As 2023 begins, we’re taking stock of the last 12 months in supply chain news and trends. From increased regulation of environmental, social, and corporate governance (ESG) to geopolitical disruptions and cybersecurity threats, 2022 has been a busy and sometimes tumultuous year for supply chains and the corporations and countries that manage them.
Below we review the year’s biggest trends, priorities, and disruptions and share our forecasts as we look ahead in 2023.
2022 Year in Review
- We’ve seen an increased focus on ESG as governments and corporations seek to stabilize global supply chains, reduce risk, and increase transparency.
- Geopolitical upheaval this year has impacted supply chains around the world, particularly the Russia-Ukraine war and ongoing tensions between the U.S. and China.
- Cybersecurity remains a top concern as bad actors increasingly target supply chains and supplier relationships.
New Legislation in the U.S. and E.U. Make ESG a Priority
The past year has seen growing momentum from governments to promote ethical and sustainable supply chains. This includes a bigger focus on transparency to prevent corporate greenwashing and hold companies accountable to their ESG commitments.
Here are a few of the biggest laws and proposals this year:
SEC Climate Disclosure Proposal (U.S.)
The SEC released a climate disclosure proposal in March 2022 in an effort to standardize how companies report and manage their ESG initiatives. The proposed legislation will require publicly traded companies to report key climate-related information, including:
- Climate risks and their impacts on the business’ strategy, model, and outlook
- The business’ greenhouse gas emissions
- How the company is monitoring and managing those risks
- Any climate-related targets or goals, how the company plans to meet them, and what progress they have made.
Currently, the proposal only applies to public companies that have ESG initiatives in place. However, it signals a growing commitment from the U.S. government to address climate and sustainability issues along the supply chain.
Uyghur Forced Labor Prevention Act (U.S.)
The Uyghur Forced Labor Prevention Act (which went into effect in June 2022) aims to prevent goods made by forced labor in the Xinjiang region of China from entering the U.S. market. Forced labor in China has a far-reaching impact on global supply chains-with countries (including the U.S.) importing millions of dollars worth of goods each year from the Xinjiang region alone. Among the biggest exports that permeate supply chains are:
- Tomato-based products
- Minerals like gold and polysilicon
The legislation enforces a policy of “rebuttable presumption,” which means all imports from the region are assumed to be connected to forced labor and cannot be admitted into the U.S. without approval by U.S. Customs and Border Protection.
This shifts the burden of proof to the importer. Companies with suppliers based in Xinjiang must provide due diligence to demonstrate their products are not sourced from Xinjiang or, if they are, that they are not produced by forced labor.
Federal Supplier Climate Risks and Resilience Rule (U.S.)
The Biden-Harris Administration also took further action this year with a proposed rule to address greenhouse gas emissions (GHG) and protect the federal government’s supply chain from climate-related financial risks.
The proposed Federal Supplier Climate Risks and Resilience Rule would require major federal contractors to disclose:
- Their greenhouse gas emissions
- Climate-related financial risks
It would also require contractors to set emissions reduction targets.
As a key part of the President’s Sustainability Plan, the rule will cover approximately 85% of federal supply chain emissions. It will also help the government increase resilience and reduce costs in support of a comprehensive strategy to measure, disclose, manage, and mitigate climate-related risks to the U.S.
EU Directive on Corporate Sustainability Due Diligence
In February 2022, the European Commission proposed legislation that would introduce mandatory supply due diligence obligations for both EU and non-EU companies that meet certain criteria.
The Directive on Corporate Sustainability Due Diligence (CSRD) builds on the EU’s Non-Financial Reporting Directive (NFRD) to cover more companies and expand disclosure and due diligence requirements with respect to human rights and environmental standards. The CSRD will make sustainability reporting more consistent while enforcing reliable and transparent disclosures from companies doing business in the EU.
Norwegian Transparency Act
The Norwegian Transparency Act went into effect this year on July 1. The goal of the legislation is to promote corporate respect for human rights and fair labor conditions within company supply chains and increase public access to ESG information. The law applies to larger Norwegian enterprises as well as larger foreign companies that offer goods and services in Norway.
