Talk

Talk

Supply Chain Resiliency

Volume 1, Issue 3

Talk

Supply chain resiliency is a topic of increasing

importance to businesses worldwide.

Building a Resilient Supply ChainThis edition of Risk Talk focuses on supply chain resiliency. Supply chain disruptions can arise from a number of external and internal sources, ranging from natural disasters to poorly executed operations. Increasingly, making supply chains resilient involves global coordination.

The following is based on a recent panel discussion of supply chain considerations.

Welcome

Gary Lynch, Global Leader, Marsh’s Risk Intelligence and

Resiliency Practice

Supply chain resiliency is a topic of increasing importance to businesses worldwide. In today’s global economy, threats to the supply chain abound. Hurricanes, typhoons, and other natural disasters can damage manufacturing and transportation facilities. Terrorism and emerging threats such as global pandemic can disrupt consumer behavior. New technologies bring other potential perils, including the risk of the unknown. Companies that learn to best manage such risks may find themselves with a competitive advantage over their peers that fail to do so.

Let me introduce our panel of experts:

Karen Avery, � national practice leader for Marsh’s Business Continuity Risk Management Practice.

Chris de Wolfe, � risk manager at Mars Incorporated, one of the world’s leading food manufacturers.

Diane Foley, � director of mission assurance at BAE Systems, a leading defense contractor.

A REPORT FOR CLIENTS AND COLLEAGUES OF MARSH ON TIMELY RISK-RELATED TOPICS

2 Risk Talk | Supply Chain Resiliency

Scott Warren, � managing director with Kroll Business Intelligence and Investigations.

Thierry Brevet � of our sister company Mercer Investment Consulting will talk about the growing concerns of shareholders related to environmental risk.

Rosaline Chow Koo, � Asia business leader for Mercer HR Consulting

The Risk-Intelligent Supply ChainGary Lynch

Gary Lynch (GL): The nature of supply chain strategies is evolving because of changes in the fundamental business model. The supply side, demand side, and operational aspects of creating value have been affected significantly by three key drivers:

First, globalization and attendant new markets, new suppliers, and �

new competition bring new social, political, economic, and cultural environments to manage.

Second is the massive gain in productivity and efficiency. �

Third is an empowered customer. �

These drivers have spawned new and/or enhanced strategies over the past 10 years such as:

just-in-time inventory; �

lean manufacturing; �

offshore manufacturing and outsourcing operations; �

consolidation of suppliers, resources, and facilities; �

massive automation; and �

horizontally integrated network supply chains, which act more like �

ecosystems than production lines.

Discussions with hundreds of our clients have revealed three primary supply chain risk issues:

First, clients are struggling to efficiently and effectively manage the risk of �

complex and interdependent supply chains.

Gary Lynch is the global leader of

Marsh’s Risk Intelligence Strategies

and Resiliency Solutions Practice

and a member of the executive com-

mittee for Marsh’s Risk Consulting

Practice.

Mr. Lynch is located in Marsh’s New

York City headquarters, where he

leads the firm’s global supply chain,

resiliency, and continuity strategies

and its risk-intelligence capabilities.

He also is responsible for developing

thought leadership around emerging

issues such as pandemic and terror-

ism. He has advised numerous mul-

tinational companies on risk topics

that include supply chain resiliency,

operational risk management, global

risk strategies, continuity, and tech-

nology risk. Currently he works with

the Center for Risk Management and

Decision Processes at The Wharton

School and is the author of the soon-

to-be-released book Total Denial: Why

organizations are unprepared for the

changing risk paradigm.

Mr. Lynch holds a BS from the New

York Institute of Technology. He is

a Certified Information Systems

Security Professional (CISSP).

Gary LynchManaging Director

2 Risk Talk | Supply Chain Resiliency Risk Talk | Supply Chain Resiliency 3

Second, insurance doesn’t fully manage the risks, meaning that much risk �

is retained—more so than in the past—especially for tier-two, tier-three, and tier-four suppliers.

Finally, taking on some of this risk used to be an accepted practice, but now �

it represents a material exposure. And the activities to mitigate this risk now represent the potential of a material investment.

At Marsh we’ve talked a lot recently about the concept of the “risk-intelligent supply chain” as opposed to the original concept of supply chain. Traditionally, a supply chain was defined as a network of internal and external resources that performed three main functions—procuring materials, transforming the materials into intermediate and finished products, and distributing the finished products to customers and consumers. Over time, organizations have narrowed the definition to where “supply chain” refers more specifically to managing the primary suppliers responsible for the key inputs into a product or service. The definition has become much less focused on the end-to-end process and the upstream and downstream risks in the extended supply chain that involve creating value for customers. In the special instances in which risk management was a major factor in the supply chain equation, it was always from a point-in-time perspective—it was not dynamic, and it failed to address the continuously changing business landscape.

