Supply chain country risk monitoring: Beyond business risk
Jun 07, 2022
Over the last five years, regulatory requirements for in-scope companies to identify and assess risks in their supply chains have increased in many countries.
In 2017, France enacted the Loi de Vigilance (Law of Vigilance), which applies to French companies with over 5,000 domestic employees or over 10,000 globally. The Law requires such companies to carry out due diligence reviews, both internally and with their contractors and suppliers. Through these reviews, companies must map their risks, perform regular risk assessments, and take preventive actions against human rights abuses throughout their global supply chains.
In Germany, a similar set of rules called Lieferkettengesetz (LkG, Supply Chain Act) is expected to come into force on 1st January 2023. Initially, the rules will apply only to German companies with more than 3,000 employees, extending to those with over 1,000 employees in 2024. The due diligence requirements cover human rights violations and environmental protection, with administrative sanctions such as fines or temporary exclusions from public contracts among the penalties for non-compliant companies.
Finally, in the broader European Union, the European Parliament approved a legislative report “on corporate due diligence and corporate accountability” in March 2021. Referencing the United Nations Guiding Principles on Business and Human Rights (UNGP), the report recommends the introduction of mandatory corporate supply chain due diligence to identify and prevent human rights abuses and negative environmental impacts.
Increasingly, then, companies must understand, monitor, and address supply chain risks beyond those that directly relate to their business. That said, the reputational risk entailed in not complying with these requirements is now a direct business risk in itself.
The risks involved range from human rights abuses and environmental damage to cyber security threats, money laundering, and financial terrorism. And the requirements don’t just cover direct suppliers and intermediaries. Because final goods generally consist of many parts which are probably sourced from several countries or jurisdictions, it’s equally important to monitor third-party risks. Indeed, the most significant risks tend to occur at the most fundamental levels of the supply chain. Which, more often than not, are also subject to the least oversight.
To perform this kind of due diligence on their supply chains, companies need effective risk management systems. And, in many jurisdictions, they must also implement preventative measures to limit future infractions.
Of course, there are other good reasons to focus on supply chain risk. Globalisation has transformed trade and financial flows, and respect for human rights and the environment continues to progress. Now, though, national legislation, industry body recommendations, and international enforcement is driving the creation of the tools and processes companies need to monitor risk efficiently and identify erring suppliers.
CountryRisk.io’s solution: standard and customised versions
Our Supply Chain Country Risk Index is an automated tool designed to help companies in their country due diligence, compliance, and governance processes. Individuals can also use the Index to inform their business decisions.
This comprehensive tool captures many different types, sources, and dimensions of supply chain risk. Even so, we understand that a bespoke supply chain risk index may be better for companies that want to apply their own risk definitions, parameters, and weightings. We also recognise that different companies may want to include different indicators, depending on which they see as material. So, we also offer a customised index solution that empowers companies to tailor their own supply chain risk metrics according to their unique due diligence and governance processes.
The Supply Chain Country Risk Index focuses on five broad topic areas and ten risk sections. These cover a wide range of relevant environmental, social, governance, and operational risk factors.
• Climate change and renewable energy
• Strength of the ecosystem
• Strength of human rights
• Access to basic services
• Equality and inclusion
• Quality of institutions
• Prevalence of corruption
• Money laundering
4. Operational risk
• Operational risk
5. International treaties and conventions
• Ratification of international treaties and conventions
To calculate the Index, we selected 85 indicators for their informational value and data availability. We sourced data from a wide range of reputable international multilateral institutions, including the United Nations, World Bank, and the World Justice Project. We also sourced data from special interest organisations that focus on relevant subjects, such as the Basel Convention, the Stockholm Convention, and the Financial Action Task Force (FATF). You can find the list of included indicators here (link).
The underlying geographic universe covers 250 countries and territories. However, different indicators have different levels of country coverage, and some have significant data gaps. That said, accounting for the size of each country’s economy (i.e., contribution to global GDP), most indicators cover 95% of the global economy.
Besides country coverage, the criteria we used to choose the indicators included:
- Available history: Is there a long history of regular updates? If so, the indicator may be too volatile.
- Reporting lag/latest datapoint: When was the index last updated? Will it be updated again in the future?
- Methodology changes: Is the calculation methodology regularly revised? Frequent and significant changes often lead to a lack of comparability over time. Meanwhile, modest changes suggest that the indicator is updated just enough to reflect a changing environment.
- Basis of indicator: Is the indicator based on original (survey) data? Or is it a composite of other indicators?
As part of the Index calculation, we also provide a quantitative data quality measure for each country. We base this measure on the number of available indicators for each country, divided by the total number of indicators included in the model.
For the model specification, it was important to select indicators that a) measure factors relevant to supply chain risk; and b) have an informational value that’s comparable to the other indicators we selected. Unsurprisingly, then, the indicators show a relatively high mutual correlation.
We use a purely quantitative approach to measuring country Supply Chain Risk. Each of the ten risk sections that determine the overall country risk scores include several quantitative indicator assessments, which we weight equally. These assessments provide the ten section scores, which we weight to reflect their relative importance to supply chain risk. We then aggregate these scores to produce the overall country risk score.
We convert each country’s total risk points as a share of maximum possible risk points into one of five supply chain risk category ratings, ranging from “Very Low” to “Very High”. We also visually represent these ratings using a traffic light system, with colours ranging from deep red to green.
It’s important to note that there’s no wholly objective way to determine the thresholds for each risk category. By and large, these are subjective decisions that should align with the organisation’s risk appetite. Classifying too many countries as “Very High Risk” would lead to very restrictive business activities. And classifying too many as “Very Low Risk” would lead to un-provisioned risk in the business portfolio. You find the full methodology here (link).
Figure 1 shows CountryRisk.io’s Supply Chain Country Risk Scores as of 20th May, 2022.
We calculated these scores using the standard methodology we just described. However, the scores could vary should you decide to change the indicators and their weightings or adjust the model to reflect your own risk definitions, parameters, or appetite. You can do this using our customised solution.
To find out more about our risk scores, methodology, or our customised solutions, please get in touch by emailing [email protected].