Franziska Nothofer:
Hello everyone. Thank you all for joining us today for the webinar Getting Ahead on Tactical and Strategic Compliance Risk Management, hosted by Everstream Analytics. All attendee lines are currently muted, but please feel free to type any questions into the Q &A box throughout the webinar and we’ll get to as many as possible before we wrap today’s session up. This webinar is also being recorded and we will send you a copy afterwards. My name is Franziska Nordhofer, and we’re here today with our following three presenters.
Franziska Nothofer:
Ulf Venne is Vice President of Enablement and leads the Global Center of Excellence at Everstream Analytics. A true pro to know, Ulf has leveraged his years of global industry experience to help clients improve their supply chain resilience and agility. He has been instrumental in raising awareness of supply chain risk management, authoring and published multiple articles and white papers on resilience, agility and sustainability.
Mirko Woitzik heads up Everstream Analytics’ Intelligence Solutions team, a global team of analysts responsible for providing around-the-clock supply chain risk monitoring and analytics across three continents and eight different time zones. He started his supply chain career within DHL Group’s Supply Chain Risk Management Practice before building Everstream’s risk monitoring team from the ground up.
Philipp Fontaine is a legal counsel at Everstream Analytics for all European and APAC matters and leads Everstream’s regulatory efforts from a legal perspective. He has extensive experience advising technology companies such as Cisco, NetApp, and Verizon. Philipp is a German attorney with U.S. expertise gained through a Master of Laws from Cornell Law School and holds a CIPPE accredited by the International Association for Privacy Professionals. The three presenters will be guiding you through the webinar today. And with that, I will turn it over to Philipp to get the session started. Thanks, Philipp.
Philipp Fontaine:
Yes. Hello, everyone. I’m looking very much forward to present to you today. And let’s first have a look at the emerging regulatory landscape. Before introducing any new products to our platform that are regulatory related, we take an in-depth look at the different regulations and discuss them with inside and outside stakeholders and advisors. And these are the seven we are currently concentrating on, but of course not the only ones we can theoretically address. So let’s have a quick look at those seven laws and regulations just in under four minutes. Absolutely no problem. The UFLPA, so the Uyghur Forced Labor Prevention Act, enacted in the U.S. on December 23, 2021, aims to prevent goods made with forced labor from entering the U.S. market, particularly of course those linked to the Xinjiang region in China. For businesses, this means heightened due diligence and transparency requirement to ensure their supply chains are free of forced labor. The law already has a substantial impact on shipping into the U.S. So companies really need to do their due diligence with regards to U of LPA. We see a steady increase of enforcement from month to month. Over 3.5 billion U.S. dollars in shipments have already been detained under U of LPA since it was enacted with nearly half of that resulting in a denial of entry and most by the way being electronics shipped via Malaysia. Canada is now also charting the course towards a more more ethical supply chains with the Forced Labour in Canadian Supply Chains Act.
Philipp Fontaine:
Coming into force, the law came into force on January 1st, 2024 and it requires companies to report on measures taken to prevent child and forced labour in their operations and supply chains. By staying compliant, companies not only avoid legal repercussions, but also build trust with customers who value transparency. Some say that the Canadian Modern Slavery Act will actually become North America’s de facto law since the thresholds are quite low in comparison to some other laws. And Canada, of course, has strong trading ties with Mexico and the US.
So let’s go over the big pond to the EU now and have a quick look at the most relevant regulations there. Firstly, let’s discuss the EU Deforestation Act, maybe the youngest law here on the screen, enacted on May 20, 2024. Ensuring products sold in the EU do not contribute to deforestation directly or indirectly. Businesses must verify that products like wood, cocoa, coffee, rubber or cattle, as well as any products derived there from, are not sourced from deforested land and are complying with local laws in the originating country. Of course, many are looking at Latin and South America there, but also at Asia. Companies need robust traceability systems and a good overview of their supply chain to track the origins of their raw materials and to comply with this regulation.
If we look at the more local laws, so the German Supply Chain Due Diligence Act or LKSG, the Norway Transparency Act and the Swiss Supply Chain Law, all large companies that do business in those local markets need to conduct thorough due diligence throughout their supply chains. All three laws combine the need to identify, assess, mitigate risks and report on those risks. The Swiss supply chain law concentrates on conflict miners, minerals and child labour.
