• Marc Bates

How can you minimise risks from non-compliant suppliers?

It's vital for organisations to minimise and mitigate the risks arising from non-compliant suppliers, and Canopy has the solution.



Examples abound of corporate failures, from catastrophic accidents to insolvencies. But could you be held liable for failures among your suppliers? It may be a clothing brand purchasing garments from manufacturers found guilty of modern slavery. Or it could be a major oil company using contractors who supply faulty equipment because they don't have suitable safety checks. In every organisation, it's vital to make sure that your suppliers are compliant with regulations, and that they have their own risk assessment and mitigation measures in place. In this blog, we look at the problems posed by non-compliant suppliers - and how to resolve them.


What's the worst that can happen?


Companies face a range of risks when they procure a product or service from a supplier. Some of the main ones are:

  • Liability for serious harm: For the procuring company, it's a question of ensuring their contractor has the correct insurance and licenses, not least by checking the validity of certificates. Companies must be able to prove they’ve asked the questions and assume that their contractors are acting in good faith. (One example is our client, a major manufacturer and distributor of construction and mining equipment which needs to mitigate risks when using contractors to transport vehicles for delivery).

  • Subcontractor risk: Suppliers may be compliant, but what about subcontractors? For instance, in the UK's largest construction projects, huge numbers of subcontractors will be on site at any one time. (For instance, the operation at Hinckley Point has a £23 billion budget, and uses over 10,000 contractors, so they need to keep tight control on their sub-contractors and even the individuals involved).

  • Contractor’s insolvency: There will be financial risks for those suppliers where a single contract accounts for more than 10% of their business. Any financial issues in their value chain could imply that a company is trading while insolvent, raising the risks to those procuring goods or services. (For example, in the wake of the Carillion collapse in January 2018, one of the world’s largest facilities management companies proactively queried exposed suppliers).

  • Changes to legislation: While a supplier may have been compliant when you onboarded them, what happens when the legislation changes? Some larger pieces of legislation may require a whole new approach (such as GDPR, the General Data Protection Regulation, which came into force in the UK in 2018). But less wholesale changes to regulation need more careful monitoring.


Whose name is on the dotted line?

There can be wide-ranging consequences for dealing with non-compliant suppliers. Company directors are individually liable for breaches of compliance with regulations, as they have a duty to exercise reasonable care, skill, and diligence. In the UK for instance, the Sentencing Council's 2015 guidelines deliver penalties for breaches of legislation, including health & safety and modern slavery. As well as potential custodial sentences for directors, a sliding scale of fines ensures companies receive a penalty that impacts on their bottom line. Companies with a turnover of over £50 million can now be fined up to £20 million in cases of corporate manslaughter.


It is critical to consider the long-term consequences of decisions too. One of the key issues for companies - and by extension, for companies who have contracted them to supply a product or service - is an audit trail. Keeping a log of all decisions, including board minutes, will mitigate risks. If you've asked the right questions, and you've made your decisions in a transparent manner by acting on that information, you can limit liability.


What others want to see

We've been talking about the essentials of compliance, but what about the desirable elements? As well as ensuring adherence to regulation, company directors also have a responsibility to promote the success of their company and act ethically. We've talked in our blog before about the increasing focus on ESG (environmental, social, governance) considerations. Making better choices will improve a company's reputation with its shareholders, investors, and customers alike.


Of course, there are some essential elements within ESG, such as robust anti-slavery policies and procedures, and functioning governance structures. But increasingly, organisations understand that having suppliers who inadequately track and reduce carbon emissions may jeopardise their own business objectives. Monitoring changes over time is especially important for this element of compliance.


We have the solution to risks from non-compliant suppliers

In a manual process, suppliers are often sent an extensive questionnaire to check compliance during onboarding. But these checks are labour-intensive and time-consuming, and it's rarer to ask these questions of existing suppliers. This means organisations have a snapshot of what their supplier looked like when they were onboarded. This system can miss cases where suppliers don't update their certificates or policies, get into financial difficulty, or fail to respond to changing regulations.


Bringing compliance checks into a comprehensive supplier management platform clearly has benefits. That's where Canopy comes into its own. Setting up automated prompts ensures you check supplier compliance throughout the lifecycle of your engagement with them. For instance, you can receive insurance certificates annually to ensure coverage has been renewed. Canopy will red-flag suppliers if they're in breach and can prevent procurement teams from generating purchase orders until they're back in compliance. With self-certification, the onus (and incentive) is on the supplier to make sure they’re compliant.


What's more, Canopy pulls information in from the ultimate source (i.e., the suppliers themselves), reducing the risk of inputting errors and saving on administration overhead. And as it's a secure system, the platform retains a perfect audit trail. Only authorised personnel can make changes to the system, which time-stamps any amendments. For company directors and procurement teams alike, that provides a welcome level of comfort.


Contact one of the team today to find out more about how Canopy can help mitigate the risks of dealing with non-compliant suppliers.

Post by Doug McLean

Doug, the founder of Canopy ProcureTech and OCG Software, has a wealth of experience establishing disruptive technology businesses. Doug supports Canopy's customers in making the most of their investment in supply chain excellence. He is passionate about pristine master data and application software that is simple to use, delivers results and delivers real value to stakeholders.