[00:00:00] Speaker A: Hi everyone. The Business Ethics Leadership alliance has questions and we have answers. I'm your host, Bill Coffin. Welcome to our special episode, the Best of Bella Asks.
A big part of the ethicast is our Bella Asks segment in which Erica Salmon Byrne, chair of the Business Ethics Leadership alliance, answers questions about ethics and compliance posed by the Bella community. Over the course of the year, Erika and I recorded nearly 50 such episodes covering a wide range of topics. We want to thank everyone who submitted a question to the Bella Concierge Service and we look forward to answering more of your questions in 2025. But for now, we'd like to close out 2024 with a recap of some of our favorite discussions of the year. In this episode, we present a series we did on third parties, which in our age of increasing supply chain risk is as pertinent as ever. Enjoy.
[00:01:01] Speaker B: As long term members of the Business Ethics Leadership alliance know, we've been collecting data on third party diligence practices for many years now. But this year in our ethics quotient, which is of course the survey that we use to underpin all of our benchmarking and to do the world's most ethical companies process, we actually built on the third party section of the questions to really dive more into this growing risk area, both from a company perspective. Right. So you know, obviously third parties present companies with a lot of risk, but there's also been a lot of regulatory focus in this area. You know, things, think of things like the German supply chain, you know, modern slavery regulations. Think about some of the things we're seeing come out of some other regulatory regimes both in Europe and then here in North America. There's, there's a growing understanding of the interconnectedness of the supply chain and the ways in which good companies can lift up the practices of those that they partner with. So that's part of the reason why I really wanted to do this one as a three parter, because otherwise we would have been doing an hour and a half long at the cast.
[00:02:05] Speaker A: Not the worst thing in the world though. Not the worst.
[00:02:06] Speaker B: Not the worst thing in the world, but we might have lost our audience along the way. So to your question, which is sort of that first stage, what I would call the pre contract early identification stage of a supply chain relationship. And to be clear, when I say supply chain relationship, I mean any part of the supply chain, and particularly for a lot of the organizations out there listening to this, you may very well be on both ends of this process. You may be a supplier to somebody who is asking you these questions. And then you may also have suppliers of whom you are asking these questions. So really thinking through what are the indications that a particular supplier is presenting me with risk and what are the questions that I can get my arms around to make sure that I understand what that risk profile looks like? So we just recently launched our World's Most Ethical Companies Honoree group for 2024. So I'm going to give a sneak peek into some data in today's ethicast on what we're seeing WME honorees do as it pertains to due diligence. So not surprisingly, they all do it and they look at a variety of things, right? So the average honoree is looking at between five and seven different characteristics to decide how risky a third party is. So they might be, for example, looking at, and I apologize, I'm going to look over on my screen here because I'm actually reading live data. They might be looking at things like financial stability, right? How financially stable is this particular supplier? Is this somebody that I can work with for a long time time? They might be looking at, who did I learn about this supplier from, right? Is this somebody who's being referred to me by a trusted partner of mine already, or is this somebody that a government official, for example, is suggesting that I might want to work with? That's going to give me a different sense of how risky this particular third party might be and accordingly, what level of due diligence I might want to potentially do on this third party. 98% of honorees are looking at geography. Where is this third party located? Where might I be working with them? 90% of them are looking at the industry the third party is in. So some industries are going to be riskier than others. 88% of them are going to be looking at the value of the contract involved. So they'll have dollar thresholds, right? And then 87% of them ask questions of their internal business partners around the criticality of this particular supplier to a project, right? Is this a irreplaceable supplier, in which case you're going to do more diligence than you might otherwise do because you really want to make sure you're selecting the right partner. So those are just a couple of things to think about it all. You know, Bill, you and I talk about risk on almost all. Every one of these at the gas, right, goes back to risk. How risky is this third party? What questions can I ask my people about them to get a sense of that risk? And then that's going to tell me how much deeper I need to dive to make sure I'm really comfortable using this particular supplier.
