In today’s complex business environment, mastering vendor onboarding is critical for Source-To-Pay security and vendor management. A mismanaged onboarding can put the entire payment chain at risk of vendor fraud or mistakes. Baptiste Collot, CEO at Trustpair gives his insights and best practices for a successful vendor onboarding.
JAGGAER and Trustpair are happy to share their latest white paper: Supplier Risk, The Modern Guide To Secure Vendor Onboarding. Download it right now!
- So first question, can you give me a quick overview and analysis of today’s supplier risks? In today’s complex business environment are supplier risks increasing, have they changed? And what are these main risks?
I think supplier risks are a major topic for any company today because suppliers are a part of your business.
There are many risks associated with your vendors just in terms of the sustainability of your business and the survival of your supply chain. We’ve seen this during COVID for example: when you have many components that can come from external countries you’re vulnerable. What we buy today is made from components that come from all over the world: any event or conflict in another country can have an impact.
Globalization increases risks and makes these risks international.
It’s all about the quality of sourcing: the quality of the suppliers, and the ability they have to resist any kind of crisis. Vendors need to be sustainable: you need to make sure they will still be around in six months, two years, and so on. And that depends on many factors you can’t 100% control.
There’s also the compliance and legal aspect: you have to be sure you have the right to work with this vendor, and that he isn’t on any sanction list. Some vendors might be in countries under sanction or that don’t respect international rules – in terms of working conditions and so on. You need to be careful: suppliers could be owned partly or in association with other companies that are on sanction risks.
The ESG aspect is a big one and has a direct impact on your reputation. You need to be sure that you work with suppliers that are on the right side of environmental and social legislations.
- What about external risks that impact vendors who then pass them off to buyers?
Of course. Supplier are more and more targeted by cyber attacks that actually target the buying companies. It’s important to work with companies that have strong cybersecurity measures set up to avoid being defrauded through your supplier – without him even knowing. Cybersecurity risks is a booming one.
In fact, more and more companies ask their vendors for specific certifications to make sure they have the best in class tools – in terms of data sharing and management. It ensures the data they share is safe.
We usually think about vendors like people selling goods and materials. But you also have all the hosting IT vendors and it’s high concern for everybody to be sure that there is no risk of data breaches.
For all risks, make sure you have a backup plan and a recovery plan if the vendor isn’t able to deliver the service anymore.
Basically we could split the risk between four main topics:
- You have the basic supply chain risk – of production, components and so on.
- Then there’s the whole scope of financial risks.
- Compliance and legal.
- And what’ve just talked about around IT and cyber risk
- And would you say that, compared to a decade ago, risk has increased or has changed and evolved in terms of seriousness of the attacks? How has the situation changed?
Risks are more important than ever because businesses are more and more interdependent. And we’ve seen this with the COVID crisis: it put the world economy under a major strain. Everything from transportation to manufacturing was suddenly threatened.
There’s also the geopolitical context that impacts businesses a lot, and probably more today than in the last two decades. The Ukrainian war put many companies under pressure, in terms of workforce or good production. Also the cost of goods increased because the price of oil and gas increased. All this put high pressure on companies to keep their margin: they now face a new risk in terms of sustainability.
What’s changed is also the sophistication of the fraudsters thanks to AI and cyber knowledge. They’re much more efficient and can execute fraud at scale. Frauds used to be manual: now they’re complex and sophisticated. Fraud attempts have exploded in the past years: that’s partly because of the rise in AI.
- Seeing what we’ve seen and discussed, how important is supplier onboarding? Why is supplier onboarding a stepping stone to having a safe relationship with your supplier? How does is reflect on your risk policy?
Supplier onboarding is absolutely crucial to start things right. It helps you do a first risk assessment for the vendors you’re working with. It’s a first step, a health check for all risks that could impact your activity. And in the context we’ve just talked about, it’s more crucial than ever.
What are the best practices in terms of vendor onboarding? What are the steps and requirements for a useful and successful onboarding?
Of course there’s the basic things: confirming the identity of the vendor, checking his official details to make sure it’s a company you really want to work with.
Than there’s all the financial checks to control the level of risk in terms of financial sustainability and so on. And of course, you need to be thorough in terms of ESG and compliance, as mentioned above.
When you onboard a vendor, you need to do a 360° assessment of associated risks. And probably adapt depending on the type of vendor.
When it comes to key vendors for your own supply chain, you need to do a detailed check up: because they’re generally based internationally, which presents additional risks and complexity.
And I would you say that today, you know vendor onboarding should be even more comprehensive and complete than it used to be.
- And do you think vendor onboarding has changed in the last 10 years?
Yes, but especially for large companies. We’ve gone from manual processes with excel sheets sent to vendors and someone typing it all in the system to a more digital onboarding.
Before, onboarding was very complex and not digital. There were many different checks owned by different teams. Compliance checks were done by the compliance team or the legal team, finance check by a credit analyst from the finance or treasury team.
Many people could be involved in the process. What we want and need today is to streamline the process. It needs to be centralized and automated. This is where it’s interesting to have an automated vendor onboarding portal. And that has been the main trend in vendor onboarding.
I think that the most important is to give back the power to the team in charge of vendors – it can be procurement for example – and stop relying on many different teams, which easily brings frictions.
That’s the purpose of platforms that will help give back the power to main users in contact with the vendor and provide assess automatic risk assessment. These assessments need to happen not just when you onboard a vendor, but all along the vendor relationship. A vendor might be ok at the beginning of the relationship but not later on.
And you can’t rely only on manual controls to do these checks during the whole supplier relationship.
You really need to have a fully automated and streamlined process. And give back the power to the teams actually in charge and not satellites teams.
- Is there anything else you’d like to add on the general topic of supplier risks or supply onboarding, any last thoughts?
I think the accuracy of data is a key component of vendor risk management and vendor onboarding. Historically, all the vendor information stored in systems, ERPs and so on was a nightmare in terms of data quality. Implementing a digital onboarding process is the opportunity to clean all existing data to be sure that controls can be made on a healthy database afterwards.
And of course, you should definitely break down silos between tools and make sure they’re interconnected to secure the whole payment process. Because vendor onboarding is the first step of the S2P and to make this S2P secure, you need to manage the risk not only during onboarding but during all the chain. You want to make sure the final stage – so paying your supplier – is safe and well managed.