Compliance and risk professionals in the manufacturing industry are faced with managing risk, ethics, and compliance issues covering a wide range of important regulatory areas, including product safety and quality control, environmental, social, and governance (ESG), fair labor standards; supply chain due diligence, anti-bribery and corruption (ABAC) compliance, and so much more.
Unforeseen events could include a global pandemic, natural disasters, geopolitical unrest, or global trade disruptions that result in major supply-chain bottlenecks. Demonstrating resiliency and real-time adaptability is necessary not only to survive but thrive in a highly competitive marketplace within manufacturing industry compliance.
Those are just the external factors. Compliance and risk professionals in the manufacturing industry are also tasked with fostering a strong ethical culture, ensuring that employees and third-party suppliers act with integrity at all times. In the manufacturing industry, acting with integrity is not just about following regulatory compliance requirements, but ensuring the health and safety of workers – down to those on the factory floors in far-flung regions of the world.
It’s a lot to keep on top of. It requires having robust compliance policies and procedures that address the full scope of risk, ethics, and compliance requirements specific to the manufacturing industry. It requires creating tailor-made training programs, managing conflicts of interest, gifts and entertainment, regulatory disclosures, and more.
As regulatory requirements continue to expand on a global scale, compliance and risk teams in the manufacturing industry must constantly be monitoring what is going on not only within the proverbial four walls of their own operations, but those of their subsidiaries, third parties, and even their nth parties.
Key Areas of Compliance in the Manufacturing Industry
Most manufacturing companies have complex and globally dispersed operations. As supply chains become more globalized, and manufacturing companies expand their operations to more countries and jurisdictions around the world, those complexities only multiply. Regulations are becoming harder and harder to meet as more countries release new frameworks, and the risks that compliance teams in the manufacturing industry must manage are expanding as well.
Anti-bribery and corruption (ABAC)
The decentralized nature of manufacturing operations, which typically are made up of a globally intricate web of suppliers and distributors, means that manufacturing companies often rely on third-party agents to get them contracts, licenses, or permits to operate in high-risk regions of the world. These interactions often require that those third-party agents interact with government officials, greatly increasing bribery and corruption risk.
The most visible and far-reaching anti-corruption law in the world is the U.S. Foreign Corrupt Practices Act (FCPA). Under the FCPA’s anti-bribery provision, it is illegal to offer, pay, or promise to pay “anything of value” to a foreign official in exchange for obtaining or retaining business. The “anything of value” means the FCPA prohibits not just monetary bribes, but all forms of corrupt payments, such as gifts, travel, and entertainment. Having robust internal controls that monitor for suspicious gifts and entertainment, or conflicts of interest, is a critical aspect of mitigating ABAC risk.
Additionally, under the FCPA’s accounting provisions, U.S. issuers must maintain accurate books and records and have a system of internal controls sufficient to provide reasonable assurances that transactions are executed and assets are accessed and accounted for in accordance with management’s authorization. Said another way, the FCPA makes it illegal to falsify a company’s books and records in an attempt to conceal corrupt business deals.
In the United Kingdom, U.K. Bribery Act compliance similarly criminalizes the offering, promising, or giving of a bribe. Unlike the FCPA, the U.K. Bribery Act applies to both the public and private sectors and to both foreign and domestic bribery cases. A separate provision of the U.K. Bribery Act (Section 6) further prohibits the bribery of foreign public officials in exchange for obtaining or retaining business or a business advantage. The U.K. Bribery Act also prohibits requesting, agreeing to receive, or accepting a bribe. Companies that fail to prevent bribery by those acting on their behalf – such as an employee, agent, or subsidiary – can also be held criminally liable.
Like other risk areas discussed in this guidance, ABAC compliance should be a key part of a comprehensive third-party risk assessment process. To assist risk and compliance teams in establishing robust anti-bribery and corruption controls, several guidance documents are available, including the FCPA Resource Guide, the Department of Justice Criminal Division’s “Evaluation of Corporate Compliance Programs,” and the U.K. Ministry of Justice’s “Bribery Act 2010 Guidance.”
Quality Control and Assurance
Manufacturing compliance with quality control standards is another key compliance area – one that is especially relevant to this industry. The ISO 9001 standard, established by the International Organization for Standardization (ISO), is the most widely adopted international standard that specifies requirements for creating a quality management system (QMS).
Organizations of all sizes that seek to improve the quality of their products and services and consistently meet customer and regulatory expectations are encouraged to follow the ISO 9001 framework, which covers seven core principles of a QMS. At a high level, those principles address the importance of meeting customer requirements; leadership buy-in and support; a process-oriented approach; and a commitment to continuous improvement.
There are also industry-specific standards that build upon the ISO 9001 standards. Thus, risk and compliance teams in the manufacturing industry that meet the ISO 9001 standards also are in a good position to meet certain industry-specific standards, including IATF 16949 and IAQG 9100.
