It’s That Time of Year Again: US Government Releases New Restrictions List

Authors: Andrea Little Limbago, PhD, SVP, Applied AI and Mackenzie Clark, Senior Computational Social Scientist 

Annual Tradition: End of Year Sanctions and Restrictions 

Last week’s release of UFLPA and OFAC restrictions follows a recent trend where widespread export controls are released en masse prior to the new year.  

For instance, in December 2023, the Departments of Treasury and State issued sweeping sanctions targeting Russia’s energy production and export capacity. This was followed a few weeks later by an Executive Order (E.O. 14114) that issued another round of sanctions against financial institutions supporting Russia’s military-industrial base. It was also preceded by two different rounds of Russia-related sanctions on December 1 and November 16. 

Similarly, in December 2022, Treasury issued several sanctions targeting Russia’s financial sector, very much in alignment with those issued last Thursday. This continued the trend from December 2021, when Treasury issued distinct sanctions targeting Belarus and entities associated with human rights abuses.  

The UFLPA also made some end of year additions in 2023, although those were much fewer than the 29 companies added last week, which increased the overall entity list to over 100 Chinese companies connected to forced labor.  

We recently covered two of the latest additions and the potential impact it could reap on global steel and aspartame (a sugar substitute) supply chains (spoiler: tens of millions of companies could be impacted).  

If the past week is any indication of what is to come, organizations should expect more restrictions to follow the path of the recent updates focused on Russian financial institutions and human rights abuses.  

 

The following analysis will answer:  

  • How far do the OFAC and UFLPA-sanctioned companies reach globally?  
  • Which industries are most at risk for potential future sanctions?  
  • How do you react to these and prepare for future sanctions?  

The Latest Round of OFAC Restrictions on Banks and Financial Services in Russia: Who is Impacted? 

The latest sanctions announcements from the United States Department of the Treasury and Department of Homeland Security target a wide array of companies in Russia and China. The extended impact of these restrictions, however, have the potential to cascade to companies across the globe. 

On November 21, the addition of Gazprombank — and almost 100 other international subsidiaries and affiliates — to OFAC’s Specially Designated Nationals (SDN) List marked the designation of “Russia’s largest remaining non-designated bank.”  

With Russia’s largest financial institutions sanctioned by not only the United States, but other major countries such as Canada and the United Kingdom, it is important to understand where the risk of exposure to these sanctioned banks may still exist. 

Using Interos data, we analyzed the extended supply chains of Gazprombank, VTB Bank, and Sberbank and identified over 7,500 companies across three tiers of supplier relationships that are either directly or indirectly supplied by one of the banks.  

These numbers are relatively low compared to other supply chain propagation, likely due to decreasing integration of Russian banks with the Western economies since the invasion of Ukraine.  

Nevertheless, the scale is by no means trivial and indicates the stickiness of these relationships. 

Of the potentially exposed companies with supplier-buyer relationships linked to the new sanctioned entities, almost 60% of them are located either in the United States or the United Kingdom.  

When leveraging Interos’ Industry Categories designations, we identified the top three sectors represented across the sanctioned companies as Software and IT Services, Banking and Financial Services, and Business Management Services.  

29 Million Companies Could Face Fines from UFLPA Entity List Additions: Agricultural Products, Metals, and Polysilicon in China  

Just one day after the new restrictions targeting the Russian banking industry, 29 new companies were added to the Uyghur Forced Labor Prevention Act (UFLPA) Entity List, bringing the total number of companies on the list to over 100.  

This action primarily targeted companies that produce agricultural goods, specifically tomato paste and tomato products, walnuts, red dates and raisins. Other newly restricted companies include exporters of materials and products derived from aluminum, nonferrous metals, and polysilicon. 

Interos conducted an analysis on the extended supply chain of these companies and identified over 29 million companies across three tiers of supplier relationships that are either directly or indirectly supplied by one of the newly restricted UFLPA entities.  

These companies could be subject to UFLPA fines.  

Again, most of the companies that could be impacted — over 34% of them — are located in the United States, followed by the United Kingdom (9%), India (8%), Germany (4%), and Italy (3%) – and thus could be subject to UFLPA fines. 

Leveraging Interos’s Industry Categories reveal the top three sectors among this group of exposed companies include Business Management Services, Software and IT Services, and Consumer Goods.  

These two scenarios, while distinct, highlight the importance of continuously monitoring suppliers of both services and physical goods to avoid potential fines, seizure of imports and reputational damage.  

Which Industries are Most at Risk Looking Ahead? 

Given the ongoing implementation of export controls and industrial policy, organizations should plan for future additions to these and dozens of other restrictions lists. Fortunately, there are a few insights to help look ahead and begin de-risking from future regulatory risks. 

For instance, in September, the Department of Commerce’s Bureau of Industry and Security (BIS) introduced worldwide export controls on critical technologies.  

These include: additive manufacturing items, advanced semiconductor manufacturing equipment, quantum computing items, and gate all-around field-effect transistor (GAAFET) technology.  

A presumption of denial affects countries deemed a national security concern, including Armenia, Belarus, Cuba, Iraq, North Korea and Russia.  

Companies in these industries, as well as other critical and emerging technology industries, and from those countries are at immediate regulatory risk. 

Similarly, BIS also has a high priority list focused on Russian products believed to fuel Russia’s military-industrial complex.  

Companies associated with these products, as well as those across a wide range of critical technologies, are much more likely to appear on a restrictions list in the future than those in other product or industry categories. 

Monitoring Risk Exposure with Risk Intelligence Data 

Geography is another means for assessing future restrictions risk.  

In addition to companies in those countries, the BIS Country Groups D and E, companies located in – or have a supply chain connection to – the XUAR are also at significantly greater risk of future restrictions inclusion.  

Using Interos data, we identified over 231,000 other companies located in XUAR that may pose future compliance risks in global supply chains.  

When analyzing three tiers of supplier relationships for these companies, Interos data shows the following industries at the highest risk for potential disruptions if restrictions on XUAR companies continue to expand.  

These are the industries with the greatest frequency across companies in XUAR:  

  1. Business Management Services  
  2. Software and IT Services 
  3. Consumer Goods 
  4. Architectural, Engineering, and Design Services 
  5. Building and Civil Engineering Construction  

In short, last week’s additions to the OFAC and UFLPA restrictions lists are consistent with regulatory updates from the past few years.  

Moreover, by leveraging industry, product, and geographic risk management information, organizations can be more proactive in preparing for export controls against companies that meet those criteria listed above.  

Product and industry categories not only provide value for proactively addressing restrictions risk, but also have several other benefits, such as benchmarking and product tracing throughout supply chains.  

Keep an eye out for a forthcoming blog that will detail these new features and how they impact the full lifecycle of supply chain intelligence. 

Have questions today?  Speak to an Expert.  

New Additions to UFLPA Entity List Show Forced Labor in Supply Chains of 79,000 Companies

Authors: Andrea Little Limgbago, PhD and Mackenzie Clark 

Steel and Aspartame Companies Join UFLPA Entity List 

Last week, the U.S. Department of Homeland Security announced two new additions to the Uyghur Forced Labor Prevention Act (UFLPA) Entity List. Although the law has been in effect for several years, it marks the first inclusion of a steel or aspartame company on the UFLPA Entity List.  

This reflects the expansion of the UFLPA since its inception, as well as the growing concern and risks associated with forced labor in the supply chain.  