Speaking in terms of the risk-intelligent supply chain is our way of avoiding that more narrow definition. We are reestablishing the original intent of the definition of supply chain for the end-to-end process from raw material source to the ultimate consumer—“farm to fork.” This comprises the internal and external interdependent parts that generate value for an organization. The concept of the risk-intelligent supply chain comes with an understanding that managing risk is an everyday part of doing business and that there is a vital need to do so dynamically to address the volatility of the business environment across all of the steps that are required to deliver something of value to customers.

The Risk-Intelligent Supply ChainKaren Avery

GL: Karen Avery is the national practice leader for Marsh’s Business Continuity Risk Management Practice. She will zero in on supply chain issues in the retail industry, although many of the concepts apply to all industries. Karen, could you outline a few of the key attributes of the retail industry before we look at its supply chain?

Karen Avery (KA): Certainly. Although I’ll be talking about the retail industry, I’m sure that decision makers in other industries will see many similarities.

The concept of the risk-intelligent supply chain comes with an understanding that managing risk is an

everyday part of doing business.


The retail industry currently is characterized by low margins, swings in profitability and demand, consolidation, high employee turnover, increased use of technology, increasing use of global suppliers, moves into nontraditional areas to grow revenue, and an array of changing financial and risk management issues.

For a company in the retail industry, we generally think of the end-to-end supply chain as having six critical areas, design, source, produce, distribute, sell, and consume. Any discussion of a retailer’s supply chain must begin by looking at those six areas. Retailers, product manufacturers, and distributors must all work together to address the burgeoning nature of risk to effectively balance risk and opportunity.

GL: Where along the supply chain do the risks appear?

KA: There is risk at every step. Consider some examples:

The globalization of resources can lead to supplier failures and to product �

safety and quality issues. When looking downstream it’s important to understand whether your suppliers also support your competition. How would these tier-three and tier-four suppliers prioritize your business in the event of a disruption? Will the big-box retailers dominate the suppliers’ attention?

The management of inventory to ensure optimal levels has increased risk. �

And the risk cuts two ways—too much stock can bring slower turnover and cash flow; too little can mean lost sales.

Labor disputes or shortages can affect production, while consolidating �

production facilities can create concentration risks.

Consolidation of distribution centers can cause a concentration of �

resources, thereby creating risk.

Theft becomes a significant issue at the distribution stage. �

At the point of sale, product recalls can pose enormous reputation and �

brand problems. Also, employee issues—such as high turnover or poor training—can lead to serious customer service issues.

At the consumption stage, customers’ perceptions can play havoc with �

brand and reputation, while demand volatility can complicate planning.

Those are just a few examples of what can go wrong.

Karen AverySenior Vice President

Karen Avery is the practice leader for Marsh’s Business Continuity Risk Management Practice.

Ms. Avery is located in Marsh’s Morristown, New Jersey, office, where she is responsible for prac-tice development, client delivery, business development, and qual-ity. She has extensive business continuity, supply chain risk, and operational risk manage-ment experience, as well as deep experience in the financial, retail, distribution, and manufacturing industries.

Ms. Avery holds a BA from Pace University. She is a certified Six Sigma Black Belt and a member of the Electronic Crimes Task Force Committee.


It is crucial for retailers to identify and prioritize the

most critical aspects of their businesses

and then to consider the end-to-end supply chain.

GL: How does risk-intelligent supply chain management fit into this picture?

KA: First, you need to remember that the retail industry has experienced significant changes over the last several decades—enhanced technological capabilities, new customer demands, increased focus on efficiency, significant reliance on outsourcing of shared services, and more offshore manufacturing. At the same time there’s been an increase in the significance and materiality of the risks that the retail industry faces. Managing the risk associated with natural hazards, brands, reputation, terrorism, data security, biological threats, and political instability—to name just a few—means retailers must deal with fierce competition and margin compression.

Put all of this together and you can see that it is crucial for retailers to identify and prioritize the most critical aspects of their businesses and then to consider the end-to-end supply chain. Looking at the issues in light of the risk-intelligent supply chain allows retailers—and others—to focus management time, capital, and other resources on assuring that those supply chains are resilient.

GL: What are some of the things retailers need to think about in preparing for the potential impact of any disruption to their supply chains?

KA: There are a number of questions that companies can ask themselves:

How do you create value in the marketplace? What are the key products �

and/or services that you provide?

What are the key business processes that support the creation of value? �

What are the skills, technologies, physical assets, and relationships that �

support these critical business processes?

Are you able to measure the impact to your business if a disruption were �

to occur? What would the financial and social implications be? Are you insured for this kind of disruption?

How would you respond to a disruption, and how long would it take? How �

would your customers respond?

How would your competitors respond? �

Could your company and your brand recover? �


GL: In Marsh’s fourth annual “Excellence in Risk Management” survey, one of the things looked at was the idea of turning risk into opportunity. One-third of the respondents agreed with the following statement: “My firm’s senior management looks for opportunities to use risk to the firm’s competitive advantage.”

