Category Archives: Compliance

Content is a Cornerstone of Compliance

In Friday’s post, we asked if you could solve the compliance challenge before it cost you tens or hundreds of millions of dollars. We noted that the biggest reasons for lack of compliance are lack of knowledge, policy, visibility, analysis, and procurement technology and the fixes are knowledge, policy, and appropriate technology.

One of those technologies is a Procurement Marketplace that can steer (or force) buyers to buy the right products from the right (and approved) suppliers. Another is supply chain visibility technology that lets a company monitor what is going on in the supply chain and evaluate a potential supply base before making a decision. A third is import/export/trade management software that helps the organization identify the regulations it must comply with, collect the necessary information, produce the required documents, make sure the documents get to the proper authorities complete and on-time, and track all of the associated certifications and insurance certificates that go with the products and the supply base.

A good trade solution will address, at a minimum, import/export requirements, ECCN (Export Control Classification Number), custom security programs, FTA/FTZ/SEZ (Free Trade Agreements/Free Trade Zones/Special Economic Zones), country of origin, HS (Harmonized System) codes / HTS (Harmonized Tariff Schedule) codes, DPS (denied party screening), and entry visibility. Essentially it will help a company determine all of the export requirements, all of the import requirements, produce the necessary documentation, and track its product from country of origin to the destination country.

In order for this solution to work, it needs a lot of content. Namely:

  • import/export regulations for all of the countries being sourced from, sourced through, and shipped to
  • US ECCN database
  • requirements for programs such as C-TPAT, PIP, and AEO
  • Free Trade Agreements between all of the relevant countries
  • database of all FTZs / SEZs in the relevant countries
  • HS schedules for all of the relevant countries and mappings
    and/or mappings to from country specific schedules
  • Denied parties lists for the relevant countries

That’s a tall order. But no longer an impossible one. Stay Tuned.

Can You Solve the Compliance Challenge?

Regulatory compliance is usually defined by an organization’s adherence to laws, regulations, guidelines and specifications relevant to its business.

There are two primary categories:

  • Internal compliance that focusses on the policies and procedures of the organization (which must be followed to insure SOX compliance) and is focussed on personnel and procurement
  • External compliance that focusses on the (government) legislation and agreements that govern the operation of the organization and falls into the categories of:
    • financial/operational
    • import/export
    • environmental
    • private data / worker’s rights
    • insurance / liability

Non-compliance can be a very costly situation for an organization to find itself in as it can cost an organization hundreds of millions of dollars in some cases. Consider the following costs of external non-compliance:


  • SOX violations can cost up to 5M per violation; even Deloitte, known for its audits, had to pay 2 Million for a SOX violation
  • Anti-bribery violations have no ceiling; Aon paying £ 5.25 M in 2009, Wills Limited paying £ 6.9 M in 2011, and Macmillan Publishers paying £ 11.26 M in 2011
  • FCPA violations don’t have a ceiling either; Weatherford International paid $152.6 M in 2013, Alcoa paid $384 M in 2014, and Siemens paid $800 M in 2008


Meggitt paid 25 M in 2013 to settle charges of AECA & ITAR violations, Standard Chartered Bank paid 132 M in 2012 to settle charges of OFAC sanction violations, and ING Bank N.V. recently paid 619 M to settle charges of several OFAC sanction violations


In 2012, Wal-Mart paid $8M to settle a workers’ compensation class action settlement, and in 2010 a jury awarded $82.5 in a workplace death lawsuit

Lack of compliance costs. Dearly. Why is there a lack of compliance in most organizations? Lack of knowledge, policy, visibility, analysis, and procurement technology. Knowledge can be addressed with training. Policy can be fixed with planning. But visibility, analysis, and procurement fixes require technology.

What kind of technology?

Supply Chain Visibility, Spend Analytics, and a Procurement Marketplace that captures, tracks, and maintains an audit trail of all of the relevant data to insure SOX and FCPA are not violated, import and export restrictions and requirements are adhered to, and that suppliers comply with insurance and regulatory compliance.

To find out how a Procurement Marketplace helps your organization solve the compliance challenge, reduce maverick spending, and enable organizational growth, download Sourcing Innovation’s latest white-paper on The
Procurement Marketplace and The Power of Compliance
(registration required), sponsored by Vinimaya.

It’s Illegal to Burn Money, But Yet Your Organization Does It Every Day! (So Find Out How to Do Something About It!)

