Location is Everything
Location isn’t only important in real estate. It is also critical to supply chain resilience. To be resilient, companies must understand where their suppliers are located. They must also understand the susceptibility of those locations to disruption.
Businesses often engage suppliers in regions with lower labor costs. That can backfire if not enough attention is paid to the location of these suppliers or to the adequacy of contingency plans in the case of business disruption. Large global companies with deep supply chains are often at greater risk given the potential for impact to on-time deliveries, supplier responsiveness and sustainability.
Your Suppliers’ Suppliers
Ask yourself: Do I know the locations of all the companies within the supply tiers that feed my final production and assembly? Some of your suppliers’ suppliers may be located in areas prone to power outages, landslides, political upheaval or labor unrest, which could shut down a critical facility for a significant period of time.
The devastating fire that killed more than 250 people at a garment factory in Pakistan stands as a stark reminder. Building codes were not enforced in that case.
While many companies have established standards to identify all suppliers in all tiers, these standards require ongoing analyses of each supplier’s financial stability and their regions’ economic and political stability. When it comes to suppliers’ suppliers, incorrect assumptions may be made about the resiliency of second- and third-tier suppliers.
Supplier location is important for another reason — the efficacy of building codes and other construction standards in a region. But those codes do no good without enforcement. The devastating fire that killed more than 250 people at a garment factory in Pakistan stands as a stark reminder. Building codes were not enforced in that case.
From a risk management standpoint, companies should insist their suppliers maintain the same quality and integrity in their facilities that they conform to themselves. For larger global entities, it is prudent to require tier one suppliers to conduct business only with suppliers that maintain high building construction standards. Absent this assurance, the onus is on companies to map out their supplier’s location, peruse local building codes and investigate compliance.
Relying on too many suppliers in the same region also can be problematic. Geographic clusters of Tier 1, Tier 2 and even Tier 3 suppliers are increasingly common, according to a recent report by Deloitte. And while capitalizing on groups of experienced workers in proximate facilities can streamline supply chains and pare costs, it only makes sense if the risk is gauged in relation to the opportunities.
More Than Meets the Eye
Where a company is located is a crucial determinant of supply chain risk. Certain countries are simply more resilient to supply chain disruption than others. Our research with Oxford Metrica bears this out, indicating that Norway, Switzerland and Ireland are highly resilient regions, whereas Venezuela, the Philippines, India and Bangladesh are much less so, subject to country-inherent risk stemming from such things as corruption, political instability or natural hazards.
Today, risk is no longer scrutinized in a vacuum. The sum of the whole is what makes a supply chain resilient.
Meshing Distinct Viewpoints
Marilyn Rivers, director of risk and safety, City of Saratoga Springs
Several years ago, Whirlpool decided it could save 75 cents per unit if it outsourced the production of dishwasher water seals to a Chinese supplier. The annual savings were projected at more than $2 million.
But soon after the arrangement was made, the Chinese manufacturer changed to a different rubber supplier, causing a failure rate of nearly 10 percent, according to “Managing Risk in the Global Supply Chain,” a study by the Supply Chain Management faculty at the University of Tennessee.
By the time Whirlpool discovered the problem, more than 2 million dishwashers had been produced with the leaky seals and about two months’ worth of supply was in transit. The oversight cost the company millions — destroying the realization of projected savings for more than three years.
The study listed the example as one of the multitude of risks that can occur in supply chain management. And it’s an example of how risk management could have helped avoid the problem altogether.
In the most effective companies, risk management and procurement work together to ensure both the cost and quality of supplies and vendors, as well as proper risk transfer.
When those functions do not align, the organization suffers. That suffering may take the form of safety violations, product recalls and reputational loss, among other exposures.
But it’s not possible for procurement and risk management — organizational functions with two distinct viewpoints — to always agree. In some organizations, they rarely even communicate. It is possible, however, to build a relationship that allows the organization to prosper without undue risk.
Underlying the relationship should be a common mission of focusing on the organization’s goals as a whole, experts said.
“Risk management and procurement are partners in helping to grow the business and at the same time, growing the balance sheet,” said Brian Merkley, global director of corporate risk management at Huntsman Corp., a Salt Lake City-based global chemical manufacturer.
