Reducing risks, streamlining operations, and cutting costs are goals that all companies—public and private alike—have in common. No two departments are more equipped to collaboratively tackle these objectives than compliance and procurement.
Over the last decade, many large companies have experienced a broad transformation in their procurement functions. Rather than see procurement solely as a transactional business function—purchasing goods at the lowest cost—more companies are realizing the inherent value in procurement serving as a versatile and dependent ally to the compliance department.
The relationship between compliance and procurement is going to differ greatly company to company. In organizations that do not primarily sell highly regulated products and services—office supply distributors, for example—compliance and procurement might not overlap much at all. But for other businesses with high regulator profiles, such as pharmaceutical companies, compliance plays a critical role in helping procurement understand whether it can even buy a product from a supplier and, if so, what the regulatory requirements might be.
It starts with compliance having a very solid understanding of the business itself and how the function of procurement works within it, says Matt Broad, senior vice president, general counsel, and corporate secretary at Darden Restaurants. Only then can compliance integrate fully into the procurement process.
Specific to Darden, “One of the most important areas of compliance we are focused on is food safety and food quality,” Broad says, noting that the total quality team provides the technical expertise from a food safety and quality perspective, and compliance provides support from a regulatory perspective. Together, compliance and procurement work together to ensure the proper safety and quality standards are set, followed, and tested.
“We communicate, on an ongoing basis, the expectations to procurement so that they can execute the actual sourcing of products in a way that meets all of the quality and compliance expectations of the company,” Broad says.
The electronics industry can also benefit from compliance and procurement forging closer ties. At Intel, for example, “we have a longstanding and close relationship with our procurement department,” says Jo Levy, chief compliance officer at the $55 billion semiconductor manufacturing company. “The head of our procurement department is on our ethics and compliance oversight committee [ECOC] and has been for many years.”
In addition to the head of compliance, Intel’s ECOC includes senior representatives from across the company and is chartered by and reports to the audit committee of the board. The purpose of the ECOC, co-chaired by the director of internal audit and the chief compliance officer, is to ensure “we are connected across the company from a policy and process perspective … and philosophically, as well,” Levy says.
“It starts with compliance having a very solid understanding of the business model and processes, and how the function of procurement works within that company’s business model.”
Matt Broad, SVP, General Counsel, Corporate Secretary, Darden Restaurants
In many aspects, procurement is the execution and implementation arm for many of the compliance department’s policies and directives at Intel, she adds. Anti-corruption is just one area where compliance and procurement partner.
For example, compliance works with procurement on anti-corruption due diligence screening of third parties, drafting contract terms and conditions, training of partners and third parties, as well as on auditing and monitoring third parties, Levy says. Procurement will screen for issues such as labor conditions and whether the third party is financially stable, for example, while compliance will screen for issues like anti-corruption and records of illegal conduct, she says.
Furthermore, Intel is a voluntarily participant of the Electronic Industry Citizen Coalition (EICC) Code of Conduct, which establishes stringent standards to ensure safe and ethical working conditions in the electronics industry supply chain. At Intel, compliance partners with procurement on their EICC activities, Levy says.
Germany-based civil engineering giant Bilfinger also stresses the value-add resulting from the link between procurement and compliance: “Companies that work together with many different suppliers, sub-contractors, and service providers and that operate on all procurement markets have to deal with a multitude of regulations and challenges—as well as with increasing complexity—when it comes to their supplier management,” Bilfinger states. “In order to deal effectively with the potential risks that can arise along the value-added chain, our procurement division works hand-in-hand with our compliance organization.”
Coordinating with compliance allows the procurement division to proactively identify risks and mitigate them in a consistent manner. “Accordingly, it is essential that we carefully vet our chain of suppliers,” Bilfinger states. “Only then can we be sure to avoid possible problems, such as ambiguous contractual agreements, unethical conduct, or violations of the law.”
Traditionally, the biggest obstacle impeding compliance from forging closer ties with procurement, along with other parts of the business, is when executives in the business units strike deals with third parties without full consideration of the compliance challenges, particularly in high-risk emerging markets.
COMPLIANCE AND PROCUREMENT AT BILFINGER
Below Bilfinger describes how its procurement function works hand-in-hand with its compliance function.
Companies that work together with many different suppliers, subcontractors, and service providers and that operate on all procurement markets have to deal with a multitude of regulations and challenges—as well as with increasing complexity—when it comes to their supplier management. In order to deal effectively with the potential risks that can arise along the value-added chain, our procurement division works hand in hand with our compliance organisation. This close coordination allows us to identify such risks ahead of time and to mitigate them in a consistent manner.
Thus, ensuring strict adherence to the compliance guidelines that have been put in place for procurement is one of our top priorities. After all, our business dealings with suppliers may give rise to any number of liability-related risks. These must be identified early on, and need to be counteracted through appropriate measures, so as to prevent financial and/or reputational damage to Bilfinger SE. Accordingly, it is essential that we carefully vet our chain of suppliers. Only then can we be sure to avoid possible problems, such as ambiguous contractual agreements, unethical conduct, or violations of the law (e.g. against anti-trust statutes).
