Navigating Supply Chain Due Diligence: What You Need to Know

By implementing an effective compliance program, engaging in robust supply chain mapping, developing a culture of compliance, and taking a proactive approach to legal requirements, a company can adequately safeguard against disruption.

Nico El Nino Adobe Stock 480131143
NicoElNino AdobeStock_480131143

In recent years, international supply chains have been subject to increased scrutiny. Western countries including the United States, the UK, and Canada, as well as the European Union (EU), have clamped down on unethical business practices and introduced sanctions and import bans targeting actors involved in human rights violations related to the use of forced labor, corruption and bribery, fraud and political interference. These actors are often located in geographies with low levels of transparency or in countries that pose strategic or national security concerns. Some actors are state-owned entities of “adversarial” governments. The evolving tariff war only adds another layer of complexity to international trade and highlights how geopolitics have always been closely linked to government determinations on trade compliance.

Some key challenges facing international businesses entail competing and occasionally contradictory, far-reaching laws; internal resources needed to uphold high ethical standards and transparency; and external unexpected factors, such as tariffs and geopolitics, which cause immediate disruption to supply chains.

The Uyghur Forced Labor Prevention Act

In the United States, the best-known law targeting forced labor is the Uyghur Forced Labor Prevention Act (UFLPA), which the U.S. Congress signed into law in 2021. Acknowledging that exploitative labor practices, including prison, child, and other types of forced labor, remain a significant issue in many industries worldwide, the law is directed particularly at human rights abuses involving the Uyghur people, especially in the Xinjiang region of China. Reports indicate that as many as one million Uyghur Muslims may have been arbitrarily detained and forced to work in detention centers and/or undergo “reeducation.”

The law imposes a “rebuttable presumption” that any goods, wares, articles, or merchandise mined, produced, or manufactured, in whole or in part, in the Xinjiang Uyghur Autonomous Region (XUAR) or in connection with entities on the UFLPA Entity List, are made with forced labor and thus prohibited from entering the United States unless proven otherwise. Parties that have been determined by the U.S. Department of Homeland Security (DHS) to use forced labor to supply goods are added to the UFLPA Entity List, which is regularly updated. While the list includes many parties located in the Xinjiang region, and China more broadly, that have been found to use forced labor, it also includes parties in other geographies, including Malaysia, Thailand, and the Philippines. These entities are deemed to essentially be front companies for Chinese manufacturers or are facilities at which Uyghurs have been forced to labor outside China.

Importers can challenge the presumption by demonstrating that their goods are not made with forced labor, even if there is a connection to the XUAR. But proving the negative is not easy. The importer must provide detailed documentation such as information about workers involved in the products’ creation, wages paid to workers, working conditions, and evidence showing that the workers were not coerced or manipulated into working or living in known detention centers. Ultimately, the importer must provide “clear and convincing evidence,” a high standard to meet, that no forced labor was involved.

In addition, obtaining the necessary information about labor practices in China and other regions can be challenging given Chinese legal restrictions on Chinese companies sharing information as part of due diligence exercises. Moreover, Uyghur laborers are frequently moved out of the XUAR to other regions of China which complicates compliance. U.S. Customs and Border Protection (CBP), a part of DHS, plays a crucial role in enforcement by detaining or blocking goods with suspected ties to forced labor. Importers can pursue various options to resolve this, including filing an Applicability Review Request to demonstrate that a shipment is outside the scope of the UFLPA. But this requires comprehensive supply chain mapping which, as described further below, is a significant undertaking.

EU Forced Labor Ban

The EU Forced Labor Regulation, which was brought into force at the end of 2024 and requires compliance by December 2027, is the first legislation to prohibit products made with forced labor from entering the EU. It does not focus on any particular type of forced labor but otherwise mirrors the purpose and scope of legislation introduced in the United States (and Canada). The law applies to all companies, regardless of size, and encompasses forced labor at any stage of a product’s supply chain, including components and raw materials. The onus is on the importer to establish supply chain risk management and due diligence processes. Should a product be stopped at the border, the importer would need to demonstrate the existence and efficacy of these processes, along with additional risk mitigation protocols.

The regulatory landscape in the EU has been fast moving, with the sweeping introduction of an “Omnibus package” this year that seeks to “streamline” EU sustainability regulations. A particular focus of this simplification effort has been the revision of key clauses in the Corporate Sustainability Due Diligence Directive (CSDDD), Corporate Sustainability Reporting Directive (CSRD), and EU Taxonomy and to delay their implementation. (The CSDDD has the greatest potential impact on supply chain due diligence requirements for EU corporations.) However, the outcome of these measures will alter neither the increasing consumer and commercial pressures to maintain ethical supply chains, nor the trade and import restrictions related to forced labor.