When he first joined Huntsman about 10 years ago, he worked with procurement and legal to develop a contractual risk transfer strategy document, which was “my first introduction to the procurement team and the processes they used. I found a good working relationship with them and it continues today.
“Cultivating a strong relationship with procurement is critical,” he said, noting that there is a constant challenge to make smart risk/reward decisions — balancing price against the potential exposure.
“Risk management and procurement are partners in helping to grow the business and at the same time, growing the balance sheet.” — Brian Merkley, global director of corporate risk management, Huntsman Corp.
Over the years, his department has provided important guidance to refine standards and strategies for procurement that include performance expectations of contractors, indemnity language, and insurance requirements, among others. It also has helped to develop a process to qualify various contractors that meet risk management and procurement’s standards so operations can run smoothly.
Contracts and insurance provisions can’t be reviewed in a vacuum, Merkley said, but have to include scope of work, indemnity, and relationships or prior experience with the parties. “We are going to insist on certain levels of protection based on the type of work,” he said.
In many organizations, risk managers are not in a position to influence procurement or supply chain decisions. They either don’t have the buy-in of the senior leaders of the organization, don’t have effective channels to collaborate on such decisions, or they don’t have sufficient understanding of the organization’s strategies and goals to provide effective input into procurement activities.
Gary Lynch, CEO and founder, The Risk Project, and a former global practice leader for Marsh, said that over the years he has been “shocked at how little the risk management community knew about the operations of their business. They knew how they made money, but they didn’t know who contributed to bringing value to the market.
“The majority of risk managers that I have worked with don’t have the opportunity, don’t have the capability and don’t have the value to really support [procurement or supply chain decisions]. Those are the three stumbling blocks,” he said.
The same can also be said for many supply chain professionals. According to the University of Tennessee study, most of them have little expertise in insurance products. Nor do they understand many of the potential claims issues — or the insurance programs that are available to protect them.
In the study, insurance ranked dead last in a list of 10 risk mitigation strategies to protect supply chains — ranking 4.5 out of 10. The top strategy was “strong suppliers,” ranking 7.5 out of 10.
“I think there is a lot of disconnect with folks between procuring and supply chain, and the risk management function,” said Mark Robinson, vice president of global operations at UPS Capital, which offers supply chain finance and insurance services. “In my mind, they don’t talk very much.”
There are some risk managers, however, who are able to add value to the procurement process. The words that keep coming up in conversations with them are “relationship” and “partnership.” Risk management and procurement work best together, they said, when both functions keep the organization’s strategic goals top of mind.
Robinson said the visibility of catastrophic events, targeted thefts and the larger size of container ships has heightened awareness of cargo, trade disruption and cyber risk insurance. From 2011 to 2013, the global cargo insurance market increased from $17.2 billion to $18.2 billion, about a 6 percent increase. And the U.S. market is increasing faster than the global market, he said.
The City of Saratoga Springs, N.Y., operates under regimented bidding processes. But even as the city is required to take the lowest bidder, it must ensure that it hires the lowest “responsible” bidder.
“Sometimes, folks give outlandishly low-priced bids,” said Marilyn Rivers, Saratoga’s director of risk and safety. “We structure it so that when we send out a request for quotes or a request for proposal, we place in the language that anyone chosen has to meet all of the requirements and has to be qualified.”
That means vendors or suppliers have to submit a certificate of insurance, execute the city’s “risk and safety agreement” and a “vendor code of conduct” as well as have sufficient prior experience and the ability to complete a project within the set time frame, among other requirements.
“We are always cognizant of the cost, but we must ask, ‘What is the benefit to the public versus the cost, because tax dollars are being used for those projects,’ ” she said.
Plus, Rivers said, the city must “look at the totality of how it impacts the community. … We can’t just slice up a roadway.”
At Sodexo Inc., which has 8,000 food suppliers and 25,000 non-food suppliers, Peter Rosiere, vice president, risk management, created a new position — supply risk analyst — to more fully bring the risk perspective to the supply chain team.
“One primary reason we created the new position was to develop that communication, linkage and a balance point between the two groups,” he said. “The groups tend to spin in different orbits. What we are trying to do is build a bridge. We have a good bridge. We want to make it even better.”
