Published February 13, 2020 • 5 minute read
Vendor Compliance: When Does It Occur?
Companies enter into contractual agreements with third-party vendors, including suppliers, contract manufacturers, distributors, and other agents, to fulfill a service or provide a product on behalf of the company. These include important guidelines that ensure the order, payment, or service go smoothly, and issues are addressed swiftly and efficiently. Vendor compliance helps guarantee a third party delivers the right goods or services to the right customer on time.
There are two types of vendor compliance: basic and regulated. The former occurs in a non-regulated industry and encompasses a vendor compliance policy, which outlines requirements and includes regular assessments. The latter involves a vendor and company in a government-regulated industry, such as finance, banking, and healthcare. Both must comply with mandated laws and regulations, as well as policy stipulations.
What Is the Cost of Non-Compliance?
To determine the cost of vendor non-compliance to your company, assess all of the issues this may cause. Generally, it results in loss of revenue, wasted time, and/or harm to a company’s reputation.
Costs of non-compliance may include those associated with:
- Strategy: Each company has a long-term plan in place to achieve its goals and mission. If a vendor offers products or services that do not align with these, it will hurt the company’s return on investment.
- Reputation: These include poor customer service out of line with company policies, inappropriate recommendations, security breaches, and violations of laws and regulations.
- Operations: A company will generally integrate its internal operations policies and processes with the third-party vendor. Misalignment can cause internal conflicts.
- Transactions: Companies strive to keep their consumers happy. If the correct product isn’t making it to the correct customer at the correct time, the resulting dissatisfaction reflects poorly upon the company and the vendor. Such failure may be a result of human error, fraud, technological issues, or lack of inventory.
- Credit: A vendor may not perform as agreed upon in the vendor compliance policy, warranting deployment of a performance measurement.
- Regulatory: This cost arises from law, rule, and regulation violations, or non-compliance with internal policies.
5 Steps to Ensure Vendor Compliance
1. Assess the Risks
For third-party or contract vendors under consideration, a company should perform multiple analyses to assess the risks of entering into a contractual relationship. Benefits, potential risks, costs, and legal issues should be reviewed, and a risk-and-reward analysis completed. A company must also take into account its own costs, such as the potential creation of a third-party management position internally, or the long-term financial cost of the relationship.
2. Evaluate the Vendor
Before choosing a third party, a company must exercise due diligence to assess all aspects of a vendor. Review audited financial statements, annual reports, the vendor’s reputation, qualifications, whether the vendor is currently in litigation, subcontractors, internal operations, knowledge of relevant applicable governmental (international, national, state, or local) laws, and insurance coverage.
3. Create a Vendor Compliance Policy
A vendor compliance policy stipulates a company’s expectations across the board. For a vendor to work with a company, it must legally agree to the terms, which may include legal mandates, operational guidelines, and detailed consequences if the vendor does not perform up to standards. Some companies may keep such policies on their websites for third parties.
For example, Ralph Lauren Corporation has an easily accessible vendor compliance policy that details operating guidelines, including legal, ethical, health, and safety standards, environmental sustainability, child labor laws, discrimination and harrassment and forced or bonded labor standards, and more. It also outlines a code of ethical conduct, an anti-corruption statement, purchase order terms and conditions, hazardous substances guarantee, electronic data agreement bailment agreement, and vendor privacy, confidentiality and information security.
Barnes & Noble Inc. has a similar set of rules for third-party vendors, and calls out a few government regulations a vendor must follow to work with the company, including the Consumer Product Safety Improvement Act (CPSIA).
Some companies, such as Icon Health & Fitness, Inc., may want to include expectations for quality assurance, purchase orders, packaging, transportation routing, returns and recalls, and reimbursement policies.
4. Draw Up a Contract
While the vendor compliance program must be agreed upon by all vendors, a company should draw up a unique contract for each third party to ensure specific goals and guidelines are met.
The Federal Deposit Insurance Corporation (FDIC) provides an outline for what a contract should include, such as a scope of responsibilities for both parties, the cost and compensation of services, performance standards, necessary reports, audit standards, confidentiality and security clauses, vendor responses to customer complaints, resumption and contingency plans, default and termination clauses, dispute resolution clauses, ownership and license provisions, indemnification, and limits on liability.
5. Vendor Management
The assessments, analyses, and due diligence does not stop when a company secures a vendor. Companies should continue to oversee third-party arrangements, including operations, to ensure adherence to the contract and vendor compliance policy. It’s also important the company review that the vendor is following all necessary regulations and laws. Monitoring should also include a vendor’s licenses and registrations, the third party’s financial condition, insurance coverage, audit reports, customer interactions, and other aspects of the contract.
To manage the vendors, audits, and analyses, companies can appoint an internal management role or team to oversee all vendors. While designating someone to review all third parties may be necessary, it may also be helpful to employ software to make this easier.
- Track Certificates of Insurance: Collect, review, and correct vendor insurance coverage to mitigate liability risk.
- Conduct Safety Pre-Qualification: This ensures contract vendors and subcontractors are in compliance with electronic medical records (EMR) and Occupational Safety and Health Administration (OSHA) data.
- Hold Regulatory Screenings: With so many regulations, BCS can make it easier for vendor managers to guarantee third-party compliance.
- Manage Documents: Entering into contract with third-party vendors can result in an abundance of paperwork and data. BCS assists with managing, storing, and streamlining that data.
- Handle Financial Screenings: BCS assists with assessing risks and evaluating vendors, along with their financial stability and creditworthiness.