So the most important question to ask is, first off, where do I fit in the process? Right, because you may be just one department at your company that is thinking about supplier due diligence. You may be, you know, one of 12, you might be one of 15, depends on how big your, your organization is and what this particular supplier might be doing. So think of where you fit in the process and then think of how you can make it as streamlined as possible to make sure you're getting the information you need. So before you set pen to paper on a questionnaire, the first thing you need to think through is, okay, who's in charge of hiring this supplier? What do I know about that particular part of my business? How much faith can I have in the answers that my internal business partners are giving me compared to what I'm going to get from this particular supplier? Do I have a process to get information from my internal business partners? Right. The, the best processes we see, and this is something that we see a lot of companies doing, is it's a bifurcated process. There's information you're going to get from your internal business partner. Why do you want to use this third party? What are they going to do for you? Where are they going to do it, how did you find them?
Those kinds of things. And then you'll obviously ask questions about your supply chain partner or from your, of your supply chain partner as well, rather. So understanding where you fit in the process is the first piece, making sure that you are setting in place a process that both your internal business partner and the supplier can follow. One of the things that we always look at when we're thinking about that like, ease of following it piece is we look at the way in which a company engages with their third parties. So one of the things, for example, that we saw in this year's World's Most Ethical Companies honoree class that I wanted to share with the group here is thinking about supplier diversity and using as a proxy rather for supplier diversity, the extent to which a company has translated their supplier code of conduct. Right. So first, do you have one? And secondly, have you made it easy for your suppliers around the world to read it? So I'm going to look over my screen here again because I'm giving live data here, Bill. But, you know, 35% of this year's World's Most Ethical Companies honorees translate their code of conduct, their third party code for all third parties, right? All the languages their third parties might speak. 35% of them translate it into at least some of the languages that their third parties might speak. So that 70% of the honorary class do some level of translating. That's a proxy indicator of how seriously they take their responsibility to communicate effectively with their third parties around the globe. And it is a piece of the puzzle to think about of what goes into that third party process, that diligence process. Right. What kinds of questions do I want to be asking? Well, one of the first ones is what do you need to know to be able to do business by the my rules?
How capable are you of doing business by my rules? Do you have the processes in place that your people can even understand what it is that I need you to do and how it is that I need you to do it? Do you have training? Right. Do you have your own policies?
What subcontractors might you use on this product or project? Rather, is anything going downstream from the relationship I have with you to somebody else that could potentially get me in trouble. So really understanding the capability of the supplier to do business the way that you need them to do business, when, when they are acting on your behalf, understanding that capability and then, you know, look, if that capability is not where you want, it doesn't mean you can't enter into the relationship. It just means you have to mitigate. Right? You have to make your own tools and resources available to that particular third party to make sure that they're able to really do business the way that you need them to do business.
[00:08:39] Speaker A: Do you mind if I ask you a follow up question?
[00:08:41] Speaker B: Never.
[00:08:43] Speaker A: So this is more of a qualitative question really. It's not really something I think would be borne out by worlds of ethical companies data. But given your extensive experience and the breadth of your travels, I'm kind of curious to know.
We talk about what are important questions to include in a third party due diligence questionnaire. Have you ever come across questions that maybe companies are including in these questionnaires as more of a matter of long standing orthodoxy that, you know, this is a question we've always asked and over time the value of that question is perhaps diminished and there might be better ways to get at that question or maybe that question just is due to be retired?
[00:09:19] Speaker B: Yeah, yeah. It's a really good, it's a really good question, Bill. And it goes back a little bit to this idea of figuring out where you fit in your, in the process.
Generally speaking, what I am seeing is I see questionnaires that in and of themselves, within the four corners of that particular questionnaire. The questions are good, right? The questions are solid.
So I'm not necessarily seeing questions that on their own basis need to be retired. What I am seeing is different departments in the business getting the same piece of information in slightly different ways in a very repetitive fashion that puts an enormous burden on your supplier. Right. So I very strongly encourage anybody who's listening to this to think through what they are asking of their partners. And if you really think of them as partners, how can you make it as easy as possible for them to give you the information you need in an, in a fast fashion, in an efficient fashion, in a way that advances the relationship as a partnership as opposed to, okay, here comes another questionnaire. Let me jump through this hoop. Oh, look, here's another one. I'm going to jump through this hoop. Oh, wow. Here's a fifth and an eighth and a twelfth. And didn't I answer that question already? And what do you mean I need another form? Right. Those are the companies that get that, that, that really poison the beginning of the relationship by forcing their suppliers to go through that or an ongoing relationship. Because good due diligence should be something that you're refreshing, right? So if you've got a relationship, you know, with a company that's 10, 12, 15 years old, and you're just continuously making them jump through these hoops, fill out the same forms, you know, in the same way, there's no opportunity to be like, wait a second, this doesn't apply to us. The more rigid you make your process, the more challenging you make it for people to do business with you.