The main requirements include:
- Due diligence assessments in accordance with the OECD Guidelines for Multinational Enterprises
- Duty to identify if any company activities have actual or potential adverse impacts on human rights or working conditions
- Implementing preventative to limit any adverse impacts
- Continuous monitoring of third parties
- Providing information to the public upon request
China Introduces Guidance to Standardize ESG Reporting
Europe and North America are not the only global actors making progress on ESG policy. China released voluntary ESG guidelines this year for domestic enterprises. The aim is to establish standardized disclosure practices tailored to China’s ESG priorities.
While the guidelines remain voluntary for now, they represent progress in developing a robust, uniform reporting infrastructure in China.
More Corporations Take the Initiative on ESG Policies
Not all companies are dragging their feet on ESG efforts. Companies like Mars-Wrigley and Procter & Gamble have both made pledges this year to improve sustainability within their operations.
- Mars-Wrigley pledged that by 2023, 100% of its cocoa sourced for European factories would be responsibly sourced. The initiative will impact major products, including Mars, M&Ms, and Milky Way.
- Proctor & Gamble pledged to increase its use of alternative (non-wood) fibers in its products in an effort to reduce its impact on deforestation.
Regulatory Bodies Crack Down on Forced Labor and Corporate Greenwashing
2022 saw a rise in regulatory enforcement with crackdowns on greenwashing and forced labor violations both within and outside the U.S. Here are just a few of the major ones:
A Toyota subsidiary falsified emissions data as far back as 2003: Hino Motors admitted to falsifying emissions and fuel performance data earlier this year. An investigative committee reported that a high-pressure environment contributed to the scandal, as engineers didn’t feel able to challenge superiors when facing unrealistic demands.
Goldman Sachs agreed to pay a $4 million penalty for misleading customers about its ESG investments: The settlement highlights growing enforcement against unsupported claims within the financial industry related to ESG funds.
U.S. blocks sugar shipments from Dominican Republic: In November, the U.S. Customs and Border Protection issued a withhold release order against Central Romana Corporation, a Dominican Republic company that produces sugar, on suspicion of forced labor.
U.S. Customs seized a Uniqlo shipment on suspicion they were sourced from Xinjiang: In May, U.S. Customs seized a shipment of cotton shirts from the Japanese fashion retailer Uniqlo. Officials suspected the garments were made using forced labor from Xinjiang.
A Hyundai subsidiary has been found using child labor in Alabama: After a Guatemalan migrant child disappeared in February, police discovered she and a large cohort of underage workers were working at the SMART factory (a Hyundai subsidiary). While the investigation is ongoing, the discovery demonstrates that the U.S. isn’t immune to ESG compliance laws.
Supply Chain Disruptions As a Result of Geopolitical Tensions
Conflicts around the world have also impacted supply chains on regional and global levels. This has been particularly evident in the Russia-Ukraine war and escalating tensions between the U.S. and China.
While conflicts on another continent can seem far away, their impacts can reverberate globally. That has been the case this year with the Russia-Ukraine War. A whopping 241,000 businesses around the world rely on Ukrainian suppliers. And 90% of them are based in the U.S.
The result has been significant-and sometimes unexpected-disruption in a slew of industries and supply chains, including:
- Outsourced talent, particularly in the technology sector
- Clinical drug trials, which rely heavily on Ukrainian recruits for generic drug trials
- Major commodities like wheat
Tensions between the U.S. and China have been growing in recent years. In October, the Biden administration issued a new set of export controls that cut China off from certain semiconductor chips made with U.S. equipment. The measure is intended to slow Beijing’s technological and military advances. However, the rules have also caused widespread disruptions in the supply chain, impacting U.S. aerospace and defense firms.
Cybersecurity Remains a Top Concern in 2022
The COVID-19 pandemic drove massive digital transformation across industries and businesses. That, combined with the Russia-Ukraine War, has led to a drastic increase in cybersecurity threats. This has led to supply chain disruption as well as legislative action to shore up cybersecurity in the public and private sectors.