The survey dug a little deeper to find out how those companies that agreed with the statement are trying to turn risk into opportunity. The No. 1 response involved managing people risks by developing a corporate responsibility program. But hard on the heels of the approach was minimizing business interruption. How does the risk-intelligent supply chain management strategy give companies a chance to turn risk into opportunity?

KA: First, consider what is at the heart of the business challenge we’ve been talking about—demonstrating to a company’s critical stakeholders that material business risk is being managed effectively and efficiently, based upon the reality that there’s not unlimited capital, time, or resources to manage risk. The traditional response has been to attempt to manage risk across the entire organization by establishing—at a minimum—a basic risk management capability to protect against the broad risks faced by the organization. However, too often the traditional result has been an inefficient and ineffective risk management strategy, one that provides superficial coverage for the organization, based largely on the threat rather than the materiality of the impact.

Retailers and others are coming to realize these shortfalls either through their own experience or by learning from others in their industries. The opportunity in risk-intelligent supply chain management is to put into practice two understandings:

managing risk is part of doing business; and �

there’s a vital need to do so dynamically to address the volatility of the �

business environment across all the processes that are required to deliver something of value to customers.

These understandings can help companies avoid underestimating the range of potential risks and their potential impacts across the organization. It also can help them see where any adverse event—a windstorm, a terrorist act, or a pandemic, for example—can affect their supply chain, and identify which of those impacts are the most critical. In other words, it can help them develop a laserlike focus on the business units, the products, the services, and the geographies that create the greatest value and thus represent the greatest potential losses in any disruption.

The upside of managing risk—if done effectively and efficiently—is that it enables organizations to make more informed decisions, expedite the decision-making process, and stay ahead of the competition.

The upside of managing risk is that it enables

organizations to make more informed

decisions, expedite the decision-making

process, and stay ahead of the

competition.


Maintaining a Global Supply ChainChris de Wolfe

GL: We’ll turn now to Chris de Wolfe, risk manager at Mars, Incorporated, one of the world’s leading food manufacturers. Chris, how does being a private company affect your supply chain management?

CDW: Mars is fiercely independent and committed to our private ownership structure. As a private company we have a cultural difference from many public companies. I think that we have a lot more freedom, which enables us to innovate in a number of different areas, including supply chain and business continuity. One of the biggest advantages I see is the ease of access to top executives and, subsequently, their ability to make quick decisions. This was particularly significant when we decided to conduct a major overhaul of our global business continuity program.

GL: Talk a little bit more about your global business continuity initiative.

CDW: Within our industry recently there has been major consolidation worldwide, specifically within the pet food industry. One of the things we wanted to do was make sure that our business continuity and resiliency programs reflected all the changes in our supply chain that have come as a result of this integration. Mars has always been entrepreneurial, and back in the 1980s the owners of the business established a business continuity program, which really was forward-thinking. At the time it was something that had mostly been done by information technology companies and banks but not really applied in the manufacturing world.

However, as can happen, the overall program wasn’t maintained centrally, nor was it updated. Over time, many of the different business units and divisions changed their plans to meet new challenges. The evolution gave rise to many different plans around the world. Some of those plans were top-notch. Others, however, didn’t quite keep up. Some had substandard processes.

We thought it was necessary to bring some consistency to our global programs. And as you well know, we’ve been working with Marsh to develop some standard practices and procedures aimed at giving all of our divisions the supporting tools globally that enable them to respond effectively to crises that might arise. This has all been made possible because the company’s owners showed the initiative years ago to get the ball rolling. Subsequently they gave us their full support as we reviewed and renewed the plans.

GL: I imagine you have hundreds of suppliers. How do you ensure that these suppliers are prepared for any of the numerous catastrophes that can occur?

CDW: It’s actually one of our key challenges. Because of all the work we’ve done with Marsh, I’m pretty confident that everything under our own roof

Chris de WolfeCorporate Risk Manager

Chris de Wolfe is the corporate risk

manager at Mars Incorporated. He

provides operational risk manage-

ment direction and leadership to all

of Mars’s units worldwide. He has

been at Mars Incorporated since April

1999. Prior to joining Mars he worked

for 12 years in the London insurance

market as a broker and subsequently

as a client executive. In London he

spent time at Aon, Marsh, Johnson &

Higgins, and Sedgwick.

As the methods of global commerce

have changed, Mars has recognized

the need for an effective business

continuity planning process. Mr. de

Wolfe has been responsible for coor-

dinating this activity worldwide.


is sorted out. But outside of our own operations, we rely on contractual relationships. One of the functions that we rely on specifically is our vendor-assurance process. Managers in this function essentially do a comprehensive business impact analysis for each of the vendors we work with, whether they are raw materials suppliers, or packaging suppliers, or distributors. With the output from these business impact analyses, we’re able to assess which of the vendors or business partners need to perform a thorough risk assessment.

