Regulatory compliance in procurement is a key aspect of effective risk management strategies in today’s ever-changing world.
As the global regulatory landscape evolves, companies that are non-compliant with state, federal, and international laws and regulations risk exposure to potential lawsuits and financial liabilities, as well as reputational damage.
She adds: “Such compliance can ensure integrity, safety and ethical behaviour in the workplace and business operations, and procurement teams are key to enterprise-wide contracts.”
Adhering to regional and national regulations has always been a challenging aspect of the procurement function to ensure their products and services meet quality standards but “what’s changing is the volume and scope of legislation that procurement and supply chain leaders need to be intimately aware of, track, and report,” explains Jonathan Kinghans, Senior Director, Digital Procurement Transformation and Managed Services at business consulting and services company, GEP.
He continues: “Procurement is at the forefront of ensuring organisations achieve stated commitments to fair labour standards and reduced environmental impact. Getting it wrong risks reputational damage and may lead to investor or insurance withdrawal, as well as a fall in consumer confidence.”
Ensuring regulatory compliance with advanced technology
In a busy procurement department, ensuring ongoing compliance throughout a supplier relationship can be a challenge when managing large volumes of commercial agreements “However, the manual processing of contracts can mean critical compliance clauses are missed in negotiations, and that the obligations agreed to are not properly tracked, managed, or enforced,” explains Bulacan.
Bulacan says this is why digitalisation is the solution.
She explains: “By digitalising the contracting process, procurement can gain a comprehensive paper trail in the event of regulatory agency enforcement or action, by capturing a company’s ongoing efforts to comply with regulations and standards.
She adds that emerging technologies such as AI can help ensure compliance across supplier relationships, and guarantee that language and clauses intended to protect an organisation from risk exposure are included in contracts.
“By adopting AI within contract management processes, procurement teams become equipped with the efficiency and visibility into data, and this allows them to manage complex contract portfolios and effectively take a preventative role in mitigating risk,” she continues.
Echoing these views is Anders Lillevik, CEO and Founder of data risk management company, Focal Point says: “Technology advancements and AI are enabling procurement teams to simplify the risk monitoring process by providing more-timely visibility and action on risk, whether it’s auditing their suppliers or evaluating compliance risk in existing contracts. This enables organisations to shift risk management from a backward-looking activity to an integral part of day-to-day operations.”
Responding to regulatory changes in the European Union (EU)
It is clear that keeping up to date with regulatory changes can be challenging, “having a clear idea of processes, and an understanding of how and when decisions are made within those processes is vital for identifying compliance gaps because it allows procurement teams to chart where the controls are addressed in the process flows,” explains Lillevik.
So what does this mean for changing European Union (EU) regulations such as the German Due Diligence Act (LkSG)?
With only 4% of German companies prepared to implement the Act and 70% poorly prepared, Kinghans sees most of GEP’s clients increasing their investments in AI-driven software solutions to gain greater visibility and tracking across the value chain to drive compliance, reduce risk and costs, and subdue volatility.
He says: “Being able to meet the requirements of the Act is top of mind of procurement. But it’s just one of numerous challenges, all of which require greater visibility, control, and accountability of global value chains.
“Layered on top of this is the challenge of how to apply new AI and ML solutions to supply chain data, how to automate processes, how to flag areas of non-compliance and risk, and how all of this should inform decision making.”
Kinghans adds: “It is important companies don’t see this as an EU thing. It’s not. It impacts any company with more than 500 employees and US$165m in revenues that has a presence in the EU.
Non-EU companies that do not comply face heavy penalties. These include a ban from selling goods or a fine of up to 5% of global revenue. This will be expanding to any company with more than 250 employees and US$44m revenue.
Kinghans’ advice is to get the basic decisions done first. “Begin with how procurement needs to deliver what is needed. Then look at how to gain visibility into the value chain, and determine who is accountable for compliance in the team. Then measure and report Scope 3 emissions, and once all of this is in place, the focus should be on developing a realistic plan to reduce emissions.”