Vendor Compliance

A number of recent stories about outsourcing have me thinking about responsibility.   A common theme in all these stories has been the question of who’s responsible with issues stemming from the behavior of the outsourcee.    I’ve written before about the difficulty of defining exactly who is a “vendor,” and outsourcing only adds another layer to that dialogue.   But for vendor management, outsourcing raises the question of determining responsibility for vendor compliance to any number of business practice standards.   Who exactly is responsible for the actions of a vendor?  

Both Disney and Mattel have responded to the American consumers’ concerns about Chinese manufacturing.   The two companies are in different situations:   Mattel is on its third recall in 3 months of toys manufactured in China.   Disney hasn’t had a documented incident.  But I believe their actions are telling.  

Mattel is certainly a trusted toy provider to most American households.   Mattel’s response is a well-communicated, straightforward recall of affected toys with a mechanism for refund or replacement.   The company has explained how the lead paint got into the production chain.   They simply stated that a supplier had violated policies and subcontracted paint from a unapproved supplier.  They have announced actions to help prevent recurrance.  Their response, while stopping just short of mea culpa, certainly doesn’t point the finger at anyone else and should go a long way in protecting the brand.      

Contrast that with Disney’s action.  The Disney brand is also a trusted provider to most American households.   Parents associate Disney with wholesome, family-safe fun.   Disney doesn’t directly manufacture toys with its characters and name and hasn’t had any manufacturing safety issues yet.  Still, they have proactively announced a random independent testing program of testing toys sold under its name.  But, Disney makes a point of stating that the ”ultimate responsibility for safety still lies with companies that license Disney characters for toys.“   

For health care providers and their materials management professionals, the Disney response would be completely unacceptable.   Whether it’s appropriate or not, it’s the health care provider and associated institution that are held responsible for the patient’s care and safety.  

This article from Mo Taherzadeh, an attorney with Mayer Brown, suggests a second-level exposure for US health care providers.  

This danger was particularly demonstrated in 2003, when a medical transcriber in Pakistan threatened to post patients’ private records online unless the University of California San Francisco Medical Center (UCSM) paid wages owed to her by the U.S.-based company that had sent the work to Pakistan. UCSM had outsourced the processing of the medical transcripts to a U.S.-based company that had, in turn, outsourced records to yet another domestic company. The second outsourcing company then sent the work to Pakistan for processing. It was the Pakistani company’s employee who threatened UCSM. In a similar case, an Ohio-based company, Heartland Information Services, received emails from its own employees in India (this type of arrangement is commonly called “offshoring” because while the task is being performed elsewhere, the same company is in charge of the process) attempting to extort cash from the company by threatening to publicly disclose confidential information.

 The UCSM case illustrates the need for developing appropriate vendor monitoring policies. Several steps are essential. First is identifying all vendors that receive sensitive information. Second is developing contractual protections that hold the vendors liable for secondary outsourcing. And third is continuous monitoring and updating of these procedures. The Heartland case, while not involving outsourcing to a vendor, similarly stresses the need for oversight of outsourced processes. 

Our Take:   Honestly, I’m surprised by Disney — from a marketing/brand protection point of view, if nothing else.   The Walt Disney Co. is a brilliant brand manager, but they are in denial of the risk exposure to their brand.   If a licensee does something irresponsible, does Disney really think this pre-emptive caveat emptor statement will protect them from market fallout?     

Yes, buyers must be careful.   Buyers must be educated.   But a free marketplace operates on a foundation of trust.   A shared faith that each party will deal honestly and forthrightly with the other.   Cries of “It’s not my fault” or ”I will not be held responsible for the actions of others’ in my name” can’t be sustained.   Better to raise the old saw “The Buck Stops Here” as a claim of responsbility.  It’s the complete opposite of ”It’s not my fault!”  And it’s good business.