Supply Chain Risks are usually seen as the (un)desired result of an event which could occur with a probability, have an impact and a degree of manageability in mitigation efforts.
Three elements which together will be expressed as the Risk Priority Number (RPN). The higher the RPN, the more important is the risk and the higher impact may be on profit, logistics and or reputation.
Ask any supply chain manager about the risks which keeps him awake, and he will mention:
- Instability within the supply chain
- Inflexibility or adaptability
- Stock outs
- Suppliers going bankrupt
- Defects or shoddy goods
- Natural Disasters
- Information theft, industrial espionage, data theft, etc.
- Sudden increase in costs
- Deliberate acts like thefts, vandalism, terrorism, etc.
- Loss of suppliers
In practice this are almost all operational risks which are being absorbed in the supply chain. Supply chains are configured in such a way that they can deliver the maximum intended value even if there are several high probability operational types of risks. In most supply chain disruptions, the agility and resilience of the supply chain is able to absorb the effects of disruptions. Of course, there is financial, logistics and/or reputation damage, but according to the Business Continuity Institute research the impact is below one million euro.
It becomes interesting when go to the other part of the risk spectrum, the ones which aren’t mentioned in the list of the Supply Chain Manager: the event of a low probability high impact systemic failure. When these occur, a supply chain can not only fail to deliver its intended value but may also result in losses or negative value. Because of its low probability these risks are often disregarded or under evaluated.
In this article we will focus on a few cases in which low probability high impact risk plays an important role. What they have in common? They are normal risks, they could most of the time be foreseen, they have a low probability and, in most cases, they could have been mitigated. But they occurred and the impact was high.
Of course, fire is one of the major threats we see. And we take precautions for it, regular fire drills, sprinkler installations and so on. The probability is rather low, but the impact is mostly high, and can cause a systematic failure.
As expected, the fire risk is lower in residential homes and the lowest in office building. The risk is higher in manufacturing and storage environment. Using this knowledge, we can say that there is a limited risk that a fire takes place at our premises. On the other hand, we can also say that the risk that we are confronted with a fire a one of suppliers is much higher, even more likely. But do we have to take precautions for that, and at what level. Most likely we would like to see a business continuity plan for main production locations of our critical suppliers. But do we also need it for their office buildings. Looking at fire risk and business impact most will say no.
ASML is the world leading manufacturer of lithographic machines used in Integrated Circuit manufacturing. Clients are amongst Intel, Samsung and TMSC. The company is fast growing and the turn over is above 10 billion euro yearly. Royal Philips Electronics is active in the healthcare market and their yearly turn-over is above 18 billion. What they have in common is that they share a supplier, Prodrive Technologies. This company delivers a wide range of technological products, varying from IoT solution, vision systems and automation. Their turnover is somewhat lower than 200 million a year.
What we expect is that both Philips and ASML have made an extensive analysis of risks and business continuity, which covers Prodrive Technologies as well.
In the night of December 1st, 2018 one of the office buildings of Prodrive took fire. Within that building there was a small production unit. Although the fire was extensive, the impact expected wasn’t that high. It was an office building. Soon it became known that ASML had to defer 300 million of turn-over with at least one quarter. The impact for Philips was 50 million. Both companies were lucky that the market in which they operate did accept the delay, and therefore the actual financial impact was limited for them. For Prodrive the story is different. They survived for now, but they had to book a loss of 71 million euro.
2. Cyber attack
We all use sometimes handy app’s or other piece of software to make our life easy. Even in multinational companies this practice is accepted by corporate IT department. Of course, not all software allowed, and most of it will be scanned before it enters the corporate systems.
A lot of multinational companies - with amongst them Merck, Maersk, TNT and Saint Gobain - used for years a tiny program M.E. Doc which enables them to create and share electronic documents with third parties, especially the Ukrainian Tax Authorities. This little piece of software was in the end the driver of what currently is know as the largest and most destructive cyber-attack ever.
During the attack initiated between 05:00 – 06:00 EDT on June 27, 2017, the radiation monitoring system at Ukraine's Chernobyl Nuclear Power Plant went offline, several Ukrainian ministries, a power plant, banks and metro systems were affected. Outside of Ukraine Maersk was the first who reported that IT systems are down across multiple sites and business units. And later it shows that major companies had severe breakdowns of their core systems. According to Cisco investigations, the NotPetya group - suspected to be a cyber-espionage group named TeleBots - had infiltrated the M.E. Doc’s infrastructure by gaining access to an employee's credentials. Servers and infrastructure belonging to Intellect Service, the company behind the M.E.Doc accounting software, were grossly mismanaged, being left without updates since 2013, and getting backdoored on three separate occasions (14 April, 15 May and 22 June 2017). The backdoor in the code allowed attackers to execute code on computers where M.E. Doc was installed, which is how they sent the NotPetya ransomware to users and companies that installed these boobytrapped updates.
The damage is severe and estimated by White House assessment to be more than $10 billion.
Major multinational companies accounted severe losses in their annual report for 2017. Merck leading with a loss of $ 870 million, TNT $ 400 million, Saint Gobain $ 384 million and Maersk $ 300 million.
3. Recalls and Safety threats
That product recalls could be an expensive hobby we all know. Allianz estimated the Average cost of a significant recall is $12 million. “Ripple effect” events can cost billions. Therefore, defective product risk is an increasing peril for companies, causing significant financial damage. What we don’t see as a real issue yet are the costs of recalls for ethical reasons, cyber recalls from security vulnerabilities or hackers manipulating products, and social media. On the other hand, 71% of costs of recalls is in the automotive industry, with food and beverage (14%) and the IT industry (3%) as followers. So, if you are not in that type of business you are of the hook. Or ….
