Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide


  1. 1. Supply Chain Resiliency Volume 1, Issue 3 Talk A REPORT FOR CLIENTS AND COLLEAGUES OF MARSH ON TIMELY RISK-RELATED TOPICS Building a Resilient Supply Chain This edition of Risk Talk focuses on supply chain resiliency. Supply chain disruptions can arise from a number of external and internal sources, ranging from natural disasters to poorly executed operations. Increasingly, making supply chains resilient involves global coordination. The following is based on a recent panel discussion of supply chain considerations. Welcome Gary Lynch, Global Leader, Marsh’s Risk Intelligence and Resiliency Practice Supply chain resiliency is a topic of increasing importance to businesses worldwide. In today’s global economy, threats to the supply chain abound. Hurricanes, typhoons, and other natural disasters can damage manufacturing Supply chain resiliency and transportation facilities. Terrorism and emerging threats such as global is a topic of increasing pandemic can disrupt consumer behavior. New technologies bring other potential perils, including the risk of the unknown. Companies that learn to importance to businesses best manage such risks may find themselves with a competitive advantage worldwide. over their peers that fail to do so. Let me introduce our panel of experts: „ Karen Avery, national practice leader for Marsh’s Business Continuity Risk Management Practice. „ Chris de Wolfe, risk manager at Mars Incorporated, one of the world’s leading food manufacturers. „ Diane Foley, director of mission assurance at BAE Systems, a leading defense contractor.
  2. 2. „ Scott Warren, managing director with Kroll Business Intelligence and Investigations. „ Thierry Brevet of our sister company Mercer Investment Consulting will talk about the growing concerns of shareholders related to environmental risk. „ Rosaline Chow Koo, Asia business leader for Mercer HR Consulting Gary Lynch Managing Director The Risk-Intelligent Supply Chain Gary Lynch is the global leader of Gary Lynch Marsh’s Risk Intelligence Strategies and Resiliency Solutions Practice Gary Lynch (GL): The nature of supply chain strategies is evolving because of and a member of the executive com- changes in the fundamental business model. The supply side, demand side, mittee for Marsh’s Risk Consulting and operational aspects of creating value have been affected significantly by Practice. three key drivers: Mr. Lynch is located in Marsh’s New „ First, globalization and attendant new markets, new suppliers, and York City headquarters, where he new competition bring new social, political, economic, and cultural leads the firm’s global supply chain, environments to manage. resiliency, and continuity strategies and its risk-intelligence capabilities. „ Second is the massive gain in productivity and efficiency. He also is responsible for developing thought leadership around emerging „ Third is an empowered customer. issues such as pandemic and terror- ism. He has advised numerous mul- These drivers have spawned new and/or enhanced strategies over the past 10 tinational companies on risk topics years such as: that include supply chain resiliency, operational risk management, global „ just-in-time inventory; risk strategies, continuity, and tech- nology risk. Currently he works with „ lean manufacturing; the Center for Risk Management and Decision Processes at The Wharton School and is the author of the soon- „ offshore manufacturing and outsourcing operations; to-be-released book Total Denial: Why organizations are unprepared for the „ consolidation of suppliers, resources, and facilities; changing risk paradigm. „ massive automation; and Mr. Lynch holds a BS from the New York Institute of Technology. He is „ horizontally integrated network supply chains, which act more like a Certified Information Systems ecosystems than production lines. Security Professional (CISSP). Discussions with hundreds of our clients have revealed three primary supply chain risk issues: „ First, clients are struggling to efficiently and effectively manage the risk of complex and interdependent supply chains. 2 Risk Talk | Supply Chain Resiliency
  3. 3. „ Second, insurance doesn’t fully manage the risks, meaning that much risk is retained—more so than in the past—especially for tier-two, tier-three, and tier-four suppliers. „ Finally, taking on some of this risk used to be an accepted practice, but now it represents a material exposure. And the activities to mitigate this risk now represent the potential of a material investment. At Marsh we’ve talked a lot recently about the concept of the “risk-intelligent supply chain” as opposed to the original concept of supply chain. Traditionally, a supply chain was defined as a network of internal and external resources that performed three main functions—procuring materials, transforming the materials into intermediate and finished products, and distributing the finished products to customers and consumers. Over time, organizations have narrowed the definition to where “supply chain” refers more specifically to managing the primary suppliers responsible for the key inputs into a product or service. The definition has become much less focused on the end-to-end process and the upstream and downstream risks in the extended supply chain that involve creating value for customers. In the special instances in which risk management was a major factor in the supply chain equation, it was always The concept of the from a point-in-time perspective—it was not dynamic, and it failed to address the continuously changing business landscape. risk-intelligent supply Speaking in terms of the risk-intelligent supply chain is our way of avoiding chain comes with an that more narrow definition. We are reestablishing the original intent of the understanding that definition of supply chain for the end-to-end process from raw material source to the ultimate consumer—“farm to fork.” This comprises the internal and managing risk is an external interdependent parts that generate value for an organization. The everyday part of doing concept of the risk-intelligent supply chain comes with an understanding that managing risk is an everyday part of doing business and that there is business. a vital need to do so dynamically to address the volatility of the business environment across all of the steps that are required to deliver something of value to customers. The Risk-Intelligent Supply Chain Karen Avery GL: Karen Avery is the national practice leader for Marsh’s Business Continuity Risk Management Practice. She will zero in on supply chain issues in the retail industry, although many of the concepts apply to all industries. Karen, could you outline a few of the key attributes of the retail industry before we look at its supply chain? Karen Avery (KA): Certainly. Although I’ll be talking about the retail industry, I’m sure that decision makers in other industries will see many similarities. Risk Talk | Supply Chain Resiliency 3
