In all industries, the last decade has shown several cases of supply chain incidents leading to catastrophic results for the organizations implied. From food, consumer goods to automotive or procurement, unforeseen obstacles and vulnerability in their supply chain have cost millions and damaged not only the brand and organization but humans and the workforce as well. With globalization, global supply chains are not going away anytime soon, nor are the supply chain risks that come with it. 

An increasing number of laws are being put into place in order to address these risks and anticipate issues during the whole lifecycle of the creation of goods and products. 

This means that organizations will need to take into account these new specific local requirements when thinking of their supply chain management when oftentimes suppliers are located in various places and cross several borders before a product reaches its final customer. When it comes to gathering information and solving internal issues, the best source an organization can have will always be its people, who are on the field every day and confronted with the threats and obstacles that can compromise the safety and efficiency of your supply chain. In order to leverage their voices and benefit from the data that can be extracted from incident reports, implementing a good whistleblowing management system and encouraging a Speak-Up culture is key. Equipped with the right tools, your Whistleblowing platform can become your best asset to address supply chain risks in your organization.

Identify the types of supply chain risks


External risks

Some of the risks that you can encounter in your supply chain are out of your control and driven by factors and elements that are external to your organization.

External supply chain risks can be categorized into 5 groups:

  • Environmental risks: this can include economic and social factors, governmental or legal risks related to specific requirements or threats in the countries where your stakeholders are implemented. It can also be related to climate factors such as dangerous weather causing delay in shipping.

  • Business risks: related to your suppliers or external business partners, they can include the financial stability of your suppliers, a change in management or their purchase by another company.

  • Demand risks: the actual demand and final customer intentions can be misinterpreted or unpredictable.

  • Supply risks: when part of your production is stopped or delayed within your supply chain due to a lack of raw material or parts, causing an interruption of your production and supply chain flow.

  • Physical plant risks: related to any physical and compliance factors of your suppliers’ facilities. Whether it be an old building or other physical conditions, causing security and efficiency issues.

While these risks are out of your direct control, it is important to assess and document them in order to be able to minimize and mitigate them as much as possible.


Internal risks

Contrary to external risks, internal risks take place within your organization and supply chain and can be under your control. They give you a better opportunity to mitigate and eliminate them if you’re able to identify them correctly. There are 6 main internal risks you can look for in your organization:

  • Business management risks: essentially related to a change in management or key roles, overall processes, communication, and reporting structures and channels.

  • Control and planning risks: these are caused by a lack of anticipation and planning. An inability to assess correctly and plan accordingly results in ineffective management of your overall supply chain.

  • Manufacturing risks: related to disruptions of the production process or internal operations.

  • Mitigation risks: when there are no alternative solutions implemented in case something goes wrong along the way.

  • Cultural risks: directly related to the culture of your organization, a culture where negative information is usually not reported or hidden will cause a slower reaction to unexpected events and external risks. Promoting a Speak Up culture and establishing clear communication channels throughout the organization and supply chain stakeholders will make your risk management easier and more effective.

  • Modern Slavery: when people are exploited and not allowed to refuse or leave work due to abuse of power, threats, violence, deception, or coercion. Examples of modern slavery include child labour, human trafficking, forced labour, deceptive recruiting, debt servitude, and of course, slavery. With most supply chain suppliers being based in countries in the developing world, modern slavery issues at the manufacturing stages can arise. Taking steps to address and stamp out such practices will not only shine a brighter light on the organization’s reputation and the values it carries but also benefit the whole supply chain process.

Once assessed effectively, it’s easier to identify the aspects you can improve or processes you can implement to mitigate and avoid them in your organization.

supply chain risks WB banner


Do you need to comply with Supply Chain legislation in your country?

There is currently no global mandatory standard for supply chain due diligence, but organizations need to be prepared to comply with new regulations in this area as governments around the world are increasingly focused on this issue. As of now, some countries are relying on existing labor laws, while others such as Germany have a dedicated Supply Chain Act.

Some of these laws include an obligation to set up reporting channels through the supply chain in order to be able to assess and control internal risks. Through a whistleblowing system, supported by other whistleblowers legislation locally, organizations have a better chance to assess and mitigate internal risks related to culture, manufacture, or any breach of internal policies.

In countries where a reporting system is not mandatory, regular controls and audits are often required. Having tools to help you run these audits and build risk maps can make your supply chain compliance processes more efficient.


Implemented Supply Chain laws

  • USA-Mexico-Canada

The United States-Mexico-Canada Agreement (USMACA) gives a fully enforceable framework for labor standards. This includes anti-trafficking safeguards and a list of products produced by forced or indentured child labour that cannot be imported into the US territory. In addition, a specific Act has been enforced regarding goods from the Xinjiang Uyghur Autonomous Region of the People’s Republic of China, prohibiting their importation.

Since 2020 in Canada, the Supreme Court of Canada stated that private businesses in Canada can be held liable for violations of customary international law committed by their subsidiaries outside of Canada.


