Supply Chain Risk Management Travis Miller, General Counsel Assent Compliance – USA
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Supply Chain Risk Management Travis Miller, General Counsel
Assent Compliance – USA
Agenda
The Issue ◆ What is Risk Management ◆ Data Integrity in the Supply Chain ◆ Legal Compliance Risks
Risk Management ◆ Supplier Training ◆ Automation ◆ Data Verification
Summary ◆ Aligning to Best Industry Practices
1
2
3
Risk Management: Defined
• A systematic reduction in the extent of exposure
to a risk and/or the likelihood of its occurrence.
• Risk management is a critical element of
effectively managing non-compliance with
environmental, health, and safety rules.
• In the context of this conference, the risk is
non-compliance with product and materials
regulations (REACH, ELV, Conflict Minerals).
Risk Management: A Visual Aid
Risk Management
• For vehicle producers, many component parts for vehicles are purchased
from your supply chain.
• The compliance risk revolves around the materials and product data
emanating from your supply chain.
Risk Management
• For data to move from a materials producer to
the end customer (vehicle brand owner), it must
pass through a series of intermediaries.
• The automotive industries vehicle for this is the
IMDS database. Data entering IMDS comes
from three sources:
–Data directly entered by a party who
manufacturers the materials and knows its
substance content.
–Committee published materials.
–Data accumulated and digested, which is
then transcribed into IMDS. (Special cases:
electronics are the most common).
Risk Management
• Data accumulated and digested (electronic component data), which
are then transcribed into IMDS using REC019.
Risk Management
• Assent is here to talk about these risks in the
context of the data flowing through the supply
chain.
• For automotive suppliers who directly purchase
materials, fabricate parts from that data, then
combine the materials and weights into the
system, the risk is primarily administrative (e.g.
bad data, mis-keying something).
• For individuals who purchase assembled electronic
parts, the risk is compounded by data format
issues, data gaps, and a lack of cohesive industry
standards.
Risk Management
• Suppliers who must consolidate information outside
of IMDS (electronics), then enter data into IMDS
engage in a supply chain due diligence exercise
known as material compliance data collection.
• These outreach efforts, the subsequent consolidation
of the information, and the entering of the data into
IMDS pose the greatest risk of materials and product
compliance violations in the automotive industry.
Data Collection Projects are Tough
Data Collection Projects are Tough
• PLM/MRP systems have inconsistent data
for electronic components in assemblies
• Manufacturer Part Numbers (MPNs) are
not maintained
• MPNs do not match Internal Part Numbers
• End of Life parts/products have not been
maintained, leaving corporate PLM/MRPs
with redundant MPNs
• There will be questions about (who ‘owns’
the Approved Vendor List (AVL) – you, the
CM or a hybrid) and who should do the
data collection
Data Collection Projects are Tough
• Many suppliers of electronic assemblies still do not understand their customers’ need for compliance
– They do not ship to Europe, so they have no legal obligation to give you any ELV/REACH/FMD data
– Data acquisition can be expensive
– Compliance is not fundamental to their business
– People leave companies, the knowledge does not stay behind
• To ensure success there needs to be a legal framework – Your Master Supplier/Service Agreements should include language
that requires legal compliance certifications
– Your purchase order terms and conditions should emphasize this obligations
– There should be corporate policies that drive compliance into your supply chain
– Don’t rely on good will when it comes to legal matters
Data Collection Projects are Tough
• The expense, lack of knowledge and regulatory risks can lead suppliers to:
– Cut corners concerning data collection
– Make errors on completing material content declarations
– Enter inaccurate information to meet a customer’s requirement or specification
Data Integrity in the Supply Chain
• The fundamental risk of product compliance and supply chain reporting regulations lie in the quality of the data
– Brand owners rely on data from suppliers, but rarely vet the information they receive from suppliers
– In many instances, the received data not systematically updated when the regulation is updated
– Often obvious data integrity issues that an engineer or designer of a product would easily identify are missed, because the core engineer and supply chain talent within organizations do not review the received data
What resources will you require to manage
these challenges?
Managing Data Collection Projects
• At their core product compliance and supply chain inquiries are due diligence exercises
• You must have a methodical compliance program that evaluates the practices and products covered by the regulations
• Most programs follow a basic pattern: i. Supplier inquiry to gain additional information
ii. Evaluation of supplier responses
iii. Monitoring of regulation
iv. Evaluate available supplier data in response to regulatory changes
v. Collect and assess new data
1: Supplier Inquiry
• Once the regulation has been analyzed and the suppliers in scope of the regulation are identified, the inquiry can begin when:
– The company decides to participate in the IMDS system
• Forms matter, IMDS industry standard of data exchange makes a big difference
– The company must identify and allocate the resources required to administer the inquiry
• This requires knowledge of IMDS
• Ability to train the supply chain on how to respond to questions concerning the regulations and system
• Capability to administer escalations to the supplier
2: Evaluation of Supplier Responses
• Gather and review documents for accuracy
– An effective and defensible due diligence program will have to take into account an assessment of the data in relation to a standardized review process that is both documented and repeatable
– IMDS data is only as good as your review for plausibility.
