Compliance and risk professionals in the manufacturing industry face a wide range of responsibilities. They must navigate compliance requirements across multiple regulatory areas, including product safety and quality control, environmental, social, and governance (ESG) standards, fair labor practices, supply chain due diligence, and anti-bribery and corruption (ABAC). The complexity of these responsibilities makes their roles more critical than ever.
In addition to routine tasks, compliance teams must be prepared to respond to unexpected “black swan” events that can disrupt global supply chains. Recent years have seen several such events, including a global pandemic, natural disasters, geopolitical unrest, and global trade disruptions. Demonstrating resilience and adaptability is essential to thrive in a highly competitive marketplace.
Compliance professionals in the manufacturing industry are also tasked with fostering a strong ethical culture, ensuring that employees and third-party suppliers act with integrity. Managing these responsibilities requires robust compliance policies and procedures that address the full scope of risk, ethics, and compliance requirements. This includes creating tailored training programs, managing conflicts of interest, gifts and entertainment, regulatory disclosures, and more. As regulatory requirements expand globally, compliance and risk teams must constantly monitor risks within their operations and those of subsidiaries, third parties, and even nth parties.
This blog explores the most pressing risks and regulatory compliance challenges facing manufacturers today and outlines straightforward compliance measures that any manufacturing company can implement to address these challenges effectively. You can dive into even more details in the full ebook on this topic.
Manufacturing companies often manage complex, globally dispersed operations. As supply chains globalize and businesses expand into more countries, these complexities only multiply. Additionally, evolving market pressures and geopolitical factors drive alternative strategies like nearshoring and diversification, requiring compliance teams to adapt in tandem with these business changes.
Meeting regulatory requirements intensifies as new frameworks are introduced or updated worldwide, expanding the compliance risks that teams must manage. To ensure regulatory adherence and effective risk mitigation, compliance teams must remain agile and responsive to ongoing changes.
The manufacturing industry must ensure compliance with relevant anti-bribery and corruption (ABAC) laws and regulations. Certain industries face a higher risk of bribery and corruption, and manufacturing is one such industry. The decentralized nature of manufacturing operations, which typically comprise a globally intricate web of suppliers and distributors, means that manufacturing companies often rely on third-party agents to procure contracts, licenses, or permits to operate in high-risk regions of the world. These interactions often require that those third-party agents interact with government officials, greatly increasing bribery and corruption risk.
The most visible and far-reaching anti-corruption law in the world is the U.S. Foreign Corrupt Practices Act (FCPA). Under the FCPA’s anti-bribery provision, it is illegal to offer, pay, or promise to pay “anything of value” to a foreign official in exchange for obtaining or retaining business. The “anything of value” means the FCPA prohibits not just monetary bribes but all forms of corrupt payments, such as gifts, travel, and entertainment. The scope of the anti-bribery provision extends to publicly traded companies, their officers, directors, employees, third-party agents, consultants, distributors, joint-venture partners, and others. Having robust internal controls that monitor for suspicious gifts and entertainment, or conflicts of interest, is a critical aspect of mitigating ABAC risk.
Additionally, under the FCPA’s accounting provisions, U.S. issuers must maintain accurate books and records and have a system of internal controls sufficient to provide reasonable assurances that transactions are executed and assets are accessed and accounted for in accordance with management’s authorization. Said another way, the FCPA makes it illegal to falsify a company’s books and records in an attempt to conceal corrupt business deals.
In the United Kingdom, the U.K. Bribery Act similarly criminalizes the offering, promising, or giving of a bribe. Unlike the FCPA, the U.K. Bribery Act applies to both the public and private sectors and to both foreign and domestic bribery cases. A separate provision of the U.K. Bribery Act (Section 6) further prohibits the bribery of foreign public officials in exchange for obtaining or retaining business or a business advantage. The U.K. Bribery Act also prohibits requesting, agreeing to receive, or accepting a bribe. Companies that fail to prevent bribery by those acting on their behalf – such as an employee, agent, or subsidiary – can also be held criminally liable.
Like other risk areas discussed in this guide, ABAC compliance should be a key part of a comprehensive third-party risk assessment process. To assist risk and compliance teams in establishing robust anti-bribery and corruption controls, several guidance documents are available, including the FCPA Resource Guide, the Department of Justice Criminal Division’s “Evaluation of Corporate Compliance Programs,” and the U.K. Ministry of Justice’s “Bribery Act 2010 Guidance.”
