5 Supply Chain Predictions for 2025 Report – Download NOW!

Filter by Categories
Interview
News
Filter by Tags
survey
Filter by Resources Categories
Report
White Papers

Category: Regulations & Compliance

Ghosts in the Energy Supply Chain

Posted on by Lexi Sydow

Authors: Dr. Andrea Little-Limbago, SVP, Applied AI and Mackenzie Clark, Lead Computational Social Scientist

The 90-day tariff détente between the US and China is not the only macro-trend upending global supply chains recently. US officials claim communication equipment and cellular radios not listed in product documentation were found within batteries and solar equipment.  

These inserted components can pose a security risk to critical infrastructure, potentially leading to power blackouts, destabilization, or other damage to the energy infrastructure. 

The revelation of technology supply chain tampering in Chinese-made devices is the latest indication of the growing risk of technology supply chain manipulation. As Chinese President Xi Jinping asserted, “The scientific and technological revolution and the great power game are intertwined.”  

With hyperspecialized and complex technology supply chains at the center of both the global economy and great power geopolitical competition, this is the latest indication that trusted supply chain networks are more critical than ever before. 

Shifting Norms around Supply Chain Security 

In 2018, Bloomberg reported evidence of Chinese tampering of servers that enabled access to data on computer networks. US-based Supermicro was the focus of the investigation, with potential manipulation of their products via supply chain infiltration. The devices were manufactured in Guangzhou, China, where the tampered hardware was found. In sum, approximately 30 US companies were potentially compromised, including major tech giants. No US company nor the government has corroborated this account, but Bloomberg has since produced numerous reports and remains steadfast in their authenticity. 

Regardless of whether this ‘Spy-Chip Gate’ occurred or not, it is indicative of the growing risk of technology supply chain manipulation through one of the many insertion points along the supply chain.  

A new era in these risks emerged last fall with the pager attacks targeting Hezbollah. Explosives planted in pagers and walkie talkies killed dozens and injured thousands, representing an inflection point in lethality and shifting norms around supply chain security.  

While the front companies and tampering were not new, the extensive lethality and complexity of the operation was. As noted cybersecurity expert Bruce Schneier wrote, these attacks have changed the world forever. Supply chain resilience and trusted networks are crucial, especially in technology supply chains that are targeted for geopolitical objectives. 

Emerging Technology Infiltration & Propagation Effects 

Section 154 of the 2024 National Defense Authorization Act (NDAA)  prohibits Department of Defense acquisition from specific Chinese battery manufacturing companies by 2027. These companies are front and center of this recent claim reported by Reuters. As interos.ai analysis highlights, these companies extend deep within utilities, automotive, and electronics industries.  

The companies referenced in the Reuters report align with those companies restricted under Section 154, and include:   

  • Contemporary Amperex Technology Company, Ltd.  
  • BYD Company, Ltd.  
  • Envision Energy, Ltd.  
  • EVE Energy Company, Limited  
  • Gotion High Tech Company, Limited  
  • Hithium Energy Storage Technology Company, Limited  

These six companies alone directly supply almost 1000 companies, over half of which are in the United States, followed by India, Mexico, Germany, and China. These direct customers include companies concentrated in the following five industries:   

  1. Vehicle Manufacturing  
  2. Electronic Component Manufacturing  
  3. Computers and Computer Peripherals Manufacturing and Sales  
  4. Automotive Dealers  
  5. Utilities  

Among these companies include major manufacturers and distributors of vehicles electronics, most of which have been observed as customers of at least one of the Section 154 suppliers at least once since the beginning of 2024 in interos.ai data.   

When expanding this analysis out to Tier 3, the impact of the restricted Section 154 companies becomes much more far-reaching.  

interos.ai Identifies Over 47 Million Buyer-Supplier Relationships as Vulnerabilities in Extended Supply Chain 

Across three tiers of supplier relationships, interos.ai data identified over 47 million supplier relationships with almost 3.2 million unique customers that could be exposed to the products supplied by these high-risk Chinese suppliers. 

Again, these customers are primarily concentrated in the United States, but companies across the globe are also at risk of exposure:  

  1. United States (35% of Tier 1-Tier 3 customers)  
  2. United Kingdom (7%)  
  3. India (6%)  
  4. France (4%)  
  5. China (3%)  

These Tier 1-Tier 3 customers include companies concentrated in a variety of industries: 

  1. Consumer Goods  
  2. Business Management and Legal Services  
  3. Software and IT Services  
  4. Architectural, Engineering, and Design Services  
  5. Building and Civil Engineering Construction   

Trusted Networks and Minimizing Supply Chain Risk 

As noted, these companies are already on NDAA Section 154 due to the security risk within such significant emerging technology produced in China. While this Section 154 targets companies partnering with the US government, as this latest incident highlights, all companies should heed these risks.  

With geopolitical competition at the heart of the technological revolution, ‘know your supplier’ is more important than ever, but so too is knowing their extended supply chain.  

From the software and hardware bill of materials to ongoing regulations and restrictions regarding risky technologies, there is both the regulatory and the security momentum pushing organizations toward trusted networks. From drones to 5G, strategic decoupling and derisking of technology supply chains has been ongoing for years. Solar inverters may have not been immune to this decoupling. In 2019, the US banned solar inverters from Huawei, while Europe recently explored a ban on Chinese inverters due to perceived security risks. Of course, with Chinese solar companies’ enormous grip on the market, decoupling is easier said than done. 

Nevertheless, global technological bifurcation is already well underway; if anything, the insertion of rogue devices found in Chinese batteries and solar inverters will only accelerate it. As corporate and government technology stacks restructure to gain greater security, supply chain visibility and trusted networks must be front and center of these strategies. 

interos.ai continues to track the growing list of restricted companies – ranging from emerging tech companies to those linked to unethical labor – and helps our customers quickly identify these risks in the extended supply chain.  

As these emerging technologies continue to permeate all aspects of society, it does not come without risks. Given the scope of risks, they are simply too complex and unwieldy to manage alone. Trusted networks have always been an important part of supply chain security. In this new era, they are indispensable. 

How secure is your supply chain?

The End of Globalization…Again? Creative Destruction and the Global Order

Posted on by Andrea Little Limbago

Author: Dr. Andrea Little Limbago, SVP, Applied AI  

The April 2nd tariffs are the latest culprit blamed for the death of the interdependent economic system that began following World War II.  

Much has been written about the immediate impact of these tariffs but there has been much less attention on how these tariffs fit into the broader, macro-trends reshaping the global economy.  

The immediate ‘fog of uncertainty’ disrupting financial markets and supply chains is part of a deeper restructuring that is underway, one which is driven by a generational technological revolution, and the resulting geopolitical competition shaping this new order.  

How We Got Here 

Following World War II, global leaders gathered in Bretton Woods, New Hampshire and created three global institutions to shape the world order: the International Monetary Fund, the World Bank, and the General Agreement on Tariffs and Trade (which evolved into the World Trade Organization).  