Interos has been closely monitoring the UFLPA since it came into effect, along with dozens of other critical sanctions and prohibitions lists and helps illuminate connections to these companies deep within complex supply chains. 

Cracking Down on Forced Labor in Supply Chains 

The UFLPA aims to eliminate forced labor from supply chains through the prohibition on the importation of goods made in part or entirely from forced labor. The law specifically focuses on the Xinjiang Uyghur Autonomous Region of China, but it also applies to all forced labor in all of China. A review of these companies highlights how important it is to maintain visibility across the entire supply chain ecosystem, as small relationships grow exponentially as you move to the outer tiers of a supply chain.  

Two Companies Identified Puts 79,000 Companies at Risk

The two new additions to the UFLPA Entity List are Baowu Group Xinjiang Bayi Iron and Steel Co. Ltd and Changzhou Guanghui Food Ingredients Co. Ltd.  

According to Interos data, these two companies directly supply over one hundred companies (Tier 1), who in turn supply almost 2,500 companies (Tier 2). Those companies, in turn, supply approximately 79,000 companies, and represent almost 280,000 distinct buyer-supplier relationships (Tier 3). 

Importantly, the UFLPA not only consists of an Entity List, but also prioritizes seven industries for enforcement:  

  1. Apparel 
  2. Cotton and cotton products 
  3. Silica-based products 
  4. Tomatoes and downstream products 
  5. Polyvinyl chloride (PVC) 
  6. Aluminum 
  7. Seafood 

The last three industries were added earlier this summer and represent the first new addition of key sectors since 2022.  

With last week’s inclusion of steel and aspartame companies on the UFLPA Entity List, we should prepare for the potential expansion of those key industries in the near future.  

What Would that Impact Look Like on the Chinese Steel and Aspartame Industries?  

Interos data highlights the widespread impact of the Chinese steel industry. There are over 66,000 companies in China that sell steel or steel products. Globally, over 655,000 unique companies buy from those companies (Tier 1), a number that grows to over 2.6 million companies when looking at the buyers from those companies (Tier 2).  

These numbers pale in comparison to the number of buyer-supplier relationships stemming from those 66,000 companies in China that sell steel or steel products. There are 4.4 million relationships stemming from those companies (Tier 1), which balloons out to over 23 million relationships one hop out (Tier 2), and almost 64 million relationships to the next level of the supply chain (Tier 3). Across these tiers, over a third of the companies are located in the United States, followed by India, the United Kingdom, Germany, and France. 

A similar ripple effect appears when looking at producers of aspartame and aspartame-containing products. There are almost 3,000 companies in China that produce aspartame and aspartame-containing products. The impact balloons to over 200,000 companies that buy from those companies (Tier 1), and over two million companies that buy from those 200,000 companies (Tier 2). 

We again see the number of unique buyer-supplier relationships exponentially increase across the companies that sell aspartame and aspartame-containing products. Globally, there are over 500,000 buyer-supplier relationships linked to those companies in China (Tier 1). Those, in turn, are connected to almost 12 million distinct relationships (Tier 2), which explodes to over 60 million relationships at the next tier (Tier 3).  

Again, over a third of the companies are in the United States, highlighting a potential significant risk if the UFLPA expands to include either of these industries as a key sector for investigation. 

Not Just the US: Global Supply Chain Examination is a New Reality 

The United States is not alone in sanctioning human rights violators within supply chains. The European Union, United Kingdom, and Canada, along with the United States, all initially coordinated sanctions in 2021. As Homeland Security Secretary Alejandro Mayorkas explained, “The UFLPA is catalyzing American businesses to fully examine and assess their supply chains….” The same is true elsewhere, as earlier this year the European Parliament adopted a new law aimed at eliminating all forced labor, not just from China, in the supply chain. 

In return, China is taking steps toward enforcing its own law introduced four years ago that creates an ‘Unreliable Entity List’ for companies evading the Xinjiang Uyghur Autonomous Region and exhibiting discriminatory measures against products made there. This puts companies in a dilemma of conflicting regulatory practices between China and the United States, European Union, and other Western democracies. 

Major Regulatory and Financial Risks at Stake 

Aside from the regulatory and reputational implications, there also are growing financial risks. Almost $3.6 billion worth of goods have been seized under UFLPA enforcement, highlighting the financial as well as reputational and humanitarian risks at stake.  

At Interos, we continue to monitor the regulatory landscape, as well as those industries and companies associated with key sectors or products at risk. Flagging the UFLPA alone is not enough to minimize human rights violations within the supply chain. 

Identification is Not Enough: Compliance Requires a Regional View and Cross-Examination of Human-Rights Violation Lists 

 In addition to the UFLPA, Interos also denotes any company located within the Xinjiang Uyghur Autonomous Region, since the UFLPA specifies the additional scrutiny applied to any goods stemming from that region, whether they are on the Entity List or not.  

Moreover, Interos also specifically flags whether a company is on a human rights-related violations list because other restrictions, such as the Global Magnistky Act, address human rights violations and must be integrated into a broader strategy of eliminating human rights violations from the supply chain and addressing the associated regulatory and reputational risks. 

Take Action:  Root Out Forced Labor from Your Extended Supply Chain 

Interos’ continuous monitoring alerts quickly identify the potential impact of additions to new restricted entities lists across their extended supply chain. This visibility empowers companies to get ahead of potential violations both upstream and downstream in their supply chain. 

To identify if you are at risk of using a restricted entity, speak to an expert today.  

 

EU Deforestation Regulation Approaching: Fines for Non-Compliance are Steep

Author: Julia Hazel, PhD, Lead Computational Climate Scientist and Nicolas de Zamaroczy, PhD, Lead Computational Social Scientist

Companies can no longer ignore the urgency to reduce their deforestation impact- especially if they want to continue doing business in the European Union.   

Update on Nov 14, 2024:

As of November 14, 2024 the European voted to postpone the EU Deforestation Regulation (EUDR) compliance deadline by 12 months to December 30, 2025. Companies must certify that their supply chains are free of companies linked to deforestation or risk significant fines. Similar to the EU’s General Data Protection Regulation (GDPR), this law is not limited to EU companies, but rather to any companies doing business within the EU. 

The postponement gives companies a chance to get in front of the upcoming regulations. The extension does not remove the need to act swiftly but rather allows companies runway to get it right in the face of rising global legislation such as Australia’s Mandatory Climate-Related Financial Disclosures.

Unfortunately, despite numerous global treaties and corporate attestation supporting deforestation-free supply chains over the past decade, deforestation rates have not fallen.  

Too often corporate disclosures are aspirational and lack the visibility required to identify potential supply chain linkages to deforested locations and commodities.  

The EUDR is arguably the first major global initiative requiring corporate accountability for any connections to deforestation. With other similar regulations proposed or under review, this new regulatory risk shows no signs of retreating and will require companies to quickly gain that visibility or risk significant financial and reputational damage. 

What is the EU Deforestation Regulation? 

The EUDR has three main goals:  

  1. to prevent deforestation 
  2. to cut greenhouse gas emissions, and  
  3. to prevent further agricultural expansion and biodiversity loss.   

The EUDR regulation stipulates that any operator or trader of seven large key commodities – palm oil, cocoa, cattle, coffee, timber, soy, and rubber – as well as their derived products, must provide evidence that these commodities and products did not originate from recently deforested regions or contribute to forest degradation.   