  4. 4. The retail industry currently is characterized by low margins, swings in profitability and demand, consolidation, high employee turnover, increased use of technology, increasing use of global suppliers, moves into nontraditional areas to grow revenue, and an array of changing financial and risk management issues. For a company in the retail industry, we generally think of the end-to-end supply chain as having six critical areas, design, source, produce, distribute, Karen Avery sell, and consume. Any discussion of a retailer’s supply chain must begin by Senior Vice President looking at those six areas. Retailers, product manufacturers, and distributors must all work together to address the burgeoning nature of risk to effectively Karen Avery is the practice leader balance risk and opportunity. for Marsh’s Business Continuity Risk Management Practice. GL: Where along the supply chain do the risks appear? Ms. Avery is located in Marsh’s KA: There is risk at every step. Consider some examples: Morristown, New Jersey, office, where she is responsible for prac- „ The globalization of resources can lead to supplier failures and to product tice development, client delivery, safety and quality issues. When looking downstream it’s important to business development, and qual- understand whether your suppliers also support your competition. How ity. She has extensive business would these tier-three and tier-four suppliers prioritize your business in continuity, supply chain risk, the event of a disruption? Will the big-box retailers dominate the suppliers’ and operational risk manage- attention? ment experience, as well as deep experience in the financial, retail, „ The management of inventory to ensure optimal levels has increased risk. distribution, and manufacturing And the risk cuts two ways—too much stock can bring slower turnover and industries. cash flow; too little can mean lost sales. Ms. Avery holds a BA from Pace University. She is a certified Six „ Labor disputes or shortages can affect production, while consolidating Sigma Black Belt and a member production facilities can create concentration risks. of the Electronic Crimes Task Force Committee. „ Consolidation of distribution centers can cause a concentration of resources, thereby creating risk. „ Theft becomes a significant issue at the distribution stage. „ At the point of sale, product recalls can pose enormous reputation and brand problems. Also, employee issues—such as high turnover or poor training—can lead to serious customer service issues. „ At the consumption stage, customers’ perceptions can play havoc with brand and reputation, while demand volatility can complicate planning. Those are just a few examples of what can go wrong. 4 Risk Talk | Supply Chain Resiliency
  5. 5. GL: How does risk-intelligent supply chain management fit into this picture? KA: First, you need to remember that the retail industry has experienced significant changes over the last several decades—enhanced technological capabilities, new customer demands, increased focus on efficiency, significant reliance on outsourcing of shared services, and more offshore manufacturing. At the same time there’s been an increase in the significance and materiality of the risks that the retail industry faces. Managing the risk associated with natural hazards, brands, reputation, terrorism, data security, biological threats, and political instability—to name just a few—means retailers must deal with fierce competition and margin compression. Put all of this together and you can see that it is crucial for retailers to identify and prioritize the most critical aspects of their businesses and then to consider the end-to-end supply chain. Looking at the issues in light of the risk-intelligent supply chain allows retailers—and others—to focus management time, capital, and other resources on assuring that those supply chains are resilient. It is crucial for GL: What are some of the things retailers need to think about in preparing for the potential impact of any disruption to their supply chains? retailers to identify KA: There are a number of questions that companies can ask themselves: and prioritize the most critical aspects „ How do you create value in the marketplace? What are the key products and/or services that you provide? of their businesses „ What are the key business processes that support the creation of value? and then to consider the end-to-end „ What are the skills, technologies, physical assets, and relationships that support these critical business processes? supply chain. „ Are you able to measure the impact to your business if a disruption were to occur? What would the financial and social implications be? Are you insured for this kind of disruption? „ How would you respond to a disruption, and how long would it take? How would your customers respond? „ How would your competitors respond? „ Could your company and your brand recover? Risk Talk | Supply Chain Resiliency 5