The goal was to create an interdependent economic system to promote post-war recovery and international cooperation. As a result, global trade in 2023 was 134 times greater than in the early 1960s, and has shaped what many call the modern era of globalization. 

Since then, there have been persistent rumors of the death of globalization. In the early 1970s, President Richard Nixon ended the Bretton Woods monetary regime and its fixed exchange rate system. 

 While it ended one system, many believe this ushered in the current era of globalization.  

In the late 1980s and early 1990s, the end of the Cold War opened up new markets that were cut off from decades of global trade, leading some to argue this is when globalization truly went global.  

At that same time, the rise of preferential trade agreements (PTAs), such as NAFTA and the EU, sparked concern over the demise of free trade. The 2008 financial crisis, 2018 US-China trade war, and 2020 global pandemic additionally instigated claims of the death of globalization. While extremely different circumstances and rationale, at the macro-level, these conversations are mirror those today on the impact of President Trump’s tariffs.  

In short, globalization has experienced a series of disruptions, expansions, and restructuring over the decades. What arguably makes this time different is the digital and technological revolution, and the tariffs more so reflecting one of many realpolitik-focused responses to today’s geo-strategic realities. 

A New Era of Creative Destruction 

In the late 1930s and 1940s, Joseph Schumpeter coined the term ‘creative destruction’ to refer to the evolutionary nature of capitalism, wherein technological advances make obsolete previous products and processes, leading to significant reallocation and labor market disruptions. He experienced real-world examples of technological disruptions, perhaps most notably Ford’s assembly line as well as the military revolution during World Wars I and II.  

Earlier this year, the World Economic Forum argued that today’s ongoing technology convergence is paving the way for the Fifth Industrial Revolution. At the same time, the WEF noted that the technological revolution requires a reskilling revolution, with 22% of today’s jobs already changing due to AI and big data, while at least 60% will require upskilling in the coming years. 

 This is on par with the job destruction detailed by Schumpeter almost a century ago and may even understate the foundational shift underway thanks to great power politics. As Chinese President Xi Jinping  noted at the National Science and Technology Awards Conference 2024, “The scientific and technological revolution and the great power game are intertwined.” 

Today, the tariff debate is nestled within the broader context of global decoupling along geopolitical fault lines.  

Last year, an IMF study highlighted the shift toward ally-shoring or friendshoring – reorienting supply chains toward allied partners. While nearshoring has garnered more attention, they note that trade distances have grown due to a prioritized focus on like-minded, allied countries. A similar study noted a 7% decline in trade between non-allied countries. Together, the forces of creative destruction and geopolitical competition are creating unchartered territory. 

For decades, just-in-time, lowest cost, hyperspecialized supply chains drove globalization with minimal thought to geopolitics.  Today, geopolitics is playing an outsized role in reshaping the global economy, with recent tariffs simply one of many factors indicative of this transformation. In the United States, the CHIPS Act and Inflation Reduction Act preceded President Trump, and prioritized domestic manufacturing.  

In addition, well before President Trump’s ‘Liberation Day’, China initiated the Made in China 2025 policy, aimed at decreasing reliance on foreign goods and manufacturers. Over the last decade, export controls and industrial policy have further promoted trusted technology networks, sparking a supply chain bifurcation of technologies from drones to 5G to AI.  

Just like the elevation of tariffs, the DeepSeek moment likely will accelerate this decoupling and spark additional AI-focused export controls or bans aimed to promote national technology champions. 

 Tariffs & Global Transformation 

The global economy continues to evolve, with this current era a significant inflection point driven by creative destruction, and the competition to ‘win’ the digital revolution. The tariffs – regardless of the eventual scale and scope– are a symptom of the ongoing global transformation, at times referred to as glocalization. Governments race to adapt to creative destruction and the wave of uncertainty as new policies, regulations, and realpolitik upend existing processes and norms. 

While reciprocal tariffs could be an equalizer, placing US tariffs on par with higher tariffs imposed on US goods, concern grows that they could lead to subsequent beggar-thy-neighbor trade policies that have historically hurt all involved.  

Regardless, they are in opposition to global free trade and tightly entangled with geopolitics (on allies and adversaries alike), leading to a range of knock-on effects. For instance, Kentucky Senator Rand Paul recently referenced years of literature on the pacifying effects of free trade on global conflict, noting, “The more we trade…the less we fight.” Significant academic literature has been devoted to the pacifying effects of free trade.  

In many ways, tariffs are a symptom of the broader global transformation underway. It is essential to assess their immediate impact, but companies seeking greater resilience must view them in the context of a broader transformation to the global economy.  

This transformation is fueled by the technological revolution, and the geopolitical race to establish the governance and institutional structures guiding it.  

We are in the beginning phases of creative destruction, one that is upending all forms of market risk and stability, with tariffs the latest disruption, but certainly not the last transforming the international order. 

To stay ahead of sanctions, tariffs and trade shocks head to our latest launch:   

Introducing Regulatory & Market Risk Insights

Posted on by interos.ai

Author: Mackenzie Clark, Lead Computational Social Scientist

Persistent Market Turbulence and the interos.ai Solution

In February, interos.ai shared insights about the potential impact of the proposed 25% duty on all imports into the United States from Mexico and Canada. While this action was partially delayed in March, the end of the pause is rapidly approaching with an April 2nd  deadline for the enactment of these tariffs to the United States’ top trading partners.

While tariffs against Mexican and Canadian imports were delayed, others were still implemented. An additional 10% duty on imports from China was enacted, bringing the total duties levied against Chinese imports to 20%. China quickly retaliated with import tariffs of their own. Similarly, the US implemented a 25% duty on all steel and aluminum imports from any country, which officially took effect March 12th. In response, both Canada and the European Union announced new tariffs on key US exports.

Amid the whiplash being induced by an impending trade war, the ongoing drumbeat of export controls provides an additional regulatory risk that is reshaping global supply chains. Sanctions on companies continue to increase year-over-year. Export restrictions, such as those implemented by China that restrict the supply of key minerals to the US, are also a common tool in the arsenal of countries seeking to gain or retain their competitive advantage. Other regulations such as the EU Deforestation Regulation or those related to unethical labor practices—Section 1502 of the Dodd-Frank Act and Uyghur Forced Labor Protection Act—also require organizations to monitor and investigate potential regulatory exposures in their extended supply chain.

These rapid-fire developments in the global market highlight that there is no sign of slowing when it comes to new tariffs and the evolution of the regulatory risk landscape writ large. Now more than ever, organizations require a comprehensive monitoring solution that can rapidly alert them to changes that may impact their direct and extended supply chain.

Today, interos.ai is proud to announce the release of our Regulatory & Market Risk Insights. This solution is designed to surface additional context and key data points that enable proactive, strategic decision-making when navigating an increasingly turbulent, complex global market. Organizations can leverage these insights and identify which suppliers are exposed to tariffs, whether they are exporting high-risk products, or if they are situated in a country or industry with greater regulatory risk posture.

