One of the less-glamorous aspects of contemporary business is the essential role played by third-party suppliers. Their increasing use allows businesses to rapidly scale up to meet increased product demand.

Often, they can supply parts or processes for far less than it would cost a company to produce them in-house. But what is becoming increasingly understood is that these third-party suppliers can also threaten your business — that they present several different kinds of third-party supply risk.

The Increasingly Central Role of Third-Party Suppliers

Third-party suppliers have always played a role in business. One of the reasons for the success of Henry Ford’s Model T was that he was the first domestic manufacturer to adopt English vanadium steel for essential parts. Not only was it stronger than any available domestic steel, but, paradoxically, it was also easier to machine, which allowed Ford to speed up his assembly line, thus lowering production costs.

Speed and cost have always been the drivers of third-party supplier use. But their employment has increased dramatically in the 21st century as lower international transportation costs and the rise of competent and markedly cheaper workforces all over the world have incentivized outsourcing. Global corporations commonly employ tens of thousands of third-party suppliers. For some corporations, third-party suppliers can number over 100,000.

Third-Party Supplier Risk

In terms of upscaling and cost reduction, the advantages are obvious; but until recently, the downside risks have been generally underestimated. The risk third-party suppliers can represent to global corporations is illustrated by the tragic failure of Boeing’s 737 Max, which had over 3,000 suppliers from all over the globe.

The MCAS software that brought the planes down was supplied by third-party suppliers employing $9 an hour programmer temps instead of Boeing’s own qualified engineers. Boeing didn’t understand the risk their outsourcing represented until more than 300 people had been killed.

In 2020, however, more companies have begun to understand the several risks that third-party suppliers can represent. These include financial and reputational risk; legal and regulatory risk; and especially climate risk and location risk. Flooding in 2015 in Chennai, India, for example, threatened operations of one global third-party supplier that had 11 operations centers in the area supplying dozens of major international corporations.

Early 2020 wildfires in Australia have interrupted operations of some of corporate America’s major third-party suppliers. Some of these third-party companies may not survive — a supply-chain disaster not only for them but for the corporations, many of them U.S. based, that depend upon them to meet production and sales schedules.

Third-Party Supplier Risk to Small Business

Although recent financial articles pointing out third-party risk have mostly dealt with the risk to transnational corporations, small businesses are also at risk and are sometimes without even minimal risk management. Outsourcing has become so common that it seems normal and harmless. Sometimes it is, but occasionally it is not. In those cases, the threat to the affected business can be existential. Some of these threats are:

Reputational risk: Your clothing company hires a vendor in a foreign country. The vendor is subsequently found to have abused its workers; your company’s name is prominent in the ensuing news coverage. Soon, activists are picketing your stateside locations.

Legal risk: Under the U.S. Foreign Corrupt Practices Act, your company may be found liable for a third-party supplier’s misbehavior.

Geopolitical risk: Political events in a foreign country can result in your supplier being put out of business, sometimes with little warning, which then also creates…

Operational risk: Geopolitical and climate events may interrupt supply operations. As more small businesses turn to major corporations to outsource their distribution — Amazon is an instance of the trend — that corporation can change its policies in ways that adversely affect you.

They can even decide to get rid of some of their sellers and produce the products themselves. In that case, you’ve effectively turned your customer list over to a huge new competitor. Your interactions with a large corporation can also change for the worse simply because a competitor has falsely claimed that you’ve violated corporate policies. Often there’s little you can do about it.

Data integrity risk: you may have created adequate firewalls to protect your financial and business data, which may include proprietary information. But your third-party supplier will usually have some access to this data and may not be adequately protected against significant breaches.

In a following article, I’ll write about some risk management strategies available to small businesses.