Back to Hub

Enabling supply chain transparency to combat forced labor and modern slavery (Part 2): What it means for procurement technology

04/19/2022 By

In Spend Matters’ new series looking into how a combination of process and technology can help root out and combat forced labor and modern slavery in global supply chains, we look at understanding and addressing the regulatory environment, the role technology can play in bringing issues to the fore, and the key solution vendors enabling this transparency.

In part one we looked at the details of two of the newest regulations that apply to human rights and forced labor in supply chains: the US “Uyghur Forced Labor Prevention Act” (UFLPA) and the German “Lieferkettensorgfaltspflichtengesetz” (LkSG, in English: “Act on Corporate Due Diligence Obligations for the Prevention of Human Rights Violations in Supply Chains”).

We also highlighted that such regulations exist in multiple countries, in various formats, and with various obligations for companies to keep track of. They all, to some extent, can be linked to a global initiative by the United Nations: the UN Guiding Principles on Business and Human Rights (UNGP). This document from 2011 introduced a set of guidelines for states and companies to prevent, address and remedy human rights abuses committed in business operations. It also sets responsibilities for organizations to perform due diligence “to identify, prevent, mitigate and account for how [they] address their adverse human rights impacts.”

The patchwork of existing laws creates complexity for procurement and supply chain professionals, and we believe that the headache will only get worse because:

  • There will be more and more laws regulating human rights, forced labor and environmental elements (CO2, methane, deforestation, etc.) in supply chains.
  • Existing guidelines or regulations will evolve to become more far-reaching and stricter.

Therefore, in part 2 we look at what this all means for procurement, from a capability and technology standpoint. Part 3 will go deeper by providing an overview of various providers that offer solutions that enhance compliance to regulatory requirements.

A new wave of regulations is coming

The birth of the German LkSG is an example of regulatory evolutions that could happen elsewhere.

Firstly, the EU adopted a resolution in March 2021 that contains recommendations to the European Commission on corporate due diligence and corporate accountability. It follows a series of publications on human rights in supply chains and on setting up a broader mandatory EU system of due diligence for supply chains that would cover more than human rights.

Secondly, as we mentioned in the previous installment of this series, the law was developed because only a minority of German companies had implemented non-mandatory measures to fight human rights violations in their supply chain. As a reaction, the Bundestag (Federal Assembly) made it mandatory with the new law that will come into effect in January 2023.

The UK could follow a similar road. Many companies do not comply with section 54 of the Modern Slavery Act 2015 (requiring that companies with an annual turnover over £36 million and providing goods or services in the UK produce an annual report on the steps that they have taken to combat slavery in their supply chains and operations). Governmental sources mention that “a number of companies are approaching their obligations as a mere tick-box exercise, and it is estimated that about 40 percent of eligible companies are not complying with the legislation at all.“ Research from NGOs even mention “that just under 6,000 of the estimated 11,000 companies required to comply with section 54 have published statements” and that “only 19% actually meet the minimum requirements of the Act. Moreover, many statements continue to be very broad, with no substantial insights on the actions they are taking to combat slavery.”

It is therefore not surprising that a review of the Act is under way. Only a small percentage of companies currently comply with section 54, and that is partly because there exists no public body to monitor it. The government intended that the public, investors and NGOs take that role. So, this act could bring stricter controls.

For procurement professionals, in order to understand how to respond, it is a matter of understanding the current and future requirements.

What do the new regulations mean for procurement?

We have already mentioned that existing regulations are very diverse. However, at a high level, they all require organizations to put in place a DMAIC/risk management framework.

Governmental institutions provide resources and guidance to organizations:

NGOs and professional organizations also represent valuable sources:

The framework that procurement teams have to build is dependent on the actions below:

  • Set up a business code of conduct and embed it into policies (e.g., supplier onboarding, sourcing, contracting, etc.) and management (e.g., job performance management) systems to achieve internal alignment within and across the business and to serve as a basis for engagement with suppliers:
  • Perform risk assessments to assess exposure and, when applicable, mitigate risks:
    • Depth (tier ‘x’) and granularity (supplier, location, material, etc.) will depend on the legislation and the current state of the organization’s capabilities (know your supplier/SIM, supply chain mapping, etc.).
    • The goal is to identify high priority areas (the step above will help identify critical areas to narrow down further efforts).
  • Verifications and on-site audits by internal or external parties.
  • Corrective actions and improvement plans:
    • Based on audit findings and/or risk assessments) to create sustainable change (incentives, collaboration, remediation).
    • Monitor, track and document results.
  • Communicate and report on identified risks, action taken, results and ongoing/future efforts.