The Norway Transparency Act focuses on human rights and social due diligence throughout the chain, while the German Supply Chain Diligence Act is probably the broadest of these laws, but also currently under discussions and might be actually replaced in the near future. Maybe as an interesting side note, both the Norway Transparency Act and the Swiss law also allows the public to directly request relevant information from companies, so you need to be aware of that as well. The Swiss law, not surprisingly, is probably the law, but it also has direct fines for individuals that have the responsibility for complying with the law, which should also certainly be relevant for your insurance. Lastly, let’s have a look at the EU’s corporate sustainability due diligence directive, or short, CSDDD, introduced on February 23, 2022.
Philipp Fontaine:
CSDDD is probably the most impactful of all of the laws here on the list, since it impacts any company that is operating throughout the EU. The CSDDD requires large companies to identify, prevent and mitigate adverse human rights and environmental impacts across their supply chains. We recently hosted a great webinar with Greta Koch, an architect of the directive, who provided a great detailed update about the law that just now went into effect. We will share a link in the chat so that you can review if you’re interested in learning more. CSWD has as consequence that all local EU countries will need to implement laws based on it. So the more the countries will deviate individually, the more complex it will become to work in the EU market. That’s it from me for now, and I get over to Mirko, please.
Ulf Venne:
Hello, everyone. I’m not Mirko, but I hope I can still entertain you a little bit now with our thinking behind compliance. So what we want to just highlight real quick is that compliance shouldn’t be seen as a completely new thing it should rather be seen as an enhancement of something you already do. So try to incorporate compliance and the intelligence around compliance into your day-to-day processes as much as possible. Instead of building a net new system around it, use what’s already there. So here you see the classical, I would call it supplier life cycle from onboarding all the way to offboarding and in between you obviously you make a contract with them and then you operate and then you measure performance. All of that happens and we always recommend customers to leverage this kind of cycle that you already have, where you go into a relationship, you build it up, you make it stable, and then eventually you decide to part ways or you prolong the relationship. Use risk intelligence and then also the compliance intelligence in the same way in that life cycle and just make it an add-on to make better and more sophisticated decisions.
Ulf Venne:
So risk scoring is a fundamental part of that. Add risk scores already to your selection process. Yes, is he in a zone where there’s very likely be personal freedom issues? Is he in an area where child labor is prominent? Is he in an area where environmental damages might be an issue? All of that is very important to understand before you make a decision for a supplier, especially in times like these, where compliance is getting a more stringent issue, I would call it. Then you have to monitor your suppliers for any misconduct that might happen, then you have to act. And with CS Triple D coming, it’s more and more also going in the area where it’s not only about your own supplier, but also the sub tier suppliers where you have a direct influence on based on the product that you serve. So all of that has to be managed, do it in the right process. So it’s not bothersome and a burden, but it just feeds naturally into it. And then it’s maybe a slight increase in work, but not so much.
Ulf Venne:
So how we support the whole thing, sustainability and compliance is very clear. So we first map our customer supply chain and mapping here means first of all, taking your own information and data, but then adding to that by providing, for example, sub-tier information, we use AI for that, and then we validate it with human experts, and then we leverage your own intelligence in order to build the most sophisticated and best sub tier network that we can build together. And the big benefit is here, you don’t have to send out a survey in order to talk to your tier one suppliers who then will either not respond or not give you the full picture because why would they report a problematic sub tier supplier that yeah, that is only more work for them, right? So using an AI approach is really helping here it’s also more efficient and it works quite well. So we recommend doing that.
Ulf Venne:
Then once you have the network built up in compliance, you have to start risk scoring it. So looking at the long-term exposure, what is the likeliness of something to happen? With that, you more and more filter down the amount of locations you really actively have to do something about, where you have to, as most of the laws call it, execute on remedial actions, for example, force a signature of a code of conduct, or you have to go in and do an on-site audit maybe in severe cases. How do you efficiently do on-site audits? All of that has to be discussed. And then, obviously, no matter how many remedial actions you will take, eventually there will always also be an incident, something that happens right now. That is a problem for your supply chain and a brand risk to you as well and place along with the compliance risks that you see.
