhat higher for cyber governance, resilience, and international collaboration. European countries score 20 points better on average on the risk of data access and manipulation in their business environment and as a geographic target for cyber attacks.

Transparency and Collaboration Vital to Manage Critical Infrastructure Cybersecurity

Cyber risk scores for critical infrastructure firms and their key suppliers, together with the new American and European legislation, are set to bring a new level of openness to cybersecurity.

Last week, during a webinar hosted by Interos, data partners BitSight and Equifax welcomed this development.

Commenting on the new SEC rules, Derek Vadala, chief risk officer of BitSight and a former chief information security officer at Moody’s, said the rules would bring much-needed transparency and culture change to the industry.

While it will take time for companies to understand what the new rules require, those companies that are more open about how they manage cyber risks today – for example, by publishing annual reports – are in a better position than those that do the bare minimum, Vadala argued.

The credit reference agency Equifax is also following this approach. It has published a cyber strategy and roadmap report for the past three years. According to Zach Tisher, its vice president of security risk, strategy and communications, “Security should not be a trade secret.”

As well as more open disclosure, Tisher argued that:

  • Employers need to bake cybersecurity into employees’ compensation plans to incentivize and reward good behavior.
  • Training must move away from the one-hour annual compliance session and be tailored better to staff needs.
  • Point-in-time questionnaires sent to suppliers and third parties aren’t sufficient; instead, real-time monitoring of cybersecurity controls is necessary.
  • Better collaboration with partners and vendors is vital to manage growing supply chain threats and requirements.

Third-party risk management has been the biggest trend in cybersecurity during the past couple of years, Tisher noted. “Supply chain is a top threat vector and it’s increasing all the time.”

This means that companies need to focus their cyber risk management efforts as far upstream as their sixth parties (tier-4 suppliers), he added.

Modeling Supply Chain Cyber Risk in a Disrupted World

By Andrea Little Limbago

On March 2, the Biden Administration announced a new National Cybersecurity Strategy. The need for a strategic change should not come as a surprise — Interos’ 2022 Resilience survey of 1,500 procurement and cybersecurity leaders revealed supply chain disruptions from cyber incidents alone cost enterprises $37M annually. Estimates of the global annual cost of cybercrime exceed ten trillion dollars.

Interos is closely monitoring the rising costs of cyber disruption and the continuously changing state of play, among other factors. We’ve refined and updated our cyber risk factor, one of the six factors within the Interos i-ScoreTM, in light of these and other trends shaping cybersecurity. The enhancements include a new cyber behavior model to detect potentially harmful cyber activity regardless of public disclosure, along with combining commercial cyber ratings, vulnerability information (CVEs), threat assessment (Mitre ATT&CK®), cyber events, regulatory compliance, and operating country regulations and risks into a single score.

You can read about those details in our press release. This blog will focus on those strategic factors driving these changes and the challenges in developing a solution that delivers cybersecurity insights to non-experts, all within the backdrop of the generational shift underway in the international system.

Trends Driving The Need for Change in Cyber Risk Modeling

To address the growth in scope and scale of cyberattacks (and their ripple effect across the supply chain) the Biden administration’s new National Cybersecurity Strategy is putting more responsibility on vendors and service providers. This is part of a larger trend prompting organizations to prioritize long-term collective investment in cyber resilience – and is reflective of Interos’ collective resilience approach to cyber.

Cyber leaders are also increasingly acknowledging the human element and assessing those risks through a socio-technical lens. This has led to both a focus on user interactions as well as the growth in new compliance frameworks and regulations. That’s why the enhanced Interos cyber risk factor accounts for compliance with CSF V1.1, NIST SP 800-53, PCI DSS V3.2.1, and other standards, as well as the global expansion of data privacy and cybersecurity regulations.