Title 18, Section 33 of the United States Code says you shall not mutilate, cut, disfigure, perforate, unite or cement together, or do any other thing to any bank bill, draft, note, or other evidence of debt issued by any national banking association, Federal Reserve Bank, or Federal Reserve System, with intent to render such item(s) unfit to be reissued and if you do, you can be fined or imprisoned for up to 6 months. But yet, every day, organizations everywhere collectively flush billions of dollars down the drain, overpaying suppliers, including foreign suppliers, millions of dollars that can not be recovered and reissued by the organization for other business purposes.

If it wasn’t for the fact that the vast majority of these organizations don’t intend to overpay and waste money, since this money (and evidence of debt) flows through the American banking system, I would otherwise be inclined to argue that, technically, this gross incompetence in management of corporate funds is criminal.

For proof that the average organization wastes money, we simply have to look to the audit recovery industry which recovers, on average 1% to 1.5% of annual spend. And, typically, this is just what they can find with a quick, mostly manual, review of the top n suppliers that account for 2/3rds (66%) to 3/4ths (75%) of external organizational spend using a very loose interpretation of the 80/20 rule. And that’s just overspend. What about spend that should never of happened in the first place (because it was off-contract and 15% higher than contracted rates)? Or unrecoverable losses due to a key supplier not having mandatory insurance policies in place? Or gross violations of the T&E (Travel & Expense) policy (that border on criminal malfeasance) where the VP of Sales decides that a dinner costing 2K / head at the local strip club is a valid use of the organization’s P-Card?

But most of these situations are easily preventable by a Procurement system that is designed to not only enforce compliance, but make it easy. To find out how, check out Sourcing Innovation’s New White Paper on The Procurement Marketplace and the Power of Compliance (registration), sponsored by Vinimaya.

Procurement Trend #24: Better Governance Model

Twenty-one dreary, and weary, trends still need to be discussed, so let’s keep the fire burning. The sooner we get through these, the sooner we can expose these charlatans once and for all.

So why do so many historians keep pegging this as a future trend, and keep poor LOLCat regressed in his past life? There are a number of reasons, but among the top three today are:

  • models may be few but most organizations don’t use the right one

    and even those organizations that have selected the right model don’t always apply it properly

  • compliance regulations make governance critical

    since SOX can put you in the Box with Fox!

  • investors want a return
    and they know a lack of governance won’t give them one

So What Does This Mean to You?

Governance Model

De-Centralized, Center-Led, Centralized, or Control Tower — which is right for your organization? The answer is all of them, depending on the situation.  For example, snow-clearing services should probably be de-centralized as it makes no sense to run them out of Houston, Texas or San Jose, California. IT Support should be center-led, as regional providers will probably give you the best price. Global contracts for your core product production should be centralized, as you need the volume for leverage and you need good supplier management. And it’s likely that a Control Tower model will be needed to manage the proper application of each model to each category it is suited to.

Fox in the Box

SOX can put your CEO and CFO in the box with fox if your company doesn’t make an acceptable effort to comply with the Sarbanes-Oxley Act of 2002. But this isn’t the only regulation that can get your company in hot-water. Labour regulations, environment regulations, etc. can all put your company at risk with unlimited (legal) liability in some cases. So companies have to make sure that the governance model takes into account compliance and supports the collection of all necessary data to insure that the organization doesn’t go foul of SOX or other regulations that could get it in hot, hot water.

Greedy Investors

They want a return and won’t be satisfied until they get one. And unless you can convince them that you have things well in hand, you’ll have a group of very clingy monkeys on your back, weighing you down. So you want to make sure that you have good, documented, governance procedures that will keep them happy and keep hundreds of pounds of monkeys off of your back.

The Procurement Marketplace and the Power of Compliance

When it comes to Procurement, compliance is very important.

  • Non-Compliance with contracts is the biggest reason that 30% to 40% of negotiated savings never materializes.
  • Non-Compliance with standards and regulations often results in poor product quality, unusable inventory, or, even worse, seizure of goods by customs.
  • Non-Compliance with insurance and financial regulations could leave you on the hook for million dollar lawsuits and your CEO and CFO on the hook for criminal charges.

Compliance is also very hard to enforce in the average organization because your resources, time, and visibility is limited and it’s easy for anyone and everyone to fly under the radar whenever and however they want to.

But there is something you can do about it.

The Power of Compliance To find out, join Sourcing Innovation and Vinimaya at 13:30 PDT / 16:30 EDT / 20:30 BST this Thursday, October 16 for our webinar on The Procurement Marketplace and the Power of Compliance, hosted by Don Carrington and the doctor, where we will fill you in on how you can go about improving your organizational compliance.

Attendees will be the first to receive Sourcing Innovation’s New White Paper on The Procurement Marketplace and the Power of Compliance. Register now for The Procurement Marketplace and the Power of Compliance and get a leg up on your competition!