Steve Hager (srhager@autoclubgroup.aaa.com) is Ethics Program Manager at The Auto Club Group in Dearborn, Michigan, USA. Cris Mattoon (cqmattoon@autoclubgroup.aaa.com) is Assistant Vice President, Compliance & Ethics, at The Auto Club Group, and Chief Bank Compliance Officer, at Auto Club Trust FSB in Dearborn, Michigan, USA.
Outsourcing and co-sourcing are no longer the exception to the rule, but are key to effective resource management in today’s economy. No longer solely the province of large corporations, organizations of all sizes across industries employ vendors, contractors, and consultants to perform core functions. Although the upside of using external resources often results in greater financial and operational efficiency and improved customer outcomes, boards of directors and CEOs must ensure that adequate safeguards are implemented to mitigate risk. An effective supplier code of conduct should be central to such measures.
A pillar of prudent risk management
Business conduct may no longer be left to chance. It seems that a shocking news story emerges daily due to some cybersecurity incident, harassment, discrimination, or physical injury associated with a well-known brand. Like a forest fire leaping the fire control line, these stories leap from cable news onto social media where the conflagration goes global in the blink of an eye. What often escapes the initial spread of the negative news story is the role that a supplier may have played in the unfortunate incident.
Think Target Corporation and its HVAC vendor,[1] whose own allegedly inadequate risk management practices allowed hackers to steal a reported 40 million credit card numbers in one of the biggest data breaches in history. Although almost no one informed of the incident and its subsequent litigation could name the HVAC vendor, practically everyone associates the breach with the red bullseye logo. Your board of directors doesn’t want to find itself at the center of a litigator’s or regulator’s costly and embarrassingly public “bullseye.”
In addition to ongoing supplier due diligence, legally binding contracts, and sufficient insurance coverage, supplier codes of conduct provide a key pillar of prudent risk management. A vibrant employee code of conduct, frequently discussed at all levels of an organization and among employees, can mitigate inappropriate and unethical internal behavior. Likewise, a supplier code of conduct, carefully tailored to the industry and reflective of mutual expectations between the contracting organization and its vendors, contractors, and consultants can guide third-party behavior before it reflects badly upon your brand.