Aside from the ISO family of standards, various regulatory bodies have published industry-specific standards of their own. In the United States, for example, the Current Good Manufacturing Practice (CGMP) requirements, enforced by the U.S. Food and Drug Administration, establish requirements for properly designing, monitoring, and controlling manufacturing processes and facilities in the pharmaceutical industry.
Health and Safety Compliance
Risk and compliance professionals in the manufacturing industry also know how important it is to continuously ensure the health and safety of employees. For guidance in this area, many leading companies follow ISO 45001, the internationally recognized standard for managing occupational health and safety risks. ISO 45001 covers several key topics, including leadership commitment, worker participation, hazard identification, risk assessments, legal and regulatory compliance requirements, emergency planning, incident investigation, and continuous improvement measures.
Because manufacturing risks vary greatly sector by sector, there are also many industry-specific resources for compliance teams to turn to. The U.S. Occupational Safety and Health Administration (OSHA), for example, has published several industry-specific resources, covering the manufacturing sectors like apparel and footwear, chemical manufacturing, food processing, textiles, metalworking, semiconductor industry, and more.
Adopting the ISO 45001 standard, in combination with complementary industry-specific standards, helps risk and compliance teams in the manufacturing industry mitigate the risk of workplace injuries, illnesses, and other incidents. Following internationally recognized health and safety standards may also go a long way toward reducing the risk of regulatory fines, workers’ compensation claims, productivity losses, and other business disruption costs caused by health and safety failures.
Environmental, Social, and Governance (ESG) Compliance
As regulatory expectations around environmental, social, and governance (ESG) issues continue to gain attention on a global scale, a growing body of countries have passed laws requiring companies to be more transparent about, and accountable for, their environmental and human rights violations, and mitigating such risks in their global supply chains.
Among the most prominent that address both environmental and human rights harms include:
- The EU’s Corporate Sustainability Due Diligence Directive (CSDDD): Under the CSDDD, companies with operations in the European Union must adopt appropriate measures to identify, prevent, or mitigate adverse human rights and environmental harms across their operations, subsidiaries, and business partners in their value chains, including in the production and distribution of products.
- France’s Corporate Duty of Vigilance Law: Requires any company based in France that employs at least 5,000 employees in-country, or at least 10,000 employees worldwide to implement a “vigilance plan” to identify human rights and environmental harms resulting directly or indirectly from the company’s own operations, its subsidiaries, subcontractors or suppliers.
As more countries enact mandatory ESG reporting disclosures, risk and compliance teams in the manufacturing industry may want to familiarize themselves with the human rights and environmental due diligence reporting obligations that apply in the countries where they have manufacturing operations and facilities.
There are also international standards that provide guidance for minimizing environmental harms, including those caused by manufacturing activities. ISO 1400 – the internationally recognized standard for designing, implementing, managing, and continuously improving an environmental management system (EMS) – challenges organizations to consider all environmental issues relevant to their operations, including air pollution, water and sewage issues, waste management, soil contamination, climate change mitigation and adaptation, and resource use and efficiency.
Modern Slavery in Global Supply Chains
Combatting modern slavery in global supply chains is another top-of-mind issue that risk, ethics, and compliance teams in the manufacturing industry face today. Modern slavery is an umbrella term that encompasses a wide range of human exploitation, including forced labor, human trafficking, child labor, and bonded labor. According to the “2023 Global Slavery Index,” published by the Walk Free Foundation, approximately 50 million people around the world are victims of modern slavery.
Manufacturing companies are especially prone to modern slavery risk due to several high-risk factors that plague the industry, including generally poor visibility over lower-tier suppliers, exacerbated by jobs that are often hazardous by nature and often done in countries with lax regulatory oversight over poor and unsafe working conditions.
Due Diligence Guidance
Several global frameworks provide guidance on how to conduct human rights and environmental due diligence that compliance and risk teams may find helpful. These include:
Additionally, at the sector level, the GRI is currently in the process of developing 40 sector-specific standards that will identify material topics by sector, based on their impact. The standards will further reflect stakeholder expectations for sustainability reporting. According to GRI, the intent is to increase transparency and relevancy of each sector’s sustainability reporting.
For the manufacturing industry, GRI has expressed its intent to publish standards addressing the following industries and respective manufacturing areas including food and beverage, textiles, chemicals, aerospace and defense, medical equipment, pharmaceuticals, electronics, and more.
Risk and compliance teams may want to review the GRI sector standards as they are released, as the sustainability reporting frameworks for each industry likely will complement the due diligence reporting frameworks, as laid out by the other international frameworks mentioned above.
Compliance Best Practices for the Manufacturing Industry
In addition to following the guidance documents laid out by regulatory bodies and international standard-setting frameworks, there are a few tried-and-true best practices that compliance programs follow.