Your company is doing everything to prevent product recalls and safety issues. Sometimes you might have a minor thing, but in most cases that is solved internally. Most of you will not know the company Zhejiang Huahai Pharmaceuticals. This company is producing an active pharmaceutical ingredient called Valsartan. This ingredient is used in a generic blood pressure lowering medicines made by Pfizer, Novartis, Actavis, Sandoz, Teva and others. Because they found traces of a probable carcinogen – which can cause cancer – over 2.300 batches containing this ingredient are being recalled from over 22 countries.
You may control your processes, but not all your suppliers do the same. And maybe you use something what you in the first place will not suspect to impact your final product. Fipronil is classified by the WHO as a “Class II moderately hazardous pesticide”. A small company called Chickfriend was using (illegal) this product - until summer 2017- to destroy red mite on chicken. A small company, which claimed that it found an effective but secret solution and his client base under the chicken farmers was growing rapidly. There was only one little side effect, suddenly almost all the eggs in parts of Europe were contaminated with high levels of the forbidden fipronil. The damage was massive, a total ban on export of chicken eggs that hit the whole industry. and the chicken farmers claimed to be not aware that this forbidden ingredient was used.
One year later, several supermarket chains in the Netherlands and Belgium were forced to recall over 135 different types of pre-packed cold meat ranging from salami to ham because of a listeria scare. Listeria may have been found in one of three factories used by the Offerman meat company to produce chicken and pork products. According to public health service RIVM, a total of 20 people in the Netherlands became sick from listeria infections over the past two years that have now been linked to Offerman. Of these patients, three died and one woman had a miscarriage.
The lesson learned: it can hit you, and most of the times when you do not expect it.
The chain is as strong as its weakest link, an expression fully applicable to these examples. A supply chain is affected by only one player in the chain. And that player is mostly not the nucleus firm in that chain. The root cause for recalls and product safety is in many cases outside of your company. As these examples show, the affected companies couldn’t foresee this risk, neither they could mitigate it. But they are suffering from it.
4. Raw Material Shortage
The world is going electric. A massive change in the automotive industry has started, and winners are separating from the losers and snoozers. The oil producing countries experience that their rich product, crude oil, might not that crucial in the future. Car becoming electric, plastics in the ban, and everything what still has to come. And new - now under developed -countries will arise as the future supplier of the raw materials.
The Democratic Republic of Congo, which is so rich in minerals that large deposits can be found just meters below the surface. A luckily one of these minerals is Cobalt, crucial for producing batteries for electrical cars. One little side effect of the is that this mineral is being mined by the use of massive child labor. Another one is that miners who dig copper and cobalt out of the earth by hand with little or no safety protection. The DR Congo’s dominance presents a growing dilemma for carmakers and those in the supply chain as they look to meet a rapid increase in demand for electric vehicles and batteries. If they try to improve conditions on the ground, they face a series of additional risks, from the threat of corruption to monitoring and enforcing measures to avoid deaths from informal mining and the presence of children on these sites.
Beside Cobalt, Lithium is also one of the key raw materials to produce batteries. And guess what, one of the world’s poorest nations, Bolivia, is sitting on the second-largest amount of the mineral needed to power electric cars. Demand for lithium is expected to more than double by 2025. The soft, light mineral is mined mainly in Australia, Chile and Argentina. Bolivia has plenty—9 million tons that have never been mined commercially, the second-largest amount in the world—but until now there’s been no practical way to mine and sell it.
When we look at the political stability of both countries, then we see that DR Congo scores an average of -0,8 (-2.5 weak; 2.5 strong) . Bolivia is scoring better, an average of -0,3. Looking at the Medium/long-term political risk (1=low, 7=high) the scores are a full 7 for Congo and 5 for Bolivia.
We may want to electrify the new product offerings as fast as possible, but it might be that other players will set the pace we may walk. And that pace may be far to slow.
5. Trade wars and Brexit
Supply chains are at the core of the modern global economy. At this moment global leaders are in a opposite mode. Take for example Trumps China and EU trade war. Shall it bring him what he expects that it will bring him? According to a Bloomberg opinion, export restrictions may impact world stability more than tariff walls. Free trade is better for stability, creates efficient supply chains and cheaper products. A world where each country makes its own technology products from start to finish would result in more expensive products, and make countries more likely to resort to military force to resolve conflicts.
Immanuel Kant’s perpetual peace theory “the spirit of commerce that sooner or later takes hold of every nation and is incompatible with war.”
Malcolm McLean changed something in the late sixties, the thing called containerization. It did make the supply chains global and connected. After that, the internet made the global chains visible, and eCommerce made it assessable to the man on the street. Therefore, decoupling of global supply chains will be hardly impossible and if we try it, it will have as cascade effect on other economies. Take Singapore for example. If China's reduces it imports by 10 percent, Singapore's exports will decline by 1 to 2 percentage points.
Brexit is the best example that decoupling global supply chains is not an easy job. The Bank of England announced that voting to leave the European Union has cost Britain more than £440 million a week in lost growth since the referendum, that’s £727 per second. A March 2019 report from the independent research institute New Financial identified 269 companies in the banking or financial services sector that had relocated portions of their businesses or staff following Brexit; of these moves, 239 were confirmed as Brexit-related. The greatest number of moves were to Dublin (30%), followed by Luxembourg (18%), Frankfurt (12%), Paris (12%), and Amsterdam (10%).
"Wait and see" is not a viable approach for businesses that want to optimize their supply chain during trade wars and Brexit.
To create resilient supply chains, you should have visibility of your multi-tier supply chain, know who your critical suppliers are and assess the impact on your operations and ability to meet contractual obligations.