To that end, an organization’s geographic location plays a crucial role in both compliance and data risk levels. This variation stems from differing levels of data sovereignty which depend on the localized cyber and privacy environment. Risks surrounding the concentration of the physical infrastructure underpinning the internet also pose a significant challenge, as seen in the case of Russia’s cyberattack on ViaSat’s services in Ukraine or the disconnection of undersea cables which happened in Scotland and France.

The adoption of collective resilience (creating shared supply chain and operational strength) is accompanying our broader understanding of the range of cyber risks, which is why collaboration is prioritized in national and international cyber strategies. As Alejandro Mayorkas, the Secretary of Homeland Security, noted, “We have to drive the entire ecosystem to be more cyber vigilant.”

Developing Interos’ Enhanced Cyber Risk Model

Tackling Key Challenges in the Cybersecurity Landscape

Development of this new model address two core challenges:

  1. Aggregating Data into Intuitive Formats: The difficulty of integrating disparate data sets in a timely manner and presenting them in an intuitive, explorable format. We recognize that many cybersecurity tools are designed for information security professionals, making them inaccessible to others involved in risk management.
  2. Understanding Behavior: The importance of understanding both threat actors’ and defenders’ behaviors and integrating that knowledge to identify the most relevant risks.

Cyber has an interesting data problem in that there is a data deluge and a data desert at the same time – meaning there is so much data, but it’s not always the relevant data. The Interos model addresses the above challenges by focusing on integrating and presenting the range of these trends (over individual data points) to capture the core areas of vulnerabilities, threats, compliance, and adverse cyber events. Through this holistic approach we can provide a comprehensive view of cybersecurity risks across the entire supply chain ecosystem, from vendors and service providers to critical infrastructure and sensitive data.

We also utilized the extensive community work and expertise from federal organizations like NIST CVE and MITRE’s ATT&CK framework while accounting for both opportunistic and targeted threats by identifying industries/groups most susceptible to targeting, and vulnerabilities most likely to be exploited. Our approach also focused on quantifying data risks across locations by merging different data types to capture the diverse data sovereignty and global risk environments — a project we presented at Black Hat cybersecurity conference a few years ago.

Implications and Value: Uncovering Hidden Cyber Risks and Enabling Proactive Measures

The implications of this new model are vast. It highlights areas of risk that often are not brought together, allowing users to take action to decrease cyber risk. This may include reaching out to critical suppliers that may be at risk and coordinating a plan to elevate their defensive posture, or identifying those key parts of their supply chain located in areas where the data may be more at risk due to an adverse regulatory environment.

The Interos model surfaces a range of cyber risks, while contextualizing those risks within a broader supply chain risk framework. For instance, users can identify who might be at high cyber risk as well as high financial risk, since these suppliers may not have the resources to grow their defensive posture or could be extremely vulnerable to insolvency if attacked given the cost of breaches.

Personal Observations: Expanding Access to Cyber Risk and Addressing Global Challenges

Two particular aspects of this project are especially important to me, in terms of their ability to address broader systemic challenges across the industry that have significant implications for the future:

  • Addressing the cyber industry’s gatekeeper problem, which restricts risk assessment access to those with information security technical expertise. Interos’ updated model marks a significant stride towards broadening access to cyber risk assessment outside of an enterprise’s Security Operations Center.
  • Further integrating supply chain risk and cyber risk, particularly in the context of a re-globalized world economy, technological bifurcation, and the geopolitical fracturing of the internet. This integration is essential for fostering cyber vigilance and tackling the challenges presented by emerging technologies and global competition.

A modernized approach to cyber risk will be an essential tool for organizations exploring how to adapt to a changing global order whose shifts are being felt across supply chains, geopolitics, and technology development. Interos’ enhanced model for evaluating cybersecurity risk across supply chains signifies a significant step towards that goal.

By expanding access to meaningful cybersecurity information, through a multi-factor, supply chain-wide approach, we can enable organizations to proactively manage and mitigate risks on a far greater scale than ever before, bringing non-cyber experts into the decision room, and fostering resilience and success in this ever-evolving global landscape.

