Ethicast: What Compliance Teams Miss About Third-Party Risk
Someone set fire to a Kimberly-Clark distribution warehouse in California, caused $600 million in damage, and livestreamed the whole thing. The part that got less attention: he didn’t work for Kimberly-Clark. He worked for a third-party logistics company they’d hired. Kimberly-Clark had a Supplier Code of Conduct. They had compliance standards. They’d commissioned third-party audits. And it still happened.
That’s the reality of third-party risk management — you can build a solid program and still get blindsided by something you couldn’t have predicted. But that doesn’t mean programs aren’t worth building. It means they have to be built well, and most aren’t.
In this episode, host Bill Coffin sits down with Emily Miner, Director on the Data & Services team at Ethisphere, to talk about where ethics and compliance programs fall short on third-party risk — and what strong ones actually look like. Emily draws on her work evaluating E&C programs across industries and her deep involvement in Ethisphere’s World’s Most Ethical Companies assessment process.