Ulf Venne:
And we are leveraging a technology that is human and AI based to provide you with the best information possible.Then we have all our data storage. You can also trace historic incidents. Essentially, it’s all about getting you the right alert at the right time so you can really act and either off board the supplier or help him to improve. And there’s a lot of diligence going into these alerts. And we really pride ourselves on our approach that is not only AI based, but also human validated because it brings us a bigger amount of data, more granularity and more relevancy. And I would like to invite now finally with a lot of anticipation because he was already announced prior. I would like my dear colleague, Mirko, to take over and explain a little bit how we get these incidents.
Mirko Woitzik:
Thank you, Ulf. Good afternoon also from my end and good morning. AI, as has been introduced, is obviously a critical part in supply chain risk management. That’s no surprise because obviously it can help navigate through a lot of different, many, many different data points that would overwhelm any one person. However, for us here at Everstream, it’s just one piece of the puzzle, and equally, if not more important, is our team of risk analysts that provide more context to just a single risk event that is happening, many, many different supply chain disruptions and compliance issues that are happening around the world every day, but you really need that additional context, and that’s what our customers appreciate instead of just standing through an article that was identified as a risk online through media sources.
Mirko Woitzik:
So we at Everstream here, we have an in-house team that was previously said by Philip and Orf, an in-house team of analysts that are spread out across the globe working around the clock. And that is constantly analyzing the incoming stream of risk data that could be the next big supply chain disruption. This approach of combining the best of both worlds, we call it AI technology on the one hand, a human in the loop, on the other hand, really allows us to basically use AI to collect millions of data points, filter out irrelevant data points, then pass on the remaining ones to the team of analysts that will look at the risk, determine their severity, determine their relevancy, because obviously not every risk is relevant, it might be very small risk, and making sure that it’s really about the right company that is in your supply chain, the right location, if it’s more of a geocoded event happening only at one location, and that there’s effectively disruptive supply chain risk from the event before we then go on to alert our customers and really start the process on their end for them to react to any type of supply chain disruption or reputational topic, such as the ones on the compliance side.
Mirko Woitzik:
This really allows our customers, on the other hand, are not to be flooded with irrelevant supply chain information that is not meaningful to them, that is considered noise on their end, that will distract them from more important work that they’re doing if they’re not solving sort of compliance and supply chain due diligence topics, and really allows our customers also to gain trust in our data because they know there’s always that additional judgment call from a human analyst that will make the final call. And it’s not just the model passing information through and it’s also really reducing any discussion that we have typically or that we had maybe in the past about fake news, which is a big topic obviously in the market. They don’t have to worry about this because our approach is always to use multiple sources to report an event like an ESG violation so that you can sort of rest assured that this is really happening and not just something that is passed on and in the end turns out to be not true.
Mirko Woitzik:
I would like to highlight two particular cases where this interaction between AI and our team of human analysts is particularly beneficial to our customers. One is the analyst really, at the end, decided, as I said, what are credible allegations when you talk about ESG violations that are obviously very critical, such as environmental regulations, human rights violations. What are really credible allegations against companies of these type of violations, and what are not, right? So an example, you look at the data source, there’s a lot happening on individual social media posts, individuals accusing specific companies of not complying with the law, sort of polluting rivers in the local environment, so there’s obviously a lot of activity going on the social media side and not every post is credible, and then you sort of juxtapose that with, for example, a government investigation, because of a forced labor allegations, obviously doesn’t have the same weight. So on that end, we’re not only looking at the source, but then we also having the analyst look at and then take the decision in the end on the credibility of the source and then give it a different weighting. So that will in the end also increase the relevance on the customer side.
Mirko Woitzik:
The second topic is obviously AI can only look at online sources. So that’s very good for media, social media monitoring, classic sort of traditional media monitoring, but the team also covers offline sources. So with that, for example, we mean not only media and social media, but really with the help of NLP models, we look at that and that’s kind of the standard, but we also go beyond that. We look at academic reports, we look at NGO reports, we look at government lists, government databases, like the U.S. list of companies that are linked to forced labor. U.S. has published a list in the last two years, it’s called the EUF-LPA Entity List. So it’s mentioning any type of company that the U.S. has identified to be supporting or producing products made with forced labor in Xinjiang in the western region of China. And so the analysts regularly go through that list, identify the right Chinese company names, Look at the English names. Look at aliases of that company. Look at subsidiaries. Look at parent companies So there’s a lot of additional work that goes into it That is not just, you know, bear sort of media scraping, but we go beyond that and work with a lot of offline sources.
