3 Tips for Supply Chain Risk Management Using OSINT
By Rebecca Lindley
Get the latest news and insights sent straight to your inbox
The world relies on global supply chains, but managing increasingly disparate supply chain infrastructure has become complex — and by extension, risky. Conducting business over multiple third-party touchpoints increases risk exposure, and organisations are under pressure to mitigate risk across the supply chain.
Managing supply chain risk increases business continuity and uptime while avoiding costly reputational and environmental, social and governance (ESG) damage. Some 88% of executives prioritise risk management to prevent loss of revenue, loss of brand value and regulatory investigations — and the costs of failing to manage supply chain risk are potentially catastrophic.1
As a result, businesses need to develop innovative and effective techniques to manage supply chain risk. In recent times, open source intelligence (OSINT) has emerged as a potential solution.
That’s why, in this blog, we’re going to examine the impact that applying OSINT can have on supply chain risk management.
Suggested reading: Learn more about how OSINT is being utilised in the fight against financial crime in our latest eBook — How Leading FIs Are Using OSINT
What is supply chain risk management?
Supply chain risk management is the process of identifying, assessing and analysing risks in the supply chain, from raw materials and manufacturing to logistics, distribution and many other business functions.
There are numerous supply chain risks that organisations need to understand and manage if they are to successfully reduce vulnerabilities and ensure long-term business continuity. These risks span a number of categories, including:
- Environmental: Natural disasters like flooding, wind, earthquakes and drought.
- Geopolitical: War, civil unrest, terrorism, illicit trade and human rights abuses.
- Operational: Third-party business failure, bankruptcy, non-payment, etc.
- Economic: Demand shocks, energy and material shortages, volatility, etc.
- Security: Data leaks and cybersecurity breaches via third-party systems.
Why is supply chain risk management important?
Supply chain management addresses legal, ethical and regulatory concerns while ensuring operational efficiency. By managing the supply chain effectively, businesses can cut costs, address inefficiencies, and mitigate potential vulnerabilities.
The risks that can be found within supply chains are well-documented, and there is perhaps no more prolific example than when Apple, Google, Dell, Microsoft, and Tesla were linked to illegal child labour and mining deaths in 2018.2 The companies were named in a lawsuit filed by human rights advocates, resulting in intensive supply chain remodelling and costly PR to re-establish ESG-related credibility.
As such, when it comes to supply chain risk management, it is vital that businesses are enabled to assess:
- Regulatory pressures: The European Commission’s proposal to increase corporate sustainability extends compulsory risk management across supply chains, covering at least 12,800 companies. This is accompanied by domestic laws, such as Germany’s Act on Corporate Due Diligence in Supply Chains. These initiatives are forcing companies to develop a more detailed understanding of their supply chains, and the associated risks, by mandating more thorough risk assessments and due diligence. If done correctly, the benefit to businesses will not only be enhanced regulatory compliance, but the minimisation of damaging reputational and ESG-related risks.3
- Each stage of their supply chain: Gaining an understanding of every step within a supply chain is also key to helping businesses begin their risk analysis both faster and at a greater level of detail. Investigators and analysts can spend less time researching, and more time analysing.
Open source intelligence and supply chain risk management
Available from a range of sources, open source data (OSD) provides organisations with a rich source of information on clients, customers and vendors across the supply chain. OSINT is the targeted collection and analysis of this publicly available data to gain insights, drive decision-making and mitigate risks — transforming raw open data into specific insights to overcome the challenges associated with the scale of public data.
The application of OSINT can significantly and positively impact supply chain risk management best practices, making it easier for investigators to:
- Discover public company data, accounts and filings, ultimate beneficial owners (UBOs) and other key stakeholders.
- Investigate links between different companies across geographies and jurisdictions to create a map of the supply chain’s business associations.
- Screen adverse media and ESG publications, including investigations carried out by governments, private sector organisations and public sector groups, e.g. advocacy groups.
- Highlight new opportunities and foster a culture of positive cross-collaboration across the supply chain to meet and exceed ESG commitments and build good governance.
Fundamentally, OSINT is a means of deriving intelligence from publicly available data — but this isn’t limited to risk management.
For example, businesses that understand their supply chains can work collaboratively with partners to improve their operational models while enhancing ESG credibility; which in turn can lead to stronger investment credentials and competitive value.
There are numerous ways that investigators can utilise OSINT to enhance supply chain risk management best practices. Let’s take a look at some of the most significant.