Steel and Aluminum  Under Fire

For instance, on March 12th, US steel and aluminum tariffs went into effect, leaving no country untouched from these across-the-board tariffs. Analysis from interos.ai shows that the 25% import tariff on steel and aluminum goods may have an expansive impact to companies in the United States, with over 400,000 companies purchasing some form of steel or aluminum product. Among these companies, the most exposed industries include Architectural, Engineering, and Design Services, Consumer Goods, Industrial Equipment Manufacturing and Sales, and Building and Civil Engineering Construction. However, it seems that no industry will remain entirely untouched by this action.

Using our Regulatory & Market Risk Insights, organizations can easily identify companies that may be exposed to limited supply or increased costs because of newly announced tariffs:

Reulatory and Market Insights
Using interos.ai’s new Regulatory & Market Risk Insights companies can navigate the daily changes to regulatory policy, including exposure to trade was and tariffs.

Cars and Pharmaceuticals and Semiconductors, Oh My!

In anticipation of additional import tariffs, interos.ai also analyzed what the impact of President Trump’s recently announced tariffs on vehicles and vehicle parts and other proposed tariffs on pharmaceuticals, semiconductors, and lumber would look like for companies in the U.S. 

Much like the steel and aluminum import duties, the impact of the proposed 25% duty on these products and commodities would be expansive:

Again, by leveraging interos.ai’s Regulatory & Market Risk Insights, organizations can easily identify companies that may be exposed to these proposed tariffs:

Table view of suppliers at risk of tariffs

Beyond Tariffs

While tariffs and trade wars are a hot topic, companies around the world are still responsible for navigating other aspects of the regulatory landscape.

Over the past several months, interos.ai has highlighted the impact of regulations, sanctions, and industry trends that have the potential to shake up supply chains. This has included coverage and impact analyses of the EU Deforestation Regulation, additions to the UFLPA Entity List, and industry-wide risks related to insecure artificial intelligence technologies.

With the release of our Regulatory & Market Risk Insights, the issues covered by these analyses will all be readily available for organizations to leverage in their risk management processes.

Assessing the Impact to Your Organization

It is unclear how much new trade barriers and regulations—and the resulting changes to costs and supply—will impact companies in the United States and around the world. Amid so much uncertainty in the supply chain, it is challenging to understand what the next best action is for companies and consumers alike.

From higher prices to operational disruptions to economic shocks, interos.ai is closely monitoring the situation and how it is impacting supply chains and the global economy, enabling companies to build resilience during a time of significant supply chain disruptions.

To learn more about Regulatory & Market Risk Insights reach out to an expert here.

 

Interim Final Rule on Artificial Intelligence Diffusion

Posted on by Andrea Little Limbago

Author: Dr. Andrea Little Limbago, SVP, Applied AI, interos.ai 

To kick off the New Year, Russian President Vladimir Putin ordered the Russian government and its major bank to coordinate AI development with China. This announcement followed a similar one a few weeks earlier wherein Russia highlighted collaboration among the BRICs (Brazil, Russia, India, and China) and South Africa for an AI alliance.  

These announcements, in turn, coincide with a steady drumbeat of AI-driven techno-alliances among the US and its allies, including those between the EU and US, within the QUAD, as well as adjacent policies such as the CHIPs Act and the US AI Executive Order.  

Yesterday’s Interim Final Rule on Artificial Intelligence Diffusion is the latest global policy aimed at technological diffusion within allies, which continues to deepen the growing technological bifurcation and upend global supply chains. In the race to implement AI, organizations must stay atop the global technospheres of influence, which will continue to reshape corporate technology stacks or else introduce new security and regulatory risks. 

Summary of Bifurcation 

The latest wave of AI-focused, technology alliances is a continuation of a pattern that has been going on for years. Technospheres of influence have emerged, wherein part of the world is building upon largely Chinese-created technology infrastructures, and other parts on those built by US and allies.  

The US-China trade war initially instigated the nascent splintering almost a decade ago and was followed by US and European export controls and sanctions targeting thousands of companies in China and Russia. China, in turn, has an Unreliable Entity List, which saw the most recent additions on January 2 with the announcement of the addition of ten US defense companies. 

These policies have accelerated, both with the increase of geopolitical tensions, but also due to the growing awareness of sanctions circumvention and the use of US-created technology by Russia against Ukraine.  

Both the EU and US have specifically targeted distinct rounds of sanctions with anti-sanctions circumvention goals. The result, so far, has been a widening of geographic divisions of technology stacks dependent on geographic location and geopolitical alliances. 

Potential Impact 

This latest Interim Rule targets foundational AI technologies, including automatic data processing machines, electronic integrated circuits, semiconductors, and calculating machines. The Interim Rule specifically encourages the exchange and research collaboration in these product areas with 18 allies, while restricting their access to ‘non-trusted actors’, a consistent thread among the series of other US AI-related policies over recent years. 

Interos.ai identified over 27,000 companies in the US who export these four very specific product categories. These companies, in turn, have global footprints across non-trusted countries and allies alike, as detailed in the table below. Over 20% of companies buying directly from these US companies are in Mexico, followed by India, Great Britain, Colombia, and Canada.  

China is among the top 12 direct customers producing one of these products: automatic data processing machines, electronic integrated circuits, semiconductors, and calculating machines. Under the Interim Rule it is assumed that these products could be used in AI technologies.  

As you see in the table above, there are thousands of companies who purchase the four product areas listed above. Over 650 of these are in countries of concern, such as China, Russia, and Iran, which exceeds one thousand when looking into the third tier. Meanwhile, almost 4,000 companies are among the 18 allied countries listed in the Interim Rule, and over 3,700 tier 3 companies.  

This highlights both the risks and opportunities for companies in complying with the Interim Rule, wherein sizable mats already exist for expansion among like-minded democracies. At the same time, this also illustrates the increasing challenge of doing business in at-risk or adversarial countries.  

While these numbers focus on very small, niche product categories, they often are components of much bigger and broader product technology ecosystems.  

To that end, when looking at the US tech industry writ large, interos.ai data reveals almost 575,000 companies globally that are directly supplied by a company in the US tech industry. The biggest direct importers from the US technology industry are concentrated in the United Kingdom, India, Australia, Canada, and Mexico.  

US AI Policy in Transition 

As we noted last Fall, AI governance is critical for shaping the global rules of the road when it comes to AI development, deployment, safety, and security. The EU released the first comprehensive AI policy last year, while the Executive Order and Blueprint for the AI Bill of Rights are the most comprehensive frameworks from the US, but lack the regulatory teeth. 

 In addition, as often occurs with leadership transitions, there is uncertainty surrounding how the next administration will approach AI. The AI Executive Order is expected to encounter additional scrutiny, with potentially getting repealed based on comments made by the incoming Trump administration. However, based on an AI executive order late in 2020, there are likely areas of continuity as well, indicating that AI policy will remain a moving target. 

Geopolitical Tensions will be Central to the Shifting AI Regulatory Landscape in 2025 

Given the fast pace and broad impact of AI, the only certainty around the global AI regulatory landscape is that there will continue to be shifts and changes, with geopolitical considerations central to these changes. While the new Interim Rule is the latest example of AI-driven governance updates, it will not be the last.   