Western Firms at Risk of Indirectly Supplying the Russian War Machine

By Geraint John

North American and European companies have been urged to ensure that they are not inadvertently supporting Russia’s war effort in Ukraine by facilitating trade through third-party intermediaries.

A year on from its invasion, the U.S. government and the European Union (E.U.) are concerned that Russia is evading stringent sanctions and export controls by importing vital products through neighboring and “friendly” countries.

Earlier this month, the U.S. Departments of Commerce, Treasury, and Justice issued a joint compliance note asking multinational firms to “exercise heightened caution” and be “vigilant in their compliance efforts” to avoid items such as advanced semiconductors and other electronic components ending up in Russian hands.

The E.U., meanwhile, says it is investigating a surge in exports from European companies to customers in countries such as Armenia, Kazakhstan, and Kyrgyzstan, which have increased their trade with Russia since sanctions were introduced in March 2022. It is also reportedly planning to ask these countries to enhance their trade monitoring.

A new Interos white paper notes that the number of restrictions on Russian entities – around 2,500 currently active with more than 1,100 imposed in 2022 alone – are “unprecedented in their scale, scope, and breadth.”

Russia Import Restrictions Are Being Circumvented by “Friendly” Countries

Analysis of official trade data by three economists at the European Bank for Reconstruction and Development (EBRD) found “evidence suggestive of intermediated trade via neighboring economies being used to circumvent the sanctions.”

While E.U. and U.K. exports to Russia “dropped sharply” after the imposition of sanctions, exports to Armenia, Kazakhstan, and Kyrgyzstan (the CCA3) – part of the Eurasian Customs Union alongside Russia and Belarus – increased by between 15% and 90%.

Shipments to CCA3 countries covering almost 2,000 sanctioned products, including armaments, chemicals, dual-use technologies, and sensitive machinery, rose by an additional 30% relative to other goods, according to the EBRD. U.S. exports to Russia and the CCA3 followed a similar pattern last year, albeit at lower volumes.

At the same time, Armenia, Kyrgyzstan and Georgia all recorded “significant increases” in exports to Russia (see chart). This, says the EBRD paper, suggests that new supply chains have been set up to channel sanctioned products to Russia from these countries, “not necessarily with the knowledge of the Western exporter.”

But direct sales to Russia also remain a concern. This week, PBS News accused a major American machine-tool manufacturer of flouting export controls by supplying a Russian distributor with vital spare parts, which could be used for military purposes, for months after those controls were imposed last year.

Exports to Russia From Armenia, Kyrgyzstan, and Georgia – January 2020-August 2022

Separate analysis by the Silverado Policy Accelerator, a U.S. non-profit organization, published in January argued that former Soviet states “have become key transshipment points for goods that are ultimately sent to Russia.”

It also noted that Russia had significantly increased its imports from non-sanctioning countries such as China and Turkey. These included semiconductors (see chart), machinery, and heavy trucks, as well as consumer goods such as smartphones and domestic appliances.

Exports of Integrated Circuits to Russia From China and Hong Kong – January-November 2022

In recent months, U.S. officials have called on China, Turkey, South Africa, and the United Arab Emirates ( UAE), among other countries, not to help Russia evade its sanctions.

Together with their E.U. and U.K. counterparts they are also reported to have visited the UAE to express concern that it is becoming a key shipment hub for electronic components and other sensitive products being re-exported to Russia.

The E.U. recently imposed sanctions on a Dubai-based subsidiary of the Russian state-owned shipping company Sovcomflot, a key player in supporting the country’s energy revenues, as part of a new package of measures.

Russian Interests and Indirect Business Relationships

Russian ownership of foreign entities is one potential type of supply conduit of sanctioned goods into the country.

Interos’ global relationship platform highlights 166 entities based in the UAE that are wholly or partially owned by Russian interests.

