Supply chain risk management strategies 

If multinational corporations have learned anything in recent years, it’s that supply chain disruptions can come from anywhere; tariffs, climate change, pandemics, geopolitical tension, terrorism, regulatory changes, shipping incidents, cyberattacks, sanctions — you name it. Because the dangers are so great and varied, companies continue to pursue new supply chain risk management strategies, particularly in the areas of trade compliance, import and export screening, supplier evaluation, and post-entry audits.

Why do companies need better supply chain risk management strategies?

Supply chain disruptions aren't just possibilities — they're happening. According to the BCI Horizon Scan Report 2025, third-party failures rank as the single biggest cause of disruption in the past 12 months, accounting for 9.3% of all incidents and placing them in the top five disruptive events.

Yet despite this clear evidence, most organizations aren't prepared. The BCI Continuity and Resilience Report 2025 reveals that only 48% of organizations assess and mitigate the effects of supply chain disruption as part of their business continuity programs. This means more than half of companies are operating with significant blind spots in their supply chain risk management strategies.

The stakes are rising. As one practitioner noted in the Horizon Scan Report, “We investigate our suppliers’ business continuity plans. A few years ago, you might have said, ‘Yes, we have a plan,’ and that would have been enough. Now companies want to see your plan, evidence of testing, and audits. It’s no longer just trust; we need guarantees because we’re so reliant on different suppliers.”

This evolution in due diligence reflects a harsh reality — companies that don't understand every aspect of their supply chain face more than just operational disruptions. They risk fines, penalties, loss of import and export privileges, cost overruns, reputation damage, and erosion of consumer trust. The Horizon Scan report specifically notes how "complex interdependencies can quickly reduce visibility over risk," especially with smaller legacy vendors who struggle to meet compliance and security expectations.

The question isn't whether supply chain risks will impact your business — it's whether you'll be ready when they do. Organizations need comprehensive supply chain risk assessment and business continuity programs that go beyond basic supplier questionnaires to include ongoing monitoring, testing verification, and systematic integration of supply chain resilience into core business operations.

Know your business partners: Supplier evaluation and selection

It may sound obvious, but at the very least, companies should know who their business partners are and whether they represent a potential weakness in — or threat to — the supply chain. Granted, many multinational companies have hundreds, if not thousands, of suppliers all over the world, but such diverse and complex arrangements only highlight the need for absolute transparency up and down the supply chain through due diligence. 

Sourcing, procurement, and supply chain strategies can either advance — or derail — your company’s ESG objectives, not to mention your reputation. From ethical labor practices to diversity and inclusion to environmental protection, it’s important to understand exactly who you are doing business with.

It has also become critical to have full transparency beyond Tier 1 suppliers. Typically, the greatest risk exposure lies in sub-tiers — your supplier’s suppliers. Visibility at these levels can be extremely challenging, and the use of automated software solutions for supply chain mapping is becoming increasingly important. In fact, 54% of respondents in the 2026 Global Trade Report from Thomson Reuters said their organization is already using automation for supply chain visibility.

What questions should supply chain managers ask themselves?

As the saying goes, “You can’t mitigate what you haven’t identified,” so the first questions supply chain managers should ask themselves are:

• How well do you know your business partners?
• Are the suppliers reputable? Reliable?
• Do they reflect well on the company?
• Does their location or mode of operation represent any risks to the supply chain?
• Do your business partners have sub-tier suppliers that could pose a risk to your business?
• If so, are those risks acceptable? Tolerable? Unavoidable? Mitigable?

Asking these questions is important because many consumers do not distinguish between a brand and its suppliers. So, for example, if you discover that a company’s third-tier supplier is using child labor or somehow violating U.S. sanctions, the negative publicity can do considerable damage to your brand, not to mention exposing your company to potential violations resulting in fines and penalties.

Develop a comprehensive supply chain risk assessment program

To avoid such situations, companies should develop a comprehensive supply chain risk assessment program that makes intelligent use of software tools specifically designed to take the guesswork out of import and export risk and compliance.

For example, denied-party screening software does the tedious work of comparing supplier and customer information against multiple international watch lists, allowing procurement and sales managers to identify red flag business partners before the contract is signed.

However, technology solutions that automate screening for denied or restricted parties, politically exposed persons, adverse media, sanctions, and other aspects of global trade are only as good as the quality of their lists — and those lists are constantly changing. For example, Thomson Reuters maintains more than 790 restricted-party lists and logged over 450,000 list updates this year in support of the company’s global trade management software. Trying to keep track of so many changes manually isn’t just impossible; it’s extremely risky.