Additionally, operators and traders must certify that their products comply with all relevant laws of the source country, including labor, anti-discrimination, indigenous rights, and pollution regulations.   

Failure to comply could result in: 

  • fines of up to 4% of a company’s revenue in an EU member state 
  • criminal charges, and  
  • reputational damage 

Beyond Direct Commodities: Far-Reaching Impact Throughout the Supply Chain 

The goal of the EUDR is to limit demand for products grown in recently deforested areas, thereby reducing a primary incentive for forest loss.  Scientists agree that deforestation is a major cause of climate change, with tropical deforestation accounting for roughly 20% of annual Greenhouse Gas (GHG) emissions worldwide.   

One of the primary reasons forests are cleared is for agricultural expansion, and the seven key products targeted by the EUDR were chosen based on scientific evidence linking their production to logging activity and illegal deforestation.   

While stipulations involving sourcing these commodities directly impact the food and agriculture industries, their derived products involve a wide array of industries.  For example, most lumber and natural rubber by-products will be included in the legislation, affecting everything from office furniture to rubber gaskets and from cardboard to air bags.  Textiles, automobiles, finance, fuel and energy represent just a handful of the industries that would be impacted by deforestation regulations.   

Moving Beyond the Say-Do Gap 

The EUDR is a landmark regulation that requires action beyond corporate disclosures and zero-deforestation commitments.  Zero deforestation commitments are a crucial part of corporate governance around deforestation, and 60% of corporations with the largest exposure to deforestation have set at least one policy on deforestation.  However, while zero-deforestation commitments represent a good step towards addressing corporate deforestation risks, their success in mitigating large-scale deforestation has been minimal.   

These commitments often lack immediate or near-term deadlines, clear implementation plans, and traceability to indirect suppliers, to name a few drawbacks.  Global Canopy’s Forest 500’s most recent report, which lists and ranks the policies and performance of 350 companies and financial institutions with greatest exposure to deforestation risk, reveals that two-thirds of companies with commitments are not publishing evidence of their implementation. This underscores the fact that policies and commitments are only useful if they are implemented and achieve results.   

More Than Just a “Box-Ticking Exercise” 

The EUDR underscores the fact that addressing deforestation at the corporate level is complex and requires a data-driven, multi-faceted approach. As PWC reports, “EUDR Compliance is much more than a box-ticking exercise” and “regulatory scrutiny will be intense.”   

One crucial component surrounds supply chain transparency and traceability.  To properly perform due diligence, companies must have insight into their direct and indirect suppliers to track products back to their origin, which allows for the identification of potential risks.  

Products need to be mapped to their source plot of land using precise geospatial information, such as in the form of satellite and remote sensing data, to ensure deforestation did not occur in the recent past where at-risk commodities were sourced.  

The country of origin is also significant as certain countries are higher risk for producing goods sourced from deforested areas.   These diverse pieces of information are necessary and provide actionable insights for corporations to mitigate deforestation risks. 

Beyond the EUDR – US Deforestation Due Diligence on the Horizon 

Corporate supply-chain due diligence will become commonplace as regulations such as the EUDR become the norm.

For instance, similar legislation to the EUDR is being proposed in the US with the Fostering Overseas Rule of Law and Environmentally Sound Trade (FOREST) Act, which would prohibit the import of palm oil, soya, beef, cocoa and rubber products linked to illegal deforestation.  

With the December compliance deadline fast approaching, corporations must act swiftly to invest in solutions that give them insight into their supply chain to mitigate risks and remain compliant.  

Interos is ahead of the game in mapping deforestation risks throughout the entire supply chain. Speak to an  expert today.  

Xinjiang Forced Labor Sanctions: Homeland Security Move Underscores Five Pillars of Combatting Unethical Labor in Global Supply Chains

By Warren Smith & Dianna O’Neill

In a significant move, the U.S. Department of Homeland Security (DHS) announced additional sanctions and measures targeting forced labor practices in China’s Xinjiang region on May 16, 2024. These measures underscore the U.S. government’s commitment to combating human rights abuses and holding bad actors accountable.

They also highlight the growing international pressure on companies to ensure their supply chains are free from forced labor.

The new actions include:

  • Imposing visa restrictions on Chinese officials involved in repression and forced labor practices.
  • Expanding enforcement of the Uyghur Forced Labor Prevention Act (UFLPA) to cover more products and sectors; a total of 65 China-based firms are now banned under the act.
  • Increasing coordination with allies and partners to address forced labor in global supply chains.

The Complexities of Forced Labor in China

Global supply chains are grappling with the significant challenge of the prevalence of forced labor, notably in regions like China’s Xinjiang, a textile manufacturing center. Forced labor in China presents multifaceted challenges, including supply chain complexity, lack of transparency, legal and political obstacles, difficulty tracing raw materials, and the prevalence of subcontracting and informal sectors.

China’s economic landscape is deeply entwined with practices that many international observers and human rights organizations classify as forced labor. The situation in the Xinjiang Uyghur Autonomous Region has garnered particular attention, with reports suggesting that Uyghurs and other ethnic minorities are being coerced into working in various industries, from cotton fields to high-tech manufacturing sectors.

Five Key Strategies for Companies to Mitigate Forced Labor in Global Supply Chains

To address the issue of forced labor in their supply chains, organizations must take proactive measures to mitigate forced labor, and other critical ESG threats. Interos data shows executives estimate that ESG-related cost increases or revenue losses companies at $44M annually.

Here are five actions to prioritize:

  1. Conduct Comprehensive Supply Chain Mapping: Gain visibility into the extended supply chain, from direct suppliers to nth-tier sub-suppliers, to identify vulnerabilities. AI-first risk intelligence from Interos enables advanced analytics and real-time monitoring to scrutinize supply chains for regulatory violations and other ESG concerns.
  2. Implement Robust Due Diligence Processes: Develop and enforce rigorous due diligence procedures to complement technology-based assessments. This includes assessing suppliers’ labor practices through audits carried out by accredited third-party agency, worker interviews, and document reviews.
  3. Leverage Advanced Technology and Data Analytics: Utilize cutting-edge technologies like Interos’ platform, which evolve enterprises from lagging to leading indicators to drive proactive mitigation. Interos’ expanded ESG risk model monitors a range of critical attributes reflecting the multi-faceted nature of ESG threats, including forced labor, emissions, diversity, foreign ownership, and other critical attributes.
  4. Collaborate with Industry Partners and Stakeholders: Engage with industry associations, non-governmental organizations, and government agencies to share best practices, align efforts, and collectively address forced labor challenges.
  5. Promote Transparency and Accountability: Implement transparent reporting mechanisms, establish clear policies and codes of conduct, and hold suppliers accountable for violations through corrective action plans or termination of business relationships.

Case Studies: Accelerating Ethical Supply Chains with Interos

Interos survey data shows more than a third of leaders at large enterprises are stepping up their ESG investments, and over half acknowledged supply availability was paramount. Global organizations using Interos have gained a sharper picture of supply chain risks, enabling proactive strategies, yielding clear results:

  • A leading global airline leverages Interos to ensure the highest standard of ethics and compliance across its apparel supply chain and other sourcing channels.
  • A supermajor oil and gas company leverage Interos to ensure adherence to 30+ EU regulations related to labor, emissions, and other areas.
  • A major retailer utilizes Interos’ foreign ownership data to determine, reduce and remove slave labor from its product lines.