Similar numbers are located in both Armenia and Hong Kong, according to the data, although these are dwarfed by the thousands of entities registered in European countries such as the Czech Republic, U.K., Germany, Latvia, Bulgaria, and Italy.

Another source of supply is links between Western firms and intermediaries in countries accused of supplying Russia’s war effort. Our analysis here reveals:

  • Almost 700 relationships between Russian end customers and 170-plus distinct suppliers in China, Turkey, India, Uzbekistan, and other Central Asian countries.
  • More than 8,100 relationships between these suppliers and over 1,750 distinct Western firms in the U.S., Canada, E.U., and U.K.

What this shows is that the global network to support deliberate or inadvertent illicit trade with Russia – so-called “supply chain washing” – is extensive and the risks of breaching sanctions and export controls are high.

“Red Flags” to Watch Out For

In their “tri-seal compliance note” published on 2 March, the U.S. Department of Commerce (DOC), Department of the Treasury and Department of Justice (DOJ) urged companies to be on the lookout for “warning signs of potential sanctions or export violations.”

It listed 13 common “red flags” to watch for, including:

  • The use of shell companies to obscure ownership, origin, and funding sources
  • A reluctance by customers to share information on product end-use
  • Last-minute changes to shipping instructions
  • The use of residential addresses and personal e-mail accounts
  • Transactions with entities that have little or no web presence
  • Routing of products through transshipment points in China, Turkey, Armenia, and other countries that have boosted trade with Russia.

The note emphasizes that the DOJ “has pursued criminal charges against those who it alleges are using front companies and intermediate transshipment points to evade Russia-related U.S. sanctions and export controls”.

Separately, the DOC’s Bureau of Industry and Security has published a compendium of its investigations into sanctions busting in several countries, including Russia, to illustrate the legal and financial penalties that can result from non-compliance.

A group of E.U. countries, including France and Germany, has also recently been pushing for tougher action against companies found to be circumventing sanctions and aiding Russia’s war effort.

A Call to Action to Uphold Russia Import Restrictions

In the light of these warnings and developments, procurement, supply chain, and business leaders at Western companies should:

  • Screen both existing and new customers using the latest U.S., E.U. and other restrictions lists – information that is updated regularly on Interos’ Resilience platform.
  • Understand the direct and indirect relationships their organizations have with firms in high-risk intermediary countries for sensitive and sanctioned products.
  • Ensure that their due diligence and risk management programs empower staff to report any concerns and potential breaches of sanctions rules in a timely manner.

Although Russia has clearly been able to obtain many products from alternative sources in the year since Western sanctions were massively stepped up, there is little doubt it is paying a high price (literally) for Vladimir Putin’s actions.

Stories about microchips being removed from washing machines and other consumer products to supply its military machine suggest that its ability to weather the ever-growing list of restrictions has been limited so far.

However, as the war drags on further into its second year, alternate supply chains may begin to pick up more of the slack – hence the current focus and call to action by U.S. and European governments directed at companies around the world.

Nigeria Crisis Raises Supply Chain Disruption Risk for Western Companies

By Nicolas de Zamaróczy

Hundreds of thousands of American and European companies that rely on imported products from Nigeria’s supply chain face a heightened risk of disruption as a result of the protracted political and economic crisis gripping the country.

A presidential election held on February 25th proved contentious, with widespread irregularities in voting and significant violence. The national election commission declared on March 1st ruling party candidate Bola Tinubu as the winner with 36.6% of the votes cast. However, opposition parties have thus far refused to accept the results and called for a redo, pointing to the fact that many polling places opened late on election day. Meanwhile, the country has been reeling for months from a botched currency reform which has completely paralyzed Nigeria’s cash-dependent informal economy.

Supply Chain Management in Nigeria: Western Oil and Agricultural Firms at Risk

Many foreign companies are at risk of having their imports from Nigeria disrupted. Nigeria’s main export is petroleum, with crude oil, petroleum gas, and refined oil collectively accounting for around 86% of exports by value. However, the country’s cash cow has suffered greatly in recent years with production down to nearly half of its level in 2020.