The geopolitical landscape will continue to drive technological bifurcation, creating distinct technospheres of influence among the US and allies in contrast to China and like-minded regimes. 

In addition, we can expect to see changes in AI policies focused on enhancing the underlying security and safety fundamentals of AI.  AI security concerns are likely to come front and center in 2025.  

On the security front, these will focus on minimizing adversarial AI, including prompt injection attacks, data poisoning, and model manipulation. There also are safety concerns, and we can expect the use cases of specific AI to drive regulatory practices, with higher safety use cases attracting greater regulatory oversight compared to low risk use cases. 

The first two weeks of 2025 have already proven eventful for the global AI regulatory landscape. With AI proving to be a generational technology, not only is technological innovation critical, but so too are the governing frameworks surrounding it.  

interos.ai views secure AI as a growing and critical consideration for supply chain, full of both opportunities and challenges. We work closely with our customers, supporting their AI governance frameworks and serving as strategic partners to guide AI governance decisions. 

To learn more about it and other major trends for 2025, download the interos.ai 2025 Predictions Report. 

It’s That Time of Year Again: US Government Releases New Restrictions List

Posted on by Lexi Sydow

Authors: Andrea Little Limbago, PhD, SVP, Applied AI and Mackenzie Clark, Senior Computational Social Scientist 

Annual Tradition: End of Year Sanctions and Restrictions

Last week’s release of UFLPA and OFAC restrictions follows a recent trend where widespread export controls are released en masse prior to the new year.  

For instance, in December 2023, the Departments of Treasury and State issued sweeping sanctions targeting Russia’s energy production and export capacity. This was followed a few weeks later by an Executive Order (E.O. 14114) that issued another round of sanctions against financial institutions supporting Russia’s military-industrial base. It was also preceded by two different rounds of Russia-related sanctions on December 1 and November 16. 

Similarly, in December 2022, Treasury issued several sanctions targeting Russia’s financial sector, very much in alignment with those issued last Thursday. This continued the trend from December 2021, when Treasury issued distinct sanctions targeting Belarus and entities associated with human rights abuses.  

The UFLPA also made some end of year additions in 2023, although those were much fewer than the 29 companies added last week, which increased the overall entity list to over 100 Chinese companies connected to forced labor.  

We recently covered two of the latest additions and the potential impact it could reap on global steel and aspartame (a sugar substitute) supply chains (spoiler: tens of millions of companies could be impacted).  

If the past week is any indication of what is to come, organizations should expect more restrictions to follow the path of the recent updates focused on Russian financial institutions and human rights abuses.  

 

The following analysis will answer:  

  • How far do the OFAC and UFLPA-sanctioned companies reach globally?  
  • Which industries are most at risk for potential future sanctions?  
  • How do you react to these and prepare for future sanctions?  

The Latest Round of OFAC Restrictions on Banks and Financial Services in Russia: Who is Impacted?

The latest sanctions announcements from the United States Department of the Treasury and Department of Homeland Security target a wide array of companies in Russia and China. The extended impact of these restrictions, however, have the potential to cascade to companies across the globe. 

On November 21, the addition of Gazprombank — and almost 100 other international subsidiaries and affiliates — to OFAC’s Specially Designated Nationals (SDN) List marked the designation of “Russia’s largest remaining non-designated bank.”  

With Russia’s largest financial institutions sanctioned by not only the United States, but other major countries such as Canada and the United Kingdom, it is important to understand where the risk of exposure to these sanctioned banks may still exist. 

Using Interos data, we analyzed the extended supply chains of Gazprombank, VTB Bank, and Sberbank and identified over 7,500 companies across three tiers of supplier relationships that are either directly or indirectly supplied by one of the banks.  

These numbers are relatively low compared to other supply chain propagation, likely due to decreasing integration of Russian banks with the Western economies since the invasion of Ukraine.  

Nevertheless, the scale is by no means trivial and indicates the stickiness of these relationships. 

Of the potentially exposed companies with supplier-buyer relationships linked to the new sanctioned entities, almost 60% of them are located either in the United States or the United Kingdom.  

When leveraging Interos’ Industry Categories designations, we identified the top three sectors represented across the sanctioned companies as Software and IT Services, Banking and Financial Services, and Business Management Services.  

29 Million Companies Could Face Fines from UFLPA Entity List Additions: Agricultural Products, Metals, and Polysilicon in China

Just one day after the new restrictions targeting the Russian banking industry, 29 new companies were added to the Uyghur Forced Labor Prevention Act (UFLPA) Entity List, bringing the total number of companies on the list to over 100.  

This action primarily targeted companies that produce agricultural goods, specifically tomato paste and tomato products, walnuts, red dates and raisins. Other newly restricted companies include exporters of materials and products derived from aluminum, nonferrous metals, and polysilicon. 

Interos conducted an analysis on the extended supply chain of these companies and identified over 29 million companies across three tiers of supplier relationships that are either directly or indirectly supplied by one of the newly restricted UFLPA entities.  

These companies could be subject to UFLPA fines.  

Again, most of the companies that could be impacted — over 34% of them — are located in the United States, followed by the United Kingdom (9%), India (8%), Germany (4%), and Italy (3%) – and thus could be subject to UFLPA fines. 

Leveraging Interos’s Industry Categories reveal the top three sectors among this group of exposed companies include Business Management Services, Software and IT Services, and Consumer Goods.  

These two scenarios, while distinct, highlight the importance of continuously monitoring suppliers of both services and physical goods to avoid potential fines, seizure of imports and reputational damage.  

Which Industries are Most at Risk Looking Ahead?

Given the ongoing implementation of export controls and industrial policy, organizations should plan for future additions to these and dozens of other restrictions lists. Fortunately, there are a few insights to help look ahead and begin de-risking from future regulatory risks. 

For instance, in September, the Department of Commerce’s Bureau of Industry and Security (BIS) introduced worldwide export controls on critical technologies.  

These include: additive manufacturing items, advanced semiconductor manufacturing equipment, quantum computing items, and gate all-around field-effect transistor (GAAFET) technology.  

A presumption of denial affects countries deemed a national security concern, including Armenia, Belarus, Cuba, Iraq, North Korea and Russia.  

Companies in these industries, as well as other critical and emerging technology industries, and from those countries are at immediate regulatory risk.

Similarly, BIS also has a high priority list focused on Russian products believed to fuel Russia’s military-industrial complex.  

Companies associated with these products, as well as those across a wide range of critical technologies, are much more likely to appear on a restrictions list in the future than those in other product or industry categories. 

Monitoring Risk Exposure with Risk Intelligence Data

Geography is another means for assessing future restrictions risk.  

In addition to companies in those countries, the BIS Country Groups D and E, companies located in – or have a supply chain connection to – the XUAR are also at significantly greater risk of future restrictions inclusion.  