  6. 6. GL: In Marsh’s fourth annual “Excellence in Risk Management” survey, one of the things looked at was the idea of turning risk into opportunity. One-third of the respondents agreed with the following statement: “My firm’s senior management looks for opportunities to use risk to the firm’s competitive advantage.” The survey dug a little deeper to find out how those companies that agreed with the statement are trying to turn risk into opportunity. The No. 1 response involved managing people risks by developing a corporate responsibility program. But hard on the heels of the approach was minimizing business interruption. How does the risk-intelligent supply chain management strategy give companies a chance to turn risk into opportunity? KA: First, consider what is at the heart of the business challenge we’ve been talking about—demonstrating to a company’s critical stakeholders that material business risk is being managed effectively and efficiently, The upside of based upon the reality that there’s not unlimited capital, time, or resources to manage risk. The traditional response has been to attempt to manage managing risk is risk across the entire organization by establishing—at a minimum—a basic that it enables risk management capability to protect against the broad risks faced by the organization. However, too often the traditional result has been an inefficient organizations to make and ineffective risk management strategy, one that provides superficial coverage for the organization, based largely on the threat rather than the more informed materiality of the impact. decisions, expedite Retailers and others are coming to realize these shortfalls either through the decision-making their own experience or by learning from others in their industries. The process, and stay opportunity in risk-intelligent supply chain management is to put into practice two understandings: ahead of the „ managing risk is part of doing business; and competition. „ there’s a vital need to do so dynamically to address the volatility of the business environment across all the processes that are required to deliver something of value to customers. These understandings can help companies avoid underestimating the range of potential risks and their potential impacts across the organization. It also can help them see where any adverse event—a windstorm, a terrorist act, or a pandemic, for example—can affect their supply chain, and identify which of those impacts are the most critical. In other words, it can help them develop a laserlike focus on the business units, the products, the services, and the geographies that create the greatest value and thus represent the greatest potential losses in any disruption. The upside of managing risk—if done effectively and efficiently—is that it enables organizations to make more informed decisions, expedite the decision-making process, and stay ahead of the competition. 6 Risk Talk | Supply Chain Resiliency
  7. 7. Maintaining a Global Supply Chain Chris de Wolfe GL: We’ll turn now to Chris de Wolfe, risk manager at Mars, Incorporated, one of the world’s leading food manufacturers. Chris, how does being a private company affect your supply chain management? CDW: Mars is fiercely independent and committed to our private ownership Chris de Wolfe structure. As a private company we have a cultural difference from many Corporate Risk Manager public companies. I think that we have a lot more freedom, which enables us to innovate in a number of different areas, including supply chain and Chris de Wolfe is the corporate risk business continuity. One of the biggest advantages I see is the ease of access manager at Mars Incorporated. He to top executives and, subsequently, their ability to make quick decisions. provides operational risk manage- This was particularly significant when we decided to conduct a major ment direction and leadership to all overhaul of our global business continuity program. of Mars’s units worldwide. He has been at Mars Incorporated since April GL: Talk a little bit more about your global business continuity initiative. 1999. Prior to joining Mars he worked for 12 years in the London insurance CDW: Within our industry recently there has been major consolidation market as a broker and subsequently worldwide, specifically within the pet food industry. One of the things we as a client executive. In London he wanted to do was make sure that our business continuity and resiliency spent time at Aon, Marsh, Johnson & programs reflected all the changes in our supply chain that have come as a Higgins, and Sedgwick. result of this integration. Mars has always been entrepreneurial, and back in the 1980s the owners of the business established a business continuity As the methods of global commerce program, which really was forward-thinking. At the time it was something have changed, Mars has recognized that had mostly been done by information technology companies and banks the need for an effective business but not really applied in the manufacturing world. continuity planning process. Mr. de Wolfe has been responsible for coor- However, as can happen, the overall program wasn’t maintained centrally, dinating this activity worldwide. nor was it updated. Over time, many of the different business units and divisions changed their plans to meet new challenges. The evolution gave rise to many different plans around the world. Some of those plans were top-notch. Others, however, didn’t quite keep up. Some had substandard processes. We thought it was necessary to bring some consistency to our global programs. And as you well know, we’ve been working with Marsh to develop some standard practices and procedures aimed at giving all of our divisions the supporting tools globally that enable them to respond effectively to crises that might arise. This has all been made possible because the company’s owners showed the initiative years ago to get the ball rolling. Subsequently they gave us their full support as we reviewed and renewed the plans. GL: I imagine you have hundreds of suppliers. How do you ensure that these suppliers are prepared for any of the numerous catastrophes that can occur? CDW: It’s actually one of our key challenges. Because of all the work we’ve done with Marsh, I’m pretty confident that everything under our own roof Risk Talk | Supply Chain Resiliency 7
