Mitigating Risk and Detecting Fraud in Supply Chain
April 29, 2019
We were recently at the American Supply Chain Summit to discuss how companies with supply chains can mitigate risk and detect fraud within their procurement processes. Here is a look at the conversation that the show organizers had with our Director of Consulting Services, Kal Ghadban:
What are some of the biggest regulatory and compliance challenges companies within the supply chain face?
Compliance is among the top leading challenges organizations within the supply chain must focus on. Forty-five percent of supply chain executives say that they are experiencing increased pressure for regulatory compliance and internal compliance to contracts, according to a recent Aberdeen study.
Regulations including REACH (Registration, Evaluation, Authorization and Restriction of Chemicals), RoHS(Restriction of Hazardous Substances) and the Conflict Minerals Provision under the Dodd-Frank Act all call for greater transparency from companies within the supply chain, and in addition, there are also many country-specific variations of these regulations.
For procurement and supply chain professionals, understanding the requirements for each country and ensuring compliance adherence is a complicated and time-consuming task.
In addition to regulations, awareness of human trafficking and slavery in the supply chain has increased, and many companies have already devised programs to help combat this issue. Those who haven't must employ risk mitigation activities.
When looking at risks around human trafficking and slavery, organizations need to involve C-Suite leadership in identifying risky business, develop clear policies explicitly prohibiting human trafficking, and ensure they do not have relationships with entities on watch lists.
Reviewing people and businesses against sanctioned lists can be useful when screening both international and domestic vendors.
For more thorough risk mitigation, companies should not just look at Office of Foreign Assets Control (OFAC) lists, but also screen individuals and businesses against third-party lists like World-Check and Dun & Bradstreet, and screen both during the on-boarding phase and periodically -- especially when there are changes in the company profile and ownership.
The U.S. Chamber Task Force to Eradicate Human Trafficking published a report in 2017 that gives advice on policies that companies within the supply chain can implement to stop human trafficking from happening.
How can organizations leverage analytics to manage risk within the supply chain?
Analytics and alerts provide excellent visibility into how well supply chain operations and risk management programs are performing.
To leverage analytics for risk management, companies must first obtain an automated transaction monitoring system. This system can either review transactions in real-time or in batches. The analytics are applied against the transactions and look for suspicious activities that are indicative of illicit activities such as theft, bribery or trade-based money laundering.
When thinking about trade-based money laundering, organizations should deploy analytics to look for the following scenarios:
- Over-invoicing or under-invoicing: Invoicing of goods or service at a price above/below the fair market price
- Over-shipping or short-shipping: When there is a difference in the invoiced quantity of goods and the quantity of goods that are shipped
- Ghost-shipping: Fictitious trades which include documentation and payments but no goods were actually shipped
- Shell companies: Doing business with companies unclear ownership
- Multiple invoicing: Numerous invoices issued for the same shipment of goods
- Black market trades: Where a domestic transfer of funds is used to pay for goods by a foreign importer
What strategies can manufacturers employ to comply with supply chain regulations?
To comply with supply chain regulations, companies must have visibility and transparency in their supply chain from beginning to end. This include knowledge of what is purchased, the source of the materials purchased, and the suppliers and vendors involved in the process.
Organizations can obtain visibility and transparency by ensuring data is shared between information systems and by applying the right analytics to ensure compliance with internal controls.
Companies must also be familiar with their country's regulations and apply internal controls to ensure that they are complying with these regulations.
When you are dealing with multiple jurisdictions, it can be risky to rely on a single set of individuals to ensure compliance. Technology that provides automated checks and workflows reduces the risk of errors or omissions.
Finally, ensuring that there is communication and collaboration between individuals within an organization is vitally important for compliance with regulations. This includes ensuring that changes in products or packaging are communicated to the right people.
What is the process that organizations will have to undertake to onboard and leverage Alessa?
The first step is to complete a risk assessment of the business. This is where a representative from every department looks at their risks and prioritizes the ones that need to be addressed first.
The next step is implementing an on-going risk monitoring and controls solution like Alessa. An initial risk controls workshop identifies the alerts and the data needed to support the automated monitoring process.
Once the monitoring system is deployed, the next step is to continuously monitor the alerts to see if the analytics need to be adjusted to reduce the number of false positives as well as look for new opportunities to detect more ?out-of-policy?or ?suspicious?activities that can present a risk to the organization.
Results vary depending on the maturity of the organization. For one company we saw a 90 percent reduction of manual work to gather data and create reports on risk management activities. With transaction monitoring, companies have 100 percent coverage on reviewing all financial transactions.
For managing vendor risks, standard workflows allow organizations to verify that all suppliers are compliant during vendor on-boarding phase. This includes ensuring that nobody is on a sanctioned list.
Where do you see the supply chain industry in the next 5-10 years?
Artificial Intelligence (AI) has the power to change the way companies within the supply chain do business and could contribute up to $15.7 trillion to the global economy by 2030.
When implemented and executed correctly, AI has the potential to improve planning, streamline processes, optimize logistics and in the near future, even detect abnormal behaviors and fraud. This includes leveraging anomaly detection models, transaction monitoring with machine learning and robotic process automation (RPA).
Within the next 5-10 years, organizations within the supply chain will also see the integration of internal data with external data. For example, data from autonomous vehicles with weather information to calculate risk ratings.
About Anu Sood
Anu Sood (LinkedIn | Twitter) is the Director Marketing at CaseWare RCM and is responsible for the company’s global marketing strategy. She has over 20 years of experience in product development, product management, product marketing, corporate communications, demand generation, content marketing and strategic marketing in high-tech industries.