As supply chains become more complex and global, the need to correspondingly step up efforts to manage supplier risk and compliance becomes more critical. I don’t mean simply knowing about their financial stability or whether a key supplier’s performance may be affected by a natural disaster, but instead, I’m thinking about how suppliers have an impact on overall compliance—including legally and ethically. 

One of the problems, as explained in a ChainLink Research report titled “Supplier Risk and Compliance Management in Practice: Part One” is that regulatory and legal responsibilities and compliance requirements continue to grow rapidly. Consequently, companies now have an increasing number of internal compliance requirements. That has forced companies to become much more prescriptive and detailed in supplier mandates to ensure their supply chain and operations run more efficiently and smoothly. While in the past, compliance manuals for suppliers used to be just a few pages, they now may include hundreds of pages, covering everything from routing guides, labeling and packaging requirements to environmental requirements. What’s more, a growing number of companies have supplier codes of conduct, recognizing that the court of public opinion holds them responsible for what happens in their supply chain, ChainLink notes.

With that in mind, it would stand to reason that companies invest substantially to manage supplier risk and compliance. However, to the contrary, ChainLink’s research has found that most companies under-invest in managing supplier risk. Oddly, this is at a time when the need for stronger capabilities to manage risk and compliance are greater than ever due to supply bases that are global, outsourced, and interconnected; and demand volatility, rising commodity prices, and fluctuating exchange rates introduce additional risks.

By analyzing nearly 1,000 supply chain disruptions, ChainLink’s research found that companies’ stock price fell on average about 25 percent as the result of each single disruption. That statistic reminds me of the results of a landmark study a few years ago conducted by Vinod Singhal, professor of operations management at Georgia Tech College of Management, and Kevin Hendricks, associate professor of operations management at the University of Western Ontario. Their research shows that disruptions also do long-lasting damage to companies’ stock prices and profitability.

For example, firms continue to operate for at least two years at a lower performance level after experiencing a disruption, says Singhal. According to Singhal and Hendricks’ research, companies experiencing a supply chain disruption suffer a decline in stock prices that ranges between a 33 percent and 40 percent decline compared with industry peers over a three year period.

To be sure, government regulations and record-keeping requirements will continue to grow and become more complex and encompassing. For instance, some people think of environmental regulations as reducing the impact of manufacturing operations on air, water, and soils, but they also apply to product specifications, water withdrawal permitting, and costs associated with disposal of products that contain hazardous material. Additionally, as concern over conflict minerals mined in the Democratic Republic of the Congo continues to grow, it seems a regulation is eminent that would require publicly traded companies whose products use the conflict minerals to report to shareholders and the SEC whether their mineral supply comes from the DRC.

With all that in mind—as well as the realization that not only are penalties at stake, but that a brand’s reputation may also be publicly harmed by a supplier’s actions or inactions—companies should take a hard look at their risk scorecard. So in addition to risk factors such as sole-sourced/alternative sources, financial health/viability, and quality metrics, a supplier’s security and hiring practices, traceability systems and processes, social responsibility and other factors should also be carefully scrutinized to further evaluate risk.