  8. 8. is sorted out. But outside of our own operations, we rely on contractual relationships. One of the functions that we rely on specifically is our vendor- assurance process. Managers in this function essentially do a comprehensive business impact analysis for each of the vendors we work with, whether they are raw materials suppliers, or packaging suppliers, or distributors. With the output from these business impact analyses, we’re able to assess which of the vendors or business partners need to perform a thorough risk assessment. It’s a good process. It works very well. But it is very reliant on the managers who are involved. And therefore, we’re going to develop a checklist for these vendor assurance managers so we can get a much better idea of what kind of shape our suppliers are in and what sort of preparation they have in place. On-site audits also continue to be important because checklists don’t give you a full and proper understanding of the risks or how well prepared We realized that some of these other business partners are. We really do need to see what’s although we had happening on the ground sometimes. made many GL: One of the things Marsh has been talking about for a while now is the idea of turning into opportunities the multitude of risks that companies face. preparations and Is that something you see happening at Mars? Can you share any examples contingency plans from a supply chain perspective? for infrastructure and CDW: I do see it happening, and I think it happens a lot, especially in for processes, we had innovative companies like Mars. A good example centers around pandemic planning, which has been a very vogue subject over the last couple of years. done very little about As we looked at our continuity plans in the harsh light of the potential for a pandemic, we realized that although we had made many preparations and the workforce that contingency plans for infrastructure and for processes, we had done very actually makes little about the workforce that actually makes everything happen. everything happen. Fortunately, we discovered that during the SARS (Severe Acute Respiratory Syndrome) crisis, we had developed plans to address some of the same types of risks a pandemic could pose. These types of risks aren’t unique. Although we didn’t set up our plans specifically for avian flu, we did set them up to make sure that we could “cut and paste” certain parts of our plan immediately in the event of any disaster that prevents people getting to the workplace. That sort of planning helps us keep focused on what’s always been one of our key concerns—the health and safety of our global associates. The owners of the company are very committed to the associates’ well-being. GL: What are some of your other concerns? CDW: Every day there’s a different one. At the moment, probably one of our biggest concerns as a pet food company is the quality of the material in the supply chain. And you don’t have to be a pet food company to have legitimate worries about the quality of the materials that are coming in from other suppliers. 8 Risk Talk | Supply Chain Resiliency
  9. 9. Unless you’ve lived under a rock, you’ve recently seen the extensive media coverage of the U.S. pet food recalls and the dreadful impact this has had on pets around the country and on the pet food industry as a whole. Mars is actually fortunate in that other than one of our smaller divisions, we were pretty much unaffected by this incident. But the fact was driven home that there are certain things that we don’t know about the supply chain. And they’re the things that we need to know. We as a business are extremely cutting-edge when it comes to testing the quality of materials and supplies. We can test what we know. It’s very difficult to test what we don’t know. And that’s one of the things that gives us the most concern. On an industry level, some important lessons were learned from this recent experience. One of them is that the industry as a whole has a responsibility to the consumers. There are on occasion issues that arise in which we as an industry have to share some best practices. This recent incident shows how important it is to ensure that the entire supply chain is kept safe. That involves participation at the business level and at the government level. We make sure that we’re working with all the appropriate authorities. Frankly, if the industry gets a bad rap, it’s not good for any of the individual businesses within the industry. GL: How about cross-border concerns with your supply chain? If the industry gets CDW: One issue centers on being able to be involved in developing markets. a bad rap, it’s not Mars, like other large international companies, has done very well in established markets. But now is the time to switch our focus toward emerging markets good for any of the because that’s where the exciting growth opportunities exist. India, Russia, Asia, South America—they all present massive opportunities. And they also bring to individual businesses the table their own unique sets of risks, including: within the industry. „ License issues. You never know when the trading license you operate under might be removed for unforeseen circumstances. „ Supply chain patterns. Unique characteristics of supply chain patterns in these countries can make planning for some supply contingencies quite difficult, but at the same time they become even more necessary. „ Quality of supplies. Some of the local suppliers are not typical of the quality you’d expect in the United States and Europe. And the concept of business continuity planning may be completely alien to them. „ Political risks. Operating globally means working in a variety of political environments. Russia, for example, is a large market for us. The manufacturing presence that we have there is significant—in fact the factories we have there are probably technologically the most advanced that we have in the world. Loss of any of those sites following some sort of geopolitical incident would indeed be catastrophic. It’s very difficult to plan for that type of incident. Risk Talk | Supply Chain Resiliency 9
  10. 10. „ Financial risks. Another challenge in emerging markets is financial solvency of distributors. GL: What are some of your priorities moving ahead? CDW: One priority is to keep our global business continuity program alive. It’s important to emphasize that this is not a project with an endpoint. It’s a process that needs to be firmly established within overall management Diane Foley processes. It needs to be refined and maintained all the time. It also needs to Director be corralled to make sure that there’s some consistency to the plan. Within Mars, people move around a lot, so we want to make sure they have some Diane Foley is director of mission consistency to the plans they’re using. If a manager is in Thailand today, assurance at the U.S. headquarters he or she is using a certain plan. But if that manager moves to the United of BAE Systems, Inc. Kingdom tomorrow, the format and the content of the plan will be the same. Obviously, the details and how it applies to regions may be different, but the Ms. Foley is responsible for busi- consistency has to be maintained. ness continuity management and performance excellence at BAE Just as important is that plans need to tested and updated. There