At least 374,000 businesses worldwide rely on Russian suppliers and another 241,000 businesses across the world rely on Ukrainian suppliers—with over 90% of these businesses based in the U.S., according to Dun & Bradstreet data. On the heels of a globally-disruptive pandemic, this new war between Russia and Ukraine—which has prompted widespread sanctions from the U.S., U.K., and the E.U.— has further crippled an already weakened global supply chain.
And while better understanding comes from better data and monitoring systems, it's hard to know which metrics to focus on. And how can you leverage it to increase the resilience and security of your supply chain? These were the questions explored in a recent Craft webinar “Illuminating Supply Chain Vulnerabilities in the Face of Geopolitical Risk,” led by Matt Keyes, Commercial Director EMEA at Craft.co, and Seb Butt, General Manager EMEA at Craft.co.
There are some straightforward ways to track how much your supply chain is at risk with the Russia-Ukraine war, but traditional metrics alone do not illuminate all risk possibilities. Make sure you’re tracking the following risk domains and collaborating cross-functionally within your organization to close the gaps.
There are several critical risk domains you should be factoring in to your data picture, including:
The intersection of these risk factors will reveal the suppliers at greatest risk. Keep in mind that these risks are particularly important during the current conflict, but should also play a long-term role in your overall supply chain monitoring strategy.
Reviewing your ownership and sanctions exposure is essential during this chaotic and ongoing conflict. For instance, you’ll need to uncover if there is any Russian involvement in your supplier’s group or shareholder structure. These ties could impact your business as sanctions restrict operations across many industries.
Sanctions have increased in recent weeks, and now include broad penalties against Russian leaders, banks, assets, and imports such as oil and gas. Western countries have frozen the assets of Russia's central bank to prevent it from using its $630bn of foreign currency reserves. And in another significant move, the U.S., E.U., and U.K. have also removed several Russian banks from Swift, an international payment system that enables the smooth and rapid transfer of money across borders.
While cutting off Russia from Swift and other trade relationships will certainly impact the Russian economy, it also has broad implications for businesses around the world. Businesses that are owed money by Russia will have to find alternative ways to collect payment. And replacing Russian suppliers—especially for energy—will be a monumental task for governments and companies alike.
Uncovering your risk here is made all the more difficult as the situation is ever-evolving. Sanctions have changed from country to country many times over the past several weeks. What was applicable in one country a week ago may not be the same for another country today.
This means you can’t simply rely on a snapshot of data to determine your exposure. Instead, focus on monitoring your supply chain consistently for new and changing risks due to sanctions. For best results, make sure you’re using a platform that keeps you alerted on sanction news tailored to your supply chain needs.
Where do your suppliers source their labor from? This risk domain is one of the most overlooked but can have a critical impact on your business. Make sure you’re looking at hiring and recruiting trends by your suppliers over the last 12 months.
“It can be difficult data to get,” says Keyes, “But where we find suppliers often reveal their intentions publicly is when they post job listings.”
This is especially useful because even suppliers with high scores on cybersecurity who don’t have Russian ownership could surface significant exposure through their hiring practices. In fact, according to Ukraine’s Ministry of Foreign Affairs, more than 100 Fortune 500 companies rely in some part on the country’s IT services and are consistently among the top outsourcing options for technical services worldwide.
For example, during a recent supplier analysis for a customer, Craft.co uncovered that the company’s drug development services suppliers showed high recruiting in Ukraine—likely for drug trial participants. This revealed a potential vulnerability; drug trials with those suppliers—and any associated IP held on-site—could be at risk for disruption during the conflict.
Another top concern for supply chain risk management is cybersecurity. The pandemic accelerated remote work and digital transformation across industries, resulting in increased cyber risk not only within company networks but throughout their extended supply chains.
In fact, software supply chain attacks grew by more than 300% between 2020 and 2021—with 92% of U.S. organizations experiencing a breach that originated with a vendor. And with ransomware attacks growing increasingly sophisticated and widespread, companies must take a more proactive and comprehensive approach to monitoring and protecting against cyber threats.
This means businesses can no longer rely on subjective supplier surveys for their cybersecurity risk assessment. Surveys can be helpful but they are biased toward the supplier and only provide a snapshot in time—resulting in blind spots and a data picture that is outdated as soon as it is delivered. Instead, companies need real-time, validated data viewed in context with other risk factors to uncover a more complete view of their exposure across vendors.
