This is the fourth in a five-part series looking at global supply chain risk factors, COVID-19, and economic reopening.

“Domestic and global companies are in the midst of rapid shifts in supply chain planning, operations, and inventory management to address coronavirus impacts,” noted Institute for Supply Management (ISM) CEO Thomas W. Derry. These significant shifts underscore the global impact of operational risk. Operational risk largely focuses on the risk of loss caused by people, processes, and systems or technologies, as well as a range of external events. While there may be some industry-specific risks, such as industry prices, a focus on labor, infrastructure, and regulations is a consistent component of most operational risk frameworks.

Operational risk may seem most impactful to industries reliant on heavy equipment and automated processes, such as manufacturing, oil and gas, and retail. However, because every company is now a tech company thanks to hyper-connectivity, automation, and artificial intelligence, every enterprise is susceptible to operational disruptions. For example, between 2011-2018, banks suffered $210 billion in operational risk losses, which helped inform the recent Basel III regulations for financial services operational risk. They aren’t alone. COVID-19 has created major operational risks across virtually every facet of every industry.

Labor

COVID-19 has brought labor safety back to front-page headlines. From the safety of the healthcare workers on the frontlines battling the pandemic to the farmworkers and truckers delivering our food, to the conditions of warehouse workers distributing goods across the globe, labor safety conditions and awareness is under tighter scrutiny. New regulations and guidelines pertaining to labor safety and hazardous conditions are starting to emerge and are likely to expand as both best practices and worst offenders continue to surface.

Occupational safety is just one of the many considerations for employment practices writ large, which inform operational risk. Many labor-specific factors fall under human resources, such as compensation or discrimination claims, while talent shortage is a top-level business risk. Talent shortages have historically been one of the top critical risks across many industries including energy, cyber, manufacturing, and aviation.

Finally, it’s important to highlight third-party labor risks, which may be indirect but can be equally disruptive to operations. “Labor is the backbone of any supply chain operator” and so labor disruptions of any kind – whether a strike, labor cuts, retention problems, or hazardous conditions – will propagate throughout the supply chain. While much attention has been paid to the effects of increasing automation within the global workforce, the human element remains a very influential determinant of supply chain resilience

Infrastructure

As COVID-19 has made extraordinarily clear, the ability to get things back up and running is core to resiliency. Aging infrastructure can be as impactful for the aviation industry as it is for companies dealing with legacy tech stacks that are no longer supported. IT failures are among the top operational risks; in some cases, they hinder electronic payments systems while in others these failures could block account access or cause website disruptions. With every company a tech company, manufacturers not only have to deal with equipment infrastructure, but their data exchanges, industrial internet of things, and cloud services are now critical, too.

Of course, physical infrastructure is also essential to operational resilience, including energy costs and access. Grounded flights, limited port access, and cargo theft can impact the flow of goods from a supplier. But physical infrastructure extends beyond that, to include physical facilities, including warehouses and office space. The impacts of climate change, for instance, on these facilities should be part of any operational risk assessment and continuity of operations plan.

Regulations & Compliance

Regulations and compliance cover the safety, environmental, health, and quality considerations that also impact labor and infrastructure, but extend well beyond them as well. For instance, anti-money laundering (AML) and sanctions violations can reach into the billions, risking lives, ending careers, and ruining reputations. In the pharmaceutical industry, for instance, enterprises must stay on top of legal and regulatory changes and a range of liabilities that can emerge from products, technologies, and counterfeit drugs and global quality control.

While the claim that data is the new oil is now anachronistic, the need to protect data is only growing in urgency. As we discussed in the cyber risk post, cyber threats continue to evolve, the majority of which target intellectual property, personally identifiable information (PII), and other sensitive corporate data. To incentivize enterprises to elevate their security and privacy data protections, a range of data protection regulations continue to emerge. From the General Data Protection Regulation (GDPR) in Europe to Brazil’s General Data Protection Law (LGPD) to California’s Consumer Privacy Act (CCPA), enterprises risk significant fines for non-compliance to the patchwork of data protection and data localization laws across the globe; fines which could cause major business disruptions, while also presenting potential data compromises across their supply chain partners.

Looking Ahead

COVID-19 has introduced a wide range of operational disruptions, leading to vast shortages, shutdowns, and compliance mishaps. As Wharton professor of operations, information, and decisions, Morris Cohen, noted, “This is an unprecedented type of disruption. I don’t think we’ve ever seen anything like this.” Operational risk covers all aspects of people, processes, and technology; so much so that many large enterprises are creating risk operations centers (ROCs) to detect and prepare for inter-related threats and potential disruptions. Looking ahead, the ongoing disruptions across the labor, infrastructure, and regulatory environments will continue to prompt corporate and governmental responses and new guidelines. Operational change will be the only constant as enterprises seek resilience and agility during the pandemic and prepare for the new normal.

The Interos platform monitors operational risk to assess its impact on extended enterprise supply chains. We are committed to continuing to monitor COVID-19 -driven upheaval and providing insight for businesses searching for the path to economic recovery and adapting to the “new normal.” The next piece in this series will focus on the governance disruptions to supply chains, and how COVID-19 is impacting these risks.

To learn more about how we capture operational risks to your supply chain, visit www.interos.ai or check out our latest whitepaper Agile or Fragile: 5 Steps to Achieve Supply Chain Resilience in a Post-COVID World.

Dr. Andrea Little Limbago is a computational social scientist specializing in the intersection of technology, national security, and society. As the Vice President of Research and Analysis at Interos, Andrea leads the company’s research and analytic work regarding global supply chain risk with a focus on governance, cyber, economic, and geopolitical factors. She also oversees community engagement and research partnerships with universities and think tanks and is a frequent contributor to program committees and mentorship and career coaching programs. She has presented extensively at a range of academic, government, and industry conferences such as RSA, SOCOM’s Global Synch, BSidesLV, SXSW, and Enigma. Her writing has been featured in numerous outlets, including Politico, the Hill, Business Insider, War on the Rocks, and Forbes. Andrea is also a Senior Fellow and Program Director for the Cyber and Emerging Technologies Law and Policy Program at the National Security Institute at George Mason and a Fellow at the Atlantic Council’s GeoTech Center. She is an industry advisory board member for the data science program at George Washington University, and is a board member for the Washington, DC chapter of Women in Security and Privacy (WISP). She previously was the Chief Social Scientist at Virtru and Endgame. Prior to that, Andrea taught in academia and was a technical lead at the Joint Warfare Analysis Center, where she earned the Command’s top award for technical excellence. Andrea earned a PhD in Political Science from the University of Colorado at Boulder and a BA from Bowdoin College.