are always Systems, Inc., as well as managing new threats arising, and we have to make sure we’re prepared for them. the company’s U.S. real- estate port- At the same time, as we continue to expand into new markets around the folio. Her roles have included sup- world, extend our supply chain, and make them more complex, it is even ply chain management and shared more important that we make sure we address the risks while maintaining services. She began her career as an the flexibility to let us enter these markets. This goes beyond insurance and engineer in operations at one of BAE into business resiliency and business sustainability. And that’s something Systems’ electronics manufactur- ing facilities. In support of her work that we really want to make sure we’re focused on. in Operations, Diane became a Six Sigma Black Belt and was instrumen- Managing a Global Supply Chain tal in developing and implementing Diane Foley the company’s Design for Six Sigma Manufacturability (DSSM) program. She also has been an instructor in GL: We’re pleased to have with us today Diane Foley, the director of mission various courses in statistical meth- assurance for one of the world’s leading defense industry contractors, BAE odologies and process improvement Systems, Inc. Can you start today with a general view of how supply chain techniques. issues fit into risk management at BAE Systems? Ms. Foley holds a BS in Mechanical DF: An organization the size and breadth of BAE Systems needs to have Engineering from The Cooper Union a robust risk management program. One of the key elements of that for the Advancement of Science and program is supply chain risk. We take a look at the key value streams Art in New York City and an MBA for our organization and conduct an in-depth end-to-end analysis from in Aerospace Management from raw materials straight on through to our customer’s customer to identify Fairleigh Dickinson University in significant risks and places where resiliency can be improved. Teaneck, New Jersey. GL: BAE Systems works with many suppliers. And being a defense contractor means there are a lot of strict government rules to follow. Can you talk about how you manage such a large number of suppliers? DF: Our mission is to meet the needs of the war fighter. To do that we need to be able to deliver our products and services on time, which means our supply chain partners need to be able to meet their commitments to us. So 10 Risk Talk | Supply Chain Resiliency
  11. 11. we take great pains to make sure they’re in a position to do so. From a broad level we look at those suppliers with whom we do the most business on an aggregated basis. We identify and monitor them and the things that are important to the continuity of their businesses. This includes their financial health, the political situation in the part of the world they’re in, and their risk management programs. At the same time, we identify those value streams that are material to BAE Systems. By doing so we’re able to identify those other suppliers that may not rise to the top in terms of the amount they spend but provide critical parts for some of our key programs. We identify all of those and monitor them in the same way so that BAE Systems’s material value streams are not interrupted. GL: It sounds like you work with suppliers of all sizes. What special supply chain considerations do you have working with smaller suppliers? DF: Working with small businesses involves striking a balance. Obviously you need to flow down critical requirements for the program. But you don’t want to overwhelm them with mandating supporting processes. At the same time, you want to make sure that they’re going be in business. BAE Systems has the unique opportunity in those instances to provide support and to train those suppliers—to implement a risk management program or any other Working with small type of program we think would be important for them to continue to be able to deliver to us. It really is a win-win for both organizations. businesses involves GL: Do you have any examples you could share that would tie all of this striking a balance. together? DF: I do. One of our key value streams—I can’t name the program right now— is a multibillion-dollar Department of Defense program that we have a big piece of—it is one of our material-value streams. We undertook an end-to-end analysis of the program. It was interesting because at the beginning, the people in the program were saying: “We understand the program. We understand the risks. This should be an easy exercise. We know what we’re doing.” Then they took a look at the program from raw materials straight through the supply chain to our customer. And they actually had a big “ah-ha!” moment. It turns out that there was something interesting with one of the composite materials used in that program—a material that our customer mandates that we use. For one thing, the business that provides it to us is a small business—with attendant cash-flow issues and those sorts of things. And it turned out that this business controls the only source of that material in the whole country. So not only would that supplier affect BAE Systems if it couldn’t deliver to us, but it potentially would have a huge impact on this multibillion-dollar defense contract. Clearly, this was something that we needed to address as an organization. Risk Talk | Supply Chain Resiliency 11
  12. 12. First, we worked with the supplier to help it implement a risk management program of its own. Second, we looked internally at our inventory levels of the material in question and adjusted them to a level we felt more comfortable with. Finally, we took the information back to our customer and said: “This is a big risk for the program. We think that we should be looking at identifying and qualifying an alternate material so that if this material isn’t available, the program can continue.” Scott A. Warren Managing Director Protecting Intellectual Property Scott Warren Scott A. Warren is a managing director with Kroll Business GL: Our next guest is Scott Warren, from Marsh’s sister company Kroll. Intelligence and Investigations. Scott has an extensive background in intellectual property (IP) protection at some of the world’s leading companies. Protecting intellectual property is Mr. Warren is located in Kroll’s Tokyo a major supply chain risk around the world. The maturity, consistency, and office, where