The importance of structured and effective supplier management has increased for major organisations over the years.
Managing both the risk and value generated by suppliers is more vital than ever and is a core requirement for procurement functions and indeed for organisations generally.
There are three key types of supplier information – that which is related to ‘basic’ business needs, performance information (usually gained from active suppliers during a contract) and risk-related information.
The regulatory and compliance burden has increased in recent years in terms of organisations needing to understand much more about their suppliers and supply chain.
Segmenting your supply base
Issues such as modern slavery, GDPR and conflict minerals have put a real focus on the need to manage appropriate information about suppliers.
The implications and penalties in terms of fines, other government actions and reputational damage can be severe.
Organisations should segment their supply base for the purpose of considering these risks and understand that it’s not just the ‘most strategic’ suppliers that can be a source of issues in some of these regulated areas.
Managing suppliers well requires the right systems, policies and processes for supplier data management to be in place.
No longer just ‘nice to have’
Rather than buying organisations wanting information purely for their own benefit, now governments and related third parties are insisting (with regulatory backing) that buyers must have certain information, data, and understanding related to their supply base.
That is backed up with severe penalties, ranging from fines which can run into millions of pounds, to exclusion from bidding for government contracts, as well as the reputational damage that can follow.
So, what was once seen as ‘nice to have’ information has become defined by law. Other requirements are enshrined in public procurement legislation. For instance, in the EU, asking questions about whether company directors have convictions, or if the firm has been investigated over tax matters, is now a routine part of public sector supplier qualification processes.
There is regulation for everybody – not just public bodies – in terms of environmental issues, employment practices in the supply chain, data protection and so on.
The banking example
Take banking as an example. Go back to the 1990s, and the banking regulators were totally disinterested in the precise supply arrangements of the big UK high street banks. But from the late 1990s onwards, and with accelerating interest through the last financial crisis, regulators decided that they would check more diligently that banks understood their suppliers better. Why did this change come about?
The reason was because understanding key suppliers was seen as an important element in understanding how secure and well-managed the funds of the banks’ own customers might be. Today, there is considerable regulation across many aspects of banking, including supplier management.
As the European Central Bank said, announcing a new framework for cyber-resilience: “We also anticipate that the TIBER-EU framework will have an important interplay in the on-going supervision of key financial market infrastructure providers, given the framework’s overriding emphasis on “critical functions” – which firms will want to delineate with a view to the official definition used by the framework: … the people, processes and technologies required by the entity to deliver a core service which, if disrupted, could have a detrimental impact on financial stability, the entity’s safety and soundness, the entity’s customer base or the entity’s market conduct.”
Those “people, processes and technologies required by the entity” includes suppliers and suppliers’ activities, hence the need for much tighter management and better knowledge about key suppliers than that which existed 20 years ago.
This is an example of a specific industry, but there are other regulatory developments that apply to all firms, and it is vital that firms understand their responsibilities and take action. Having effective visibility of the supply base and the appropriate level of knowledge around specific suppliers is an absolutely fundamental element of this essential regulatory compliance and cannot be ignored.
Conclusion: it all starts with supplier master data
The requirement for buyers to have better, more complete and robust supplier information has grown gradually over a long period but has become more critical in recent years. That acceleration in the need has been driven by several trends.
The regulatory environment is a major cause. Governments have become increasingly enthusiastic about demanding that buyers know more about their suppliers and supply chains, in areas as different as data handling, bribery or human rights abuse.
This is unlikely to go away, and along with the reputational and operational risks that suppliers can generate for buyers, it all adds up to a need for organisations to make sure their supplier information processes, systems and policies are – at the very least – adequate, and preferably much better than that.
Much of this starts with management of supplier master data – the foundation on which all supplier-related information can be built. Ensuring that the right information is gathered at the beginning of the relationship, then further relevant information is added where necessary, all in a structured, controlled manner (including where updating is required), is the goal for organisations.
That requires the right systems, policies and processes for supplier data management to be in place. As we have seen, understanding suppliers and managing the information that is required, for both regulatory and performance reasons, is increasingly vital in today’s business environment.