Using Interos data, we identified over 231,000 other companies located in XUAR that may pose future compliance risks in global supply chains.  

When analyzing three tiers of supplier relationships for these companies, Interos data shows the following industries at the highest risk for potential disruptions if restrictions on XUAR companies continue to expand.  

These are the industries with the greatest frequency across companies in XUAR:  

  1. Business Management Services  
  2. Software and IT Services 
  3. Consumer Goods 
  4. Architectural, Engineering, and Design Services 
  5. Building and Civil Engineering Construction  

In short, last week’s additions to the OFAC and UFLPA restrictions lists are consistent with regulatory updates from the past few years.  

Moreover, by leveraging industry, product, and geographic risk management information, organizations can be more proactive in preparing for export controls against companies that meet those criteria listed above.  

Product and industry categories not only provide value for proactively addressing restrictions risk, but also have several other benefits, such as benchmarking and product tracing throughout supply chains.  

Keep an eye out for a forthcoming blog that will detail these new features and how they impact the full lifecycle of supply chain intelligence. 

Have questions today?

New Additions to UFLPA Entity List Show Forced Labor in Supply Chains of 79,000 Companies

Posted on by interos.ai

Authors: Andrea Little Limgbago, PhD and Mackenzie Clark 

Steel and Aspartame Companies Join UFLPA Entity List 

Last week, the U.S. Department of Homeland Security announced two new additions to the Uyghur Forced Labor Prevention Act (UFLPA) Entity List. Although the law has been in effect for several years, it marks the first inclusion of a steel or aspartame company on the UFLPA Entity List.  

This reflects the expansion of the UFLPA since its inception, as well as the growing concern and risks associated with forced labor in the supply chain.  

Interos has been closely monitoring the UFLPA since it came into effect, along with dozens of other critical sanctions and prohibitions lists and helps illuminate connections to these companies deep within complex supply chains. 

Cracking Down on Forced Labor in Supply Chains 

The UFLPA aims to eliminate forced labor from supply chains through the prohibition on the importation of goods made in part or entirely from forced labor. The law specifically focuses on the Xinjiang Uyghur Autonomous Region of China, but it also applies to all forced labor in all of China. A review of these companies highlights how important it is to maintain visibility across the entire supply chain ecosystem, as small relationships grow exponentially as you move to the outer tiers of a supply chain.  

Two Companies Identified Puts 79,000 Companies at Risk

The two new additions to the UFLPA Entity List are Baowu Group Xinjiang Bayi Iron and Steel Co. Ltd and Changzhou Guanghui Food Ingredients Co. Ltd.  

According to Interos data, these two companies directly supply over one hundred companies (Tier 1), who in turn supply almost 2,500 companies (Tier 2). Those companies, in turn, supply approximately 79,000 companies, and represent almost 280,000 distinct buyer-supplier relationships (Tier 3). 

Importantly, the UFLPA not only consists of an Entity List, but also prioritizes seven industries for enforcement:  

  1. Apparel 
  2. Cotton and cotton products 
  3. Silica-based products 
  4. Tomatoes and downstream products 
  5. Polyvinyl chloride (PVC) 
  6. Aluminum 
  7. Seafood 

The last three industries were added earlier this summer and represent the first new addition of key sectors since 2022.  

With last week’s inclusion of steel and aspartame companies on the UFLPA Entity List, we should prepare for the potential expansion of those key industries in the near future.  

What Would that Impact Look Like on the Chinese Steel and Aspartame Industries?  

Interos data highlights the widespread impact of the Chinese steel industry. There are over 66,000 companies in China that sell steel or steel products. Globally, over 655,000 unique companies buy from those companies (Tier 1), a number that grows to over 2.6 million companies when looking at the buyers from those companies (Tier 2).  

These numbers pale in comparison to the number of buyer-supplier relationships stemming from those 66,000 companies in China that sell steel or steel products. There are 4.4 million relationships stemming from those companies (Tier 1), which balloons out to over 23 million relationships one hop out (Tier 2), and almost 64 million relationships to the next level of the supply chain (Tier 3). Across these tiers, over a third of the companies are located in the United States, followed by India, the United Kingdom, Germany, and France. 

A similar ripple effect appears when looking at producers of aspartame and aspartame-containing products. There are almost 3,000 companies in China that produce aspartame and aspartame-containing products. The impact balloons to over 200,000 companies that buy from those companies (Tier 1), and over two million companies that buy from those 200,000 companies (Tier 2). 

We again see the number of unique buyer-supplier relationships exponentially increase across the companies that sell aspartame and aspartame-containing products. Globally, there are over 500,000 buyer-supplier relationships linked to those companies in China (Tier 1). Those, in turn, are connected to almost 12 million distinct relationships (Tier 2), which explodes to over 60 million relationships at the next tier (Tier 3).  

Again, over a third of the companies are in the United States, highlighting a potential significant risk if the UFLPA expands to include either of these industries as a key sector for investigation. 

Not Just the US: Global Supply Chain Examination is a New Reality 

The United States is not alone in sanctioning human rights violators within supply chains. The European Union, United Kingdom, and Canada, along with the United States, all initially coordinated sanctions in 2021. As Homeland Security Secretary Alejandro Mayorkas explained, “The UFLPA is catalyzing American businesses to fully examine and assess their supply chains….” The same is true elsewhere, as earlier this year the European Parliament adopted a new law aimed at eliminating all forced labor, not just from China, in the supply chain. 

In return, China is taking steps toward enforcing its own law introduced four years ago that creates an ‘Unreliable Entity List’ for companies evading the Xinjiang Uyghur Autonomous Region and exhibiting discriminatory measures against products made there. This puts companies in a dilemma of conflicting regulatory practices between China and the United States, European Union, and other Western democracies. 

Major Regulatory and Financial Risks at Stake 

Aside from the regulatory and reputational implications, there also are growing financial risks. Almost $3.6 billion worth of goods have been seized under UFLPA enforcement, highlighting the financial as well as reputational and humanitarian risks at stake.  

At Interos, we continue to monitor the regulatory landscape, as well as those industries and companies associated with key sectors or products at risk. Flagging the UFLPA alone is not enough to minimize human rights violations within the supply chain. 

Identification is Not Enough: Compliance Requires a Regional View and Cross-Examination of Human-Rights Violation Lists 

 In addition to the UFLPA, Interos also denotes any company located within the Xinjiang Uyghur Autonomous Region, since the UFLPA specifies the additional scrutiny applied to any goods stemming from that region, whether they are on the Entity List or not.  

Moreover, Interos also specifically flags whether a company is on a human rights-related violations list because other restrictions, such as the Global Magnistky Act, address human rights violations and must be integrated into a broader strategy of eliminating human rights violations from the supply chain and addressing the associated regulatory and reputational risks. 

Take Action:  Root Out Forced Labor from Your Extended Supply Chain 

Interos’ continuous monitoring alerts quickly identify the potential impact of additions to new restricted entities lists across their extended supply chain. This visibility empowers companies to get ahead of potential violations both upstream and downstream in their supply chain. 

