The Kathie Lee Factor

It was a public relations nightmare: Asingle supplier relationship put one clothing company's reputation, bottom line and production schedule at risk. And now that companies are finding their suppliers online, the potential for disaster increases. When using a first-time supplier, you can't be too careful. It's time to check in with third-party verification services.

[From iSource Business, July 2001] It's called the Kathie Lee factor. Kathie Lee Gifford is, of course, the television and recording personality made temporarily infamous in 1996 when it was disclosed that her signature line of Wal-Mart clothing was made, at least in part, by children working in factories in Central America. Since then her name has become synonymous not only with the horrible working conditions that remain endemic in much of the garment industry, but also with any public relations fiasco that ensues when an exploitative labor relationship is uncovered. To her credit, she has worked hard to raise awareness of these issues and, to a large extent, has succeeded.

Now companies, especially those vulnerable to public criticism and boycott, live in fear of the Kathie Lee factor. A consumer goods company, exposed as having purchased goods produced by sweatshop labor  no matter how unwittingly and no matter how many degrees of separation there are from its core supply chain  can have just as much harm done to its bottom line as would be if it missed earnings projections. Of course, companies face this and other risks day in and day out. However, when conducting business through a B2B Net marketplace, such risks increase significantly.

There are other risks that are less dramatic than the Kathie Lee factor, but equally as important, such as whether or not your company will actually receive what it ordered. Also to be considered is the security of the sensitive corporate information on a Net marketplace and whether or not the exchange system is vulnerable to hackers. Additionally, sellers worry about getting paid, as do the banks that participate by often acting as middlemen in complex online international transactions.

What it comes down to, says Kristin Valente, is trust. The success of these marketplaces is heavily dependent on the trust they can establish with their customers as well as skeptical regulators who wonder if a particular consortium model is legal, says Valente, National Leader for Innovative Assurance Solutions Implementation at Ernst & Young.

Sorry, but when your company's reputation, bottom line or manufacturing schedule is at stake, trusting a supplier whom you have never met face-to-face, or only through a young Net marketplace, simply won't cut it.

Paying for Trust

Fortunately, a host of trusted third parties that provide a wide range of assurance services to both online buyers and suppliers have entered the scene. Their services can include elaborate investigations of a supplier's labor and environmental practices, credit checks, verification of shipment arrival and condition, qualifying a supplier's factory production capabilities or its information technology (IT) system functionalities, and, finally, payment to all parties.

A large number of these providers are accounting firms, such as Ernst & Young and Deloitte & Touche, eager to capitalize on the opportunities provided by e-commerce. Indeed, accounting firms are a natural fit for these services, says Valente. Accounting organizations spent a lot of time developing standards for systems' reliability. We may have started out as accountants, but now we have become tech professionals as well. Business credit rating companies, such as Dun & Bradstreet and Coface, are also very active in this field.

Other players are the old-line, pre-shipment inspection entities, which are familiar to companies engaged in cross border trade. Bureau Veritas and Societe Generale de Surveillance SA, both European-based companies over 100-years-old with offices around the world, fall into this category. Then there are the new companies, with business plans to act as a neutral third party on the Internet. Many provide digital signature and other identity protection services, such as GeoTrust Inc.; Inc.; and SurePay, which is a payment facilitator. To gain credibility, these firms are usually certified by an acknowledged standard setting body, such as the American Institute of Certified Public Accountants.

Banks are also becoming very active in this area, if only for self preservation. The demand for e-commerce payment facilitation is great, yet many institutions have been hesitant to participate because of security concerns.

Consider, for example, the global banking network Identrus. Incorporated in early 1999 by eight of the world's largest banks, one of its initial goals was to provide a way for companies to make sure their online business contacts were truly who they presented themselves to be. Speedy facilitation of payment was important, too, but of a secondary concern.

One of the things we have always been concerned with is establishing the identity of the participants, says Buddy Baker, ABN AMRO's group vice president of North America's Trade Service Product management team. The proper technology, such as digital certificates, exists, he says, but the issuance processes of most payment schemes on the market today are so lax that banks don't want to participate in them. One popular digital certificate scheme, he says, allows people to sign up online without any sort of verification of their identity. Banks won't promise to make a payment unless they know who will pay them, Baker explains. Today, Identrus' member banks number close to 30.

Many, if not all, of these suppliers have aligned with one or more Net marketplaces. SGSonsite, for example, is engaged in some degree of discussion with 700 Net marketplaces around the world, says Hal Loevy, vice president of global strategy and development for SGSonsite, the e-business division of SGS.

As disparate as these players are, however, they do have one core feature in common: Basically, you're paying them for trust in a world where you have limited face-to-face interaction, says Sean McGhie, an associate with Akerman Senterfitt & Eidson, a Miami-based law firm that focuses on technology.

Who Benefits?

The answer, basically, is that everyone benefits, provided that buyers are aware of the limited liability of these third-party assurance providers and the absence of any case law that might protect their interests.