Technology supporting the framework

Technology plays a key role in setting up the governance and due diligence that the various laws require. Procurement technology supports the following areas:

  • Spend Analysis to understand (quantitative and qualitative) what a company buys and from whom/where
  • SxM to know suppliers (SIM), collect information (including documents and certifications), perform SPRM assessments (risk and audits) and collaborate on action, risk mitigation and supplier development plans
  • Analytics to mash up SIM, risk, spend, third-party data, etc. to analyze and report at various levels (category, business unit, country, category, etc.)

So far, this is pretty straightforward if we put aside the potential amount of data that all the above represent and the fact that many organizations do not have a clean and complete view of their tier-1 suppliers.

Things get more complicated when legal requirements imply supply chain transparency and, sometimes, traceability. Before addressing this highly important but painful topic, it is essential to define what each term means:

  • Transparency (or supply chain mapping) serves the purpose of understanding a supply chain. It is achieved when all individual actors and tiers are identified. In general, and in the context of human rights, it may not be necessary to collect names of each participant, location (or location and category of goods) may be sufficient to have an understanding of risks (e.g., the UFLPA applies to a specific geographical region and knowing that a supplier is in that region is enough to confirm exposure; this could be refined by looking at what type of goods is produced by that supplier).
  • Traceability is more granular than transparency. It is about tracking the provenance and journey of products and their components, from the very start of the supply chain through to end use. Data collected may be at batch- or lot-level, or by container or purchase order, etc. Specific industries (food and beverage, pharmaceutical, defense) are already heavily regulated for reasons that are not related to human rights.

Procurement technology can enable supply chain transparency in different ways. The direct approach, and the most common one, is to use a cascading process where an organization asks its tier-1 suppliers to declare their own suppliers (the organization’s tier 2). Then, tier 2 are asked to do the same, and so on.

A proxy to the approach we just mentioned and that can be useful when starting on the path to supply chain transparency is to use product/category “dummies” that represent a typical bill of material (BoM) of a product with all the sub-components and the typical origin (country or supplier) of these components. The assumptions may be “mostly correct” for certain categories of materials as there may not be that many suppliers and/or production regions. For commoditized materials, the accuracy could be poor.

But, there are indirect ways to create supply chain transparency. These methods can be described as “supply chain discovery” and use community/network data to create a picture of an organization’s supply chain. The first one we want to mention is about using data on a company’s supply chain to map another company’s supply chain. If both companies share a tier-’x’ supplier and if that tier-’x’ is getting certain products from supplier ‘A’, the chances that A is a tier-’x+1’ for both companies is high. To maximize accuracy, relationships between suppliers must be defined at a relatively granular level.

And, because traceability requires high granularity, it is possible to use it as a proxy to create transparency. Shipping information is an example of data that establishes some level or traceability and it can be leveraged to create transparency. An organization can use logistics information to understand where its suppliers are getting goods from. Then, they can drill down to the suppliers of the suppliers. The same applies to financial transactions: payment data provides a certain level of traceability.

Each method that we have described has its own benefits and challenges:

Method Benefits Challenges Addressing challenges
Cascading supplier invites Accuracy

Technical simplicity

Effort (internal and for all suppliers)

Adoption: the deeper in the supply chain, the less “pressure” a company has to force suppliers to use a tool to declare their own suppliers.

Accuracy over time (companies change suppliers, so when a tier-’x’ changes suppliers for a specific product, chances are low that they will update the tiering details in the solution).

Make it as simple as possible from a feature and a network/economy of scale standpoint.

Create incentives for tier-’n’ suppliers. They also get visibility in their supply chain to monitor risks and comply with regulations. Tier-1 can get other incentives (payment terms, preferential status, etc.).

Create a sense of urgency: the initiative is about complying with regulatory requirements: it is not that we want to know, it is that we have to know. The risk is to have goods blocked at the border or to pay fines, and these problems will also cascade into the supply chain.

Address fears and offer the possibility to be anonymous. Often, the purpose is not to know company names but to get credentials and/or location.

Discovery from a community approach to supply chain transparency. Low effort

Community or network effect for updates

Accuracy (the validity of the transposition of relationships from a company’s context to another company’s context may be wrong. Define supply chain transparency at a granularity higher than company level.

Address fears and offer the possibility to be seen as “anonymous” (opt-in/out) for the community-based discovery. Often, the purpose is not to know names but to get credentials and/or location.

Discovery from “traceability” (shipping data, payments, etc.) Low effort, no dependence on tier-’x’ suppliers

Up-to-date information

Access to shipping data for completeness

Volume of data

This method is the only one that is purely technological. So, challenges are about choosing the right solution provider and/or the right data provider(s).


