Not every supplier relationship delivers equal value or carries equal risk. It sounds obvious, but the truth is many businesses struggle to take a proportionate response to supplier risk management.

This means prioritising the suppliers that are truly critical to your business and making the right people accountable for the risks they bring.

If we take commodities such as oil or natural gas, what does it mean to your business when the price of oil suddenly jumps above $100 a barrel for the first time in eight years? Can you withstand the impact, or will it fundamentally impact your operations?

Today, with inflation and geopolitical conflict compounding commodity price volatility, simple buying programs could lead to potentially disastrous outcomes. Active and continuous price risk management is needed.

But this issue goes beyond commodities. In any industry, when a supplier risk presents a fundamental threat to your bottom line, it matters who is responsible for managing that risk. Can you afford to let it sit within your procurement function, or does it require a more active, continuous risk management operation? Do you even know when that tipping point will be reached, and a risk will escalate to business critical?

Across a variety of sectors, we are increasingly seeing supplier risk management being spread out across multiple functions besides procurement, as well as forming a critical component of a wider supply chain risk management program. However, in addition to transitioning away from a siloed approach, it is also important to keep a sense of proportion and focus efforts where the risk is greatest.

A vendor that supplies catering services does not present the same risk as one that processes vast quantities of your customers’ data. A risk assessment for a domestic business relationship does not need to be as comprehensive as one for a relationship with an entity in a politically volatile territory. Proportionality is something that is too often overlooked when it comes to managing suppliers and other third-party relationships.

Looking ahead – and learning from the past

It’s also important to keep a keen eye on what’s coming down the road. Traditionally, across much of the world supplier risk management has largely focused on financial risk. Those risks haven’t gone away. As we’ve discussed in recent articles on the regulatory landscape in the US and Greater China, the Biden administration is particularly focusing on anti-corruption and anti-money laundering, and both nations have issued a wave of sanctions and counter-sanctions against a wide range of entities. For businesses with interests in either territory, having effective “know your counterparty” policies and closely monitoring the fast-changing regulatory landscape will be critical. The evolving sanctions scenario as a result of the ongoing conflict in Ukraine is another case in point.

Financial risk has, of course, long been subject to onerous regulation in many territories. In contrast, when it comes to the ESG side of supply chain risk – for example, human rights violations and sustainability – businesses have largely been left to police themselves. In recent years, however, that has begun to change. In Europe, several nations have introduced laws relating to ESG in the supply chain. Next year, Germany’s Supply Chain Due Diligence Act comes into force, requiring companies to assess the ESG risks associated not only with their direct suppliers, but their indirect suppliers too.

Those following this trend carefully will have noticed similarities in how financial regulation evolved. Anti-bribery and anti-corruption was once given a lighter touch treatment, too, until the US Foreign Corrupt Practices Act of 1977 prompted many other nations to follow suit and put tough new laws on their statute books. Horizon scanning therefore isn’t just about looking ahead. It’s also about learning lessons from the past to predict what the risks might look like tomorrow.