Nigeria LNG—a natural gas joint venture between the Nigerian state and energy majors Shell, Total, and Eni—has been unable to fulfill export orders for its European customers in recent months. Nigeria’s main other exports are agricultural goods (most notably, cacao beans) and small maritime craft, both of which are at significant risk from the economic turmoil in the country.

Global relationship data in the Interos platform indicates that:

  • Roughly 700 American and 400 European companies have at least one Tier 1 (T1) supplier based in Nigeria.
  • More than 127,244 American companies have an affected Nigerian company indirectly in their supply chains at Tier 2 (T2), with almost 300,000 at Tier 3 (T3).
  • More than 236,000 E.U. and British companies have an affected Nigerian supplier at T2, with over 510,000 at T3.

As has been the case during the last three election cycles (see chart below), Nigeria’s exports to the US had been dropping in the leadup to the election, with the volatile on-the-ground situation complicating normal operations and logistics. (The one-time surge in Nigerian exports to the US in early 2022 was due to re-routing petroleum from other destinations following the breakout of the war in Ukraine.) The lack of clarity in the presidential election suggests that low exports will continue for the foreseeable future.

Nigeria's Exports to the United States (2007-2023)

Interos analysis of Panjiva data. Vertical red lines indicate prior election periods.

Nigeria’s Supply Chain Election-Related Disruptions Likely to Persist into Mid-March

Nigeria voted in a tight three-way presidential election on February 25th amidst an atmosphere of intimidation and election-related violence.

ACLED, an NGO which tracks political violence, has counted at least 193 incidents of election-related violent activity since January 1st, 2022 (see map). Human rights observers have issued warnings that Nigeria has not implemented any structural reforms since 2019, when several hundred people died during the last presidential election. These warnings have taken on new urgency following the assassination of a prominent Senate candidate on February 22nd.

Locations of Election-Related Violence in Nigeria (Jan. 2022 through Feb. 2023)

A map highlighting violent events in Nigeria.

Source: ACLED’s Nigeria Election Violence Tracker. Latest data available is February 17. The size of the circle indicates the number of violent events at that location, the color of the circle indicates the specific form of violence, e.g. orange = “violence against civilians” (Image Copyright: © Mapbox© OpenStreetMap and Improve this map).

Given that state elections will not conclude until March 11th, high levels of violence and uncertainty are likely to persist through mid-March, with a consequent impact on economic activity.

“Cash Crisis” Complicates Supply Chain Management in Nigeria

As if the political chaos were not enough, Nigeria is also suffering from the aftermath of a poorly implemented currency reform. When the Nigerian central bank announced the reform in October 2022, the hope was to combat corruption by redesigning the currency bills most used by criminal organizations. But an overly aggressive window for citizens to redeem their old banknotes combined with an extremely short supply of the new banknotes has left the entire Nigerian economy effectively without cash for several months. This has pummeled the Nigerian informal sector, which according to the IMF accounts for over 50% of GDP and over 80% of employment.

Nigerian Exports Likely to Stay Low in the Short Term

American and European firms with Nigerian suppliers in their extended supply chains should stay wary. Interos recommends taking the following actions to promote supply chain resilience:

  • Communicate frequently with key Nigerian suppliers (or suppliers you know to be reliant on Nigeria) to determine the production impacts of the election and cash crisis.
  • Identify which tier-2 and tier-3 Nigerian suppliers are critical to your direct suppliers.
  • Ascertain whether suppliers in Nigeria are prepared for the extended elections period and the likely disruptions it will entail.

Organizations looking to understand where the next big supply chain shock is coming from — and which suppliers they need to engage with to mitigate the impact — should consider investing in supply chain visibility and operational resilience solutions. In times of turmoil, knowing who you are connected to, and how those parties will be impacted by unfolding events, can make the difference between continuity of operations and disaster.