he specializes in busi- interpretations of IP laws and regulations can vary, as can the sophistication ness intelligence and investigations of enforcement mechanisms. An action that is considered a violation of IP and risk consulting services for cor- law in one country might be legal in another. A practice may be socially porate clients and government agen- accepted in some places but not in others. In other cases, economic necessity cies. His areas of expertise include may drive a country to compete with more developed nations—even if it protecting intellectual property, means violating IP regulations. fighting cybercrime, and handling digital evidence and e-discovery issues. Among his positions before A survey Marsh conducted in Europe among some of our clients with joining Kroll, Mr. Warren was senior operations in Asia shed some interesting light on IP issues and supply chain attorney for Microsoft Corporation, concerns. When asked what risk areas most concern them, those surveyed based in Tokyo. listed as their top two concerns: Mr Warren holds a B.A. from the 1. infrastructure risk, meaning the failure of information technology, University of Colorado in Denver communications, logistics, or power; and and a J.D. from the Southwestern University School of Law in Los 2. the counterfeiting of products. Angeles. The survey also found that measures for protecting intellectual property were relatively weak in many of the respondents’ companies. Scott, do you see any surprises there from an IP standpoint? SW: No, not at all. In fact the International Anticounterfeiting Coalition recently estimated that counterfeiting costs $600 billion a year globally—a 10,000 percent increase in the past two decades (see So IP protection is a significant problem, one that gets more complicated as you try to look at these issues across Asia. GL: Scott, I’ve heard you mention a very interesting concept—the convergence of IP issues with information security issues. 12 Risk Talk | Supply Chain Resiliency
  13. 13. SW: This is a relatively new development. It used to be that people working in the IP world were predominantly lawyers who were fighting the issue, possibly working with government agencies to address the problem. And people in the information protection business were basically security risk managers within a company, perhaps with law enforcement backgrounds. Increasingly now you see that IP is exposed via computer systems, and that brings in the security risk side of the problem, leading to the convergence that we need to focus on. Within information protection these days, there is more focus on the legal consequences of information leaking from a company, be it from a privacy perspective or a Sarbanes-Oxley perspective. As these two areas converge, the groups really need to work together to be successful. GL: What is a good starting point from which to address IP issues? SW: The first thing is to spend time understanding the problem at a complex level, especially in the geographic area where you are going to fight it. One of the keys is to be aware of the risks in making assumptions about piracy. For example, consider how issues often develop in Asia. In my experience, things in Asia sometimes don’t progress very quickly. They go slow, slower, slowest, A company should and then suddenly—boom!—there’s a complete change in the environment that you’re in, and then a tremendous change may occur. But it happens very think about how to build differently than it might in the West. So you want to be aware of making the its trademark into its false assumption that things aren’t going to change—they can if you invest your time. products in a way that makes it easier to fight It’s important to work with international law enforcement officials because they can be the eyes for you in a region, and they can help local law enforcement counterfeits when they make a much more public statement about their efforts to work on a case. appear in a particular You need to reach out to competitors, and that’s sometimes the hardest jurisdiction. because we generally fight with competitors at everything we do. One area where it can pay dividends to agree with your competitors and work alongside them is in fighting piracy. The alternative is that a company may clean up its market but its competitors don’t. Then, the company that worked to fight piracy may be at a price disadvantage in sales to consumers, who see your genuine products on the shelves next to counterfeit products. GL: Do you think companies are thinking enough about the big picture when it comes to IP protection? What kind of things should they be doing more of? SW: One can always think more about the big picture. It’s difficult to do because of the variety of skill sets it takes—from the legal/regulatory side, from the criminal side, and from the technical side. All of those areas have to merge in very broad thinking about the problem. Risk Talk | Supply Chain Resiliency 13
  14. 14. In many ways this dovetails with the risk-intelligent supply chain concept— understanding where your problem is and then building in your intellectual property protection, starting at the creation stage. By that I mean you’ve got weapons that are provided for you under the law to fight intellectual property infringement, including trademark laws, copyright protections, patents, and trade secret laws in many jurisdictions. For example a company should think about how to build its trademark into its products in a way that makes it easier to fight counterfeits when they appear in a particular jurisdiction. You also need to get your IP rights on file, not only in the places where you expect to sell your product but also in the places where counterfeiters likely manufacture their product. Really think about your distribution chain and where its weaknesses are. People spend a lot of time making a lot of business continuity plans about how to handle getting products from different sources in case of a major disaster. But they also need to think about that same supply chain in terms of IP protection. For example if all of your products are made within a five-mile radius of each other, would it be easy for your own manufacturers to get together with another company—possibly at A company should nighttime—and make counterfeits when you’re not looking? think about how to build GL: How would you define success in fighting piracy? its trademark