If you are a risk manager or management consultant working with a highly regulated industry, getting to grips with myriad supply chain risks is only part of the problem. Your role is also to articulate these risks in a way that makes decision-makers sit up and listen – and give the go-ahead for mitigation budgets and strategies.
Easier said than done. Perhaps some in the industry will relate to Cassandra, the Trojan priestess who was granted a double-edged power: the gift of prophecy and the curse of being believed by no one. And why would businesses release budgets for hugely costly mitigation strategies unless there’s a compelling case for action?
In this article, we’ll look at some of the most compelling current threats to supply chains for highly regulated industries such as life sciences, reinsurance and financial services. We’ll then look at factors that make managing supply chain risks and identifying areas for concern so challenging.
Finally, we’ll introduce a way to navigate the threat landscape more accurately. This can help you to present a case for mitigation that gets buy-in and protects your organisation and its profits.
Before starting, a final thought that we’ll address later. If you could put a plausible number on value at risk – backed up by convincing data – how much easier would it be to convince business leaders that mitigating actions make business sense?
7 Current Threats to Supply Chains
To start, we’ll look at risk using relatively recent developments as our examples. As we have pointed out in a post about enterprise risk management, these are not occasional interruptions but are becoming the new norm.
1. Offshoring and Consolidation
In the quest for cost reduction, some manufacturers – particularly those in pharmaceuticals – rely on a relatively small group of offshore suppliers. But cutting costs can cost you. Moving away from domestic or nearshore production increases risks of trade wars, weather risks and quality concerns. In 2021 – during the Covid pandemic – the European Parliament published a study on post Covid-19 value chains, and options for reshoring production back to Europe in a globalised economy. The message was clear – relying on distant nations, particularly in times of emergency – is something that shouldn’t happen again.
2. Regulatory Risks
A study led by Intersys with the Institute for Manufacturing at the University of Cambridge discovered that more than two-thirds of life sciences shortages were linked to Official Action Indicated Notices issued by the US FDA. Of note is that there was a higher prevalence of issues in China and India than in the US and Europe. From DORA Act compliance for financial services to the Mapping America’s Pharmaceutical Supply (MAPS) Act, suppliers falling foul of regulations can seriously affect your business operations.
3. Just in Time Manufacturing Models
Toyota’s pioneering approach was “Making only what is needed, only when it is needed, and only in the amount that is needed.” This was good for saving money on holding stock, but recent events have questioned the validity of this model when it comes to managing supply chain risks. When the container ship Ever Given, bound for Felixstowe from Malaysia, got stuck in the Suez canal for six days, it cost shipping traffic £730m. The effects were felt at one level by consumers waiting for Amazon deliveries and another by company leaders asking valid questions about the ‘just in time’ model in a fragile global trade environment. For some industries, it may be a useful model but for others – such as pharma – just in time manufacturing may cause fundamental supply chain issues.
4. Extreme Weather Incidents
Regions where manufacturing is cheap frequently experience a disproportionate amount of weather disruption. The result is that many organisations are heavily exposed to weather-related risk. Overreliance on one region prone to extreme weather can seriously disrupt supply chains. For example, 92% of the world’s most advanced semiconductor manufacturing capacity is based in Taiwan, a country that – despite being technically one of the wettest places on Earth – in recent years has experienced supply chain disrupting drought. Insurers, in particular need to understand the true impact of climate change exposures to their portfolios. More widely, all organisations must ensure that they meet compliance rules concerning climate change.
5. Cyber Risks
A 2023 data breach report from IBM revealed that healthcare and pharmaceuticals breaches cost on average $4.82m – the highest in any sector. Pharmaceutical companies are increasingly working with third-party organisations in areas such as research and development, manufacturing, supply chains, trials and more. This increases vulnerability because these third parties will frequently have access to the parent company’s systems.
While healthcare and pharmaceuticals may suffer most, this is a widespread problem and particularly concerning for highly regulated sectors and those holding valuable intellectual property. Read our post about supply chain cyber security threats.
6. Consolidation Risks (Mergers and Acquisitions)
Managing supply chain risks may include eliminating any single source of product or service. But spreading your risk can be far more complicated than it appears at first glance. Mergers and acquisitions can have an insidious effect on good supply chain risk practices – unless you can keep up with industry developments. For instance, Company A acquires Companies B-F. Meanwhile, your several sources of crucial components become one source and your risk increases.
7. Transport and Logistics Problems
The further away your supply chain, the greater the risk of disruption and uncertainty due to transport and logistics issues. A large journey time can heighten problems associated with political upheaval, strikes, fuel price fluctuations, armed conflicts, compliance and customs regulations, and natural disasters. Quality control can also become an issue, particularly for temperature-controlled products. While Internet of Things devices can track product movements and temperatures to a granular degree, these can be targets for cyber criminals.
If you work in pharmaceuticals, you might want to read our blog post 10 sources of risk in pharma supply chains.
Managing Supply Chain Risks: Common Solutions
Some of the most common solutions to managing supply chain risks include:
Diversifying suppliers. Ensuring there are multiple sources for critical components and geographically dispersed suppliers can help alleviate some of the most critical issues.