How many offices do your suppliers have in Russia, Ukraine, or Belarus? The physical locations of supplier offices can impact supply or operational capacity. As noted previously, Ukraine is a major supplier of IT services worldwide. As millions of people are displaced and take refuge outside Ukraine’s borders, it may pose risks to the labor capacity and supply within these industries and beyond.
Review your supplier locations and offices for tier 1 and tier 2 suppliers—not only within Ukraine and Russia but also in neighboring countries like Poland which may be impacted by the ongoing exodus of refugees.
Another risk domain to consider is sustainability. Sustainability may not be your first thought when thinking about geopolitical conflict, but the Russian-Ukraine war is directly tied to energy markets and has already had a major impact on energy consumption and prices. It is also a reputational risk—the public is increasingly interested in companies’ sustainability efforts and environmental impact.
And in today’s political climate, the public is less willing to forgive blunders. In other words, companies should expect to be held accountable for increases in emissions. That’s why it’s important to review your company’s connections to Russia and determine where you will need to find alternative suppliers to minimize your carbon impact during the crisis.
"Having an ongoing way of monitoring supplies has never been as important as it is now,” says Keyes. That’s why investing in a robust supplier intelligence solution as part of your broader supply chain management strategy is critical to ensuring resilience through conflict. Here’s what to look for:
Traditionally, leaders reviewed supplier intelligence reports once a quarter via slideshow decks. “But this results in risk information frozen in static documents,” says Keyes. “It might be an Excel file, it might be a PowerPoint, it might be a Word document or even a meeting agenda.” This leaves organizations and decision-makers lagging behind the data. Today’s supplier environment demands more.
Supplier intelligence needs to be part of a broader digital transformation strategy. It is no longer sufficient for leaders to rely on a single-point solution—especially when it comes to pivoting during crises. Instead, companies must build flexible, agile, and holistic intelligence into the digital transformation strategy that turns data from a static, quarterly report to dynamic dashboards with real-time data and daily updates that inform decision making.
Say goodbye to siloed data and departments. The future of supplier intelligence rests on cross-functional collaboration that ensures leaders are operating with a holistic view of their risk landscape.
In the past, teams would work independently with minimal data sharing across risk domains. For example, the compliance department typically owns the sanctions & ownership risk domain, cybersecurity is owned by the Information Security department, and financials and/or other traditional risk markers are owned by procurement. But geopolitical events aren’t neatly divided into risk subdomains. This creates blind spots that can make it difficult to contextualize data and act strategically. That’s why it’s critical to be able to pull data from the same supplier intelligence platform and collaborate and share data across teams.
Every day, there are new updates on the Russia-Ukraine conflict. Mild to extreme sanction measures were imposed in a matter of days—and continue to evolve from country to country. Markets continue to fluctuate in response to current and projected supply challenges.
That means it's important to have automated, customized updates that keep you informed in real-time. After all, information delays have been proven to have catastrophic consequences for supply chains.
Your data is only useful if your organization can easily access it, understand it, and share it. That’s why it’s important to use an intelligence platform with robust integrations of best-of-breed services and platforms into one central UI.
“Make sure you integrate supplier intelligence into your existing digital transformation strategy because that's where the users are. That's where the decision-makers are,” Keyes explains. “This data produces value for the business. So having integrations with SAP, Ariba Risk Management, Salesforce, Palantir, Power BI, or Tableau—wherever your users already are so that it adds value to these massive investments you've made as part of your digital transformation.”
The Russia-Ukraine war will continue to have ripple effects throughout the global supply chain. Companies that are armed with robust intelligence will have a better chance of weathering not only the current crisis but future challenges as well.
“The point here is not to build a solution on whatever the latest crisis may be,” says Keyes. “What you need is flexible, extensible, agile, holistic intelligence that integrates well into your overall larger digital transformation strategy. Then you can actually influence decision-makers by getting that information in front of decision-makers, category managers, CPAs, InfoSec, and enable that cross-functional view of risk that any of these individual departments wouldn't be able to get on their own.”
Intelligence makes us feel better, but only better decisions provide business value. Use a platform that allows you to drive business value through better intelligence and better decision-making across your organization now and in the future.