It’s a good process. It works very well. But it is very reliant on the managers who are involved. And therefore, we’re going to develop a checklist for these vendor assurance managers so we can get a much better idea of what kind of shape our suppliers are in and what sort of preparation they have in place.

On-site audits also continue to be important because checklists don’t give you a full and proper understanding of the risks or how well prepared some of these other business partners are. We really do need to see what’s happening on the ground sometimes.

GL: One of the things Marsh has been talking about for a while now is the idea of turning into opportunities the multitude of risks that companies face. Is that something you see happening at Mars? Can you share any examples from a supply chain perspective?

CDW: I do see it happening, and I think it happens a lot, especially in innovative companies like Mars. A good example centers around pandemic planning, which has been a very vogue subject over the last couple of years. As we looked at our continuity plans in the harsh light of the potential for a pandemic, we realized that although we had made many preparations and contingency plans for infrastructure and for processes, we had done very little about the workforce that actually makes everything happen.

Fortunately, we discovered that during the SARS (Severe Acute Respiratory Syndrome) crisis, we had developed plans to address some of the same types of risks a pandemic could pose. These types of risks aren’t unique. Although we didn’t set up our plans specifically for avian flu, we did set them up to make sure that we could “cut and paste” certain parts of our plan immediately in the event of any disaster that prevents people getting to the workplace. That sort of planning helps us keep focused on what’s always been one of our key concerns—the health and safety of our global associates. The owners of the company are very committed to the associates’ well-being.

GL: What are some of your other concerns?

CDW: Every day there’s a different one. At the moment, probably one of our biggest concerns as a pet food company is the quality of the material in the supply chain. And you don’t have to be a pet food company to have legitimate worries about the quality of the materials that are coming in from other suppliers.

We realized that although we had

made many preparations and contingency plans

for infrastructure and for processes, we had done very little about

the workforce that actually makes

everything happen.


Unless you’ve lived under a rock, you’ve recently seen the extensive media coverage of the U.S. pet food recalls and the dreadful impact this has had on pets around the country and on the pet food industry as a whole. Mars is actually fortunate in that other than one of our smaller divisions, we were pretty much unaffected by this incident. But the fact was driven home that there are certain things that we don’t know about the supply chain. And they’re the things that we need to know. We as a business are extremely cutting-edge when it comes to testing the quality of materials and supplies.

We can test what we know. It’s very difficult to test what we don’t know. And that’s one of the things that gives us the most concern. On an industry level, some important lessons were learned from this recent experience. One of them is that the industry as a whole has a responsibility to the consumers. There are on occasion issues that arise in which we as an industry have to share some best practices. This recent incident shows how important it is to ensure that the entire supply chain is kept safe. That involves participation at the business level and at the government level. We make sure that we’re working with all the appropriate authorities. Frankly, if the industry gets a bad rap, it’s not good for any of the individual businesses within the industry.

GL: How about cross-border concerns with your supply chain?

CDW: One issue centers on being able to be involved in developing markets. Mars, like other large international companies, has done very well in established markets. But now is the time to switch our focus toward emerging markets because that’s where the exciting growth opportunities exist. India, Russia, Asia, South America—they all present massive opportunities. And they also bring to the table their own unique sets of risks, including:

License issues. � You never know when the trading license you operate under might be removed for unforeseen circumstances.

Supply chain patterns. � Unique characteristics of supply chain patterns in these countries can make planning for some supply contingencies quite difficult, but at the same time they become even more necessary.

Quality of supplies. � Some of the local suppliers are not typical of the quality you’d expect in the United States and Europe. And the concept of business continuity planning may be completely alien to them.

Political risks. � Operating globally means working in a variety of political environments. Russia, for example, is a large market for us. The manufacturing presence that we have there is significant—in fact the factories we have there are probably technologically the most advanced that we have in the world. Loss of any of those sites following some sort of geopolitical incident would indeed be catastrophic. It’s very difficult to plan for that type of incident.

If the industry gets a bad rap, it’s not

good for any of the individual businesses

within the industry.


Financial risks. � Another challenge in emerging markets is financial solvency of distributors.

GL: What are some of your priorities moving ahead?

CDW: One priority is to keep our global business continuity program alive. It’s important to emphasize that this is not a project with an endpoint. It’s a process that needs to be firmly established within overall management processes. It needs to be refined and maintained all the time. It also needs to be corralled to make sure that there’s some consistency to the plan. Within Mars, people move around a lot, so we want to make sure they have some consistency to the plans they’re using. If a manager is in Thailand today, he or she is using a certain plan. But if that manager moves to the United Kingdom tomorrow, the format and the content of the plan will be the same. Obviously, the details and how it applies to regions may be different, but the consistency has to be maintained.

