Going Abroad? Don’t Forget Supply Chain Safety Risks
By Kathleen Ellis | Industry Week
To manage the risks that come with expanded activity in overseas markets, manufacturers need to put a solid risk management program in place.
Overseas markets are attracting increased attention from U.S. manufacturers as they seek new opportunities. More than half of the 300 U.S. and Canadian senior-level executives who participated in the 2014 Chubb Multinational Risk Survey said they expect to increase their overseas activities this year. Some of the most common plans included increased overseas travel, new product introductions and expanded overseas headcount. Similarly, of the 61 U.S.-based industrial manufacturing executives who participated in the first-quarter PwC Manufacturing Barometer: Business Outlook, 18% said they expect to expand to new markets abroad over the next 12 months, up from 9% a year ago. Thirteen percent said they expect to open new facilities abroad, up from just 3% a year ago.
Businesses are seeking growth not only in developed countries where many already have existing operations, but in developing economies in Asia, Africa and Latin America. India, for instance, remains one of the top global destinations for foreign investment, according to EY’s Attractiveness Survey: India 2014. More than half of international business leaders surveyed said they plan to enter or expand their existing operations in India over the next year. Investors are also considering India both for its services and manufacturing supply chain.
As businesses pursue new opportunities in overseas markets, they also must be mindful of the risks. Nearly one-half of businesses experienced at least one overseas loss over the last three years, according to the Chubb Multinational Risk Survey.
To manage the risks that come with expanded activity in overseas markets, manufacturers need to understand the evolving issues and put a solid risk management program in place.
Expanded overseas activity can take many forms. For some businesses it may mean investment in new facilities or hiring more people. For others, it may mean increased travel and meeting with new partners.
Some of the top risks facing manufacturers and other U.S. multinationals include supply chain failure, data breaches and employee safety during business travel.
Supply chain failure was identified as the greatest threat to multinational overseas operations in the year ahead, according to Chubb’s survey. For manufacturers in particular, the supply chain is a lifeline.
Without a smooth-running supply chain, manufacturers may experience significant production delays, distribution derailment and damage to the brand. These setbacks could be enough to jeopardize the firm’s future.
The risk has grown in recent years because many supply chains today are complex and stretch from one end of the globe to the other. As supply chains grow longer and cross multiple regions and time zones, exposure to risk grows and the chance of supply chain failure grows too.
In 2011, for instance, supply chains were disrupted by two significant events: the floods in Thailand and the earthquake, tsunami and nuclear disaster in Japan. However, supply chain failures can be caused by events other than natural disasters. Political unrest, cyber-attacks and product quality failures also can lead to disruptions.
Data Breach Risk Spreading
As today’s news headlines demonstrate, the risk of a data breach is a growing and major concern for many businesses, including manufacturers.
Data breaches have been a serious problem for retailers, financial institutions and healthcare organizations because they store confidential consumer personal information, such as Social Security numbers, credit card information and other personal information on their computer systems.
While manufacturers typically do not store that type of consumer information, they may store sensitive information about business partners, and the disclosure of that information could lead to a third-party liability claim and possibly a lawsuit.
A data breach of a manufacturer’s system could also cause a business interruption such as the inability to manage inventory or distribution, or access customer databases. If a manufacturer’s system is hijacked by a hacker and held for ransom, using malware such as “CryptoLocker,” it could be days or even weeks to get back to business as usual.
Many businesses have made great strides in their efforts to secure their networks, but vulnerabilities persist. Over the last few years, for instance, some businesses have allowed their employees to use their own smartphones and other mobile devices for work, known as BYOD (bring your own device). Nearly three quarters of all businesses today allow at least some of their employees to use their own personal mobile devices for work, according Chubb’s survey.
Employees using their own devices may also be using their own apps—from email and contacts, to calendars and social media such as Facebook and Twitter. Keeping business information secure on employees’ personal devices has become a significant challenge for many businesses.
In an April 2013 Symantec survey, the majority of organizations surveyed reported at least one mobile security incident in the last 12 months. These included lost or stolen devices, spam, malware, phishing attacks and exposure of confidential information.