Interos is leading a broader supply chain risk revolution towards transparency and ethical responsibility across industry, enhancing corporate brand, reputation, and profitability.

By taking proactive steps and leveraging the Interos platform, organizations can navigate the complexities of forced labor in China, and elsewhere, to foster ethical, responsible, and adaptable supply chains that meet, and surpass, the demands of today’s interconnected economy. Across sector, technology and data will continue to play a crucial role in shaping responsible and risk-resilient supply chains, with companies like Interos, and its innovative global customers and partners, at the forefront of this transformation.

Read more on navigating supply chain ESG risk and complexity HERE.

 

 

Navigating ESG Transformation: From C-Suite Priorities to Regulatory Realities

Photo: Dori, CC BY-SA 3.0 US, via Wikimedia Commons

By Andrea Little Limbago & Julia Hazel

Increasing ESG (Environmental, Social, and Governance) mandates are resetting corporate agendas and exposing fault lines across businesses that lack an aligned response. While Chief Supply Chain Officers (CSCO) have relegated sustainability to the sidelines, a seismic shift has occurred elsewhere in the C-suite, with CFOs, who have catapulted ESG to the top of their priorities.

A recent survey in March 2024 demonstrated that CFOs ranked sustainability as their first priority, a departure from a July 2023 Gartner report, which found that two-thirds of CSCOs deprioritize it. In Interos’ own 2023 annual survey, executives estimated ESG-related cost increases or revenue losses companies at $44M annually. More than a third of respondents reported stepping up their ESG investments, and over half acknowledged that supply availability was paramount. Given the fluid and dynamic regulatory landscape, ESG disruptions can quickly become a near-term risk, leaving many companies ill-prepared for compliance or reputational or financial risk.

ESG is also a hot button issue in the United States, with some states expanding ESG-related regulations even as others introduce anti-ESG regulation. Despite this disconnect, stakeholder demands and regulatory reporting requirements are clearly not going away.

The E.U. Supply Chain Act and Germany’s Supply Chain Due Diligence Act are a case in point. The European Parliament just passed the proposed Corporate Sustainability Due Diligence directive (CSDDD) this week. The law, which heads to a final vote set for next month, requires large companies to disclose environmental damage or forced labor in their supply chains.

The German regulation took effect in January 2023 and includes disclosure of both human rights and environmental impacts across their supply chains. first actions have already been filed against several global corporations for failures to ensure worker safety in Bangladesh.

Overcoming “Aggregate Confusion”

Whether a company is taking the first steps toward ESG resilience or looking to strengthen existing efforts, the ESG regulatory landscape is a moving target. There are no common data standards to drive a clear, consistent, and effective strategy within organizations. This leads to divergent assessments, frustration for those attempting to prepare for the upcoming compliance wave, and simply, “aggregate confusion” with regards to ESG data. Fortunately, ESG data is improving. There are growing opportunities for organizations to assess supply chains with transparent, traceable, and verified data, which in turn enhances a company’s capacity for compliance and minimizing reputational risk.

The Regulatory Landscape: Conflict and Conceptual Stretching

The conflicting and vague nature of many ESG-related regulations or advisories are contributing to the gap between risk and action. For instance, climate-related risks are often bundled together under a single umbrella – or in conflict with one another – making it difficult for companies to discern and create appropriate response strategies. Both the European Union’s CSDDD), as well as California’s climate disclosure bill SB 253, include extensive Scope 3 disclosure requirements.

In contrast, the recent Securities and Exchange Commission (SEC) climate risk disclosures do not include Scope 3 requirements. The SEC climate risk disclosure focuses on the environment, requiring companies to disclose natural hazards risks, such as expenditures resulting from severe weather events, Scope 1 and 2 emissions, as well as climate-related targets and goals.  However, grouping these disclosures under one umbrella creates additional confusion. Distinct corporate strategies are required to address risks related to climate resilience versus actions to mitigate a company’s environmental impact.

On the one hand, actions to ensure climate resilience focus on the impact that climate change has on a company’s global footprint and operations. Interos  previously discussed these kinds of catastrophic risks and how companies can use continuous risk intelligence to pre-empt disruption. On the other hand, a company’s impact on the environment relates to fast-changing environment, social, and governance (ESG) regulations.

Broadly, the difference comes down to compliance and reputational risks compared to physical (even existential) continuity risks, with financial risks common across both. Each of these provides two distinct, but interconnected risks associated with sustainability that require different organizational strategies and preparation. While the data and science behind natural hazard risk has a long and robust history and validation, the same is not true in the ESG space.

The Data Challenge

MIT’s Aggregate Confusion Project highlights the ESG data problem by noting that the correlation among major ESG ratings agencies is only .54. By comparison, financial ratings agencies have credit ratings correlated at .92. The poor correlation between ESG ratings agencies has wide repercussions. The same company could be scored highly by one agency and poorly by another, making it both difficult to prove compliance while also opening the aperture for misuse of the scores.

Interos has assessed many of the most prominent ESG ratings vendors with a focus on transparency, traceability, and external validation. The data is created through one of two opposing methods – surveys or machine-learning web scraping. Those that focus on surveys provide extremely comprehensive data with understandably low coverage, but they also lack validation and often enable self-scoring and attestation. Conversely, machine learning data collection has extensive coverage, but is extremely shallow in data depth and quality. A single news article, for example, may be the basis of an entire score.

Towards a New ESG Model

Interos developed a new ESG model with data that allows for the transparency and traceability lacking in the ESG space. The model was developed in partnership with ESG data and technology leader ESG Book. As a global leader in sustainability data and data transparency, the company operates a corporate disclosure platform to facilitate ESG disclosures and help organizations map these disclosures to leading global frameworks. Interos’ expanded ESG risk model provides raw metrics that cover a range of ESG topics: Scope 1, 2, and 3 emissions, forced labor and human rights policies, supplier oversight and product safety, and more.

In addition to ESG Book, Interos has integrated its own critical restrictions risk and corporate ownership structure data into its enhanced ESG model. This enables the platform to connect specific human-rights related restrictions, such as UFLPA and companies operating within the Xinjiang Uyghur Autonomous Region, as components of social risk models. The company also leveraged Interos proprietary ownership data to create a new government intervention risk based on Interos’ unique combination of ownership control and government ties. Risk managers that need to monitor governance risk must consider the growing global risk of government intervention into the private sector, one of many necessary steps required to surface vital information to get in front of risks and prevent supply shocks.

Charting the ESG Future for Competitive Edge

Forward-leaning organizations are adapting their risk frameworks to integrate ESG, integrating environmental and social sustainability into corporate strategies designed to embed critical supply chain risk intelligence throughout the enterprise. Regulations emerging from Europe will have a global impact beyond their borders. As with the General Data Protection Regulation (GDPR), European laws will directly impact global companies with operations in affected geographies.

Leading organizations are urgently responding to risks associated with the shifting regulatory and reputational ESG landscape. This requires leaning into sustainability risks and opportunities, instead of away from them, especially during strategic trade-off discussions. Organizations can leverage advanced visibility and continuous risk intelligence to transform ESG vulnerabilities into competitive advantage.

A proactive ESG risk posture furthers confidence among critical stakeholders who view ethical and compliant supply chains as foundational to responsible commerce. The path forward begins with mapping and monitoring sub-tier ESG threats. Interos is excited for this next stage in ESG risk assessments and helping businesses embed resilience across their enterprise.