into its SW: I look at that question from the perspective of having worked in this products in a way that area for more than 14 years in developing economies throughout Asia, makes it easier to fight the Middle East, South America, and Africa—all places where there are tremendous problems. One observation is that you need to avoid some counterfeits when they common traps, including: appear in a particular „ Expecting to recover large amounts of money. You need to understand that jurisdiction. you’re not likely to get a sizable recovery or even to recover lost profits from an infringer. In my experience, civil cases against counterfeiters in this region have not been particularly successful. „ Forgoing criminal enforcement. It’s important to pursue criminal enforcement to show that violators face penalties. „ Looking for short-term miracles. Companies want to have the problem solved yesterday. But the reality is that a lot of the fighting of these issues takes commitment over a long period to achieve results. „ Focusing on the number of retail actions they have and the seizures that result. I call this the “lawn mower approach.” Look at a marketplace that has many stalls with all sorts of counterfeit products. It’s possible to get an administrative agency to come in and clean out the market and it looks great for a day or two, but it very, very quickly grows back, much like your grass does. Focusing solely on the metrics of a single raid action is sometimes not the most effective way to proceed. 14 Risk Talk | Supply Chain Resiliency
  15. 15. GL: Could you summarize some things companies can do to boost their success in combating IP theft? SW: As I’ve already mentioned, they need to understand what the problem is and be aware of false assumptions. But the No. 1 thing —especially in developing economies—is to target fewer raids but initiate them against higher-level manufacturers, distributors, and their financial backers. That involves pushing an investigation up several levels from the retail stores to those that are actually major distributors and to those that manufacture the product. I call that the “dandelion approach.” It involves pulling up an organization by its roots, which both removes an entire organization and lets the people at the higher levels of the counterfeit chain experience criminal pain. Other potential or actual pirates who see this happen may start to modify their behaviors. It’s essential for any successful antipiracy program in developing economies to understand the volumes and values of the products being sold and to look very broadly at the links between the people who are doing the counterfeiting. Finally, I would recommend that companies develop relationships of trust I would recommend with law enforcement and other officials involved in IP issues. That is not to be construed as a relationship of purchased friendship. It’s a relationship that companies develop where you’ve been in the region long enough to know the police who are in the different jurisdictions, know the prosecutors in the different areas, relationships of trust with and provide them appropriate services over time, perhaps training them in law enforcement and cybercrime enforcement or other things. The reason to do so is not to buy a favor but to go to them with a problem and jointly work on a solution. Those other officials involved in types of relationships of trust are critical, especially in developing areas. IP issues. Human Resources Issues in the Supply Chain Rosaline Chow Koo GL: Our next guest is Rosaline Chow Koo, Asia business leader for Mercer, a Marsh sister company. Rosaline, when companies look at their supply chains, which are so often stretched across numerous borders, human resources issues are critical. What are some of the issues you see companies dealing with as they try to manage the people risks in their supply chains? Rosaline Chow Koo (RCK): Let me give you a list of some of the issues companies face: „ finding the needed skill sets; „ training; Risk Talk | Supply Chain Resiliency 15
  16. 16. „ quality issues; and „ dealing in some cases with an aging workforce and in others an underage workforce. Many times, companies are forced to look at these issues not only in their top-tier suppliers but also in their second- and third-tier suppliers. Rosaline Chow Koo GL: That sounds like a tough challenge. One of the issues you and I have Asia Pacific Business Leader talked about extensively with clients is pandemic preparedness. There are so many supply chain considerations around pandemics, not the least of which Rosaline Chow Koo is a worldwide involves managing people and their skill sets. What are some of the best partner, Asia Pacific business leader of Mercer, Asia Business Leader practices you’re seeing from an HR perspective on this issue? of Mercer HR Services, and leads Mercer’s avian flu global initiative. RCK: When you focus on the HR implications of pandemics, multinational companies are way ahead of locally owned firms. The most forward-looking Ms. Chow Koo is located in Singapore. companies are doing things like setting up crisis leadership teams, which She has 20 years of experience in have begun tailoring their business continuity plans (BCPs) to handle the 25 business management, start-ups, and percent to 40 percent absenteeism rates a pandemic could bring, and they’re turnarounds. Before joining Mercer also setting up employee communications programs. she was in charge of business devel- opment for ACE Insurance’s Accident Many firms are now planning for the workforce implications by conducting & Health ASEAN operations and had skills inventories, cross training, improving capabilities for employees to work P&L responsibilities for Singapore. remotely, and customizing their HR policies. In fact some companies have Before moving to Asia, Rosaline started testing their BCPs on the workforce side and are seeing whether their worked for Bankers Trust Company infrastructures can handle a surge of remote-access activity. Many companies in New York City, where she held a series of leadership positions in FX have stockpiled gear such as masks, gloves, sanitizers, and cleaning supplies and retirement services product man- after having lived through the run in these products during SARS. agement, banking and mutual funds operations, process re-engineering, Some regulatory authorities are working with the public sector and