Organizations are responsible for helping keep employees safe while they travel abroad on business, but this can be a challenge when business travel includes emerging markets. Chubb’s survey found that 69% of companies have employees who travel outside of the United States and Canada on business.
Injuries and illness can happen anywhere. But employees are even more vulnerable when they are out of the country, away from home and safe, familiar environments. Employees may more easily forget about the rules of the road in a foreign country and be injured in an accident. They may be more susceptible to illness. They also may not know where to turn if they are sick and have a health emergency.
Travel to foreign countries also involves other safety risks. Political unrest in developing countries can force airports to shut down and make the roads and other forms of transportation unsafe. There may be few adequate medical facilities and they may be far from the employee’s location. And, in some countries, there is also an increased risk of kidnapping.
Businesses have a duty to reasonably care for their employees during the course of their business travel. Yet, many insurance policies purchased by U.S.-based organizations to insure employees from harm do not provide adequate coverage for employees outside of the U.S.
Manufacturers can take a number of steps to manage these risks and reduce the potential for a loss:
Supply Chain Failure
- Have a business continuity plan in place. Chubb’s survey found that only 56% of all businesses have a business continuity plan that addresses overseas risks. The plan should address more than just natural disasters. Consider all of the threats that could disrupt the supply chain, such as civil unrest or a work stoppage by employees.
- Test the business continuity plan on a regular basis. More than three quarters of businesses that have a continuity plan test it, but 40% test it only occasionally. Testing helps ensure that individuals noted in key plan positions are indeed still the individuals that would be called upon to execute the plan.
- Identify multiple suppliers, whenever possible, and work with suppliers from different regions to minimize the organization’s dependence on any one company or location. Managing oversight of suppliers in distant countries should be considered a critical part of the quality management process. Companies may also want to consider increasing inventory levels in case there is a disruption.
- All mobile devices—whether they are BYOD or company-owned—should employ built-in data encryption software. Employees should use a password and make it strong. According to SplashData, a password management application provider, “123456” ranked No. 1 on the list of worst Internet passwords in 2013. To improve security, use a combination of letters, numbers and other characters. In addition, if a device is lost or stolen, businesses should have the ability to wipe the contents of the device clean. All major smart phones have some kind of remote erase capability.
- Carefully review written contracts with vendors for indemnity clauses and data breach protocol. The contract should clearly state what the provider’s responsibilities are and how the situation will be remedied if data is compromised.
- Purchase software to help recognize threats. For instance, network intrusion software can help businesses identify unauthorized break-ins.
- Pay attention to FBI and FTC fraud alerts and consider engaging a third-party security provider to monitor traffic and address any red flags.
- Consider including cyber-insurance in your insurance portfolio to help defray the cost of data breaches or intrusions arising from mobile devices and a company’s internal network that are not otherwise insured.
- When developing a travel risk management program, look to similar businesses, evaluate what their standard of care is and develop your corporate strategy to suit your own company’s size and amount of business travel.
- Provide a broad business travel insurance program, including insurance for business travel accidents, foreign voluntary workers compensation and kidnap and ransom. These policies are designed to work together to provide well-rounded protection for business travelers.
- Include a global emergency assistance provider in the program to help injured or ill business travelers locate the right medical providers or even be repatriated if necessary.
In addition to these steps, manufacturers also should consider a global controlled master insurance program to protect against losses. A global controlled master program provides businesses with policies required by local markets along with a broad U.S. master insurance policy, which provides protection across operations and addresses potential gaps in insurance protection, such as differences in conditions and differences in limits.
To build an effective global controlled master program, work with a multinational insurance company that can offer worldwide loss control and claims services as well as an integrated network of owned offices and relationships with affiliate insurers and correspondent brokers around the world.
Plan to Prevent
U.S. manufacturers are planning to increase overseas activities, expanding into new markets and investing in new facilities. Manufacturers, however, need to be aware of the potential for supply chain failure, data breach incidents and the importance of keeping employees safe while traveling abroad.
By taking appropriate measures to manage these risks, manufacturers can reduce the risk of losses while pursuing new opportunities for growth.