Banking on Security: Unveiling the Secrets of Third-Party Risk Management in Financial Services

By Patrick Van Hull

Throughout our webinar, “Banking on Security: Unraveling the Secrets of Proactive Resilience in Third-Party Risk Management,” Chris Ballantyne of TD Bank, Michael Nassar of Deloitte, Jennifer Bisceglie, CEO and founder of Interos, and I delved into the landscape of managing third-party risks and the wide range of opportunities for financial services leaders to realize the value-generation opportunities of TPRM.

The financial services sector faces an ever-shifting panorama of risks, demanding a proactive stance to stay ahead. Traditional approaches are no longer sufficient; organizations must embrace real-time monitoring and continuous risk assessment. Disaster recovery and business continuity planning must evolve to encompass new risks and scenarios.

This transformation entails shifting from defensive to offensive strategies, focusing on mitigation, and adopting digital supply chain programs to develop comprehensive approaches to risk management.

Harnessing Data and Advanced Analytics for Effective Risk Management

Improving data quality and adopting advanced analytics and AI are central to this journey. These transformative tools streamline processes, enhance predictive capabilities, and enable proactive handling of third-party breaches. Organizations can swiftly identify and mitigate risks by leveraging external market intelligence and internal data analytics, bolster operational resilience, and protect against potential costs.

A clear majority of poll respondents in the webinar audience selected combining internal and external data to enhance risk assessment as a critical way to ensure technology and data integration in TPRM programs for maximum effectiveness.

The TPRM approach at TD Bank, according to Chris, also includes that sentiment: “We’ve been looking at how we can leverage data more effectively, both internal data and external data that are available, but also our suppliers and their supply chain, to figure out and triage an event more effectively, respond faster, and address them in a more timely manner to quickly shut down where that risk exists within our supply chain.”

Technology’s Influence on Operational Resilience and Compliance

Technology is both a boon and a challenge in the quest for operational resilience and regulatory compliance. While regulatory changes pose hurdles, they also spark innovation opportunities. Integrating commercial technology facilitates the transition from mere visibility to actionable insights, navigating the complex terrain of compliance while progressing along the industry’s maturity curve.

Nearly half of the webinar poll responses selected continuous compliance monitoring and management to encourage ongoing alignment with evolving regulations and industry standards in TPRM, with Michael’s thoughts expanding further: “to actually focus on that proactive element and respond with more agility and efficiency and effectiveness to the evolving threat landscape to the increase in incidents from third parties that is only going to frankly be impressive as a practice to regulators because it allows you to respond, assess, triage and action those incidents more quickly than you ever could before.”

Cultural and Technological Alignment

Crucially, this transformation necessitates alignment with cultural and technological shifts. Third-party risk management must become ingrained within organizational culture, grounded in data, and demonstrate tangible business value. Initiatives should start small but aspire to grand visions, moving beyond reactive approaches to emphasize proactive intelligence-driven decision-making.

As Jennifer puts it, there’s growing momentum toward “how do I do my day job faster, better, quicker, more efficiently, repeatable, and predictable? So, I don’t have to defend why I made the decision. I’m more focused on what I’m going to do with that decision. And that’s really been the big material change.”

Along the lines of that thought comes the fostering of a culture of shared responsibility for risk management, which was the most selected response to the poll question about how organizations can collaborate to embed TPRM capabilities into their culture effectively.

Setting a Path Forward

As Chris, Michael, and Jennifer see it, this journey toward resilience begins with mastering third-party risk management, which is not merely necessary for the future but is also a strategic imperative for financial institutions. Risk management may not be one-size-fits-all, but several core capabilities are essential in the path forward, including:

  • Building visibility by mapping third-party ecosystems to quantify risk exposure and continuously monitor critical indicators.
  • Leveraging trustworthy data intelligence combining internal and external sources to understand risk materiality.
  • Demonstrating actionability and agility in making decisions without compromising on risk.

To progress through ongoing expectations of uncertainty and rapid change, organizations must confidently navigate the turbulent waters of disruption and emerge stronger by embracing proactive resilience, leveraging technology, and fostering cultural alignment.

Watch a replay of the webinar here.

Spyware and Sanctions Create Emerging Supply Chain Risks

On the surface, the recent spyware campaign by the Vietnamese government against U.S. politicians may not seem relevant to supply chain risk. That would be a faulty assumption. More than 70 governments have deployed spyware over the last decade. While government officials and journalists are often the targets, the private sector is not immune. Businesses located in countries with governments deploying spyware and pursuing digital authoritarianism – widespread data and internet control – face a heightened risk of data exfiltration.

But spyware doesn’t just create cybersecurity risks, it also creates regulatory risk. Earlier this year, the Biden Administration introduced new restrictions on spyware companies due to the security risks they pose. Along with the UFLPA, these additions reflect a growing focus on human rights violators. These changes acknowledge “the increasingly key role that surveillance technology plays in enabling campaigns of repression and other human rights violations.”

In the new normal defined by geopolitical fault lines and a splintering of cyber norms, both the deployment and production of spyware should be a growing consideration for supplier due diligence and risk assessments.

The Proliferation of Spyware

Spyware is a form of malicious software installed on devices to collect information without the owner’s consent. Previously, governments had a near monopoly on these capabilities. However, thanks to the privatization of spyware, offensive cyber capabilities continue to proliferate among state and non-state actors. NSO Group, Cellebrite, and Candiru are just a few of the companies selling spyware. A recent Interos analysis assessed the number of spyware companies linked to national governments. The number reached into the double digits in some cases.

Global map showing how many spyware companies have been linked to a national government, by region. Hot spots include Mexico, Columbia, Morocco, Nigeria, Saudi Arabia, and Thailand.

These numbers only reflect the open source disclosure of spyware. In reality dozens of governments now possess some level of offensive cyber capabilities, the majority of which remain classified. China leverages spyware for widespread espionage campaigns, while reporting has linked numerous governments to Pegasus spyware. This year’s ODNI (Office of the Director of National Intelligence) Annual Threat Assessment notes “commercial spyware and surveillance technology, probably will continue to threaten U.S. interests.” ODNI estimates the commercial spyware industry to be worth $12 billion. Vietnam’s targeted deployment of spyware reflects this growing risk.

Spyware and Restrictions

The proliferation of commercial spyware and surveillance technologies is not only a security risk. It is also reshaping the regulatory environment. Section 889 of the 2019 NDAA was among the most expansive prohibitions against the use of surveillance technologies by federal agencies and their partners. Focused on Huawei, Dahua, ZTE, Hytera, and Hikvision, and their subsidiaries, Section 889 reflects the growing risks of surveillance technologies due to both data exfiltration risks as well as regulatory risks.

While Section 889 focuses on dual use surveillance technologies, this year’s Executive Order explicitly addresses commercial spyware focused on surveillance and data exfiltration. It has already resulted in several more companies being flagged as surveillance risks. This includes the addition of Intellexa and Cytrox to the Entity List. Initially, restrictions such as Section 889 largely focused on companies partnering with the United States governments. However this has been extended to a broader commercial restriction following the inclusion on the Entity list. This is not only a U.S. concern; the E.U. has called for a ‘de facto’ moratorium on spyware in May, while Australia has similarly debated controls on commercial spyware.