Although the UK does not have parallel legislation, many UK companies will fall under the extra-territorial reach of EU legislation. In March, for the first time in 10 years, the UK Home Office published new guidance for compliance with the UK Modern Slavery Act, with a specific focus on the importance of supply chain transparency.

Economic sanctions restrictions

The continued use of economic sanctions has created a complex web of restricted parties and locations that businesses must consider as part of their global supply chains. Throughout the world, individuals and entities are designated because of their involvement in terrorism, narcotics trafficking, cybercrime, human rights abuses, weapons proliferation, and other activities that threaten national security. Generally speaking, these designated parties are completely off limits for business, at least any business conducted under U.S., EU, or UK law, and indirect dealings with designated parties are typically tightly restricted if not outright banned. Furthermore, banks and financial institutions are often reluctant or unwilling to engage in a transaction that involves parties in countries subject to sanctions, e.g., Russia, Syria, Venezuela, and others, even when the transaction is permissible under applicable law.

Antibribery and anticorruption laws

Applicable antibribery and anticorruption (ABAC) laws, such as the Foreign Corrupt Practices Act (FCPA) in the United States and the UK Bribery Act, also create compliance obligations for companies that maintain international supply chains. (While the Trump administration has paused enforcement of the FCPA for several months, there is no indication the law will be repealed, and enforcement may resume in earnest under a future president or even under this administration.)

Particularly when a supply chain involves a supplier or producer in a part of the world where corruption is perceived to be common, the risk of an ABAC violation increases. A far-flung supplier who makes an improper payment as part of its effort to sell or transport goods can expose the buyer to liability if there is anything to suggest the supplier was acting on behalf of the buyer, or if the buyer was aware of a risk of a bribe and nonetheless paid the supplier.

Best practices for a secure, compliant supply chain

Clear, defined compliance program. The starting point for almost any effective compliance program is a clear commitment to compliance. Compliance in the supply chain context is no different.

Often the centerpiece of the program is a policy that emphasizes that management, and all personnel, are expected to understand and comply with applicable law in managing the supply chain. Specific legal obligations should be identified along with the responsibilities that personnel have for meeting those obligations. Personnel with oversight for the program should be identified, with contact information, so that employees know who can help them address questions and concerns. In addition, it is critical to have a hotline and corresponding process to escalate, investigate, and remediate as needed any potential compliance issues that are reported.

The best compliance programs typically are the product of a risk assessment that provides data on where risks are greatest. Once a risk assessment is completed, the company can implement tailored policies and procedures to address areas where violations could arise. Every good compliance program should have a clear policy for screening transaction parties against relevant restricted and prohibited parties’ lists. Effective compliance programs also have mandatory and recurring training of relevant employees, and well-defined record-keeping processes. And, as noted above, the underpinning of a good program is the “culture of compliance” set by C-suite leaders.

Supply chain mapping. To comply with forced labor requirements, companies are strongly encouraged to map their supply chains. This type of holistic exercise is a crucial element of understanding where risks are – and addressing them – and is part of the defense if an import is seized at the border. Understanding its greatest exposure to risks enables a company to prioritize third party due diligence and monitoring and allocate resources proportionately without needing to run blanket verifications across all operations. Understanding risk also enables a company to shape supply chain resilience and sustainability strategies.

Supply chain mapping requires an identification of suppliers all the way through to the raw material used in a product, if possible. This provides visibility as to all geographies in which a product or any component of it was mined, crafted, or otherwise obtained. It also inherently demonstrates the complexity of the entire supply (and value) chain and offers the chance to run red flag checks on entities to uncover political exposure, sanctions, transparency and reputational risks.

Ultimately, an effective mapping exercise allows a company to identify any supplier for which additional scrutiny is warranted. For example, in the case of a party that may be linked to Uyghur forced labor, it would be important to understand the party's proximity to the Chinese government (in particular the Xinjiang Production and Construction Corps (the XPCC), a U.S. sanctioned entity). This would be an indicator of potential use of forced labor and would merit further investigation.

Conclusion

Navigating the complexities of supply chain due diligence is not likely to get easier. With increasing legal pressures around forced labor, economic sanctions, ABAC, and other compliance risks, companies must develop strategies to address these challenges while also allowing for business to continue and thrive. Indeed, one argument for conducting pro-active diligence on the supply chain is that it is good business to only buy from, partner with, or otherwise transact with reputable suppliers. It is also good business in the court of public opinion to be able to demonstrate a meaningful commitment to not doing business with parties engaged in child or other forced labor practices.

By implementing an effective compliance program, engaging in robust supply chain mapping, developing a culture of compliance, and taking a proactive approach to legal requirements, a company can adequately safeguard its reputation and avoid substantial disruption to its business.

Page 1 of 72
Next Page