Just as important is that plans need to tested and updated. There are always new threats arising, and we have to make sure we’re prepared for them. At the same time, as we continue to expand into new markets around the world, extend our supply chain, and make them more complex, it is even more important that we make sure we address the risks while maintaining the flexibility to let us enter these markets. This goes beyond insurance and into business resiliency and business sustainability. And that’s something that we really want to make sure we’re focused on.

Managing a Global Supply ChainDiane Foley

GL: We’re pleased to have with us today Diane Foley, the director of mission assurance for one of the world’s leading defense industry contractors, BAE Systems, Inc. Can you start today with a general view of how supply chain issues fit into risk management at BAE Systems?

DF: An organization the size and breadth of BAE Systems needs to have a robust risk management program. One of the key elements of that program is supply chain risk. We take a look at the key value streams for our organization and conduct an in-depth end-to-end analysis from raw materials straight on through to our customer’s customer to identify significant risks and places where resiliency can be improved.

GL: BAE Systems works with many suppliers. And being a defense contractor means there are a lot of strict government rules to follow. Can you talk about how you manage such a large number of suppliers?

DF: Our mission is to meet the needs of the war fighter. To do that we need to be able to deliver our products and services on time, which means our supply chain partners need to be able to meet their commitments to us. So

Diane FoleyDirector

Diane Foley is director of mission

assurance at the U.S. headquarters

of BAE Systems, Inc.

Ms. Foley is responsible for busi-

ness continuity management and

performance excellence at BAE

Systems, Inc., as well as managing

the company’s U.S. real- estate port-

folio. Her roles have included sup-

ply chain management and shared

services. She began her career as an

engineer in operations at one of BAE

Systems’ electronics manufactur-

ing facilities. In support of her work

in Operations, Diane became a Six

Sigma Black Belt and was instrumen-

tal in developing and implementing

the company’s Design for Six Sigma

Manufacturability (DSSM) program.

She also has been an instructor in

various courses in statistical meth-

odologies and process improvement

techniques.

Ms. Foley holds a BS in Mechanical

Engineering from The Cooper Union

for the Advancement of Science and

Art in New York City and an MBA

in Aerospace Management from

Fairleigh Dickinson University in

Teaneck, New Jersey.


we take great pains to make sure they’re in a position to do so. From a broad level we look at those suppliers with whom we do the most business on an aggregated basis. We identify and monitor them and the things that are important to the continuity of their businesses. This includes their financial health, the political situation in the part of the world they’re in, and their risk management programs.

At the same time, we identify those value streams that are material to BAE Systems. By doing so we’re able to identify those other suppliers that may not rise to the top in terms of the amount they spend but provide critical parts for some of our key programs. We identify all of those and monitor them in the same way so that BAE Systems’s material value streams are not interrupted.

GL: It sounds like you work with suppliers of all sizes. What special supply chain considerations do you have working with smaller suppliers?

DF: Working with small businesses involves striking a balance. Obviously you need to flow down critical requirements for the program. But you don’t want to overwhelm them with mandating supporting processes. At the same time, you want to make sure that they’re going be in business. BAE Systems has the unique opportunity in those instances to provide support and to train those suppliers—to implement a risk management program or any other type of program we think would be important for them to continue to be able to deliver to us. It really is a win-win for both organizations.

GL: Do you have any examples you could share that would tie all of this together?

DF: I do. One of our key value streams—I can’t name the program right now—is a multibillion-dollar Department of Defense program that we have a big piece of—it is one of our material-value streams. We undertook an end-to-end analysis of the program. It was interesting because at the beginning, the people in the program were saying: “We understand the program. We understand the risks. This should be an easy exercise. We know what we’re doing.”

Then they took a look at the program from raw materials straight through the supply chain to our customer. And they actually had a big “ah-ha!” moment. It turns out that there was something interesting with one of the composite materials used in that program—a material that our customer mandates that we use. For one thing, the business that provides it to us is a small business—with attendant cash-flow issues and those sorts of things. And it turned out that this business controls the only source of that material in the whole country. So not only would that supplier affect BAE Systems if it couldn’t deliver to us, but it potentially would have a huge impact on this multibillion-dollar defense contract. Clearly, this was something that we needed to address as an organization.

Working with small businesses involves

striking a balance.


First, we worked with the supplier to help it implement a risk management program of its own. Second, we looked internally at our inventory levels of the material in question and adjusted them to a level we felt more comfortable with. Finally, we took the information back to our customer and said: “This is a big risk for the program. We think that we should be looking at identifying and qualifying an alternate material so that if this material isn’t available, the program can continue.”

Protecting Intellectual PropertyScott Warren

GL: Our next guest is Scott Warren, from Marsh’s sister company Kroll. Scott has an extensive background in intellectual property (IP) protection at some of the world’s leading companies. Protecting intellectual property is a major supply chain risk around the world. The maturity, consistency, and interpretations of IP laws and regulations can vary, as can the sophistication of enforcement mechanisms. An action that is considered a violation of IP law in one country might be legal in another. A practice may be socially accepted in some places but not in others. In other cases, economic necessity may drive a country to compete with more developed nations—even if it means violating IP regulations.

