Technology giant Sony is committed to being a responsible corporate citizen, as well as protecting its brand, customers and shareholders. Increasingly stringent legislation in areas such as financial crime and money laundering, as well as data protection and sustainability, gives rise to risks that large companies must monitor and manage throughout the supply chain. “The increasing expectation from consumers, shareholders and legislative bodies is that organisations commit to risk management and due diligence as the foundation of their corporate social responsibility undertakings.
This is something that Sony has actively embraced and seriously recognises as part of its obligations, and our consumers’ expectations, as Sony being a responsible global corporate citizen,” says John Jordan, head of strategy and planning, Sony Europe. A breach of the Money Laundering and Terrorist Financing Regulations can cost businesses up to the equivalent amount of their turnover for the year, which, for Sony would be billions of dollars.
The potential cost avoidance from minimising the risk is huge, in addition to the protection of the company’s brand reputation. Collaborating with the global finance and legal affairs department, Sony Europe’s corporate procurement team completed a year-long project to review its 3,500-strong supplier base to identify and mitigate all relevant risks to ensure compliance with the European Union’s Money Laundering and Terrorist Financing Regulations 2019. This was not intended as simply a one-off exercise, however. The team also undertook a comprehensive review of its supplier selection, onboarding and ongoing risk management processes to identify and manage any future risks in a timely manner.
Sony designed and implemented a new process to ensure potential suppliers are reviewed against selected red flags, including sanctions listings, regulatory and law enforcement action, politically exposed persons and links to criminal organisations. To do this, Sony procurement assesses all potential new suppliers using Refinitiv’s World-Check tool – a database of politically exposed persons and heightened risk individuals and organisations that helps organisations identify and manage financial, regulatory and reputational risk.
This takes less than 10 minutes and allows buyers to determine whether they can proceed with confidence. If the supplier raises a red flag, the decision is escalated through a tiered approval process according to:
- The severity of the flag
- The extent to which it is necessary for Sony to partner with the supplier, for instance, if it’s the sole provider in the region.
All review work and decisions are logged and tracked in SAP Ariba and World-Check, providing complete transparency and an audit trail. This is also important in the event either the regulatory or supplier environment changes, which may require Sony to review previous decisions. The team has established a clear governance structure to ensure efficiency and accountability, providing a chain of approvals in the event World-Check raises any flags. New roles and responsibilities have been assigned to existing senior management to ensure Sony had a top-level commitment and the ability to facilitate factual, risk-based decision-making.
Sony’s head of procurement, head of legal affairs and head of finance, governance and process operations have been identified as compliance officers and are responsible for ensuring all suppliers are reviewed to an agreed standard. These staff also sit at the top tier of the exceptions approval process. To develop these flags in the system and ensure they are kept up to date, Sony undertakes a thorough review of all active suppliers every six months.
Reviewing and de-risking the supply base
To develop these flags in the system and ensure they are kept up to date, Sony undertakes a thorough review of all active suppliers every six months. The procurement team coordinates with finance to ensure the existing supplier base is thoroughly vetted for any legal or regulatory enforcement action, sanction listings and negative media reports.
Although this is a predominantly manual process, reviewing approximately 3,500 suppliers can as little as one week for outsourcing provider WNS. The outcome of this initial systematic risk assessments is a sub-set of “risky” suppliers, which are manually reviewed by the finance. Procurement works alongside Sony’s global finance and legal to the end-to-end business impact is understood and factored in the final assessment.
Depending on the outcome of the assessment, Sony either accepts the relationship with no change or develops mitigation actions. Biannual reports give the compliance officers assurance and, where relationships continue with these suppliers, executive signoff is a requirement. Prior to this, procurement collates information on:
- Annual spend
- Engagement with the supplier
- The team(s) affected
- Contractual terms
- Recommendations on how to proceed
This enables Sony to make an informed decision by assessing the risks against the business impact and the competitive advantage the supplier may offer, prior to taking any action.
The first time Sony assessed its supply base, procurement worked with the business to identify, evaluate and agree on mitigating actions by reviewing the impact of changing supplier versus the risk being realised. Ultimately, only 11 of the existing 3,500 suppliers were recognised as a potential reputational risk and the effect on the business was minimal as procurement only terminated two existing supplier relationships.
Without procurement’s control and governance of the supply base, managers at Sony would be free to select suppliers with little or no due diligence. Even assuming managers in a devolved environment are trained in appropriate selection/tender methodologies, it would be a challenge to ensure they apply these consistently and, as such, the organisation’s risk exposure would increase.
By ensuring the right due diligence is in place, procurement is helping the company to avoid the billions of dollars’ worth of fines and reputational damage that could result from noncompliance. Stakeholder feedback on the improvements made: “Proactive risk management is essential for an organisation like Sony Europe in a dynamic and changing business environment.
The Procurement team have taken a holistic approach to risk management from clearly defining accountability and ownership with key category managers and the business for risk monitoring the risk to deploying mitigating strategies and involving the governance team to advise on mitigation solutions where required. This enabled to implement efficient and effective processes with embedded risk management and support self-assessment that drive continuous improvement and value add to the business,” says Monika Karacsony, head of finance, governance and process operations (Sony Europe and Sony North America)
Sony Procurement has started to implement an automated, global solution using robotic process automation (RPA) to consolidate its global supplier base and run risk assessment reports on an ongoing basis. This will enable the team to optimise its operations and detect risks in real time.
Image: ricochet64 / Shutterstock.com