To identify if you are at risk of using a restricted entity, speak to an expert today.  

 

EU Deforestation Regulation Approaching: Fines for Non-Compliance are Steep

Posted on by interos.ai

Author: Julia Hazel, PhD, Lead Computational Climate Scientist and Nicolas de Zamaroczy, PhD, Lead Computational Social Scientist

Companies can no longer ignore the urgency to reduce their deforestation impact- especially if they want to continue doing business in the European Union.   

Update on Nov 14, 2024:

As of November 14, 2024 the European voted to postpone the EU Deforestation Regulation (EUDR) compliance deadline by 12 months to December 30, 2025. Companies must certify that their supply chains are free of companies linked to deforestation or risk significant fines. Similar to the EU’s General Data Protection Regulation (GDPR), this law is not limited to EU companies, but rather to any companies doing business within the EU. 

The postponement gives companies a chance to get in front of the upcoming regulations. The extension does not remove the need to act swiftly but rather allows companies runway to get it right in the face of rising global legislation such as Australia’s Mandatory Climate-Related Financial Disclosures.

Unfortunately, despite numerous global treaties and corporate attestation supporting deforestation-free supply chains over the past decade, deforestation rates have not fallen.  

Too often corporate disclosures are aspirational and lack the visibility required to identify potential supply chain linkages to deforested locations and commodities.  

The EUDR is arguably the first major global initiative requiring corporate accountability for any connections to deforestation. With other similar regulations proposed or under review, this new regulatory risk shows no signs of retreating and will require companies to quickly gain that visibility or risk significant financial and reputational damage. 

What is the EU Deforestation Regulation? 

The EUDR has three main goals:  

  1. to prevent deforestation 
  2. to cut greenhouse gas emissions, and  
  3. to prevent further agricultural expansion and biodiversity loss.   

The EUDR regulation stipulates that any operator or trader of seven large key commodities – palm oil, cocoa, cattle, coffee, timber, soy, and rubber – as well as their derived products, must provide evidence that these commodities and products did not originate from recently deforested regions or contribute to forest degradation.   

Additionally, operators and traders must certify that their products comply with all relevant laws of the source country, including labor, anti-discrimination, indigenous rights, and pollution regulations.   

Failure to comply could result in: 

  • fines of up to 4% of a company’s revenue in an EU member state 
  • criminal charges, and  
  • reputational damage 

Beyond Direct Commodities: Far-Reaching Impact Throughout the Supply Chain 

The goal of the EUDR is to limit demand for products grown in recently deforested areas, thereby reducing a primary incentive for forest loss.  Scientists agree that deforestation is a major cause of climate change, with tropical deforestation accounting for roughly 20% of annual Greenhouse Gas (GHG) emissions worldwide.   

One of the primary reasons forests are cleared is for agricultural expansion, and the seven key products targeted by the EUDR were chosen based on scientific evidence linking their production to logging activity and illegal deforestation.   

While stipulations involving sourcing these commodities directly impact the food and agriculture industries, their derived products involve a wide array of industries.  For example, most lumber and natural rubber by-products will be included in the legislation, affecting everything from office furniture to rubber gaskets and from cardboard to air bags.  Textiles, automobiles, finance, fuel and energy represent just a handful of the industries that would be impacted by deforestation regulations.   

Moving Beyond the Say-Do Gap 

The EUDR is a landmark regulation that requires action beyond corporate disclosures and zero-deforestation commitments.  Zero deforestation commitments are a crucial part of corporate governance around deforestation, and 60% of corporations with the largest exposure to deforestation have set at least one policy on deforestation.  However, while zero-deforestation commitments represent a good step towards addressing corporate deforestation risks, their success in mitigating large-scale deforestation has been minimal.   

These commitments often lack immediate or near-term deadlines, clear implementation plans, and traceability to indirect suppliers, to name a few drawbacks.  Global Canopy’s Forest 500’s most recent report, which lists and ranks the policies and performance of 350 companies and financial institutions with greatest exposure to deforestation risk, reveals that two-thirds of companies with commitments are not publishing evidence of their implementation. This underscores the fact that policies and commitments are only useful if they are implemented and achieve results.   

More Than Just a “Box-Ticking Exercise” 

The EUDR underscores the fact that addressing deforestation at the corporate level is complex and requires a data-driven, multi-faceted approach. As PWC reports, “EUDR Compliance is much more than a box-ticking exercise” and “regulatory scrutiny will be intense.”   

One crucial component surrounds supply chain transparency and traceability.  To properly perform due diligence, companies must have insight into their direct and indirect suppliers to track products back to their origin, which allows for the identification of potential risks.  

Products need to be mapped to their source plot of land using precise geospatial information, such as in the form of satellite and remote sensing data, to ensure deforestation did not occur in the recent past where at-risk commodities were sourced.  

The country of origin is also significant as certain countries are higher risk for producing goods sourced from deforested areas.   These diverse pieces of information are necessary and provide actionable insights for corporations to mitigate deforestation risks. 

Beyond the EUDR – US Deforestation Due Diligence on the Horizon 

Corporate supply-chain due diligence will become commonplace as regulations such as the EUDR become the norm.

For instance, similar legislation to the EUDR is being proposed in the US with the Fostering Overseas Rule of Law and Environmentally Sound Trade (FOREST) Act, which would prohibit the import of palm oil, soya, beef, cocoa and rubber products linked to illegal deforestation.  

With the December compliance deadline fast approaching, corporations must act swiftly to invest in solutions that give them insight into their supply chain to mitigate risks and remain compliant.  

Interos is ahead of the game in mapping deforestation risks throughout the entire supply chain.

Xinjiang Forced Labor Sanctions: Homeland Security Move Underscores Five Pillars of Combatting Unethical Labor in Global Supply Chains

Posted on by interos.ai

By Warren Smith & Dianna O’Neill

In a significant move, the U.S. Department of Homeland Security (DHS) announced additional sanctions and measures targeting forced labor practices in China’s Xinjiang region on May 16, 2024. These measures underscore the U.S. government’s commitment to combating human rights abuses and holding bad actors accountable.

They also highlight the growing international pressure on companies to ensure their supply chains are free from forced labor.

The new actions include:

  • Imposing visa restrictions on Chinese officials involved in repression and forced labor practices.
  • Expanding enforcement of the Uyghur Forced Labor Prevention Act (UFLPA) to cover more products and sectors; a total of 65 China-based firms are now banned under the act.
  • Increasing coordination with allies and partners to address forced labor in global supply chains.

The Complexities of Forced Labor in China

Global supply chains are grappling with the significant challenge of the prevalence of forced labor, notably in regions like China’s Xinjiang, a textile manufacturing center. Forced labor in China presents multifaceted challenges, including supply chain complexity, lack of transparency, legal and political obstacles, difficulty tracing raw materials, and the prevalence of subcontracting and informal sectors.

China’s economic landscape is deeply entwined with practices that many international observers and human rights organizations classify as forced labor. The situation in the Xinjiang Uyghur Autonomous Region has garnered particular attention, with reports suggesting that Uyghurs and other ethnic minorities are being coerced into working in various industries, from cotton fields to high-tech manufacturing sectors.