Inventory management. Strategically stockpiling critical materials or components – and maintaining buffer stocks to manage short disruptions – can help to ride out a supply crisis.
Nearshoring. According to a supply chain article in Forbes, ‘… companies are progressively transferring part of their production to countries close to their markets and with similar time zones, in order to minimize the effects of disruptions in supply chains’. Supply chain risks associated with COVID 19, the Russia-Ukraine war and political and trade tensions between the USA and China are factors driving this emerging strategy.
Insurance and financial hedging. Insurance can transfer some supply chain risk and financial instruments can hedge against price volatility.
But… How Do You Deal with a Problem if You Don’t Know You Have a Problem?
Looking at solutions to supply chain problems may be jumping one step ahead. Before mitigating strategies can be implemented, supply chain risk managers must know that they have a problem in the first place. And that turns out to be a far more complex undertaking than it might appear to be at first glance.
Monitoring suppliers and supply chains is a fundamental function of a risk manager or business consultant. However, several common issues make understanding threats to an organisation – and making the case for mitigating budgets and strategies – extraordinarily difficult.
Firstly, risk managers often work within finance departments and do not intimately understand the manufacturing process. To put it bluntly, an advanced knowledge of risk modelling is not going to cover for that lack of understanding about how Industry A or B works at the granular level. This knowledge gap can be significant in terms of managing supply chain risks and lead to a failure to recognise critical dependencies within the manufacturing chain.
Furthermore, supply chains can be notoriously opaque. Tracing the full extent of their supply networks, especially beyond tier-one suppliers, can be tricky. Weak points lurk, unidentified, until the proverbial hitting-of-the-fan incident occurs. Even if supply chain oversight is fair or good, there’s no guarantee that supplier reporting will be. Incomplete or outdated information (particularly relevant to fast-moving situations such as wars or climate incidents), and different reporting standards and criteria can all lead to an incomplete and complex picture. Consolidating data into anything meaningful may become an impossible task.
The takeaway is that risk managers can find themselves lacking the experience and data to scrutinise potential areas of concern and develop a convincing case for mitigation.
All of these challenges occur in a climate where the case for mitigation must be unassailable. Because, while organisations may offer lip service to a need for supply chain resilience, they’re also likely to push back hard against the cost of mitigating measures – unless there’s an unimpeachable case for action.
There Are Solutions to Supply Chain Monitoring, But They Often Don’t Work
Risk managers or organisations who rely on spreadsheet data may realise this isn’t going to cut it and begin to shop for supply chain risk software. This is a step in the right direction but, in most cases, it’s going to present its own problems.
As the previous section reveals, supply chain mapping can be an incredibly complex and time-consuming problem. Inevitably, risk managers will do what they can and then expect the platform to fill in the gaps. It will, but perhaps not in the accurate and diligent way you require. In a phenomenon brutally described by software engineers as ‘rubbish in, rubbish out’, your outputs are only as good as the data you feed it. And, as we’ve seen, getting the right data can be notoriously difficult.
Essentially, if you don’t dig deeper into your supply chains, you’ll get the same poor-quality data dressed up in shiny user interfaces, colourful reports or next-generation AI analysis. And your case for managing supply chain risk will be swiftly picked apart by your CFO, COO and board of directors.
What SCAIR® Offers and Why It’s Different
At this point, we won’t suggest there’s a one-button solution to this incredibly complex problem. But we will show you how our supply chain risk software, SCAIR®, does something very different to many competitors to help you overcome the issues outlined above and create a powerful case for mitigation.
Launched in 2006 and the first pharma supply chain risk management software to go to market in the UK, SCAIR® can help you to visually map supply chains, assess threat impacts, stress-test supply chains and respond to threats.
SCAIR® is different from many competitors because it is more than a software solution. Our supply chain risk assessment software can help you to identify risks for both internal (owned sites) and external (suppliers and contract manufacturers) sites. We then provide an objective assessment process to help shape your business’ supply chain risk mitigation strategies.
In fact, SCAIR® software and consultancy is an opportunity to finally rethink your whole approach to managing supply chain risk and embrace a powerful new methodology. The outputs will become powerful cases for introducing budgets for risk-mitigating strategies and help you, finally, command the data you need to perform your role to the highest ability. You’ll:
- Make better decisions
- Protect profits
- Transform your strategies
- Develop a competitive edge
It also does something few if any competitor products can: SCAIR® provides a credible value at risk figure. This can become the centrepiece of your risk mitigation analysis and a compelling motivator for action.
SCAIR® is used in highly regulated industries such as life sciences and financial services by supply chain risk managers, management consultants, insurance managers, business continuity managers, insurers, and procurement managers.
To find out how our supply chain risk management software and consultancy can help you in managing risk, get in touch to find out more.
Call us: +44 (0)20 3005 4440
Email support@supplychain-risk.com
Head Office: 1 Bourne Court, Woodford Green, Essex, IG8 8HD
Cambridge Office: 3 Laundress Lane, Cambridge, CB2 1SD