Evelyn Joe, who holds that new position, said her primary goals are communication, education and collaboration, trying to find the “best working relationship that meets the needs of the company and each team.”
It’s necessary, she said, to understand the other group’s needs and goals while sharing with them the needs of risk management “so we are not talking apples and oranges, so we understand the foundation. … We have worked extremely hard to become part of the supply management process.”
Sometimes, she said, procurement will seek approval of a supplier that does not comply with the department’s insurance requirements or standards. In such cases, procurement and risk management work together, along with legal, to research the organization and find a solution.
“That’s when I’ve been pleasantly surprised because of the constant relationship-building and education with supply management that they completely understand,” Joe said. “The supply manager understood why we couldn’t change our risk management requirements. It’s our job to help our client understand why we have the high standards we do, for both brand and customer protection.”
Opening the channels of communication is, obviously, the first step to creating or enhancing that relationship.
For Dwayne Eastwood, risk manager, McCoy’s Building Supply, it can mean walking around the office with a cup of coffee and asking, “What’s up? What’s the latest? Are you thinking about safety and risk management and contractual arrangements?
“It’s just getting in front of people for a couple of minutes and talking it up. You have to be involved early on. It’s critical.”
But it’s not just asking, he said. It’s also about following up on what is heard by “pointing out and illustrating what the risks are. …Credibility is paramount.”
Credibility matters because the ultimate decision is not within risk management’s control, he said.
“When you step into their world and you point out and illustrate what the risks are, they make the decision for the company that this risk is or is not acceptable. It’s everybody else who makes those decisions,” Eastwood said.
When he explains why a proposed plan “is not really a good idea, most of the time, they will go along with us. They don’t necessarily want to go against the grain. They take our advice most seriously,” he said. “That’s good, and I think credibility is where you get that from, and a proven track record.
“In the beginning, there were a lot of ‘a ha’ moments. It was really up to me and others to educate them that we needed to be involved on the front end. They didn’t ignore it; they just didn’t consider it. When they realized the risks and possible loss of life or big dollar amount lawsuits and what that could look like it was, ‘oh OK.’ ”
Using claims data in such conversations “speaks volumes,” he said. “I’m a huge fan of using loss history to evaluate the risk, frequency and severity, both.”
Eastwood’s colleague, Kevin Shute, director of merchandising-hardlines and merchandising operations, said that the partnership between his function and risk management has over the years “moved from a reactive to a proactive situation. … We like to think that the key to our interconnectedness or connectivity is we know each other personally.”
Shute said that when his team finds a new product from one of its 1,400 vendors, such as virgin sulfuric acid, which is “powerful, powerful stuff,” his team will work with risk management to review all of the processes, packaging, paperwork and safety training and product handling issues.
In another situation, when McCoy’s recently launched a propane tank exchange, the two teams “worked from cradle to implementation” through the contracts, insurance, permitting, vendor and store compliance, employee training, and all other aspects to eliminate any potential liability issues, Shute said.
“We typically don’t look at [risk mitigation efforts] as a problem,” he said. “We look at it as that’s what we have to do to protect our assets.”
It can sometimes be difficult to clearly understand what protection is needed when a catastrophic exposure hasn’t yet occurred, said UPS Capital’s Robinson.
For example, he said, he knows one pharmaceutical company that used to ship $20 million worth of inventory from its location in one truck to an airport 30 miles away every day. From there, it would be divvied up to be transported by plane to various locations.
While the company had claims after the inventory had been brought to the airport and transported, it never had a catastrophic loss related to the 30-mile truck journey. “Can you envision the scenarios? An accident? Being hijacked? Some problem where you lose the whole load?” he asked.
The company had $1 million in coverage for that $20 million load, he said, noting that a conversation ensued with the company about the plausibility of such a loss and how it could protect itself.
A good time for risk managers to begin expanding their partnership with procurement is when contracts are annually reviewed and renewed.
Requiring suppliers or service providers to carry insurance may not adequately protect a company from substantial losses, Robinson said. A major incident could push a supplier into bankruptcy, or a policy’s terms and conditions may not be conducive to compensating the company for its loss -— at least not without a lengthy court battle.
“The groups tend to spin in different orbits. What we are trying to do is build a bridge. We have a good bridge. We want to make it even better.” — Peter Rosiere, vice president, risk management, Sodexo Inc.