Compliance with quality control standards is another key compliance area, especially relevant to the manufacturing industry. The ISO 9001 standard, established by the International Organization for Standardization (ISO), is the most widely adopted international standard that specifies requirements for creating a quality management system (QMS).
Organizations of all sizes that seek to improve the quality of their products and services and consistently meet customer and regulatory expectations are encouraged to follow the ISO 9001 framework, which covers seven core principles of a QMS. At a high level, those principles address the importance of meeting customer requirements; leadership buy-in and support; a process-oriented approach; and a commitment to continuous improvement.
There are also industry-specific standards that build upon the ISO 9001 standards. Thus, risk and compliance teams in the manufacturing industry that meet the ISO 9001 standards are also in a good position to meet certain industry-specific standards, including:
Aside from the ISO family of standards, various regulatory bodies have published industry-specific standards of their own. In the United States, for example, the Current Good Manufacturing Practice (CGMP) requirements, enforced by the U.S. Food and Drug Administration, establish requirements for properly designing, monitoring, and controlling manufacturing processes and facilities in the pharmaceutical industry.
Risk and compliance professionals in the manufacturing industry also know how important it is to continuously ensure the health and safety of employees. For guidance in this area, many leading companies follow ISO 45001, the internationally recognized standard for managing occupational health and safety risks. ISO 45001 covers several key topics, including leadership commitment, worker participation, hazard identification, risk assessments, legal and regulatory compliance requirements, emergency planning, incident investigation, and continuous improvement measures.
Because manufacturing risks vary greatly sector by sector, there are also many industry-specific resources for compliance teams to turn to. The U.S. Occupational Safety and Health Administration (OSHA), for example, has published several industry-specific resources, covering the following manufacturing sectors:
Adopting the ISO 45001 standard, in combination with complementary industry-specific standards, helps risk and compliance teams in the manufacturing industry mitigate the risk of workplace injuries, illnesses, and other incidents. Following internationally recognized health and safety standards may also go a long way toward reducing the risk of regulatory fines, workers’ compensation claims, productivity losses, and other business disruption costs caused by health and safety failures.
As regulatory expectations around environmental, social, and governance (ESG) issues continue to gain attention on a global scale, a growing number of countries have passed laws requiring companies to be more transparent about, and accountable for, their environmental and human rights violations, and mitigating such risks in their global supply chains.
Among the most prominent laws addressing both environmental and human rights harms are:
As more countries enact mandatory ESG reporting disclosures, risk and compliance teams in the manufacturing industry will want to familiarize themselves with the human rights and environmental due diligence reporting obligations that apply in the countries where they have manufacturing operations and facilities.
There are also international standards that provide guidance for minimizing environmental harms, including those caused by manufacturing activities. ISO 14001 – the internationally recognized standard for designing, implementing, managing, and continuously improving an environmental management system (EMS) – challenges organizations to consider all environmental issues relevant to their operations, including air pollution, water and sewage issues, waste management, soil contamination, climate change mitigation and adaptation, and resource use and efficiency.
Combating modern slavery in global supply chains is another top-of-mind issue for risk, ethics, and compliance teams in the manufacturing industry. Modern slavery is an umbrella term that encompasses a wide range of human exploitation, including forced labor, human trafficking, child labor, and bonded labor. According to the “2023 Modern Slavery Index,” published by the Walk Free Foundation, approximately 50 million people around the world are victims of modern slavery.
Manufacturing companies are especially prone to modern slavery risk due to several high-risk factors that plague the industry, including generally poor visibility over lower-tier suppliers, exacerbated by jobs that are often hazardous by nature and often done in countries with lax regulatory oversight over poor and unsafe working conditions.
Some countries – like the United States and Canada – have passed laws that address modern slavery practices in global supply chains. In the United States, for example, the Uyghur Forced Labor Prevention Act requires that companies importing goods from the People’s Republic of China, especially the Xinjiang region, certify that their cargo was not produced using forced labor. In Canada, Bill S-211 establishes reporting obligations for certain private-sector entities. Those that meet certain criteria set out in the Act must report on what steps they have taken to reduce and prevent forced labor and child labor in their supply chains.