3: Monitoring Regulation
• At the end of the supply chain inquiry and due diligence process, the produce compliance projects are rarely over – To keep pace, the company’s program must be
harmonized to the review cycle of the regulation
• For example, REACH updates twice annually, which requires either a re-review of the supply chain data or an update to the supplier’s IMDS disclosure and/or a risk assessment of materials requiring review
– Many programs require regular review because the laws are in a state of change
• Conflict minerals and anti-human trafficking laws have the added obligation of requiring annual assessments and reviews
4: Evaluating Updated Data
• Once an assessment of the existing compliance data is complete, companies should be left with two tranches of data:
a. Supplier information that is deemed acceptable and that does not need to be re-surveyed
b. Supplier information that is not acceptable that will have to be resurveyed and re-vetted.
5: Collect and Assess New Data
• The data tranche that requires collection of data will have to go through the same assessment process.
• The final data needs to be reviewed to align with any customer or regulatory reporting requirements.
Regulatory Implications of Bad Data
Product Recall
Component Failures – Quality Issues
Fines and Criminal Prosecution
Brand and Reputational Damage
Summary
• Product and supply chain transparency Initiatives are data collection exercises
• The automotive industry has done a good job working together and benchmarking
• There still needs to be a data collection, data validation, regulatory monitoring and internal policies and controls that respond to regulatory changes
• The risk of not properly understanding and vetting the supply chain is significant in relation to direct product recalls, quality/product failures, prosecutions/fines and brand reputational damage
• Well organized supply chain outreach campaigns, training, and due diligence is the best way to protect your company
Closing Thought
Questions
Ask me now
• Raise your hand
Ask me later
• Travis Miller, General Counsel
Assent Compliance – USA
–p: 866 964 6931
–c: 480 438 5400
Houston, we have a problem…
Heidi M. Wittenborn
Problem? What Problem?
• Don’t think of the data as simply a declaration of what is
• Think of it as a potential early warning system
– Substances that need to be eliminated
– Non-compliant components buried in assemblies
Letting the Right Someone Know
• IMDS can be the last line of defense against non-compliance
• Build feedback loops from your IMDS review team to
– Design engineers
– Purchasing staff
– Quality assurance team
Application Codes Can Signal Issues
• Not all application codes can be used for all vehicles
– Many apply only to vehicles and/or spare parts for vehicles placed on the market or type approved before a certain date
• 1-Jan-2016 is a watershed date – many exemptions expired for vehicles with a type approval on this date or later
– For a new part be sure that any application code cited is valid for a new vehicle
Application Code Examples
• Code 54 - Valid only for vehicles (& spare parts for them) with a type approval date before 1 January 2011
• Code 45 - Valid for spare parts for vehicles put on the market before 1 July 2009
• Code 51 - Valid only for vehicles (& spare parts for them) put on the market before 1 July 2011
The Traps - Polycyclic aromatic
hydrocarbons (PAHs)
• Some application codes are designed to raise concerns rather than provide cover
• If your supplier is using a code that applies to PAHs, beware
ID Application
35 The lubricant / oil contains total PAHs >3% according to IP 346
36 The lubricant / oil contains total PAHs <3% according to IP 346
37 Extender oil contains PAHs > 10mg/kg (for tyres only)
38 Extender oil contains PAHs < 10mg/kg (for tyres only)
39 Non-tyre application
40 Not applicable
41 PAH in lubricating oil
The Big Red Flag
• Application code 20: Other application (potentially prohibited)
– Run a Where-Used Analysis at regular intervals to make sure you haven’t missed this one on any MDSs
• Investigate any occurences
Application Code Feedback
Problem Substances
• Watch for substances that are no longer allowed (for all intents and purposes)
• Examples
– Di-(2-ethylhexyl)phthalate (DEHP), CAS# 117-81-7
– Hex chrome
– Cadmium
– Mercury
Use the Analysis Tab within an MDS
• Run an analysis of all the substances in a specific MDS looking for your priority substance issues as part of your data review
Basic Substances & Where-Used Analysis
• You can run a Where-Used Analysis across any group of selected MDSs for any single basic substance
• Build this into your watchdog process for all new additions to the REACH SVHC, Annex XIV and Annex XVII lists
– Find them and start working with suppliers to get them out of your product
A Particular Issue for Electronic Components
• RoHS compliance ≠ ELV compliance
– Make sure your design and purchasing groups don’t specify RoHS compliance inappropriately
• RoHS may be appropriate for separate accessories
– RoHS contains many substance exemptions that have no equivalent in ELV
– Since many electronic components are certified RoHS compliant but never ELV compliant take special care in reviewing MDSs for them
Examples: ELV ≠ RoHS
• RoHS compliant but not ELV compliant items
– Terminal plating is .24g of 90Ag10Cd alloy
• Plating is not ELV compliant therefore entire assembly is not ELV compliant
– Resistor manufacturer uses Pb60Sn40 solder on one of its lines
• ELV exemptions for this type of solder have expired with respect to new vehicles so resistors made on this line are not ELV compliant (except for some spare parts)
Another Substance List to Watch
• California Prop 65*
– Includes a list of chemicals that may or may not be on the GADSL
– Requires consumer product labeling
• Vehicle is a consumer product
• Proposed revisions to requirements are going to require naming specific substances
*California Safe Drinking Water and Toxic Enforcement Act of 1986
In Summary
• Recognize that an issue with the data may or may not = an issue with the part
• Implement formal feedback processes to notify design/purchasing/quality of part issues
• Build overarching MDS analysis practices into your data review procedures to monitor changing substance requirements
Questions?