Mirko Woitzik:
I Want to give one example here on this slide For for the the results that that has sort of yielded One of the lists has been updated. I think it was at the end of 2023 and has sort of mentioned a Chinese supplier that was identified to have used forced labor in Xinjiang. The company was called Sichuan Jingweida Technology Group and is a tier 3 supplier that in the end made a LAN sort of connector that was then used as an unnamed tier 2 supplier that was then sort of sold to Liacorp in an electronics unit and in the end made it into a lot of different cars from automotive OEMs like Volkswagen and BMW. So really, in the end, there was a component that made it into a final car, and then these cars basically were held up by the US Customs Authorities because of that product that was identified and this company that was on the list, Citroën Zingueira, and there was a time gap between it. So basically, end of 2023, this company’s identified and has been added to also our UFLPA list. But then basically that impact was only several months later where basically government authorities then withheld those shipments and they could not be imported into the US a lot of different types of cars. And obviously you have that time advantage and a lot could have happened and had to sort of use that information upfront.
Mirko Woitzik:
So this example really shows the increasing, you know, complexity for companies and having to navigate international sort of regulatory environments and really shows the increasing compliance and supply chain risk with new regulations popping up left and right. And obviously, the UFLPA, as was initially said by Philip, was one of the most impactful ones that can have a big material impact on companies, especially those with multi-tier supply chains that are spanning the globe, but it also kind of shows the value of effective monitoring, right, because if you’re monitoring your suppliers for these type of violations, environmental forced labor, then you’re able to act earlier before it’s too late, as in this example, and you can really act and sort of do all the due diligence that is needed in order to avoid those shipments being held at the border. So with that concrete example of how we can help on our end with the compliance end, I now hand it over back to Philipp, who’s taking us to another tangible compliance and sustainability use case for one of our customers. So over to you, Philipp.
Philipp Fontaine:
Yeah, so one of our customers, a global tier one automotive supplier, approached us and they were already, let’s say, benefiting from the intelligence that Mirko just shared. But now they asked us, can we also rely on you regarding the new approaching requirements of the LKSG?And they internally built a whole team to address these regulations, but they feared, do we need to acquire yet another solution to address the, as you know, pretty extensive reporting requirements of the LKSG. And what we did in that case, we were really able to support them, not only by showing them how and where our intelligence can be utilized, but also in sharing best practices regarding the reporting.
Philipp Fontaine:
So we actually went in and did several live sessions running through every single of the hundreds of LKSG questions with them, showing them wherever Stream as a Platform can help. And we could not only help them with that reporting, but also offer dedicated sessions so that the client really understands every single of the requirements better. And of course, as you know, the LKSG is now changing, as I said before, But with that exercise, they also prepared themselves for many of the upcoming regulations, including also CSDDD. And now that’s a quick look at the case study, but looking at the time, I will give back to Ulf for the next slide.
Ulf Venne:
Hello, everyone. I know a lot of handovers today, but that’s fine. At the end of this session, just we do another thing we now start giving you a quick demonstration of our platform just to see what you can do. So this is Everstream Analytics, our platform. As you can see here, we are at the first screen where you can see all of the incidents that currently affect your network. You can sort them. It’s a very operational system use. So you always see at one glance, okay, these are the major incidents. You can, we sort them by a score that is derived based on your input and our input there are various factors that eventually then the score shows you which are the highest and most important risks. So it’s a very operational system helps you to really identify what is a problem first, and so on and so forth.
Ulf Venne:
You can then build dedicated views. So if you’re a sustainability manager, you might want to have a sustainability view. So you only see the alerts that impact you today. Currently, this demo account network that we have actually isn’t impacted by any sustainability related issues, but I can go and just say worker rights and I find one and you see here that Pirelli actually has a claim from their employees in Mexico, which by the way, it’s not totally clear. It’s an indication. So based on an agreement between the United States, Mexico and Canada, there is a fair treatment of workers between the three countries. And you can then claim in order to make sure that trade can flow diligently. You then have to resolve the claim. So right now there is a claim out there that is a risk and a warning and also has to be tackled under other compliance laws, obviously. But this type of intelligence you will not find over social media, you will have to really look at the right sources for this. And that’s why we wanted to highlight it here. Again, we don’t know if it’s really, they are now affected or not, if that is really a problem. This has to be still sorted out, but if that’s your supplier, you might want to investigate into that and ask a quick question and then also follow up. And just also, because we talked a lot about identifying sub tiers and sub tiers getting more vital, I wanted to show how that can then look in the platform.