  • Australia

Australia implemented a Modern Slavery Act in 2018, targetting industries with specific risks including those that source a majority of their products from the developing world, especially in the Asia Pacific region, in an effort to stamp out modern slavery in Australian organizations’ supply chains.

Copy of Higher educaztion speak up line banner (1)

  • Europe

The European Commission issued a proposal for a directive on Corporate Sustainability Due Diligence (CSDD directive) in February 2022.

In addition, some countries such as France or Germany are already adopting their own Supply Chain laws, that are going beyond the EU directive recommendations.

The French law, called Devoir de Vigilance, applies to organizations employing more than 5000 employees in France or more than 10000 in France and abroad for two consecutive years or more. Concerned organizations must establish, publish, comply with and evaluate risks within a Compliance Plan. A reporting channel must also be implemented in order to receive and monitor reports from employees.

In Germany, the new Supply Chain Act will be coming into force on January 1st, 2023. It will apply to organizations with 3000 employees or more in Germany and will concern organizations with 1000 employees or more by 2024. Setting up reporting channels will be mandatory for concerned organizations, in order to be able to identify legal and economic risks at an early stage, react quickly and, if necessary, avoid far-reaching damage.

Other countries such as Italy or Luxembourg don’t have due diligence laws but organizations are made liable to the supplier towards the supplier's employees.

With the introduction of the EU whistleblowing Directive and its transposition in member states, having whistleblowing channels in place within your Europe-based suppliers is mandatory in the majority of cases, regardless of the supply chain laws in place.


  • Brazil

Supply chain due diligence obligations are imposed in Brazil through the ILO Conventions 29 and 105. A permanent list of suppliers that are prohibited is also established.


Supply chain laws pending implementation

  • Finland and Romania

A new law transposing the EU directive on Due Diligence (CSDD) into national law is in the process both in Finland and Romania. The Finnish law is aimed to be implemented in 2023 or 2024.


  • The Netherlands

The Netherlands was one of the countries leading in Europe with the implementation of a Child Labor Due Diligence law, which took effect on January 1st, 2020.
A mandatory international corporate social responsibility policy (ICSR) is to be implemented and will cover supply chain due diligence. No date of implementation has been communicated yet, but the Dutch Government wants 90% of its large organizations to explicitly endorse the OECD guidelines by 2023.


  • Belgium

A law proposal has been introduced in April 2021, in order to establish a duty of care and accountability for companies, along their entire value chain. The law would include the respect of human rights, labour rights, and environmental requirements within the framework of the organization’s activity, its subsidiaries, or any actor in the supply chain’s activity.


  • Hong Kong

An anti-slavery bill has been proposed. Unfortunately, it seems unlikely to be moving forward.


How Whistleblowing can help address and manage internal risks


Identify and assess early

When it comes to what is going on within your organization at all steps of your supply chain, your best source of information will be your people.

By providing appropriate access to communication channels and building a strong speak-up culture, employees will be empowered to report potential risks at an early stage.

In order to make your Whistleblowing system effective for risk identification, it’s important to consider what are the best tools you can use to make reporting simple and practical to your employees. For example, if you have a lot of people working in the field such as construction sites, for example, you will need to think of mobile solutions for your reporting channels.

You also need to take into account the variety of people implied and their level of expertise with technology. Having a user-friendly platform will help alleviate barriers to speaking up, making this already difficult exercise more accessible.

In addition, the multilingual aspect of your reporting system needs to be taken into account when building your whistleblowing platform. Giving the possibility to make reports in your employees’ language and have back and forth exchanges with them through an automatic translation feature will increase the chances of receiving reports and addressing risks before they escalate.


Uncover hidden risks

Setting up the appropriate tools to reach your employees and making the reporting process as intuitive and efficient as possible will be useless if no one is aware of them. In order to uncover hidden risks within your supply chain, communication around your whistleblowing program is key. Your reporting channels should be available and displayed throughout your organization at all levels and be reflected in your corporate culture as well.

There are many ways you can communicate your whistleblowing system to your employees, for example with posters in offices and factories, QR codes on payslips, etc…

Your Whistleblowing policy should also clearly define the scope of what you want your employees to report and how their reports will be handled from submission to closing of the case.

CTA change management workbook download-1

Reports from your employees will give you precious insights into your organization’s well-being at a global level, and by uncovering trends and patterns through your report you can eliminate the root cause of dysfunctioning or prevent risks before they happen.

As the saying goes, “prevention is better than a cure”, will save you many costs and expenses both financial and human, and can decrease the number of product resends drastically.


Document and take action

Your Whistleblowing platform can serve you more than just giving out a speak-up line to your employees. Once you’ve collected reports, documenting them within your system in order to plan what action can be taken to address uncovered risks will help you in managing your supply chain on a global scale.

Opting for a software solution instead of more “traditional” reporting channels such as an email address or telephone hotline will make this process easier. By having the possibility to automate the triage of reports within your system, your process will be streamlined throughout your organization and you can then automatically assign reports to local case managers for them to take the appropriate action directly where the risk is located.

Copy of Higher educaztion speak up line banner (2)


Want to see Whispli in action? Schedule a live demo