Heidi M. Wittenborn
Senior Environmental Consultant
512-217-1675
IMDS Shortcuts
Chuck LePard
IMDS Shortcuts topics
1. Searching
2. Keyboard
3. Clipboard
4. CM Analyzer
5. Advanced accelerator (a2)
MDS Searching
Example: Inbox
Returned results are limited to 500 for
display and export.
Returned results are limited to 500 for
display and export.
Search on submissions from a group of
specific suppliers – or search on all
submissions.
Search by your specific Org. Unit. If not authorized for
Org. Units, you will only see your own “roof” company
Use “Open” for outstanding items, or select
specific status - or filter out MDSs cancelled by
sender
Date specific filters – Date Transmitted or
Date of last status change (e.g. accept, reject,
others)
Wildcards can help! Try *part name, or
##*## when unsure if hyphens or spaces
IMDS Committee Items
Example: Labels
• Search Semicomponents with “*Label” as the name.
• Many customers prefer IMDS Committee items when appropriate.
Published MDSs
By IMDS-Committe
e [423]
Save Supplier List
Semicomponent tab
“*label“
Article Name
A company with Org Units may appear many times, once for each Org Unit
Company Searches
• Display an MDS search screen. Select Accepted or Published. Select the Company Search icon
Uncheck to
display Org
Units
Consider Search
by Contact person
Less characters with wildcards can
help – IH*Auto finds
IH Auto, IH-Auto, IHS Auto
IH*Auto
Function Keys
Functions… Component Search Ctrl+1
Functions… Semicomponent Search Ctrl+2
Functions… Material Search Ctrl+3
Functions… MDS/Module Search Ctrl+4
Functions… Basic Substance Search Ctrl+5
MDS… New… Datasheet… Component Ctrl+Alt+1
MDS… New… Datasheet… Semicomponent Ctrl+Alt+2
MDS… New… Datasheet… Material Ctrl+Alt+3
MDS… New… Module… Component Ctrl+Shift+1
MDS… New… Module … Semicomponent Ctrl+Shift+2
MDS… New… Module … Material Ctrl+Shift+3
MDS… Save Ctrl+S
Functions… InBox Ctrl-I
Functions… OutBox Ctrl-O
Administration… (User) Personal Settings Ctrl+U
Help… User Manual F1
Keyboard Shortcuts
Clipboard contents
Add to Clipboar
d
Remove All from Clipboar
d
Question: Are the clipboard contents retained when you leave IMDS?
Answer: If you logout, Yes, it should be, even changing browser or PC. If you X-out (don’t!) or crash, maybe, but probably not.
Appropriate Items may be “dragged and dropped” to and
from the clipboard
Clipboard
IMDS advanced accelerator (a2)
CM Suppliers are displayed
MDSs containing CMs are displayed
2b Set Rules: Owned, MDSs/modules, or suppliers accepted and/or published MDSs
2a. Set Rules: Name, No, Dates, Versions
1. Set MDS type
3TG Where Used analysis in Web Client is slower, yet equally
reliable
Most 3TG are not in GADSL, so may be masked in Jokers /
Confidential
CM Analyzer
Where to find more Information
• Additional shortcuts on these and other topics may be found on the IMDS
Information Pages, especially in the Frequently asked Questions (FAQ) pages
• The IMDS User’s Guide is a great source for ideas, available in six languages
• Also feel free to contact us at the IMDS Helpdesks
• Thank you!
Related Documents