Looking Ahead: The Splinternet & Supply Chain Risks

Just as globalization and supply chains continue to be upended along geopolitical fault lines, so too does the internet. Reflecting opposing norms toward digital government intervention and data privacy, today’s siloed and fractured “Splinternet” introduces new digital risks across a company’s supply chain. Digital authoritarianism, wherein governments seek digital sovereignty and control over the Internet and the data passing through it, is on the rise and is powering the proliferation of spyware. While democracies are not immune from the use of spyware for national security, authoritarians are much less constrained on their use of offensive cyber capabilities across a growing population of targets.

The ODNI Annual Threat Assessment summarizes the national and commercial risks posed by digital authoritarianism and offensive cyber capabilities. Revelations of Vietnam’s use of spyware is not surprising to those following the expansion of digital authoritarianism. Over the last few years, Vietnam has adopted increasingly stringent data restrictions, including mandating local data storage and government control over data. These laws have prompted comparisons to Chinese digital authoritarianism and the data trap which eliminates corporations control over their own data.

Vietnam also is a top contender for companies seeking to diversify supply chains away from China. While it may provide favorable labor and economic environments, Vietnam’s cyber risks are often overlooked. While governments are more-frequently targeted than corporations by spyware, history has proven that it’s only a matter of time before business are equally under fire by adversaries with espionage or profit motivations.

Diversification with Cybersecurity and Regulatory Risk in Mind

As companies explore reshoring and supply chain diversification, the cybersecurity risk environment must be part of the calculation. A growing component of this analysis is the offensive deployment of spyware for data exfiltration. Similarly, surveillance technologies within a supply chain are also at heightened risk of regulatory fines and penalties. These heightened risks reflect ongoing geopolitical and technological transformations and introduce a range of opportunities and risks.

Those who prioritize and design operational resilience in sync with these transformations will gain a competitive advantage and be better prepared for the new normal compared to those who remain focused on the risks of yesteryear.

To learn more about how to identify and combat risks related to spyware in your supply chain, contact Interos. 

Child Labor is a Growing Risk Across American Supply Chains

By Geraint John and Taiwo Ogunbayo

Child labor is an issue most often associated with countries in the developing world – but it’s also a growing risk for companies with supply chains in the United States.

Investigations by U.S. government agencies, research firms, non-governmental organizations and media outlets reveal a spike in the number of children working illegally for U.S.-based suppliers, some of them used by major American companies. Since the beginning of 2022, Interos has identified 139 companies implicated in breaches of child labor regulations in the U.S. alone.

In June, an ESG advisory firm owned by Goldman Sachs downgraded U.S. supply chains from “medium” risk to “high” risk, in part because of the treatment of migrant and other children.

Aside from financial penalties for non-compliance with child labor laws, U.S. firms run the risk of damaging their brand reputations by being associated with illegal practices taking place within their domestic supply chains.

A Global Problem Mirrored in the U.S.

Child labor is a growing problem globally. Around 160 million children aged 17 or under – almost 1 in 10 of the world’s population – were working in factories, on the land or in other jobs in 2020, according to Unicef.

This figure was up by over 8 million on 2016 estimates, with agriculture accounting for more than 70% of children in work.

However, this growth is not limited to traditional hotspots in Sub-Saharan Africa, Pakistan, India and other developing countries. In February, the U.S. Department of Labor announced a crackdown after the number of child labor law violations jumped by 69% since 2018 and 283% since 2015 (see chart).

The U.S. Fair Labor Standards Act (FLSA) of 1938 sets a minimum working age of 14 and limits the number of hours that can be worked by minors under 16. The act also bars those under 18 from working in hazardous occupations.

The labor department’s most recent data shows that:

  • The U.S. government has successfully prosecuted 835 cases involving the illegal employment of more than 3,800 children in U.S. fiscal year 2022.
  • The annual number of cases involving children working in hazardous jobs almost doubled, to 688, between 2015 and 2022.
  • Fines for child labor law violations totaled almost $4.4 million in FY 2022 – up 315% on 2015.

 

Cases Reflect Migration and Labor Market Conditions

Since 2022, Interos has documented 139 companies implicated in breaches of child labor regulations in the U.S. Our analysis found that:

  • These entities are connected to more than 600 U.S.-based customers, heightening the risk of child labor violations for those companies.
  • The sectors with the highest incidence of violations include food services and restaurants, transportation equipment manufacturing, and administrative support services.

Media reports over the past year have highlighted a number of cases in these and other industry supply chains of major U.S. and foreign companies. For example:

  • An investigation by Reuters last year discovered underage children being used in auto parts factories supplying South Korean car makers Hyundai and Kia in Alabama.
  • Earlier this year, a Wisconsin-based cleaning supplier used by JBS Foods, Cargill, Tyson Foods and other meat processing firms was fined $1.5 million for illegally employing more than 100 minors at sites across eight U.S. states in the south and Midwest.
  • The Department of Labor investigated a Michigan-based snack-food and cereal manufacturer supplying household-name brands after being called out in a New York Times article.

Migrant children are particularly at risk. There has been a big rise in the number of Central American children sent unaccompanied by their parents to work in the U.S. More than 250,000 are reported to have entered the country in the past two years alone.

Another contributing factor is the state of the U.S. labor market. With firms in many industries hit by rising wage costs and a shortage of workers, pressure on state legislators to relax some FLSA regulations has intensified.

To date, 14 states – including Arkansas and Iowa – have proposed or enacted laws that weaken federal restrictions on child labor, according to the Economic Policy Institute.

With an increasing number of states relaxing their child labor regulations, the U.S. is likely to see a continued rise in the number of reported and investigated cases over the next few years.

Child Labor Requires Focus and Visibility

Perhaps because it is regarded as a “developing world problem”, child labor has not been as high on the ESG agenda for many Western firms as either environmental issues or other working conditions such as forced labor.

A recent Interos survey of 750 procurement leaders in the U.S., Canada, the U.K. and Ireland found that child labor ranked the lowest of nine ESG activities, in terms of the progress made with suppliers to tackle it during the past three years (see chart).

Almost one-quarter of the 400 U.S. respondents in aerospace & defense, financial services, energy, healthcare and federal government reported either no progress or regression on child labor. Only 10% believed this type of supply chain risk was “not applicable” to their organizations.

Chart showing survey results ranking progress made by procurement executives in resolving ESG issues - child labor is last.
One of the main barriers to making progress with suppliers on child labor, as on other ESG issues, according to our survey findings, is a lack of sub-tier visibility.

A common source of supplier risk in several recent U.S. cases is recruitment agencies, which are often present two or three tiers deep in the supply chain. Several have been blamed for supplying children to customer workplaces without properly verifying their ages or legal status.

Not knowing who your tier-1 or tier-2 suppliers use for staffing, other services such as cleaning and catering, as well as product manufacturing, in turn results in a lack of awareness about both child labor risks and specific instances of illegal activity.

Just 16% of U.S. procurement leaders were confident they would be aware of a supplier ESG violation in most or all of their supply chain tiers within 48 hours (see chart).

Pie chart showing visibility levels procurement leaders have on ESG supply chain violations. Most would not be aware of ESG violations within 48 hours in most tiers of their supply chains.