Five Key Strategies for Companies to Mitigate Forced Labor in Global Supply Chains

To address the issue of forced labor in their supply chains, organizations must take proactive measures to mitigate forced labor, and other critical ESG threats. Interos data shows executives estimate that ESG-related cost increases or revenue losses companies at $44M annually.

Here are five actions to prioritize:

  1. Conduct Comprehensive Supply Chain Mapping: Gain visibility into the extended supply chain, from direct suppliers to nth-tier sub-suppliers, to identify vulnerabilities. AI-first risk intelligence from Interos enables advanced analytics and real-time monitoring to scrutinize supply chains for regulatory violations and other ESG concerns.
  2. Implement Robust Due Diligence Processes: Develop and enforce rigorous due diligence procedures to complement technology-based assessments. This includes assessing suppliers’ labor practices through audits carried out by accredited third-party agency, worker interviews, and document reviews.
  3. Leverage Advanced Technology and Data Analytics: Utilize cutting-edge technologies like Interos’ platform, which evolve enterprises from lagging to leading indicators to drive proactive mitigation. Interos’ expanded ESG risk model monitors a range of critical attributes reflecting the multi-faceted nature of ESG threats, including forced labor, emissions, diversity, foreign ownership, and other critical attributes.
  4. Collaborate with Industry Partners and Stakeholders: Engage with industry associations, non-governmental organizations, and government agencies to share best practices, align efforts, and collectively address forced labor challenges.
  5. Promote Transparency and Accountability: Implement transparent reporting mechanisms, establish clear policies and codes of conduct, and hold suppliers accountable for violations through corrective action plans or termination of business relationships.

Case Studies: Accelerating Ethical Supply Chains with Interos

Interos survey data shows more than a third of leaders at large enterprises are stepping up their ESG investments, and over half acknowledged supply availability was paramount. Global organizations using Interos have gained a sharper picture of supply chain risks, enabling proactive strategies, yielding clear results:

  • A leading global airline leverages Interos to ensure the highest standard of ethics and compliance across its apparel supply chain and other sourcing channels.
  • A supermajor oil and gas company leverage Interos to ensure adherence to 30+ EU regulations related to labor, emissions, and other areas.
  • A major retailer utilizes Interos’ foreign ownership data to determine, reduce and remove slave labor from its product lines.

Interos is leading a broader supply chain risk revolution towards transparency and ethical responsibility across industry, enhancing corporate brand, reputation, and profitability.

By taking proactive steps and leveraging the Interos platform, organizations can navigate the complexities of forced labor in China, and elsewhere, to foster ethical, responsible, and adaptable supply chains that meet, and surpass, the demands of today’s interconnected economy. Across sector, technology and data will continue to play a crucial role in shaping responsible and risk-resilient supply chains, with companies like Interos, and its innovative global customers and partners, at the forefront of this transformation.

Read more on navigating supply chain ESG risk and complexity HERE.

 

 

Navigating ESG Transformation: From C-Suite Priorities to Regulatory Realities

Posted on by interos.ai

Photo: Dori, CC BY-SA 3.0 US, via Wikimedia Commons

By Andrea Little Limbago & Julia Hazel

Increasing ESG (Environmental, Social, and Governance) mandates are resetting corporate agendas and exposing fault lines across businesses that lack an aligned response. While Chief Supply Chain Officers (CSCO) have relegated sustainability to the sidelines, a seismic shift has occurred elsewhere in the C-suite, with CFOs, who have catapulted ESG to the top of their priorities.

A recent survey in March 2024 demonstrated that CFOs ranked sustainability as their first priority, a departure from a July 2023 Gartner report, which found that two-thirds of CSCOs deprioritize it. In Interos’ own 2023 annual survey, executives estimated ESG-related cost increases or revenue losses companies at $44M annually. More than a third of respondents reported stepping up their ESG investments, and over half acknowledged that supply availability was paramount. Given the fluid and dynamic regulatory landscape, ESG disruptions can quickly become a near-term risk, leaving many companies ill-prepared for compliance or reputational or financial risk.

ESG is also a hot button issue in the United States, with some states expanding ESG-related regulations even as others introduce anti-ESG regulation. Despite this disconnect, stakeholder demands and regulatory reporting requirements are clearly not going away.

The E.U. Supply Chain Act and Germany’s Supply Chain Due Diligence Act are a case in point. The European Parliament just passed the proposed Corporate Sustainability Due Diligence directive (CSDDD) this week. The law, which heads to a final vote set for next month, requires large companies to disclose environmental damage or forced labor in their supply chains.

The German regulation took effect in January 2023 and includes disclosure of both human rights and environmental impacts across their supply chains. first actions have already been filed against several global corporations for failures to ensure worker safety in Bangladesh.

Overcoming “Aggregate Confusion”

Whether a company is taking the first steps toward ESG resilience or looking to strengthen existing efforts, the ESG regulatory landscape is a moving target. There are no common data standards to drive a clear, consistent, and effective strategy within organizations. This leads to divergent assessments, frustration for those attempting to prepare for the upcoming compliance wave, and simply, “aggregate confusion” with regards to ESG data. Fortunately, ESG data is improving. There are growing opportunities for organizations to assess supply chains with transparent, traceable, and verified data, which in turn enhances a company’s capacity for compliance and minimizing reputational risk.

The Regulatory Landscape: Conflict and Conceptual Stretching

The conflicting and vague nature of many ESG-related regulations or advisories are contributing to the gap between risk and action. For instance, climate-related risks are often bundled together under a single umbrella – or in conflict with one another – making it difficult for companies to discern and create appropriate response strategies. Both the European Union’s CSDDD), as well as California’s climate disclosure bill SB 253, include extensive Scope 3 disclosure requirements.

In contrast, the recent Securities and Exchange Commission (SEC) climate risk disclosures do not include Scope 3 requirements. The SEC climate risk disclosure focuses on the environment, requiring companies to disclose natural hazards risks, such as expenditures resulting from severe weather events, Scope 1 and 2 emissions, as well as climate-related targets and goals.  However, grouping these disclosures under one umbrella creates additional confusion. Distinct corporate strategies are required to address risks related to climate resilience versus actions to mitigate a company’s environmental impact.

On the one hand, actions to ensure climate resilience focus on the impact that climate change has on a company’s global footprint and operations. Interos  previously discussed these kinds of catastrophic risks and how companies can use continuous risk intelligence to pre-empt disruption. On the other hand, a company’s impact on the environment relates to fast-changing environment, social, and governance (ESG) regulations.

Broadly, the difference comes down to compliance and reputational risks compared to physical (even existential) continuity risks, with financial risks common across both. Each of these provides two distinct, but interconnected risks associated with sustainability that require different organizational strategies and preparation. While the data and science behind natural hazard risk has a long and robust history and validation, the same is not true in the ESG space.

