Supplier risk management is often a resource-intensive practice and rarely a target of technological investments. As a result, corporates will often let their vendor relationship management processes fall by the wayside.
For many, that means risk assessments conducted only once a year, a single executive in charge of managing thousands of vendor relationships, and companies that lack visibility into how many suppliers they have.
Organizations had followed along this path for decades, and then the coronavirus pandemic came to flip this legacy strategy on its head.
"We're coming off an almost continuous economic expansion where the thought of worrying about your key suppliers was almost unheard of," Frank recently told PYMNTS. "That has changed now into a time where we're going into one of the scariest and most volatile markets for supplier and third-party risk that has ever existed in our lifetimes."
A Dramatic Shift
The idea of robust supplier and third-party risk management was rarely the topic of conversation for the C-suite. According to Frank, the status quo has been an "internal culture" of once-a-year reviews of organizations' top vendors.
This lack of attention given to supplier risk meant wasted spend and fraud. Not only do many organizations lack visibility into exactly how many vendors they have, but Frank said that when assessing organizations' supply chains, often there will be up to one-quarter of vendors that aren't who companies thought they were doing business with.
As a result, firms will receive invoices from vendors on their supplier list, pay them, and rarely give those payments a second thought.
In a matter of weeks, this has changed. Businesses are not only assessing their vendor relationships more frequently, but they're using new metrics to assess those partners, and wielding that assessment to re-negotiate contracts based on shifting payment terms, interest rates, demand forecasts and more.
"Before, companies would think they needed to assess risk once a year,” Frank said. “Now it's, 'I need to know week-to-week what's happening with my trading partners.’”
As organizations quickly adjust to the new reality of supplier risk management, they're also finding that traditional risk assessment practices aren't always adequate in today's market.
For instance, understanding whether a vendor is paying its own bills is an important piece of the risk analysis puzzle because if the supplier is late on its own payments, it's unlikely to obtain the supplies to produce the goods and services for its own customers. Thanks to the global pandemic, lengthening payment terms and delayed B2B payments are growing increasingly common, and Frank said this has elevated risk in ways never seen before.
"Our clients are primarily FinTech companies and financial institutions across the U.S., and that's a market I've been in for the last 30 years," said Frank. "I have never known in the history of the various companies we work with to have a collections challenge. Today, we're even seeing financial institutions are delaying payment, which is unheard of."
While B2B payment bottlenecks disrupt cash flows through supply chains, financial metrics aren't the only important pieces of information when assessing third-party risk.
Another unprecedented shift that the market is seeing today is the sudden overhaul of business models. Frank offered the example of one woodworking business that has suddenly shifted into a face shield manufacturer. While the company has never been more financially stable, this dramatic pivot exposed its previous corporate customers to significant disruption.
"We're seeing a lot of suppliers who have had to switch priorities," Frank explained. "Your supplier, who you thought their mainstay revenue was based on a product or service you're purchasing from them, may no longer have that same priority."
As a result, vendor risk management must include an assessment of vendor priorities and how a company's own business model fits with those priorities as a customer of that supplier.
The New Normal
Organizations' third-party risk management strategies are changing just as quickly and dramatically as the global economy itself. No longer can businesses afford to only assess their top 10 percent of suppliers or rely solely on financial metrics to understand risk exposures of their partners.
Many of the changes organizations experience today will last well beyond the pandemic, too.
"People have to figure out what their new normal is," said Frank. "The puzzle has been shifted. The pieces have been thrown up in the air. We all had our pieces in play — we knew how we all fit together. That's not the case anymore."
Those puzzle pieces are largely still in the air, but as they begin to fall, and as corporates begin to assess where they land, Frank said businesses will begin to implement long-term changes to their risk management strategies.
Rather than having a single professional in charge of assessing thousands of suppliers on a yearly basis, Frank predicted that many firms will invest in forging entire departments dedicated to supplier relationships. At the broader level, organizations will experience an attitude and culture shift in the way they prioritize supply chain risk analysis — now largely viewed as an imperative, strategic function.
"It was considered a compliance headache; it's not something a lot of people like," she said. "Now, it's key to their operational and strategic future."