A survey Marsh conducted in Europe among some of our clients with operations in Asia shed some interesting light on IP issues and supply chain concerns. When asked what risk areas most concern them, those surveyed listed as their top two concerns:

1. infrastructure risk, meaning the failure of information technology, communications, logistics, or power; and

2. the counterfeiting of products.

The survey also found that measures for protecting intellectual property were relatively weak in many of the respondents’ companies. Scott, do you see any surprises there from an IP standpoint?

SW: No, not at all. In fact the International Anticounterfeiting Coalition recently estimated that counterfeiting costs $600 billion a year globally—a 10,000 percent increase in the past two decades (see http://www.iacc.org). So IP protection is a significant problem, one that gets more complicated as you try to look at these issues across Asia.

GL: Scott, I’ve heard you mention a very interesting concept—the convergence of IP issues with information security issues.

Scott A. WarrenManaging Director

Scott A. Warren is a managing

director with Kroll Business

Intelligence and Investigations.

Mr. Warren is located in Kroll’s Tokyo

office, where he specializes in busi-

ness intelligence and investigations

and risk consulting services for cor-

porate clients and government agen-

cies. His areas of expertise include

protecting intellectual property,

fighting cybercrime, and handling

digital evidence and e-discovery

issues. Among his positions before

joining Kroll, Mr. Warren was senior

attorney for Microsoft Corporation,

based in Tokyo.

Mr Warren holds a B.A. from the

University of Colorado in Denver

and a J.D. from the Southwestern

University School of Law in Los

Angeles.


SW: This is a relatively new development. It used to be that people working in the IP world were predominantly lawyers who were fighting the issue, possibly working with government agencies to address the problem. And people in the information protection business were basically security risk managers within a company, perhaps with law enforcement backgrounds. Increasingly now you see that IP is exposed via computer systems, and that brings in the security risk side of the problem, leading to the convergence that we need to focus on. Within information protection these days, there is more focus on the legal consequences of information leaking from a company, be it from a privacy perspective or a Sarbanes-Oxley perspective. As these two areas converge, the groups really need to work together to be successful.

GL: What is a good starting point from which to address IP issues?

SW: The first thing is to spend time understanding the problem at a complex level, especially in the geographic area where you are going to fight it. One of the keys is to be aware of the risks in making assumptions about piracy. For example, consider how issues often develop in Asia. In my experience, things in Asia sometimes don’t progress very quickly. They go slow, slower, slowest, and then suddenly—boom!—there’s a complete change in the environment that you’re in, and then a tremendous change may occur. But it happens very differently than it might in the West. So you want to be aware of making the false assumption that things aren’t going to change—they can if you invest your time.

It’s important to work with international law enforcement officials because they can be the eyes for you in a region, and they can help local law enforcement make a much more public statement about their efforts to work on a case.

You need to reach out to competitors, and that’s sometimes the hardest because we generally fight with competitors at everything we do. One area where it can pay dividends to agree with your competitors and work alongside them is in fighting piracy. The alternative is that a company may clean up its market but its competitors don’t. Then, the company that worked to fight piracy may be at a price disadvantage in sales to consumers, who see your genuine products on the shelves next to counterfeit products.

GL: Do you think companies are thinking enough about the big picture when it comes to IP protection? What kind of things should they be doing more of?

SW: One can always think more about the big picture. It’s difficult to do because of the variety of skill sets it takes—from the legal/regulatory side, from the criminal side, and from the technical side. All of those areas have to merge in very broad thinking about the problem.

A company should think about how to build

its trademark into its products in a way that makes it easier to fight counterfeits when they appear in a particular

jurisdiction.


In many ways this dovetails with the risk-intelligent supply chain concept—understanding where your problem is and then building in your intellectual property protection, starting at the creation stage. By that I mean you’ve got weapons that are provided for you under the law to fight intellectual property infringement, including trademark laws, copyright protections, patents, and trade secret laws in many jurisdictions. For example a company should think about how to build its trademark into its products in a way that makes it easier to fight counterfeits when they appear in a particular jurisdiction.

You also need to get your IP rights on file, not only in the places where you expect to sell your product but also in the places where counterfeiters likely manufacture their product. Really think about your distribution chain and where its weaknesses are. People spend a lot of time making a lot of business continuity plans about how to handle getting products from different sources in case of a major disaster. But they also need to think about that same supply chain in terms of IP protection. For example if all of your products are made within a five-mile radius of each other, would it be easy for your own manufacturers to get together with another company—possibly at nighttime—and make counterfeits when you’re not looking?

GL: How would you define success in fighting piracy?