Additionally, regulations continue to expand in this space to require not just screening of entities against the lists but also understanding the underlying ownership. Many of the latest sanction regulations prohibit exports based on aggregate ownership structures. Although a company may not itself be on a restricted list, if the underlying owners are, the transaction can be prohibited. This is another good example of how supply chain mapping is becoming a requirement.

How can supply chain compliance software help assess suppliers?

Supplier assessments are another critical function that can benefit from automation. With supply chain compliance software, companies can automate business partner questionnaires, create immediate alerts for high-risk responses, and even issue and manage corrective actions. Having a central repository also makes it easy to analyze and report on business partner risk criteria and best practices with the push of a button.

Of course, there is no guarantee that disruptions won’t arise in other areas, such as border declarations, regulatory changes, country of origin statements, tariffs, licenses, product classification, and other import and export requirements. Shipping and logistics can also cause problems, especially at borders and ports of entry, as can the need for product testing and other country-specific regulations, such as anti-dumping duties and rules governing foreign trade zones.

Indeed, every link in the supply chain contains a certain amount of risk, including the products themselves, which can be subject to tariffs, testing, licenses, permits, and more. Before any product is shipped, it needs to undergo a thorough risk analysis. Ultimately, analytics and proactive global trade planning help improve visibility and avoid future supply chain disruptions.

Here are a few key questions to ask yourself so you can mitigate risks in your supply chain:

• Has the good or service been correctly classified under the applicable Harmonized Tariff Schedule (HTS), or Export Control Number?
• Can the product be legally imported or exported to, through, and from the relevant countries?
• If so, what upstream details — for example, licensing or permits — need to be anticipated?
• What tasks, costs, and risks will the product be subject to according to Incoterms rules?
• Is proof of origin required — for example on goods claiming preferential treatment under a free trade agreement  — and is the company’s record of proof accurate?
• Is the product subject to any additional tariffs or duties such as IEEPA, Section 232, 301, or AD/CVD?
• Have compliance requirements been double-checked before shipment?
• Are there security issues to consider?

Conduct post-entry audits to uncover hidden supply chain risks

Companies can achieve another layer of security by conducting post-entry audits. These audits can uncover hidden vulnerabilities and other potential supply chain risks. They can also identify instances where duties or fees are over or underpaid and give managers further insight into the true dynamics of the supply chain.

Again, import management software makes audits much easier to conduct because the program’s reporting functions are typically designed to provide most of the relevant information. But even if a company isn’t using global trade management software, a cursory overview of the import and export process is a step in the right direction. That said, keeping track of all the possible pain points in any given supply chain is practically impossible without utilizing software, so relying on manual processes invites a certain amount of risk.

With the dramatic increase in 2025 of numerous new complex tariff regimes, especially in the U.S., it is more important than ever to conduct these audits as the cost of incorrect declarations can have a significant impact on a company's bottom line.

Top 10 supply chain risk management strategies and best practices

Supply chain risk management is generally an ongoing process, not an occasional activity. Failing to monitor any part of the process opens the door to all kinds of risks that can result in fines and penalties, loss of import and export privileges, personal fines, and even imprisonment. Therefore, it is imperative for companies — especially multinationals — to have the people, tools, and systems in place to ensure a secure, reliable, and efficient supply chain as possible.

Implement these 10 best practices for supply chain risk mitigation today:

1. Build an internal team with the right skills and secure senior management support
2. Evaluate all suppliers in the chain, not just a few that are preferred
3. Make risk evaluation an essential part of the supplier onboarding process
4. Be able to map your supplier network for critical items, components, and services
5. Tie supply chain mapping to threat data geographically to visualize potential issues, such as political unrest or tariff changes
6. Use a risk-based approach, but don’t use simple checklists — have a clear methodology
7. Leverage threat data from multiple external sources and understand the consequences
8. Evaluate the risk profile of all products being shipped
9. Conduct post-entry audits of the import and export process
10. Recognize that risk mitigation is an ongoing process, not a periodic chore

Use global trade automation software to mitigate supply chain risk and manage by exception

Obviously, checking all these details without the help of an automated global trade management solution would be prohibitively time-consuming and expensive. With comprehensive global trade management (GTM) solutions, however, all these import and export factors can be automatically programmed into the engine and monitored by trade compliance and supply chain personnel for alerts or other anomalies.

Indeed, the goal of global trade automation isn’t just to introduce necessary efficiencies into a highly cumbersome process; it’s to reach a point where trade compliance and supply chain executives can “manage by exception.” That is, instead of trying to collect, process, and analyze all the information relevant to a company’s products, the software acts as a filter that only calls attention to suppliers, products, transactions, or details that look suspicious or out of character. If the system is continuously running in the background, trade compliance and supply chain managers are free to focus their attention on proactively investigating alerts rather than trying to keep track of all the possible variables that might affect their supply chain.

Download the full 2026 Global Trade Report to learn more.