Conduct third-party (and nth-party) due diligence
Whether tackling bribery and corruption risk, environmental and human rights harms, modern slavery, or any other risk area, conducting due diligence on all your third parties in the global supply chain is at the core of a robust third-party due diligence program. At the most basic level, due diligence can be as simple as scanning for adverse media reports or conducting background checks on vendors.
Due diligence measures, especially those integrating AI capabilities, can also be further tailored by risk type, such as performing background checks to monitor for bribery and corruption, modern slavery, environmental violations, or a whole other gamut of risks.
Make risk management a cross-functional effort
No matter what type of risks you are seeking to address in the manufacturing industry – whether in the area of quality control, ABAC, health and safety, modern slavery, environmental harms, and more – taking a cross-functional approach will be the most effective way to address the risks you’re seeking to tackle. This collaboration can happen in a variety of ways and move in a multitude of directions.
To address modern slavery and environmental risks, for example, risk and compliance teams may want to consider collaborating with the procurement function, which has a direct line of sight to suppliers and can evaluate them with an eye toward their labor and environmental practices, for example. The risk and compliance function may also want to collaborate with HR, which may have information about potential illegal labor practices that compliance has not yet heard about.
Establish a multi-channel, internal reporting system
To ensure that health, safety, and environmental standards are being followed, prudent compliance professionals know how important it is to establish clear channels for reporting issues. In the manufacturing industry, easily accessible communication channels are especially important for workers on factory floors and in manufacturing facilities.
No matter where an employee works, what their job function is, or how long they are employed with the company – seasonal, contractual, part- or full-time – all employees should be able to make and manage disclosures easily, anonymously, and without fear of retaliation. Importantly, the system should be multi-channel, so that reports can be made over the phone, email, online, or even face-to-face. The more options people have to report their concerns, the more likely that compliance professionals can address ethics and compliance concerns before regulators do.
Conduct regular risk assessments
Compliance teams should continuously reassess the company’s risk exposure as new risks arise and new regulatory requirements and reporting frameworks are adopted. For example:
- Have any new manufacturing facilities started operations in the last year? If so, does its location pose a high risk for corruption, modern slavery, or environmental harm?
- Does that new location enhance the number of suppliers that require due diligence?
- Has the company started manufacturing any new products? If so, what news risks might that pose?
- Where does the company source its raw materials, and how – is there any risk of modern slavery?
- What new ESG disclosure requirements have come into force that create new reporting obligations for the company, and do policies and procedures need to be adjusted to meet those new disclosure requirements?
These are just a few questions compliance teams in the manufacturing industry may want to be thinking about as they think about how to continuously adjust and improve the compliance program as new risks and regulatory requirements arise.
Manufacturing Compliance Software Solutions
GAN Integrity leads in manufacturing compliance software solutions, designed to help navigate their manufacturing compliance challenges for some of the world’s largest brands. GAN Integrity’s ethics, compliance, and risk management platform streamlines compliance policies and procedures by organizing compliance workflows and automating tasks.
Compliance and risk teams can now achieve more, work faster, and operate with greater confidence through leveraging Gan Integrity’s extensive suite of solutions:
Third-Party Risk Management: Easily and efficiently assess, mitigate, and monitor third-party risks in real-time. Tailor workflows to meet unique business needs by organizing risk assessments by risk type and risk-scoring third parties, while collaborating with other risk owners across business functions.
Gifts and Entertainment Compliance: Automate manual processes for collecting and reviewing gift and entertainment requests with a centralized solution. Engage employees with a user-friendly submission application, while automatically escalating and flagging high-risk transactions to create greater efficiency.
Conflict of Interest Management: Manage conflicts of interest with a centralized solution for higher visibility and through streamlined processes. An intuitive user platform ensures employee adoption and engagement, allowing anyone to disclose conflicts of interest from any device, anywhere in the world.
Disclosures Management: Consolidate your disclosures for conflicts of interest (COI), gifts, travel, entertainment expenses, and political and charitable donations in a single platform.
Incident Management: Deploy a whistleblowing and incident management solution that streamlines case resolutions. Automatically triage cases and escalate high-risk matters with integrated and customized risk ratings. Automated reminders trigger time-sensitive actions and ensure timely follow-up in compliance with regulatory requirements.
The GAN Integrity Platform adapts to each company’s specific needs, giving compliance teams and other end users a uniquely tailored risk-based approach that ensures resources are effectively deployed, risks are appropriately managed and mitigated, and that comprehensive reporting is at your fingertips for when reports need to be produced.
Hannah Tichansky is the Content and Social Media Manager at GAN Integrity. Hannah holds over 13 years of writing and marketing experience, with 8 years of specialization in the risk management, supply chain, and ESG industries. Hannah holds an MA from Monmouth University and a Certificate in Product Marketing from Cornell University.