Ransomware Attacks Are on the Rise
Cyber attacks always remain a pressing issue, but ransomware attacks, in particular, have been on the rise this year and represent a growing threat. The trend has likely been exacerbated by the Russia-Ukraine War as foreign enemies try to disrupt global supply chains.
The main threat facing governments and corporations is in their supply chains. Today, terrorists are targeting n-tier suppliers (that may be more vulnerable and easier to breach) as a means to gain entry to larger organizations.
Organizations must be vigilant in strengthening supply chain security beyond their own perimeters to include downstream suppliers.
Some Industries Have Been Hit Harder Than Others
While all industries need to prioritize cybersecurity, some industries have more robust cybersecurity health than others. Craft’s 2022 industry analysis uncovered key findings in cybersecurity postures across industries:
- More heavily regulated industries like healthcare and financial services have the highest cybersecurity performance.
- The education and telecommunications sectors have the lowest cybersecurity scores.
See our Cybersecurity Industry Report here.
While some industries fare better than others overall, attacks on global supply chains occur across all industries.
The Elbit Systems of America breach in June underscores the importance of investing in preventative measures. Elbit Systems is an aerospace and defense organization with large government contracts and access to sensitive data. Attacks on these targets can have serious consequences for national security and infrastructure.
Governments Pass a Slew of Cybersecurity Legislation
In response to the growing cyber threats facing supply chains today, local and national governments around the world have passed legislation aimed at improving cybersecurity and supply chain resilience.
Here are a few of the key bills and proposals passed in 2022:
- Executive Order 14017 on Securing America’s Supply Chains (U.S.)
- Cyber Incident Reporting Act (U.S.)
- State and Local Government Cybersecurity Act (U.S.)
- Network and Information Systems Directive (E.U.)
What to Be Prepared for in 2023
2022 was marked by growing cyber threats, increased pressure from consumers and governments to regulate and improve ESG standards, and continued shockwaves from geopolitical disruptions and an ongoing pandemic.
As we look to 2023, here are the biggest things to prepare for:
German Supply Chain Act Goes Into Effect
The German parliament passed the Act of Corporate Due Diligence in Supply Chains in 2021, and it will go into effect in 2023. The legislation requires companies to implement strict due diligence systems to protect human rights and the environment within their supply chains. The law will have far-reaching impact on not only German companies but European and international vendors along the supply chain.
Companies need to prepare their due diligence programs and supply chain compliance systems with a focus on risk identification, analysis, mitigation, and disclosure.
Forced Labor Compliance Will Get Stricter
We’ve already seen an increased focus on labor laws and enforcement this year. Companies should plan for that trend to continue into 2023.
One of the biggest pieces of legislation coming up is in the E.U. In September, the European Commission issued a proposal to ban products made with forced labor on the E.U. market. The ban is comprehensive, covering all products made in the E.U. as well as imported goods, without targeting specific companies or industries. Once adopted, the legislation will go into effect within 24 months of ratification.
Organizations that have any business connection to the E.U. supply chain should prepare now to comply with this expansive mandate.
Large Firms Will Have to Empower Their Suppliers to be ESG Compliant
Compliance risk extends beyond the primary company to its suppliers. With increased enforcement and public pressure for better ESG, corporations must work with their suppliers to ensure compliance at every level of the supply chain.
This will require improved supplier monitoring and network visibility. Companies need to have the tools and systems in place to:
- Track and map n-tier suppliers with granular accuracy
- Gain an understanding of the corporate ownership structure of their suppliers
Supplier Cybersecurity Will Be More Important Than Ever
Ransomware attacks will continue to be a major threat in the coming year. Large firms need to invest more heavily in getting their suppliers, especially SMBs, to strengthen their cybersecurity health.
In-Depth Supplier Intelligence Is Essential
Even beyond cybersecurity and ESG, procurement and supply chain leaders must take a holistic view of their suppliers and connect the dots on financial health, labor metrics, and more, all in real-time.