The changing landscape of managing risk

Strategies that manage both daily and exceptional risks along the supply chain have changed. Companies need to heed legal advice and ensure compliance.

Trustworthiness has become a key priority for companies, bringing about new approaches to risk management. Oversight, for example, is now viewed as one of the most important functions of a Board of Directors and Boards expect management to evaluate risk differently to any prior status quo. Companies therefore need systematic processes in place to identify and manage risk.

There is also the increasing role of regulators in risk oversight. Regulator expectations as to what makes a good compliance programme have changed dramatically in recent years and are continuing to evolve. Regulators are now seeking to rebuild credibility from higher profile enforcement activity.

Companies also have a very different operating environment. New technologies have provided opportunity for cyber-security risks. Social media has increased exposure to risk, and local problems may now quickly become global issues. In the eyes of the shareholders, a company’s brand and reputation is an indication of how that company manages its risk.

Businesses are also considering ethics vs legal obligation. Legal obligation is often the minimum standard performed, whereas ethics is an aspect that a company thinks it should do, usually to a higher standard, but it may not be legally obligated to do so. A company therefore needs to find its “sweet spot”, taking into consideration its culture and conduct, and determine what is reasonable but still profitable.

Increasingly, Environmental, Social, Governance (ESG) is becoming more relevant than the black letter of the law. Environmental considerations include: climate change; greenhouse gases; resource depreciation, including water; waste and pollution and deforestation. Social comprises: working conditions (including slavery and child labour); local and indigenous communities; conflict; health and safety; and employee relations and diversity. Governance encompasses: executive pay; bribery and corruption; political lobbying and donations; forward diversity and structure; and tax strategy.

Consider too that a supply chain is only as strong as its weakest link. It must therefore consider Cyber Security and Data/Privacy protection; Economy for the Common Good (ECG) and Sustainability; increasing regulation and regulatory scrutiny; and Incident Response and Crisis Management.

When considering risk management in supply chain management and logistics, individuals need to consider their role in the supply chain, and the relevant risks that they are exposed to. However, proper risk management requires that such role players should also consider the risks that their counterparts may encounter. These role players include the seller, buyer, logistics service provider, bank financing institution, and underwriter.

There are also legal instruments at play, including the contract of sale, the logistics contract, the banking or financing instrument, and the relevant insurance policy. Each of these legal instruments requires an identification of various factors that give rise to risk, such as: the nature of the cargo concerned, the types of carriage, the geography of carriage, the various international regimes and local laws, costs, cyber risks and new technology.

Cyber security is now an integral part of a company’s risk management system, and more so with the introduction of new technologies. Supply chains are fertile grounds for new tech where we see smart contracts, blockchain and autonomous vessels influencing the changing market.