It is no longer enough to just do a good job or make a good product. How you do this is just as important to consumers, customers and regulators. Supply chain integrity has become a key aspect of doing business, especially where one or both parties are regulated or listed entities.
Provisions in agreements in mandatory policies such as anti-bribery, data protection, modern slavery and the like are often viewed as standard or ignored completely. As an SME concluding a supply agreement with a large company, the temptation is there to just sign an agreement to get the deal over the line but if you can’t meet the requirements of a supply chain audit, the risks could be dire.
Understanding supply chain integrity
Supply chain integrity refers to establishing a supply chain that is legally compliant. This means that businesses want to be sure that, in order to comply with their legal obligations, their suppliers in turn comply with their own obligations. This is not only a requirement for doing business with UK companies. If a UK business is offering goods and services to certain countries in Europe, the foreign equivalent of these laws will need to be complied with.
International legislation examples
An example of such legislation is the far-reaching German Act on Corporate Due Diligence Obligations in Supply Chains which imposes due diligence obligations on large German companies to make sure that environmental and human rights standards are met throughout their supply chains.
The risks of failing to meet supply chain obligations
Most supply agreements whether for goods or services contain a provision stating that the service provider warrants that it will comply with laws and regulations applicable to the provision of these goods or services. Attached to this is often an undertaking to identify the customer against any liability it may incur because of the service provider breaching these applicable laws. These indemnities may be uncapped meaning that the financial consequences of this obligation could be open-ended.
How to ensure compliance in your supply chain
The first step to consider is what you are warranting that you comply with.
Common legislation and compliance areas
The key warranties requested is usually compliance with the:
- Bribery Act 2010
- Modern Slavery Act 2015
- Data Protection Act 2018, UK GDPR and, where applicable, EU GDPR
Other warranties may include compliance with other policies such as environment policies, procurement policies, corporate and social responsibility policies, cyber security policies and business continuity and disaster recovery policies.
Why “signing and sorting later” is risky
We frequently see service providers will sign the agreements with the mindset of “I’ll pull something together once this agreement has been signed.” Sometimes the agreement is signed without the service provider even requesting copies of the policies it is warranting to adhere to.
Even when those policies are provided, the attitude of the service provider is often that there is no way that anyone in the company will commit an act of bribery, be involved in modern slavery or use personal data in a way that breaches legislation.
This is simply not sufficient. If your employees, independent contractors or service providers don’t know what would fall outside the lines of acceptable conduct, how can they be expected to act in a way that doesn’t put the company at risk?
Building a culture of compliance – the role of training and internal policies
Training and internal policies are the cornerstone of ensuring compliance with supply chain legislation and warranties in agreements. In order to minimise risk to the business, steps must be put in place to show that every effort has been made to comply with your duties. This means operational policies that make a difference to the way you do business. In other words, the policies need to be tailored to your business and give voice to how you operate within your industry.
Need help with supply chain compliance?
If you find yourself in the midst of negotiations which require the kind of warranties set out in this article or you have already agreed to them, we are able to guide you through the process of making sure you are able to meet your contractual obligations. Even if you are not in this position, setting up statements and policies will ensure that you are fully compliant with wide-reaching legislative requirement and help you apply your mind to any weaknesses in your business processes – especially when it comes to cybersecurity, AI, and disaster recovery. Our Commercial team is always available to help your business grow and compliance is a part of this.
The information provided in this article is provided for general information purposes only, and does not provide definitive advice. It does not amount to legal or other professional advice and so you should not rely on any information contained here as if it were such advice.
Wright Hassall does not accept any responsibility for any loss which may arise from reliance on any information published here. Definitive advice can only be given with full knowledge of all relevant facts. If you need such advice please contact a member of our professional staff.
The information published across our Knowledge Base is correct at the time of going to press.