SW: I look at that question from the perspective of having worked in this area for more than 14 years in developing economies throughout Asia, the Middle East, South America, and Africa—all places where there are tremendous problems. One observation is that you need to avoid some common traps, including:

Expecting to recover large amounts of money. You need to understand that �

you’re not likely to get a sizable recovery or even to recover lost profits from an infringer. In my experience, civil cases against counterfeiters in this region have not been particularly successful.

Forgoing criminal enforcement. It’s important to pursue criminal �

enforcement to show that violators face penalties.

Looking for short-term miracles. Companies want to have the problem �

solved yesterday. But the reality is that a lot of the fighting of these issues takes commitment over a long period to achieve results.

Focusing on the number of retail actions they have and the seizures that �

result. I call this the “lawn mower approach.” Look at a marketplace that has many stalls with all sorts of counterfeit products. It’s possible to get an administrative agency to come in and clean out the market and it looks great for a day or two, but it very, very quickly grows back, much like your grass does. Focusing solely on the metrics of a single raid action is sometimes not the most effective way to proceed.

A company should think about how to build

its trademark into its products in a way that makes it easier to fight counterfeits when they appear in a particular

jurisdiction.


GL: Could you summarize some things companies can do to boost their success in combating IP theft?

SW: As I’ve already mentioned, they need to understand what the problem is and be aware of false assumptions. But the No. 1 thing —especially in developing economies—is to target fewer raids but initiate them against higher-level manufacturers, distributors, and their financial backers. That involves pushing an investigation up several levels from the retail stores to those that are actually major distributors and to those that manufacture the product.

I call that the “dandelion approach.” It involves pulling up an organization by its roots, which both removes an entire organization and lets the people at the higher levels of the counterfeit chain experience criminal pain. Other potential or actual pirates who see this happen may start to modify their behaviors. It’s essential for any successful antipiracy program in developing economies to understand the volumes and values of the products being sold and to look very broadly at the links between the people who are doing the counterfeiting.

Finally, I would recommend that companies develop relationships of trust with law enforcement and other officials involved in IP issues. That is not to be construed as a relationship of purchased friendship. It’s a relationship where you’ve been in the region long enough to know the police who are in the different jurisdictions, know the prosecutors in the different areas, and provide them appropriate services over time, perhaps training them in cybercrime enforcement or other things. The reason to do so is not to buy a favor but to go to them with a problem and jointly work on a solution. Those types of relationships of trust are critical, especially in developing areas.

Human Resources Issues in the Supply ChainRosaline Chow Koo

GL: Our next guest is Rosaline Chow Koo, Asia business leader for Mercer, a Marsh sister company. Rosaline, when companies look at their supply chains, which are so often stretched across numerous borders, human resources issues are critical. What are some of the issues you see companies dealing with as they try to manage the people risks in their supply chains?

Rosaline Chow Koo (RCK): Let me give you a list of some of the issues companies face:

finding the needed skill sets; �

training; �

I would recommend that companies develop

relationships of trust with law enforcement and

other officials involved in IP issues.


quality issues; and �

dealing in some cases with an aging workforce and in others an underage �

workforce.

Many times, companies are forced to look at these issues not only in their top-tier suppliers but also in their second- and third-tier suppliers.

GL: That sounds like a tough challenge. One of the issues you and I have talked about extensively with clients is pandemic preparedness. There are so many supply chain considerations around pandemics, not the least of which involves managing people and their skill sets. What are some of the best practices you’re seeing from an HR perspective on this issue?

RCK: When you focus on the HR implications of pandemics, multinational companies are way ahead of locally owned firms. The most forward-looking companies are doing things like setting up crisis leadership teams, which have begun tailoring their business continuity plans (BCPs) to handle the 25 percent to 40 percent absenteeism rates a pandemic could bring, and they’re also setting up employee communications programs.

Many firms are now planning for the workforce implications by conducting skills inventories, cross training, improving capabilities for employees to work remotely, and customizing their HR policies. In fact some companies have started testing their BCPs on the workforce side and are seeing whether their infrastructures can handle a surge of remote-access activity. Many companies have stockpiled gear such as masks, gloves, sanitizers, and cleaning supplies after having lived through the run in these products during SARS.

Some regulatory authorities are working with the public sector and private financial institutions to ensure adoption of adequate BCP plans. For example, here in Singapore the government has stockpiled medication for 25 percent of the population and mailed out avian flu booklets to every household in the country. They forced all the ministries and essential services such as the hospitals, public transport providers, and border stations to have pandemic plans. They’ve even wired the schools for Internet schooling to try to avoid a repeat of what happened during SARS, when all the schools closed for three weeks. And they have held two very public drills.

GL: It seems as if absenteeism will be a huge issue during a pandemic, with the potential to create massive supply chain problems. How should companies prepare for an event like a pandemic that could keep a significant part of their workforce away from work?