Ulf Venne:
So for example, here you have your production plants that are in various parts of the world, all building this one power connector from your side. And then one of your tier one suppliers that are already pre-selected, there are many, many more in this kind of environment, is Bortech, and Bortech is in Taiwan. His tier two suppliers are primarily in India, you can see, and we found that through AI. But then you see also that these suppliers have Israeli, Indian, So there are various risk factors associated with that. We just had the flooding in Germany. Then there are also some floodings in India. It’s very hot there as well in the moment. And then Israel, we obviously have the war going on. So this already indicates, okay, maybe there could be an issue. Maybe I have to look at that, but that would be more operational. But there are other ways to use it also from a sustainability perspective. And I wanted to show something that is a little bit different because normally what we show in these demos is like this supplier has this issue and so on and so forth. So you see how it works on a scale of supplier by supplier.
Ulf Venne:
Today I wanted to show a network view as a change, actually just a change in pace. If you wanna see another demo, which is more focusing on risk scoring on an individual supplier level, we have done many demos recently at the webinars, so you can go back. But today we look at risk scoring on a network basis. So this is our network of sub-tier suppliers identified. These are all sub-tier suppliers we have identified for that network, 1 ,348 facilities. You see that personal freedom as a risk score is selected. So I wanna check my personal freedom risk exposure. I can see with one glance that most of them are fine, but then you have 222 that are of high risk. And these are the ones I wanna start remedial actions and for personal freedom, a good way to start remedying these is to just check if that is a problem with how the working conditions are, for example, with that supplier and also how people are transferred, if they’re coming by themselves or if they’re transferred by buzz and where the buzz leads to run these kinds of things, you can investigate if you’re physically there. So now we say, okay, for the high severity suppliers, where are they? And then we wait real quick while I talk, just to bridge the waiting time a little bit. And then all of a sudden it’s there.You see, it’s still our 222 facilities. You see the high risk countries. And then you see that in our specific case, it is primarily India and China where most of these locations are.
Ulf Venne:
So out of 222, I would say a vast majority, around 95% are in these two countries, which essentially implies if you dedicate a resource or two into these two countries and start a year-long process of just investigating all of your suppliers, that might be the most efficient way to really tackle that sustainability challenge in a cost efficient manner, but also really making an impact because you really know and you really have a strategy. So that is a way to essentially identify also from an onsite audit perspective. Where do you want to focus at?How do I want to look at my network geographically? How can I leverage a geographical, for example, clustering and start investigating in the right way? And I hope you liked that different change of pace today. And with that, I hand over to a quick Q &A session section. Thank you.
Franziska Nothofer:
Thanks Ulf, Mirko and Philipp for the presentation and for diving into the demo. Let’s cover one question that just came in. Do you think increased regulations will require sub-tier visibility going forward?
Ulf Venne:
Yes. Quick answer. Yes. And I mean, CSDDD is a start of that, where you already see that for those supply chains where you have a potential direct impact on the sub-tier suppliers, you have to create visibility. UFLPA, straight up demand sub-tier visibility already. So that’s one that is ongoing. And then you have also the EODR, the deforestation regulation, where you also have to, for certain products, start developing sub-tier visibility. So these are the first few examples. But given that technologies like ours are out there, that don’t give you a hundred percent accurate picture, but a good, very good picture. That is also what the regulators would call best effort. I think that’s going to be business standard in the future and more and more also straight up demand from regulators because it’s available and there and rather okay, easy to achieve.
Franziska Nothofer:
Wonderful. Thank you. I’m just looking at the time and we’re slowly coming to the end of today’s webinar. We will follow up on any additional questions you pop into the box afterwards. And if you have anything else coming to mind or would like to get in touch with our team directly, please do reach out to info at everstream.ai. We’re happy to help and dive deeper into anything we couldn’t get to today. You will also receive the session recording via email. So do keep an eye out for that. And thank you to all our attendees who joined today and a special thanks to our speakers. Have a great day. And with that, we are closing today’s session. Goodbye.