So the first thing you want to ask yourself about, about your onboarding process is going to be, you know, how have I risk ranked my suppliers in the first place? And you and I spent a lot of time talking about risk ranking in the first episode of this particular series. So really thinking through the risk ranking piece, because the risk ranking piece is then going to inform how you think about your onboarding program for your third parties. So higher risk third parties doing certain kinds of work, you're going to spend a lot more time with them than you're going to spend with lower risk third parties whose, you know, answers to your questionnaire might indicate that they have a very robust compliance program already and they don't really need your help. Right? So that's, you know, that's, that's part of why you kind of want to go back to that risk ranking piece.
The Purpose of a good onboarding program is to do a couple of things, kind of much like the purpose of onboarding a new employee at your company. You can think of it very similarly. The I want to set expectations with this particular third party of how we do business here. I want them to understand where they can go to get answers and if they have questions and sort of open those channels and I want to do, I want to give them the information that they need to be able to set up for, be set up for success.
So if you think about it from that perspective, right, how do I make sure I set expectations, how do I open a door to a conversation and how do I set people up for success? That is the way to think about structuring a good onboarding program for a third party. One caveat on the onboarding program, don't have it. Just be for new suppliers. You can onboard a third party at any point in your third party journey, right. Maybe you send people through when your primary contact changes at the, the company you're working with. If it's a high risk, high priority third party, maybe you send people through at contract renewal, right? You've, you know, your contract's expired, you've got a new contract, you updated your due diligence at contract renewal. You can update your onboarding at contract renewal. Maybe you've rolled out a new third party code of conduct. Great opportunity to go back to all of your key third parties, make sure that they have seen it, they understand it, they have an opportunity to ask questions about it. So those are just a couple of ideas of how to think about your onboarding. The other thing I would encourage people to think about is what does ongoing communication look like? And so we particularly love seeing when companies are focused on raising the practices of their third parties, right? Sharing their own material with their third parties. For example, thinking through an opportunity. You know, if you are going to Brazil and you're going to be doing a training for your own people, inviting a few of your key business partners to attend that training, right? It's an opportunity to build a relationship and it's also an opportunity to disseminate information. So there's lots of ways to think about that idea of bringing along your key third parties, your higher risk third parties as they work through the journey.
[00:14:05] Speaker A: Well, Erica, really appreciate the level of expertise and interest you bring to these matters. It's so informative to everybody, but especially to members of the Bella community. So thank you again for coming to the show and for sharing your insights.
[00:14:16] Speaker B: Absolutely. Bill, My pleasure. And to all those Bella members out there, two things. First off, keep those questions coming. Second, I hope I see you at Bella Day at the Global Ethics Summit because I'm going to do a long form version of Bella Asks with a really lovely look back on the last year of questions that we've gotten from the Bella community and some of the insights. So if you've been enjoying this series and you're a member of our Bella community, don't miss Bella Day at the Global Ethics Summit this year.
[00:14:42] Speaker A: To learn more about Bella, please visit ethisphere.combella to request guest access to the Member Resource Hub and to speak with the Bela Engagement Director. And if you have a question that you would like answered on Bella Asks, be sure to use the Bella Concierge Service and we'll get to your question just as soon as we can. Bill I'm Bill Coffin and this has been a special Bella Asks episode of the Ethocast. For more episodes, please visit the Ethisphere YouTube
[email protected] ethisphere if this is your first time enjoying the show, please make sure to like and subscribe on YouTube, Apple Podcasts or Spotify. Thanks so much for joining us. And until next time, remember, strong ethics is good business.
[00:15:27] Speaker B: It.