Rosaline Chow KooAsia Pacific Business Leader

Rosaline Chow Koo is a worldwide

partner, Asia Pacific business leader

of Mercer, Asia Business Leader

of Mercer HR Services, and leads

Mercer’s avian flu global initiative.

Ms. Chow Koo is located in Singapore.

She has 20 years of experience in

business management, start-ups, and

turnarounds. Before joining Mercer

she was in charge of business devel-

opment for ACE Insurance’s Accident

& Health ASEAN operations and had

P&L responsibilities for Singapore.

Before moving to Asia, Rosaline

worked for Bankers Trust Company

in New York City, where she held a

series of leadership positions in FX

and retirement services product man-

agement, banking and mutual funds

operations, process re-engineering,

and marketing/strategic planning.

Ms. Chow Koo holds an MBA from

Columbia Business School, where she

was an Edwin Wolfson Fellow, and a

BS from the University of California-

Los Angeles.


RCK: The absenteeism rate during a pandemic is expected to be as high as 40 percent because people will stay home, not only to deal with their own illnesses but also if they’re quarantined for some reason, if they’re taking care of their children or other family members, if there are travel restrictions, or if they stay away because they’re scared.

The objective of quarantine policies is to keep sick people away from work and away from the healthy. We recommend implementing a liberal leave policy and nonpunitive sick leave policies to ensure that staff members who don’t feel well do not report to work. For management this is just one part of a broader workforce pandemic planning strategy and a broader supply chain resiliency strategy. Companies should identify which of their critical business functions must be maintained even during pandemics or other major disruptions. Once that’s done, it’s time to identify key employees and key functions. They should cross-train employees to make sure that key functions can be fulfilled, and where appropriate, enable employees to work remotely.

GL: Shifting gears a bit, I’m sure many companies have experienced or will experience rising costs for the labor involved with their outsourcing operations. What are you seeing on this front in Asia?

RCK: It’s an interesting area, and it’s a real consideration for companies that establish part of their supply chains overseas. First, it can be expensive to set up overseas. And if you’re setting up in Asia, there’s an ongoing war for talent that’s resulted in escalating costs. In India, for example, average wages are increasing at least 14 percent annually; while in China they are increasing about 10 percent annually. Health care benefits are also skyrocketing, with medical inflation in the region increasing from 15 percent to 25 percent each year. The important thing to keep in mind is that you have to have up-to-date data on compensation and benefits costs to ensure that the large increases in your wages or your benefits would not dilute—or wipe out—the projected advantages of setting up shop overseas.

GL: Any final thoughts?

RCK: Supply chain risks in Asia are no longer isolated within the region but have global impact because Asia has become the world’s factory and outsourcing center—as well as being a potential ground zero for a pandemic. It is important to have special considerations for Asia as you develop your supply chain risk management plans.

When you focus on the HR implications of

pandemics, multinational companies are way ahead of locally owned firms.


Notes


The information contained herein is based on sources we believe reliable, but we do not guarantee its accuracy. It should be understood to be general risk management and insurance information only. Marsh makes no representations or warranties, expressed or implied, concerning the financial condition, solvency, or application of policy wordings of insurers or reinsurers. The information contained in this publication provides only a general overview of subjects covered, is not intended to be taken as advice regarding any individual situation, and should not be relied upon as such. Statements concerning tax and/or legal matters should be understood to be general observations based solely on our experience as risk consultants and insurance brokers and should not be relied upon as tax and/or legal advice, which we are not authorized to provide. Insureds should consult their own qualified insurance, tax and/or legal advisors regarding specific risk management and insurance coverage issues.

Marsh is part of the family of MMC companies, including Kroll, Guy Carpenter, Mercer Human Resource Consulting (including Mercer Health & Benefits, Mercer HR Services, and Mercer Global Investments), and the Oliver Wyman Group (including Lippincott and NERA Economic Consulting).

This document or any portion of the information it contains may not be copied or reproduced in any form without the permission of Marsh Inc., except that clients of any of the companies of MMC need not obtain such permission when using this report for their internal purposes, as long as this page is included with all such copies or reproductions.

Copyright © 2007 Marsh Inc. All rights reserved.

To review your organization’s needs in the areas discussed—supply chain resiliency, intellectual property protection, and human resources management—please contact your Marsh representative. For more information, log on to our Web site, http://www.marsh.com.

Marsh is committed to delivering information about risk-related issues that pertain to protecting your organization. Although we have attempted to review the key topics in some detail, we recognize that you may have additional questions or concerns. If you have any questions or comments about this panel discussion or any other issue, please contact your Marsh representative, or send an e-mail to [email protected].

The comments in this report do not represent coverage interpretations by insurers or brokers and are not meant to discourage any organization or individual from filing a claim. The insurer, not Marsh, will determine whether coverage is available.

Managing Editor: Tom Walsh

Publisher: Timothy J. Mahoney

Risk Talk Supply Chain Resiliency

Compliance #: MA7-10383

Talk

Documents

Transcript of Talk