Welcome to Foley’s new Manufacturing MarketTrends newsletter. In each edition, we will highlight key trends to watch out for in 2019, making it a year of change for manufacturers.
If a company fails to know its supply chain, it can find itself getting burned in many ways, including responsibility for upstream use of forced labor or downstream sales to an export-restricted company. One of the most common ways that a company may find itself in trouble is by failing to ensure that the obligations it is undertaking in its agreements with customers are backed up by the rights it is receiving in its agreements with suppliers.
As a simplified example, if a company is warranting to its customer that products do X, Y and Z, then the company should ensure that the suppliers of its products are warranting that they do X, Y and Z. Further, if a company’s sole and exclusive remedy for a defective product from its supplier is replacement of the product or a refund of the purchase price, then the company should ensure that its agreements with customers correspondingly limit the company’s responsibility.
Even if the company’s supply chain contracts are perfectly symmetrical, if the company cannot collect from its supplier (due to the supplier’s insolvency or otherwise), then the symmetrical contracts do little good. Thus, a company must also (i) know with whom it is entering into business, (ii) ensure its supplier’s creditworthiness, and (iii) require its supplier to maintain sufficient insurance to cover the supplier’s obligations under its agreement with the company.
Many manufacturing companies were heartened by the announcement that the next tranche of section 301 tariffs on Chinese imports will be delayed following further progress in the negotiations between the U.S. and China. The existing section 232 and 301 tariffs still have had a major impact on manufacturers’ profit margins. Many companies cannot meet the requirements to obtain an exclusion. The 10 percent and 25 percent tariffs have seriously impacted manufacturers across a number of industries, including many that entered into long-term agreements for the sale of goods without any right to seek adjustments or price increases following the imposition of these tariffs.
How are these additional costs and risks flowing through the supply chain where there are fixed-price, long-term supply agreements? There have been a series of consequences that have reverberated through the supply chain. In the unlikely event that the contract contains a price adjustment clause or indexing or even a “good faith” obligation to renegotiate pricing, suppliers are exercising these clauses. Where contracts do not contemplate price adjustments (most do not), suppliers may be forced to make unilateral demands for price increases under a number of theories, such as claims of force majeure or commercial impracticability. Some suppliers have threatened to stop shipping products unless the buyer will increase prices or take over responsibility for importing the goods at issue as the importer of record. If the product is critical enough to the buyer’s supply chain and cannot be obtained from an alternate source, the buyer may have no choice but to acquiesce in the relief requested by the supplier, even if it falls outside of the parties’ contract and technically is a breach of the seller’s obligation to supply goods at a fixed price.
Whether on the sell side or the buy side, it is important that the manufacturer track all additional costs incurred as a result of the tariffs, any related demands or any cost relief. There may be an opportunity at the end of the parties’ agreement to recover some of these costs or, at least, negotiate more favorable terms for any future business.
Regulators at the Office of Foreign Assets Control (OFAC) have sent a near seven-figure message that companies need “full-spectrum” supply chain due diligence by assessing a $996,080 penalty on a California cosmetics company, e.l.f. Cosmetics (ELF), for purchasing false eyelash kits from suppliers in China that had sourced from North Korea, in alleged violation of the North Korea Sanctions Regulations, according to OFAC.
This enforcement action highlights the risks for companies that do not conduct full-spectrum supply chain due diligence when sourcing products from overseas, particularly in a region in which North Korea, as well as other comprehensively sanctioned countries, are known to export goods. OFAC encourages companies to develop, implement, and maintain a risk-based approach to sanctions compliance and to implement processes and procedures to identify and mitigate areas of risks. Such steps could include, but are not limited to, implementing supply chain audits with country-of-origin verification, conducting mandatory Risks for Businesses with Supply Chain Links to North Korea” states that North Korea often sends workers abroad to earn hard currency to send back to the North Korean government. U.S. firms that purchase goods made by these workers risk significant fines and having their imports seized at the border.
As the U.S. government concludes in its advisory, “[b]usinesses should closely examine their entire supply chain(s) for North Korean laborers and goods, services, or technology, and adopt appropriate due diligence best practices.” With OFAC also maintaining strict sanctions regimes against other countries and regions, governments, and specially designated persons, any firm that relies on an international supply chain needs to incorporate the types of supply chain best practices highlighted by the advisory and by OFAC in the ELF settlement.
Additive Manufacturing. Additive manufacturing, the process of building three-dimensional structures by adding layers of material through digital design, is no longer just wishful thinking; the number of enterprise-class three-dimensional printer manufacturers has tripled to 180 since 2016. Of manufacturers surveyed, 56.9 percent reported that they either already had, or planned to deploy within the next 36 months, some form of three-dimensional printing technology.
Additive manufacturing is no longer limited to building with plastics. For example, researchers at A*Star Singapore Institute of Manufacturing Technology have shown that additive manufacturing techniques can make a stronger version of a high-entropy alloy, cobalt-chromium-iron-nickel-manganese, allowing lower-cost manufacture of metal parts that have greater resistance to fracturing under harsh conditions.
And the reach of additive manufacturing is quite long. Boeing announced it has used additive manufacturing techniques to build control antennae for its AMOS 17 satellite. Bugatti uses selective laser melting, a form of additive manufacturing, to help create lightweight, strong parts for the Chiron sports car. In a trial taking place in the United Kingdom, additive manufacturing is being used to manufacture a titanium port for delivering microcatheters to target a region of the brain with a naturally-occurring protein that researchers think may reverse Parkinson’s Disease.
Cybersecurity. Remaining competitive and advancing requires manufacturers to rapidly implement new technologies, though they may be slow to recognize the associated cybersecurity risks. With complex systems, devices utilizing the IoT, and increasing connectivity to the Internet and third parties, manufacturers are creating new opportunities for cyberattack.
Manufacturing is as target rich as every other industry. Manufacturers maintain intellectual property, product and manufacturing designs and specifications, employee and customer data, financial information, and a host of other valuable assets. With ransomware, manufacturers may be even more at risk given that they are considered less cybersecure – which can make them prime bait for phishing an employee, gaining access to the network or dropping ransomware seeking a large payout. Often attacks start in one system and leapfrog across the network to compromise high-value targets in another system. Numerous manufacturers have had their production operations shut down, causing a massive ripple effect throughout their supply chain due to ransomware such as Notpetya, Samsam, and WannaCry.
Manufacturers need to become more cybersecure, which may require solutions such as multifactor authentication, log analysis, password rules, training, and access controls. Manufacturers should consider retiring programs and equipment that are considered end–of-life and no longer supported, leaving them exposed to known vulnerabilities. They should focus on event detection, which is more effective than seeking “absolute protection,” including secure log aggregation and security information, event management, and continuous security monitoring. Finally, manufacturers should improve their incident response capabilities, including pre-engaging with incident response and forensic providers to help support investigations.
An effective cyber strategy may require changing operational protocols. Many traditional in-house IT departments have an “if it ain’t broke, don’t fix it” mentality, leaving in place unpatched or unsupported systems that are highly vulnerable to attackers. Even if a manufacturer patches “all” vulnerabilities and secures “all” borders, the hackers are already on to the next vulnerability. Thus, the never-ending game of whack-a-mole. Vigilance is key!
For an interactive session on managing your business’s cyber risk in the age of IoT, make plans to join Foley in Milwaukee on May 9th for our next Midwest Cyber Security Alliance meeting. For event details, contact Foley’s Midwest Cyber Security Alliance co-founder, Jennifer Rathburn.
We invite you to subscribe to Foley’s Manufacturing Industry Advisor blog, which examines the latest news, developments, and trends in the manufacturing industry.