As B2B e-commerce continues to flourish, the need for third party verification and authentication in the marketplace has become enormous, says Larry Martinez, SurePay's vice president of sales and marketing. By getting certified by one of these third parties, suppliers and Net marketplaces gain a certain marketing cache. And, as companies' supply chain strategies and relationships shift in response to new market developments, buyers are growing ever more dependent on these assurances. Many companies find themselves doing business on a much more ad hoc or sporadic basis, says Michael Shumpert, vice president of eSolutions Marketing for Dun & Bradstreet. Repeat business with a customer or supplier is not as frequent as it used to be. Initially, many of these firms felt they could do the proper due diligence in-house, Shumpert says. But more and more companies find it is much easier to turn to experts in this area so they can concentrate on the terms of the deal.

Companies that develop several new products every year, and hence find themselves continually searching for new suppliers online, are particularly interested in what these third-party verification providers have to offer, says Roy Rosas, president and CEO of Reputation Technologies, a provider of Web-based supplier management software. Reputation Technologies has partnered with SGSonsite because, Rosas says, providing third-party assurance has practically become an unspoken requirement of many companies. The expense of going through a qualification process can be quite significant, especially when looking for critical components. One potential client, Rosas says, estimates its procurement division spends 40 percent of its time on supplier certification.

None of this is to say that companies are thrusting all responsibility onto a third party. Much depends on how integral the supplier is to operations, says Donavon Favre, a partner in Accenture's Supply Chain practice, who agrees there is a significant value-add to these services. If it is a core raw material, a business will usually check out the supplier itself. But with an indirect or MRO [maintenance, repair and operations] good, it is easier to accept a third-party evaluation. Indeed Rosas says a lot of companies just use these services as a pre-qualification check, especially with overseas suppliers. Before they spend time and money flying to Asia, say, they look up a potential supplier, then go check him out in person. The hope is that, by using third party assessment, the hit rate will be much higher.

Assured to a Degree

All of this may sound wonderful to a company braving the security hazards of the Internet, but legal advisors warn that firms must not take these assurances so seriously.

First of all, understand that there is little case law in this area, says McGhie. This is new territory for everyone. If a seller defrauds a buyer, the first line of recovery is against the seller. A buyer doesn't necessarily have any form of recourse against a pre-shipment inspection company or third-party assurance provider. And even if a contract did provide for some liability on the part of the verification service, the maximum liability would not exceed the actual purchase price or include damages for special recovery, he says. At best the buyer might be able to recover a pre-agreed amount, for example, 10 times the fee that was charged. But such a recovery would be meaningless  worth maybe a few hundred dollars, says McGhie  while a large transaction that could be worth millions of dollars is essentially lost to the buyer. But that is the worst case scenario. Most of the time, pre-shipment inspection companies are very cost effective and provide purchasers the confidence they need to buy online, he assures.

But just to play it safe, companies that rely on these services should establish the following:

1. Who pays?

Unless you, the buyer, contracted with SGSonsite, for example, to investigate a particular supplier or to conduct an inspection of cargo shipment, chances are these assurance providers have been retained by a supplier or the Net marketplace. In other words, they are paying to be certified. This is not to imply any big conspiracy here  it is, in fact, a common business practice among auditors and independent testing laboratories. These companies have long been operating in this space and understand the importance of maintaining neutrality.

The seller is paying for the service, not the rating, SGSonsites Loevy says. Our reputation is purely and solely based on the fact that we are independent and impartial. It also doesn't hurt that SGS gets paid upfront, before the supplier assessment is conducted.

2. There are different levels of authentication

Sometimes this is obvious. Dun & Bradstreet, for example, plainly states what is entailed in each of its verification services, says Shumpert. Some are simply authentication checks, and we warn companies that this level of protection might not be enough. More elaborate schemes include employee verification and a credit check.

In other cases, however, a company might assume certain services or protections are provided when, in fact, they are not. A Net marketplace might offer pre-shipment inspection through any one of these third-party assurance providers. But this is usually only a visual inspection to make sure the goods have arrived, says McGhie. It is not a sampling inspection, which is what many businesses expect.

In some cases, the low level of service provided may not be worth the money, depending on the value of the shipment, McGhie says.

3. A third-party assurance provider certifies or authenticates only what a supplier asks it to

If SGS has certified that a company meets international environmental standards, don't assume that also means it is a good employer. Or, if Ernst & Young determines that a supplier's system meets certain standards for reliability and uptime, don't assume that means it has a good privacy policy in place as well.

A supplier makes an assertion that it will deliver a particular level of service, say 99 percent scheduled uptime says Ernst & Young's Valente. We evaluate and test for only that claim.

Most of these third-party assurance providers offer reports along with their seal, both of which are usually posted on the Net marketplaces or supplier's Web site. Read the report carefully to see exactly what has been certified.

4. Check the date of certification

Most of the large authentication providers will monitor suppliers or Net marketplaces, so long as they use their seal to promote their policies. However, the smaller, or less well-known, assurance parties might not be as diligent. Any certification that is older than six months should be viewed with skepticism, many say.

The toughest part of the engagement is to continue to stay up to date after the certification process, Valente says. We encourage clients to recertify every six months. As long as they are displaying their report, we maintain contact.

If a client doesn't recertify and things change in their operations Valente says, Ernst & Young will pull its certification report. We don't make a big fanfare when we do that. Although the Ernst & Young seal is usually on the Net marketplace, the report itself is hosted on a secured server of Ernst & Young, she says.

As the technology improves and a track record in the success of these verification services is recorded, participants will be more able to determine what works. The value-add is engaging services that can truly help you verify, and therefore trust, your business partners.