Other laws, while not mandatory, encourage companies to make annual disclosures about what measures they have taken to verify the integrity of their supply chains, how they audit their suppliers, and what steps they are taking to mitigate modern slavery in their supply chains. Such laws include the California Transparency in Supply Chains Act, the U.K. Modern Slavery Act, and Australia’s Modern Slavery Act.
Several global frameworks provide guidance on how to conduct human rights and environmental due diligence that compliance and risk teams may find helpful. These include:
Additionally, at the sector level, the GRI is currently in the process of developing 40 sector-specific standards that will identify material topics by sector, based on their impact. The standards will further reflect stakeholder expectations for sustainability reporting. According to GRI, the intent is to increase transparency and relevancy of each sector’s sustainability reporting.
For the manufacturing industry, GRI has expressed its intent to publish standards addressing the following industries and respective manufacturing areas:
Risk and compliance teams may want to review the GRI sector standards as they are released, as the sustainability reporting frameworks for each industry likely will complement the due diligence reporting frameworks, as laid out by the other international frameworks mentioned above.
In addition to following the guidance documents laid out by regulatory bodies and international standard-setting frameworks, effective compliance programs incorporate several tried-and-true best practices.
Conduct Risk-Based Third-Party Due Diligence
Whether tackling bribery and corruption risk, environmental and human rights harms, modern slavery, or any other risk area, conducting due diligence on your third parties in the global supply chain is at the core of a robust third-party due diligence program. Regulators expect a risk-based approach to the level of due diligence applied. High-risk suppliers require an enhanced level of due diligence. At the most basic level, due diligence can be as simple as scanning for adverse media reports or conducting background checks on vendors. Due diligence measures can also be further tailored by risk type, such as performing background checks to monitor for bribery and corruption, modern slavery, environmental violations, or other risks.
No matter what type of risks you are addressing in the manufacturing industry—be it quality control, ABAC, health and safety, modern slavery, environmental harms, or others—a cross-functional approach is the most effective strategy for managing these risks. Collaboration can occur in various ways and directions. For instance, to tackle modern slavery and environmental risks, risk and compliance teams might collaborate with the procurement function, which has direct visibility into suppliers and can assess their labor and environmental practices. Additionally, working with HR could be beneficial, as they might have information on potential illegal labor practices that compliance teams are unaware of. Engaging multiple functions ensures a comprehensive approach to risk management.
To ensure that health, safety, and environmental standards are being followed, prudent compliance professionals know how important it is to establish clear channels for reporting issues. In the manufacturing industry, easily accessible communication channels are especially important for workers on factory floors and in manufacturing facilities. No matter where an employee works, what their job function is, or how long they are employed with the company – seasonal, contractual, part- or full-time – all employees should be able to make reports easily, anonymously, and without fear of retaliation. Importantly, the system should be multi-channel, so that reports can be made over the phone, email, online, or even face-to-face. The more options people have to report their concerns, the more likely that compliance professionals can address ethics and compliance concerns before regulators do.
Compliance teams should continuously reassess the company’s risk exposure as new risks arise and new regulatory requirements and reporting frameworks are adopted. For example, have any new manufacturing facilities started operations in the last year? If so, does its location pose a high risk for corruption, modern slavery, or environmental harm? Does that new location enhance the number of suppliers that require due diligence? Has the company started manufacturing any new products? If so, what new risks might that pose? Where does the company source its raw materials, and how – is there any risk of modern slavery? What new ESG disclosure requirements have come into force that create new reporting obligations for the company, and do policies and procedures need to be adjusted to meet those new disclosure requirements? These are just a few questions compliance teams in the manufacturing industry may want to be thinking about as they think about how to continuously adjust and improve the compliance program as new risks and regulatory requirements arise.
Compliance and risk professionals shoulder multifaceted responsibilities, from navigating regulatory frameworks across multiple jurisdictions to safeguarding against bribery, corruption, and modern slavery. These efforts are pivotal in maintaining the integrity and sustainability of manufacturing operations worldwide.
Despite the vital role compliance plays in protecting enterprises, compliance budgets and resources are often spread thin. Silos are prevalent, particularly when disparate compliance and business systems fail to integrate and communicate effectively, making the job of the compliance professional even more challenging.
It's time for a more cohesive and efficient approach to compliance in the manufacturing industry. By adopting integrated systems and fostering collaboration, manufacturers can ensure their compliance practices are robust, agile, and capable of addressing the complex challenges they face.
FREE GUIDE
View the complete guide to compliance management in the manufacturing industry.