 

What American Leaders Need to Do

To manage domestic regulatory and reputational risk around child labor effectively, U.S. procurement and supply chain leaders need to:

  • Strengthen sourcing policies and supplier codes of conduct to make it clear that the illegal use of child labor in U.S. operations is unacceptable.
  • Ensure that contractual terms specify the right to on-site audits of direct and, in certain circumstances, indirect suppliers to check they abide by federal and state child labor laws.
  • Invest in software tools to map multi-tier supplier relationships, model supplier ESG risks, and continuously monitor events involving the potential use of child labor.
  • Keep a close watch on suppliers in sectors implicated in employing illegal child labor, such as cleaning services, contingent staffing, and low-valued-added product manufacturing.
  • Assess child labor risks and mitigation plans in regular review meetings with key suppliers.

The growing catalog of evidence and convictions demonstrates that child labor is not an issue that U.S. companies should be concerned about only in their foreign supply chains; it is one that also requires action in multiple industry sectors within America itself.

As with other forms of ESG risk, complacency is not a safe route to compliance.

Latest Salvo in the Chip Wars: Chinese Export Controls on Gallium and Germanium May Undermine Western Industries

By Trevor Howe, Senior Operational Resilience Consultant

 

China’s imposition of export controls earlier this month on two strategic raw materials could have significant implications for Western manufacturers of electric cars, smartphones and a host of other advanced technology products.

 

The restrictions require Chinese firms to attain special permits from the government to ship gallium  and germanium out of the country. Gallium compounds are commonly used in the manufacture of semiconductors, defense systems, medical devices and solar cells, while germanium is most often used in fiber optics.

 

Both the United States and the European Union (E.U.) are heavily reliant upon China as a source of these two critical commodities (see table below). So the Chinese government’s move could undermine global supply chains and increase the potential for disruption.

 

In the short term, these new export controls may add upward pressure to commodity prices in anticipation of constricted supplies to global markets. In the medium to long term, they could further accelerate moves in multiple countries to diversify the raw material supply chain away from China.

 

U.S. and E.U. Dependence on China for Gallium (Ga) and Germanium (Ge)

 

Net Reliance on Imports for Ga Import Reliance on China for Ga Net Reliance on Imports for Ge Import Reliance on China for Ge
U.S. 100% 53% >50% 54%
E.U. 98% 71% 42% 45%

 

Sources: The United States Geological Survey Mineral Commodities Survey (2023); The European Commission Study on the critical raw materials for the EU (2023)

 

An Escalating Technology Trade War

 

China’s action comes as it has been openly sparring with the U.S. in an escalating technology trade war. The export controls on gallium and germanium are widely seen as retaliation for the U.S. government’s restrictions on sales of advanced semiconductors and chip-making equipment to Chinese companies.

 

As well as its own export controls, the U.S. has been putting pressure on partners such as Japan, South Korea and the Netherlands to limit their sales. The Netherlands, for example, recently implemented controls on the export of advanced semiconductor manufacturing equipment to China from ASML. ASML is currently the only company in the world to produce extreme ultraviolet lithography machines used to produce leading-edge chips.

 

Given the reliance of American and European firms on Chinese supplies of gallium and germanium, experts are worried about the effect China’ new controls could have on aerospace & defense, energy, telecommunications and other industries affected. Moreover, there is the potential future threat to rare earth elements (REEs), the supply of which China also dominates. REEs are crucial for clean energy technologies, electric vehicles, consumer electronics, and national defense.

 

Gallium-Related Products Facing Export Controls

 

Gallium occurs in very small concentrations in ores of other metals. Most gallium is produced as a byproduct of processing bauxite, and the remainder is produced from zinc-processing residues. The metal is not currently recyclable and there is no substitute for its use in some products where increased semiconductor performance and efficiency are required.

 

Aside from gallium metal itself, China’s new controls will apply to several gallium-related products:

 

Material Usage Examples

 

Gallium arsenide (GaAs) Uses include as a doping material to manufacture compound semiconductor wafers used in integrated circuits (ICs) and optoelectronic devices, which include laser diodes, light-emitting diodes (LEDs), photodetectors, solar cells, and solid-state devices such as transistors. While several substitutes for GaAs do exist, no effective substitutes exist for GaAs in many defense-related applications where GaAs-based chips are used because of their unique properties.

 

Gallium nitride

(GaN)

Uses have been growing in importance because of its ability to offer significantly improved performance across a wide range of applications while reducing the energy and the physical space needed to deliver that performance when compared with conventional silicon technologies. For example, GaN is used in advanced radars such as the AN/TPQ-53 which has been provided to the US military.

 

Gallium phosphide (GaP) Uses include as a semiconductor and optical material for the manufacture of low and standard brightness red, orange, and green light-emitting diodes.

 

Gallium antimonide

(GaSb)

Uses include as a compound semiconductor for infra-red (IR) photodetectors used in sensing and imaging applications. The application of GaSb detectors is extensive, encompassing military, industrial, medical, and environmental uses.

 

Gallium oxide

(Ga2O3)

Uses take advantage of conduction and luminescence properties; this includes in semiconductors, gas sensing, catalysis, and nanostructures as blue and UV light emitters. Ga2O3 is also ued in spectroscopic analysis.

 

Gallium selenide

(GaSe)

Uses include as a nonlinear optical material for frequency conversion of laser light and as a photoconductor.

 

Indium gallium arsenide (InGaAs) Uses include within photodetectors and short-wave infrared imaging (SWIR) devices, solar cells, high-speed electronics, and medical imaging.

 

____________________________________________________________________________________________________

Germanium-Related Products Facing Export Controls

 

The major use of germanium worldwide is for fiber-optic systems, whereby germanium is added to the pure silica glass core of fiber-optic cables to increase their refractive index, minimizing signal loss over long distances.

 

The available resources of germanium are associated with certain zinc and lead-zinc-copper sulfide ores. On a global scale, as little as 3% of the germanium contained in zinc concentrates is recovered. Significant amounts of germanium are contained in ash and flue dust generated in the combustion of certain coals for power generation.

 

Germanium is more available than gallium, with around 30% of global supply produced from recycled materials. However, there is a notable lack of information surrounding the mineral. According to the 2023 Mineral Commodity Summaries published by the U.S. Geological Survey, no data was available pertaining to world refinery production and reserves of germanium.

 

In addition to germanium metal, ingots, and substrates, China’s new controls will also apply to several germanium products:

 

Material Usage Examples

 

Germanium dioxide (GeO2) Uses include in phosphors, transistors, diodes, infrared-transmitting glass, and electroplating.

 

Germanium tetrachloride (GeCl4) A colorless liquid, its uses include as an intermediate in the production of purified germanium dioxide and germanium metal. GeCl4 is transparent to infrared light and therefore useful in optical materials. It is also widely used as a semiconductor and as an alloying agent.

 

Zinc germanium phosphide (ZnGeP2) Uses include in high power, high frequency applications and in laser diodes, especially as a component for the laser source of infrared countermeasure systems in military aircraft which protect aircraft from heat-seeking missiles.

 

 

 

Substitutes for germanium do exist (e.g., silicon in certain electronic applications and antimony/titanium are substitutes for use as polymerization catalysts), providing a degree of resilience to undercut supplies to global markets.

 

Government and Company Actions to Manage Strategic Risks

 

Given the geopolitical context for China’s controls on gallium and germanium exports, and the concentration of global supply, there will inevitably have to be problem solving at the government level to address any shortages. Countries can bolster their resilience by maintaining strategic stockpiles, identifying alternate suppliers, investing in domestic extraction or production, or promoting the expansion of the industry via incentives for the private sector.