#1 Improve supply chain visibility
Failing to understand suppliers and their operations can prove to be a critical error.
When businesses don’t understand their supply chains, they leave themselves vulnerable to serious risks, with potentially serious consequences. What are the risks of running operations from locations that are exposed to destructive natural disasters, or where civil unrest and political turmoil may cause disruption to operations?
To mitigate such risks, businesses must gain complete visibility across the entire supply chain. That means improving their understanding of a wide variety of internal and external risks, including:
- Financial: Business leaders frequently highlight the financial risks of poor supply chain management. It’s necessary to understand how reliable the third party is — do they have a history of bankruptcy, for example? Financial risks are also presented by doing business in unstable areas, such as jurisdictions vulnerable to political instability or social insurrection. OSINT equips businesses with a means to explore business history to establish a third party’s credibility.
- Reputational: Reputational damage has long-lasting impacts that can wipe billions from company value while permanently damaging its public status. As such, managing reputational risk is one of the most pressing benefits of robust supply chain management. Using OSINT enables businesses to understand potential reputational risks surrounding their supply chain touchpoints: for example, discussions on blogs or in local news may raise suspicions that a third party has been involved in modern slavery.
- Legal: Both domestic and international laws are beginning to obligate businesses to extend risk management into every supply chain touchpoint. Failure to comply will likely incur large fines. A tool that helps investigators to utilise OSINT effectively can provide an auditable record of processes for usage in transparency statements and other legal and regulatory communications.
#2 Proactively identify known risks
In 2020, almost all supply-chain leaders surveyed expressed plans to make their supply chains more “flexible, agile, and resilient.” While a repeat of the same survey a year later revealed that the majority of them had carried out these plans, critical gaps were found in how effective they were when it came to proactive monitoring of supplier risks.4
As many businesses rely heavily on supply chain uptime, proactive or real-time risk management of supply chain issues has become essential. Even if these risks are not a reason to remove the touchpoint from a supply chain, a comprehensive understanding of them can allow for effective contingency planning. The cost of downtime has also skyrocketed in recent years, with some suggesting 1-hour of downtime costs Fortune 1000-level companies some $1 million.5
Protecting the supply chain from financial, reputational and legal risks requires a complete understanding of every touchpoint. Fortunately, with OSINT, this can become a reality for investigators, as they can utilise publicly available data to enhance their understanding of supplier risks proactively and put contingency plans in place.
#3 Deploy cutting-edge tools
Risk management has become a more diverse practice supported by technologies such as governance, risk and compliance (GRC) software. There is now a need to build upon these foundations by adding new, innovative tools to the risk management process.
OSINT is a methodology that can be adapted to existing risk management practices, offering a unique opportunity for analysing third parties. OSINT solutions are already being deployed in AFC and AML investigations, enhanced due diligence (EDD) and other risk management functions.
Moreover, new regulations require businesses to create an auditable map of supply chain processes to track interactions and provide evidence on what processes were carried out and show why decisions were made.
This is where the application of OSINT proves beneficial. The best OSINT tools enable investigators to record data in a secure, auditable ecosystem with visual maps, charts and graphs.
Manage supply chain risk with Videris
With OSINT, businesses can utilise publicly available data to create the robust supply chain and vendor risk assessment strategies required for growth in an uncertain world. At Blackdot, we developed Videris to help businesses use OSINT to resolve these pressing issues.
Our platform supports investigations aimed at improving supply chain visibility, proactive risk identification and risk mitigation, streamlining processes with a powerful array of features:
- Videris Search brings together publicly available data from all three layers of the internet — the surface web, deep web, and dark web.
- Videris Charts, Social Network (Powered by ShadowDragon) and Corporate Network mapping are ideal for creating a detailed understanding of third parties and their associates.
- Cross-matching and named entity extraction facilitate faster analysis without replacing human decision-making.
- Videris is a single, secure ecosystem with flexible deployment in the cloud or on corporate standalone networks.
Supply chain risk management is a complex practice that requires cutting-edge tools to ensure success. Book a demo today to discover how Videris can enhance your risk management strategies.
1 Deloitte Global Survey on Reputation Risk
2 Apple and Google named in US lawsuit over Congolese child cobalt mining deaths
3 What is the German Supply Chain Due Diligence Act?
4 McKinsey – How COVID-19 is reshaping supply chains