It’s not just whether insurance coverage will adequately protect the company. Much of the work risk management must do deals with business continuity planning. Is there resilience in the supply chain for all tiers of suppliers, inventory, labor and transportation? Is there a worrisome geographic concentration? Is there the potential for natural disaster or political upheaval? Is there an acceptable tradeoff between risk and reward?
“The reality,” Sodexo’s Rosiere said, “is that an organization cannot operate without supplies, be it for raw materials or services. But a company cannot operate without good risk transfer. This is not the case with Sodexo, as strict supplier insurance/risk transfer requirements are in place. There has to be an understanding of where the functions rest within the priorities of the organization.
“Sodexo’s awareness of the risk and the partnership with our supply management teams is a key aspect of our growth and culture.”
A lot of it comes down to how decisions affect the company’s margins, said The Risk Project’s Lynch.
When risk managers seek to manage compliance issues or ensure additional capabilities, they are introducing cost into the equation, he said.
“It’s clear to me that these folks have to navigate risk, and not manage it. … You have to manage to the margins,” he said. “Risk management has to be done within the context of the operation’s margin.”
“It’s looking at the totality of the risk,” Saratoga Springs’ Rivers said. “It’s looking at the total risk the project entails and how that project impacts the community, the business or employees, and what an entity, whether public or private, needs to do so it can mitigate risk so it can be successful and the entity doesn’t lose money on it. … The procurement standard should be dovetailed to the project.
“The goal of all risk management is empowering people. It’s a partnership that allows that empowerment but gives the opportunity to know when to ask more questions. … It’s achieving goals cost-effectively but not endangering the health and welfare of employees or the community in the process.”
Regular education and training are crucial, Huntsman’s Merkley said.
“We are all trying to grow the business in an appropriate way and safeguard the balance sheet from making bad bets, and it’s crucial we partner together in doing that.
“The best starting place is to develop personal relationships with the procurement management team, and secondly, you have got to do a lot of work to prove yourself as a reliable subject matter expert. When they come to risk management and look for guidance around insurance language, you have got to back it up.”
Detention Risks Grow for Traveling Employees
It used to be that most kidnapping events were driven by economic motives. The bad guys kidnapped corporate employees and then demanded a ransom.
These situations are always very dangerous and serious. But the bad guys’ profit motive helps ensure the safety of their hostages in order to collect a ransom.
Recently, an even more dangerous trend has emerged. Governments, insurgents and terrorist organizations are abducting employees not to make money, but to gain notoriety or for political reasons.
Without a ransom demand, an involuntarily confined person is referred to as ‘detained.’ Each detention event requires a specialized approach to try and negotiate the safe return of the hostage, depending on the ideology or motivation of the abductors.
And the risk is not just faced by global corporations but by companies of all sizes.
“The world is changing. We see many more occasions where governments are getting involved in detentions and insurgent/terrorist groups are growing in size and scope. It’s the right time for a discussion about detention risks.”
— Tom Dunlap, Assistant Vice President, Liberty International Underwriters (LIU)
“Practically any company with employees traveling abroad or operations overseas can be a target for a detention risk,” said Tom Dunlap, assistant vice president at Liberty International Underwriters (LIU). “Whether you are setting up a foreign operation, sourcing raw materials or equipment overseas, or trying to establish an overseas sales contract, people are traveling everywhere today for so many reasons.”
Emerging Threats Driven By New Groups Using New Tools
Many of the groups who pose the most dangerous detention threats are well versed in how to use the Internet and social media for PR, recruiting and communication. ISIS, for example, generates worldwide publicity with their gruesome videos that are distributed through multiple electronic channels.
Bad guys leverage their digital skills to identify companies and their employees who conduct business overseas. Corporate websites and personal social media often provide enough information to target employees who are working abroad.
And if executives are too well protected to abduct, these tools can also be used to identify and target family members who may be less well protected.
The explosion of new groups who pose the most dangerous risks are generally classified into three categories:
Insurgents – Detentions by these groups are most often intended to keep a government or humanitarian group from delivering services or aid to certain populations, usually in a specific territory, for political reasons. They also take hostages to make a political statement and, on occasion, will ask for a ransom.