 

South Korea serves as a prime example; officials there reported that the short-term effects on operations in their country would be limited due in part to stockpiling and alternative supplies. The Korea Mine Rehabilitation and Mineral Resources Corporation has approximately 40 days’ stockpile of gallium that domestic manufacturers could use.

 

Meanwhile, the E.U. is engaging with countries in South America to secure further access the region’s abundant raw materials. If the E.U. can successfully expand its partnership with the Southern Common market (MERCOSUR), it would help achieve its strategic goal of securing a diversified, affordable, and sustainable supply of critical raw materials.

 

At the same time, the E.U. intends to bolster domestic production through recently proposed legislation such as the Critical Raw Materials Act.

 

While governments must step in to secure their countries’ respective supply chains, companies can ill afford to sit idly by and not take proactive steps to secure their direct supply chain. Although relatively few companies would be in a position to invest in REE or critical commodity extraction or production, they can still benefit from identifying where these materials are sourced from within their ecosystem.

This type of visibility deep into the supply chain can help uncover concentrated reliance on a supplier or region, and the information leveraged to pursue de-risking methods such as supply base diversification to bolster resilience against certain risks.

 

With its artificial intelligence-based software, Interos is well positioned to support supply chain risk management programs for companies around the world trying to address this issue, as well as future disruptions that may arise.

Forced Labor Regulations Materially Impact U.S. and European Supply Chains

By Geraint John

Forced labor is becoming an ever more impactful source of supply chain risk as new regulations on both sides of the Atlantic begin to bite.

In the United States, the Uyghur Forced Labor Prevention Act (UFLPA) has seen more than 4,600 imported shipments worth over $1.6 billion intercepted by U.S. customs officials in its first full year of operation. This week, U.S. customs added new Chinese companies to the list of those restricted from selling their products in America.

The law seeks to stop products associated with forced labor in China’s Xinjiang region from entering the U.S. Recently, a growing list of companies have been accused of flouting the legislation. They include the parent company of printer manufacturer Lexmark International, power tool maker Milwaukee Tool and Nike Canada.

In Europe, automotive firms BMW, Volkswagen and Mercedes-Benz have also been accused of using forced labor in their Chinese supply chains. If true, they would be in contravention of Germany’s new Supply Chain Due Diligence Act (SCDDA). The SCDDA came into force in January.

This specific complaint, brought by a Berlin-based non-profit, has yet to be proven. However, it is a stark warning to larger companies that they need to up their game when it comes to managing forced labor risk in their extended supply chains.

Regulations Address a Growing Global Problem

Forced labor is defined by the International Labour Organization (ILO) as “all work or service which is exacted from any person under the menace of any penalty and for which the said person has not offered himself voluntarily.”

According to a recent report, as many as 50 million workers worldwide may be enduring forced labor or “modern slavery” conditions. The report estimates this number has grown by 25% over the past five years. The report argues that this increase is due to global trade conducted by G20 developed nations.

A new Interos survey of 750 procurement leaders in North America and Europe underlines the significance of new supply chain regulations that seek to tackle this issue. It found that:

  • 80% of those in the U.S. and 71% in Canada see the UFLPA as having a significant or moderate impact on their organizations. Energy and A&D sectors were the most affected.
  • 61% overall think the SCDDA will have a significant or moderate impact. This rises to 77% in the energy and financial services sectors.

The UFLPA has a direct operational impact. Violations lead to the physical detention of shipments at entry ports, as well as cost and reputational implications. The SCDDA, meanwhile, gives the German government powers to levy fines of up to 2% of a company’s annual turnover. They may also be banned from competing for public contracts for up to three years.

Revealed: The Highest Risk UFLPA Goods

Of the 4,651 shipments detained by U.S. Customs and Border Protection (CBP) under the UFLPA to the end of June, 872 (19%) were denied entry, 1,849 (40%) were released and almost 2,000 were awaiting a decision.

But Interos’ analysis of CBP’s data reveals that shipments of specific products from certain countries are much more likely to be rejected than others. In particular:

  • Almost half (46%) of all shipments detained (worth $1.37 billion – 84% of the total value) were electronic products. However, just 3% of CBP decisions resulted in these being refused entry. The vast majority are shipped from Malaysia.
  • In contrast, customs rejected almost two-thirds of industrial raw materials and more than 62% of pharmaceutical and chemical products. Well over half of apparel, footwear and textiles met the same fate (see chart).
  • Vietnam has the highest proportion of shipments denied entry (49%), with 89% of raw materials and 69% of apparel, footwear and textiles rejected. This demonstrates that attempts to skirt the UFLPA by shipping from outside China don’t always work.
  • China itself is the second riskiest originating country for U.S. imports, with 40% of CBP decisions denying its shipments entry. Compare to an 11% rejection rate for Thailand and just 2% for Malaysia.
  • China’s highest risk category is apparel, footwear and textiles (64% rejected). This was followed by pharmaceutical and chemical products (62%) and raw materials (44%). At the other end of the scale, just 14% of agricultural products and 8% of consumer products were denied entry by CBP officers.

Products at Greatest Risk From UFLPA

Percentage of CBP decisions where shipments are denied entry, June 2022 – June 2023

Source: U.S. Customs and Border Protection

Polysilicon – a key raw material in the production of solar panels – is one high-risk product targeted by the UFLPA. More than 40% of the world’s supply of polysilicon comes from Xinjiang. Following previous action against Chinese imports, Vietnam is now the biggest exporter of solar panels to the U.S. Vietnam accounts for one-third of solar panel shipments in 2021.

Actions That Companies Need to Take

Companies can take similar actions to manage forced labor risk and comply with both the UFLPA and SCDDA. At a foundational level, they include establishing a robust risk management and due diligence system capable of identifying and remediating illegal practices.

Interos’ recent survey found that nearly two-thirds of procurement leaders believe they have made significant or moderate progress on forced labor with their suppliers over the past three years (see chart).

Forcing the Issue on Forced Labor

Progress made with suppliers in the past three years

n=750 procurement leaders

Source: Interos Resilience Survey 2023

However, as with other ESG issues, one of the main challenges around forced labor is a lack of sub-tier supply chain visibility. This ranked as executives’ joint top barrier to progress alongside a lack of reliable data for setting and tracking goals.

To support their regulatory compliance efforts on forced labor, procurement leaders need to:

  • Use supply chain mapping and risk-scoring tools to pinpoint high-risk relationships with both direct and indirect suppliers in geographies prone to forced labor.
  • Ensure that existing direct and sub-tier suppliers are not on, or being added to, any restrictions lists, including those specific to the UFLPA.
  • Harness detailed risk intelligence to help identify and mitigate forced labor risks before selecting or onboarding new suppliers in China or other at-risk countries.
  • Keep a close eye on high-risk raw materials and products shipped by Chinese or other firms based in Vietnam, Malaysia, Thailand, Mexico and other countries on the U.S. CBP watchlist.

Supply chain regulations impose a heavy burden on companies. They require time, money and resources to ensure compliance. 79% of CPOs we surveyed agree with that view.

But the same proportion also believes that regulation forces their organizations to do a better job of managing supply chain risk. 70% say it even enhances their competitive advantage in the market.

So the message on forced labor, as with other types of supply chain risk, is that it pays to invest. Organizations can derive value from both complying with emerging regulations, but also proactively developing greater operational resilience.