Traceability has its own challenges: tracking transactions is not tracking materials. It is especially tricky in process manufacturing as ingredients are mixed according to specific formulas or recipes. It is why traceability requires specific capabilities and, often, dedicated solutions to track process steps where products or substances are “changed” (processed, aggregated, disaggregated, etc.). Traceability is often used with the purpose of providing customer safety, but it can also be used to detect gaps in quantities of materials in/out that are signs of potential frauds/issues (if the amount of cotton that enters a process does not match with the quantify that exits, then it may indicate that cotton with a fraudulent origin has been used).

The case for supply chain transparency and even traceability covers many other use cases beyond human rights. And, as we mentioned in 2016 in our series on extended supply network information models, this is an area where there are capability and offering gaps (although things have changed a bit since 2016, in part because of the supply chain disruptions we’ve been through since).

Technology can also play a central role in the other framework elements we mentioned: verification and corrective actions/continuous improvement. Surveys are a common feature to collect information early on and evaluate suppliers on aspects that can include human rights. We also mentioned that SIM is central to collecting supplier details that cover human rights. However, claims and declarations are one thing: verification is another.

First, from a data verification perspective, verification pertains to supplier identity and legitimacy (commercial registration, tax IDs, bank accounts and ownership, etc.). More specific to human rights, sanction lists like the ones below can serve the purpose of vetting suppliers and monitoring existing suppliers:


These checks represent the first layer of controls that are at a high level. Going deeper is more complicated as it often means on-site inspections and audits of suppliers that may be far away from where the buying organization sits. Also, the “long tail” of suppliers that organizations have creates a volume challenge that adds to the distance challenge. To tackle these, companies can rely on mutualization to have a multi-stakeholder approach (at industry level, or via organizations like Fairtrade or WFTO) and/or third-party auditing.

Another means of verification that does not require on-site presence relates to analytics and data. Transparency and traceability are based on data, and we already mentioned how such companies can use analytics to identify potential frauds indicative of human rights violations by measuring discrepancies between inputs and outputs of a process. Such a data- and rule-based method of detecting issues can be extended to cover other metrics like, for example, production surface vs. output. As we mentioned in our 2021 ESG series, new technologies can enable remote and (almost) real-time monitoring (IoT, satellite imageries, etc.).

Capability checklist

To summarize, procurement technology supports due diligence processes by providing the following capabilities:

  • Supply chain mapping/transparency:
    • Depth: Tier-’x’ identification is a critical capability and the current state on the market is that solutions cover tier 1, many do tier 2 or 3, and few support tier-’n’.
    • Granularity: company, site, worker, material, shipment, etc. are all different levels to qualify and define relationships with suppliers. The general rule of thumb is that the more granular, the less solutions are available on the market. A fine granularity enables traceability and, as we mentioned, traceability is not always a key requirement in regulations on human rights in supply chains, but it can bring value to organizations to prove that their goods are not the result of condemnable practices (especially for goods/components coming from sensitive regions) and to unlock other benefits.
    • Discovery capabilities to allow customers to uncover part of their supply chain without requiring a cascading declarative process. As we mentioned, discovery can be community- and/or analytics-based.
  • Network-based collaboration to support data collection and exchange, corrective actions, improvement plans, etc. Depending on the type of collaboration that an organization wants to have with tier-n suppliers, it should pay attention to the network model of the solution. It is because there are limitations in many tools that prevent suppliers from also playing the role of a buyer (limitations due to pricing/go-to-market and to the security model in the solution). Basically, the most-often-seen approaches are:
  • Buying organization-centric: the buying organization directly collaborates with all suppliers (tier 1, 2, ‘n’). Tier ‘n’ and ‘n+1’ cannot as it would imply that tier ‘n’ is using the solution as a buyer and a supplier.
  • Network model: a supplier can collaborate with its own suppliers; the buying organization benefits from configurable visibility on that collaboration.
  • Incentivization: some of the above impact potential incentives that tier-’x’ would benefit from:  ability to get transparency of their own supply chain is one, efficiencies through community/network (pre-fill of surveys, updates to all customers, etc).
  • Monitoring (evidence and verifications): surveys/evaluations are the most common means of gathering information to assess compliance and risks. Most, if not all, solutions support such an approach. However, out-of-the-box templates based on the various existing legal frameworks are not that common. In addition to this business content aspect, organizations may want to consider more differentiating capabilities like:
    • Support for whistleblower programs
    • Visibility of goods in transit
    • Services and partner network (audits, verifications, etc.)

In part 3 of our series, we will look at several solution providers that support (some of) the above, including suite providers, supplier risk management solutions, and best-of-breed solutions. Stay tuned!