In other cases, insurgent groups detain aid workers in order to provide the aid themselves (to win over locals to their cause). They also attempt prisoner swaps by offering to trade their hostages for prisoners held by the government.
The most dangerous groups include FARC (Colombia), ISIS (Syria and Iraq), Boko Haram (Nigeria), Taliban (Pakistan and Afghanistan) and Al Shabab (Somalia).
Governments – Often use detention as a way to hide illegal or suspect activities. In Iran, an American woman was working with Iranian professors to organize a cultural exchange program for Iranian students. Without notice, she was arrested and accused of subversion to overthrow the government. In a separate incident, a journalist was thrown in jail for not presenting proper credentials when he entered the country.
“Government allegations against detainees vary but in most cases are unfounded or untrue,” said Dunlap. “Often these detentions are attempts to prevent the monitoring of elections or conducting inspections.”
Even local city and town governments present an increased detention risk. In one recent case, a local manager of a foreign company was arrested in order to try and force a favorable settlement in a commercial dispute.
Ideology-driven terrorists – Extremist groups such as Boko Haram and ISIS are grabbing most of today’s headlines with their public displays of ultra-violence and unwillingness to compromise. The threat from these groups is particularly dangerous because their motives are based on pure ideology and, at the same time, they seek media exposure as a recruiting tool.
These groups don’t care who they abduct — journalist, aid worker, student or private employee – they just need hostages.
“The main idea here is to shock people and show how governments and businesses are powerless to protect their citizens and employees,” observed Dunlap.
Mitigating the Risks
Even if no ransom demands are made, an LIU kidnap and ransom policy will deliver benefits to employers and their employees encountering a detention scenario.
For instance, the policy provides a hostage’s family with salary continuation for the duration of their captivity. For a family who’s already dealing with the terror of abduction, ensuring financial stability is an important benefit.
In addition, coverage provides for security for the family if they, too, may be at risk. It also pays for travel and accommodations if the family, employees or consultants need to travel to the detention location. Then there are potential medical and psychological care costs for the employee when they are released as well as litigation defense costs for the company.
LIU coverage also includes expert consultant and response services from red24, a leading global crisis management assistance firm. Even without a ransom negotiation to manage, the services of expert consultants are vital.
“We have witnessed a marked increase in wrongful detentions involving the business traveler. In some regions of the world wrongful detentions are referred to as “business kidnappings.” The victim is often held against their will because of a business dispute. Assisting a client who falls victim to such a scheme requires an experienced crisis management consultant,” said Jack Cloonan, head of special risks for red24.
Without coverage, the fees for experienced consultants can run as high as $3,000 per day.
Given the growing threat, it is more important than ever to be well versed about the country your company is working in. Threats vary by region and country. For example, in some locales safety dictates to always call for a cab instead of hailing one off the street. And in other countries it is never safe to use public transportation.
LIU’s coverage includes thorough pre-travel services, which are free of charge. As part of that effort, LIU makes its crisis consultants available to collaborate with insureds on potential exposures ahead of time.
Every insured employee traveling or working overseas can access vital information from the red24 website. The site contains information on individual countries or regions and what a traveler needs to know in terms of security/safety threats, documents to help avoid detention, and even medical information about risks such as pandemics, etc.
“Anyone who is a risk manager, security director, CFO or an HR leader has to think about the detention issue when they are about to send people abroad or establish operations overseas,” Dunlap said. “The world is changing. We see many more occasions where governments are getting involved in detentions and insurgent/terrorist groups are growing in size and scope. It’s the right time for a discussion about detention risks.”
For more information about the benefits LIU kidnap and ransom policies offer, please visit the website or contact your broker.
Liberty International Underwriters is the marketing name for the broker-distributed specialty lines business operations of Liberty Mutual Insurance. Certain coverage may be provided by a surplus lines insurer. Surplus lines insurers do not generally participate in state guaranty funds and insureds are therefore not protected by such funds. This literature is a summary only and does not include all terms, conditions, or exclusions of the coverage described. Please refer to the actual policy issued for complete details of coverage and exclusions.
This article was produced by the R&I Brand Studio, a unit of the advertising department of Risk & Insurance, in collaboration with Liberty International Underwriters. The editorial staff of Risk & Insurance had no role in its preparation.