The Data Challenge

MIT’s Aggregate Confusion Project highlights the ESG data problem by noting that the correlation among major ESG ratings agencies is only .54. By comparison, financial ratings agencies have credit ratings correlated at .92. The poor correlation between ESG ratings agencies has wide repercussions. The same company could be scored highly by one agency and poorly by another, making it both difficult to prove compliance while also opening the aperture for misuse of the scores.

Interos has assessed many of the most prominent ESG ratings vendors with a focus on transparency, traceability, and external validation. The data is created through one of two opposing methods – surveys or machine-learning web scraping. Those that focus on surveys provide extremely comprehensive data with understandably low coverage, but they also lack validation and often enable self-scoring and attestation. Conversely, machine learning data collection has extensive coverage, but is extremely shallow in data depth and quality. A single news article, for example, may be the basis of an entire score.

Towards a New ESG Model

Interos developed a new ESG model with data that allows for the transparency and traceability lacking in the ESG space. The model was developed in partnership with ESG data and technology leader ESG Book. As a global leader in sustainability data and data transparency, the company operates a corporate disclosure platform to facilitate ESG disclosures and help organizations map these disclosures to leading global frameworks. Interos’ expanded ESG risk model provides raw metrics that cover a range of ESG topics: Scope 1, 2, and 3 emissions, forced labor and human rights policies, supplier oversight and product safety, and more.

In addition to ESG Book, Interos has integrated its own critical restrictions risk and corporate ownership structure data into its enhanced ESG model. This enables the platform to connect specific human-rights related restrictions, such as UFLPA and companies operating within the Xinjiang Uyghur Autonomous Region, as components of social risk models. The company also leveraged Interos proprietary ownership data to create a new government intervention risk based on Interos’ unique combination of ownership control and government ties. Risk managers that need to monitor governance risk must consider the growing global risk of government intervention into the private sector, one of many necessary steps required to surface vital information to get in front of risks and prevent supply shocks.

Charting the ESG Future for Competitive Edge

Forward-leaning organizations are adapting their risk frameworks to integrate ESG, integrating environmental and social sustainability into corporate strategies designed to embed critical supply chain risk intelligence throughout the enterprise. Regulations emerging from Europe will have a global impact beyond their borders. As with the General Data Protection Regulation (GDPR), European laws will directly impact global companies with operations in affected geographies.

Leading organizations are urgently responding to risks associated with the shifting regulatory and reputational ESG landscape. This requires leaning into sustainability risks and opportunities, instead of away from them, especially during strategic trade-off discussions. Organizations can leverage advanced visibility and continuous risk intelligence to transform ESG vulnerabilities into competitive advantage.

A proactive ESG risk posture furthers confidence among critical stakeholders who view ethical and compliant supply chains as foundational to responsible commerce. The path forward begins with mapping and monitoring sub-tier ESG threats. Interos is excited for this next stage in ESG risk assessments and helping businesses embed resilience across their enterprise.

Banking on Security: Unveiling the Secrets of Third-Party Risk Management in Financial Services

Posted on by Dianna ONeill

By Patrick Van Hull

Throughout our webinar, “Banking on Security: Unraveling the Secrets of Proactive Resilience in Third-Party Risk Management,” Chris Ballantyne of TD Bank, Michael Nassar of Deloitte, Jennifer Bisceglie, CEO and founder of Interos, and I delved into the landscape of managing third-party risks and the wide range of opportunities for financial services leaders to realize the value-generation opportunities of TPRM.

The financial services sector faces an ever-shifting panorama of risks, demanding a proactive stance to stay ahead. Traditional approaches are no longer sufficient; organizations must embrace real-time monitoring and continuous risk assessment. Disaster recovery and business continuity planning must evolve to encompass new risks and scenarios.

This transformation entails shifting from defensive to offensive strategies, focusing on mitigation, and adopting digital supply chain programs to develop comprehensive approaches to risk management.

Harnessing Data and Advanced Analytics for Effective Risk Management

Improving data quality and adopting advanced analytics and AI are central to this journey. These transformative tools streamline processes, enhance predictive capabilities, and enable proactive handling of third-party breaches. Organizations can swiftly identify and mitigate risks by leveraging external market intelligence and internal data analytics, bolster operational resilience, and protect against potential costs.

A clear majority of poll respondents in the webinar audience selected combining internal and external data to enhance risk assessment as a critical way to ensure technology and data integration in TPRM programs for maximum effectiveness.

The TPRM approach at TD Bank, according to Chris, also includes that sentiment: “We’ve been looking at how we can leverage data more effectively, both internal data and external data that are available, but also our suppliers and their supply chain, to figure out and triage an event more effectively, respond faster, and address them in a more timely manner to quickly shut down where that risk exists within our supply chain.”

Technology’s Influence on Operational Resilience and Compliance

Technology is both a boon and a challenge in the quest for operational resilience and regulatory compliance. While regulatory changes pose hurdles, they also spark innovation opportunities. Integrating commercial technology facilitates the transition from mere visibility to actionable insights, navigating the complex terrain of compliance while progressing along the industry’s maturity curve.

Nearly half of the webinar poll responses selected continuous compliance monitoring and management to encourage ongoing alignment with evolving regulations and industry standards in TPRM, with Michael’s thoughts expanding further: “to actually focus on that proactive element and respond with more agility and efficiency and effectiveness to the evolving threat landscape to the increase in incidents from third parties that is only going to frankly be impressive as a practice to regulators because it allows you to respond, assess, triage and action those incidents more quickly than you ever could before.”

Cultural and Technological Alignment

Crucially, this transformation necessitates alignment with cultural and technological shifts. Third-party risk management must become ingrained within organizational culture, grounded in data, and demonstrate tangible business value. Initiatives should start small but aspire to grand visions, moving beyond reactive approaches to emphasize proactive intelligence-driven decision-making.

As Jennifer puts it, there’s growing momentum toward “how do I do my day job faster, better, quicker, more efficiently, repeatable, and predictable? So, I don’t have to defend why I made the decision. I’m more focused on what I’m going to do with that decision. And that’s really been the big material change.”

Along the lines of that thought comes the fostering of a culture of shared responsibility for risk management, which was the most selected response to the poll question about how organizations can collaborate to embed TPRM capabilities into their culture effectively.

Setting a Path Forward

As Chris, Michael, and Jennifer see it, this journey toward resilience begins with mastering third-party risk management, which is not merely necessary for the future but is also a strategic imperative for financial institutions. Risk management may not be one-size-fits-all, but several core capabilities are essential in the path forward, including:

  • Building visibility by mapping third-party ecosystems to quantify risk exposure and continuously monitor critical indicators.
  • Leveraging trustworthy data intelligence combining internal and external sources to understand risk materiality.
  • Demonstrating actionability and agility in making decisions without compromising on risk.

To progress through ongoing expectations of uncertainty and rapid change, organizations must confidently navigate the turbulent waters of disruption and emerge stronger by embracing proactive resilience, leveraging technology, and fostering cultural alignment.

Watch a replay of the webinar here.