private and marketing/strategic planning. financial institutions to ensure adoption of adequate BCP plans. For example, here in Singapore the government has stockpiled medication for 25 percent Ms. Chow Koo holds an MBA from of the population and mailed out avian flu booklets to every household in Columbia Business School, where she the country. They forced all the ministries and essential services such as the was an Edwin Wolfson Fellow, and a hospitals, public transport providers, and border stations to have pandemic BS from the University of California- plans. They’ve even wired the schools for Internet schooling to try to avoid a Los Angeles. repeat of what happened during SARS, when all the schools closed for three weeks. And they have held two very public drills. GL: It seems as if absenteeism will be a huge issue during a pandemic, with the potential to create massive supply chain problems. How should companies prepare for an event like a pandemic that could keep a significant part of their workforce away from work? 16 Risk Talk | Supply Chain Resiliency
  17. 17. RCK: The absenteeism rate during a pandemic is expected to be as high as 40 percent because people will stay home, not only to deal with their own illnesses but also if they’re quarantined for some reason, if they’re taking care of their children or other family members, if there are travel restrictions, or if they stay away because they’re scared. The objective of quarantine policies is to keep sick people away from work and away from the healthy. We recommend implementing a liberal leave policy and nonpunitive sick leave policies to ensure that staff members who don’t feel well do not report to work. For management this is just one part of a broader workforce pandemic planning strategy and a broader supply chain resiliency strategy. Companies should identify which of their critical business functions must be maintained even during pandemics or other major disruptions. Once that’s done, it’s time to identify key employees and key functions. They should cross-train employees to make sure that key functions can be fulfilled, and where appropriate, enable employees to work remotely. GL: Shifting gears a bit, I’m sure many companies have experienced or will experience rising costs for the labor involved with their outsourcing operations. What are you seeing on this front in Asia? When you focus on RCK: It’s an interesting area, and it’s a real consideration for companies that establish part of their supply chains overseas. First, it can be expensive to set the HR implications of up overseas. And if you’re setting up in Asia, there’s an ongoing war for talent pandemics, multinational that’s resulted in escalating costs. In India, for example, average wages are increasing at least 14 percent annually; while in China they are increasing companies are way ahead about 10 percent annually. Health care benefits are also skyrocketing, with medical inflation in the region increasing from 15 percent to 25 percent each of locally owned firms. year. The important thing to keep in mind is that you have to have up-to-date data on compensation and benefits costs to ensure that the large increases in your wages or your benefits would not dilute—or wipe out—the projected advantages of setting up shop overseas. GL: Any final thoughts? RCK: Supply chain risks in Asia are no longer isolated within the region but have global impact because Asia has become the world’s factory and outsourcing center—as well as being a potential ground zero for a pandemic. It is important to have special considerations for Asia as you develop your supply chain risk management plans. Risk Talk | Supply Chain Resiliency 17
  18. 18. Notes 18 Risk Talk | Supply Chain Resiliency
  19. 19. To review your organization’s needs in the areas discussed—supply chain resiliency, intellectual property protection, and human resources management—please contact your Marsh representative. For more information, log on to our Web site, Marsh is committed to delivering information about risk-related issues that pertain to protecting your organization. Although we have attempted to review the key topics in some detail, we recognize that you may have additional questions or concerns. If you have any questions or comments about this panel discussion or any other issue, please contact your Marsh representative, or send an e-mail to The comments in this report do not represent coverage interpretations by insurers or brokers and are not meant to discourage any organization or individual from filing a claim. The insurer, not Marsh, will determine whether coverage is available. Managing Editor: Tom Walsh Publisher: Timothy J. Mahoney The information contained herein is based on sources we believe reliable, but we do not guarantee its accuracy. It should be understood to be general risk management and insurance information only. Marsh makes no representations or warranties, expressed or implied, concerning the financial condition, solvency, or application of policy wordings of insurers or reinsurers. The information contained in this publication provides only a general overview of subjects covered, is not intended to be taken as advice regarding any individual situation, and should not be relied upon as such. Statements concerning tax and/or legal matters should be understood to be general observations based solely on our experience as risk consultants and insurance brokers and should not be relied upon as tax and/or legal advice, which we are not authorized to provide. Insureds should consult their own qualified insurance, tax and/or legal advisors regarding specific risk management and insurance coverage issues. Marsh is part of the family of MMC companies, including Kroll, Guy Carpenter, Mercer Human Resource Consulting (including Mercer Health & Benefits, Mercer HR Services, and Mercer Global Investments), and the Oliver Wyman Group (including Lippincott and NERA Economic Consulting). This document or any portion of the information it contains may not be copied or reproduced in any form without the permission of Marsh Inc., except that clients of any of the companies of MMC need not obtain such permission when using this report for their internal purposes, as long as this page is included with all such copies or reproductions. Copyright © 2007 Marsh Inc. All rights reserved.
  20. 20. Risk Talk Supply Chain Resiliency Compliance #: MA7-10383