Transparency is key
The need to operate on global procurement markets makes it all the more critical that the activities pursued by procurement in this area be based on transparent processes. Thus, we not only rely on our compliance management system, but also set great store by adhering to all the currently applicable guidelines and policies with respect to procurement, integrity, and dealings with third parties. This is how we minimize potential risks while ensuring our procurement is as efficient as possible.
“What we’ve learned is that when we work together, we are able to identify issues and challenges together in the process,” Levy of Intel says. Having compliance and procurement team together early when on-boarding a new third party, for example, allows the company to pick what it considers to be the best third parties and avoid any last-minute issues or concerns.
Clearly defined business objectives are another way to forge closer ties between compliance and procurement. “One of the reasons why procurement sometimes struggles to be that trusted business partner, or that strategic business partner, is because they lose focus on what the broader business objectives or outcomes are that procurement needs to support,” says Paul Birch, vice president at Genpact, a global business process management and services company. “If those expectations are made clear, then it gives procurement more relevance, because they can align what they’re doing to serve the needs of the broader business.”
The same holds true for compliance. “The compliance function and the procurement function should be talking to each other to understand what business outcomes they’re trying to achieve, what role each of them has in doing that, and where they share a healthy overlap,” Birch says. For example, how can they join forces to ensure that the right policy framework is in place and that the right monitoring of those policies is in place? “It’s about being relevant and aligning to what the business is trying to achieve,” Birch says.
Centralized vs. decentralized
While forging strong compliance and procurement ties starts with relationship-building, it continues with processes and procedures. Many large, global companies in a variety of industries with geographically dispersed business units are choosing to centralize their procurement operations in a command-and-control fashion. Policies and procedures essentially are developed and executed from the enterprise-level down through the different regions or different business units.
One of the driving forces behind centralization is to gain greater visibility and control over enterprise-wide spending, processes, and risks. “The best of both worlds comes into play when you have global contracts,” Birch says. Centralization enables tighter coordination between compliance and procurement concerning the ever-more complex contract review process.
Strategic sourcing helps to dramatically reduce the company’s list of third parties to a more manageable number, “because you’re finding better ways to concentrate that spend,” says Mike Hales, a partner at business management consulting firm A.T. Kearney. Establishing long-term relationships with fewer suppliers helps with cost savings as it helps companies to acquire volume discounts and centralize contracts with key suppliers.
Another benefit of centralization is that procurement and compliance can work side-by-side to proactively eliminate high-risk suppliers. “There are a lot of opportunities to integrate compliance and risk considerations and make them more visible and streamlined when procurement is centralized,” said one compliance executive at a large global retail company. The executive spoke to Compliance Week on the condition that he not be identified.
If the company is large enough, and mature enough, procurement will be facilitated through a central procurement platform. In effect, a centralized procurement process is a trigger for compliance to drive greater awareness of our third-party relationships, the executive said.
The retail company is in the process of extending the global reach of its procure-to-pay system, “which will allow us to consolidate contracts, consolidate spend, better evaluate from a risk standpoint if we’re overly reliant on a certain vendor for a product that’s critical to our retail store build-outs or technology that supports our e-commerce strategy,” he says. “So it helps manage some risk just by greater transparency versus a disaggregated model.”
The company is also working on centralizing its management of vendor master data. “That’s critical because that master data is what’s driving all transactions for purchase orders,” he says. Vendors are subject to denied party screening, background checks, or any sanctions they may have.
By integrating compliance and procurement, the globalization of that allows the company to gain more comfort across our regions to know that each region is meeting the same bar for compliance over procurement or that the bar is adequately leveled against regionalized risk and compliance requirements. “If they’re not, at least we can adjust that knowingly versus unintentionally providing unwanted autonomy to regions … that may lack the maturity of the compliance considerations that our global corporate functions require.”
The maturity of each company’s procurement capabilities will depend on the size and type of company. “Systems don’t have to be that complex or even costly,” says Jean Clark, president of strategic services at Periscope Holdings, a provider of procurement software solutions for the public and private sector.
Fundamentally, effective procurement is about good supply chain management. “Not having a tool could impact some of the policy and process decisions that a procurement officer may make,” Clark says. Good procurement becomes more about the reporting and processes itself. “What type of processes do you want to put into place so that you do have that visibility?” she asks.
That brings about another point: Centralizing procurement—with or without the systems to support it—isn’t for all companies. “No one size fits all,” says Genpact’s Birch.
A decentralized procurement model—characterized by business units executing procurement activities locally—may make more sense in a company that operates in local markets only, particularly where business unit or geographical primacy exists, Birch says. In those circumstances, having a decentralized model enables regional and local teams the flexibility to work closely with local stakeholders and local suppliers with local knowledge.
Even in a multinational corporation, exceptions may arise where not all processes should be centralized. “We always want the business to have accountability and ownership over their activities,” Intel’s Levy says.
With decentralized procurement, however, it becomes even more important that chief procurement officers are given the necessary level of authority to execute business strategy and the authority to punish or terminate those who bypass those controls.
As companies become more globalized and automated, supply chains are only going to become more relevant, increasing both risks and opportunities for companies. Although the core activities of third-party risk management won’t ever change, the nature of those risks will. The more that compliance and procurement can evolve together with these changes, the stronger and more evolved the company also will be.