A Matter of Trust
Bill McBeath -
6/22/2004
To
Trust or Not to Trust: What to Share with Trading Partners
I recently asked a question to a senior supply chain executive:
"When
should you trust your trading partners and when should you withhold information
from them?"
His answer:
"Never
and Never."
His answer was only partly tongue-in-cheek. It highlights a dilemma we all face. When important information is withheld, it leads to enormous inefficiencies or even disasters in the supply chain. Trust is needed to streamline decision making and interactions in the supply chain. But, in spite of what "Kumbaya Collaborationists" preach, there are very real and serious risks with sharing information, as shown in table 1 below. Not everyone is trustworthy.
Before
the virtualization of the enterprise and the globalization of the supply chain,
it was not so hard. The boundaries of your "domain of trust" aligned
pretty clearly with the boundaries of the old vertically integrated enterprise.
You just had to keep all that confidential information safe inside your company
and you were fine.
Figure
1. Expanding Domain of Trust
Click
on image for larger view
No
longer. The "domain of trust" now extends deep into the supply chain.
We are so interconnected. Everything is networked. More to the point, we've
outsourced so much that you MUST share confidential information with your trading
partners. If someone else is designing major components of your product, someone
else is doing your manufacturing, someone else is servicing your products at
your customers' sites, and someone else is running your call centers, then by
default you're sharing confidential customer information, product designs and
IP, production information, etc. And all the competitive pressures to reduce
cycle times, nventory levels, improve service, and innovate products faster
are pushing companies to integrate more tightly and share more information,
not less. No longer can you afford the sloppiness inherent in keeping your trading
partners in the dark.
Table
1. Risks and Rewards of Sharing Information with Partners
Type of Information |
Rewards from Sharing Information |
Risks from Sharing Information |
| Product Designs and Roadmaps |
Increased Innovation—Pace of innovation is increased
when trading partners collaborate on designs and roadmaps
Parallel Development—Aerospace, automotive, and high tech depend heavily
on parallel development between OEM, Tier 1, and Tier 2 suppliers. Automotive
OEM shares physical envelope and attachment points with Tier 1 suppliers. High
Tech OEMs give designs to contract manufacturer. Component suppliers share product
roadmaps. |
Stolen IP—Example: Huawei Technologies Co., a
well-known network equipment company in China was sued
by Cisco Systems last year for copying Cisco's software
and source code (right down to the bugs). U.S. losses
to piracy in China alone are nearly $2 billion and over
$10 billion worldwide. |
| Run rate, Backlog, Inventory Positions |
Lower Inventory + Higher Service Levels—When
inventory levels and consumption are understood, there
is better matching of supply and demand. |
Lower Allocations—During constrained supply,
customers often overstate run-rate and backlog, and may
understate their inventory to get a larger share of the
constrained component.
Loss of Negotiating Power—A supplier who is hedging production starts on
the upside may not want to disclose that to their buyer, because they will get
beaten down on the price. |
| Prospects and Customer Info |
Solution Partnerships — When done right, joint
selling of a more complete offering (total solution)
can be very fruitful for both sellers. |
Back-selling—A partnership is ruined because
your partner goes behind your back and sells without
you to a customer that you introduced them to. |
| New Product Introductions, Promotions, and POS data |
Lower Inventory + Fewer Stockouts—Wal-Mart shares
POS data which enables suppliers to more quickly respond
to changing demand. When promotions and NPIs are discussed
well in advance and changes kept up-to-date, both sides
can plan much better. |
Competitive Disadvantage—If it gets in the wrong
hands, competitors find out what you’re selling,
what you’re promoting, and what new products your
introducing, and use that to compete more effectively
against you. |
| Quality and failure data |
More Reliable Designs—When comprehensive failure
data is provided, suppliers can improve the reliability
of components.
Reduced Inspections—Suppliers’ outbound
inspection data can replace buyers’ inbound inspection. |
Exploitation of Quality Flaws—Competitors can use
your quality problems to sell against you. |
| Pricing information |
Better Demand Prediction |
Anti-Trust—In some cases, it is against the law
to share pricing information. |
| Forecasts |
Production Planning—Good forecasts are essential
to plan production to meet demand. |
Insider Trading—If someone at the supplier uses
the customer’s forecast to decide when to buy/sell
the customer’s stock, it can lead to insider trading
investigations. This risk also goes the other direction
when the customer has insider information about the supplier’s
future performance. |
Building Strategic Relationships
A
clear distinction should be made between strategic partnerships and more tactical
commodity vendor-buyer relationships. Building strategic relationships takes
time and diligence and can only be done with a small, rationalized set of suppliers.
Done right, suppliers become an extension of the enterprise. 
This
requires methodically laying out an agreement on what will be shared, the benefits,
as well as the consequences of breach—building an understanding of the mutual
self-interest and interdependence of the relationship. Because traditional relationships
are adversarial, it takes a lot of time to change mindsets.
Many
companies use the quarterly business review, generally under strict nondisclosure
agreements, as the primary forum for sharing confidential strategies. These
planning sessions at a senior-executive-to-senior-executive level review things
like the changes to market assumptions, scenarios, product roadmaps and transitions
(strategy, timing, risks), and supplier performance (goals, actuals, and improvement
plans). There are occasional instances where a trading partner abuses this position
of trust, but the end result is usually bad for the abuser. For example, a CPG
company planned a major promotion with one of its retailers. A week before the
planned promotion, the manufacturer did a promotion on the same exact product
at a lower price with one of the retailer's competitors. As a result of that
breach of trust, the supplier lost business and took years to rebuild its standing
with that major retailer. In another instance, a supplier of a component under
severe allocation leaked information to one of its customers about a second
customer's volumes and mix, in an effort to demand higher prices. 
The
second customer eventually found out and fired the supplier.
Confidential
dialogs can be even more challenging when the supplier or customer is also your
competitor. Even with a nondisclosure agreement, the sharing of product strategies,
roadmaps, and other confidential data is uncomfortable, though it is done every
day. Many of the large diversified conglomerates that are likely to be both
competitors and trading partners are in the Far East where IP rights are not
as strongly upheld. Another twist is that as more and more manufacturing is
outsourced to China and elsewhere, it raises the issue of sharing product and
manufacturing knowledge with companies that could potentially become competitors
of yours. Giant bicycle, founded in 1972 as a contract manufacturer for Schwinn
and others, used the knowledge it learned from its customers about manufacturing
and designing bicycles to build its own brand. Giant is now the largest bicycle
manufacturer in the world and 70 percent of its revenue is from its own brand.
A number of electronic contract manufacturers and ODMs are following this same
path.
Reducing Information Sharing Risks
ChainLink's 3Pe methodology provides a useful framework to show how companies can get value from sharing relevant and useful information, while decreasing the risks of abuse.
Policy
- Segmentation—The
basic foundation for protecting confidential data is the classic technique
used by the military to protect secrets, classifying data according to its
confidentiality and giving access only on a "need to know" basis.
For example, a supplier designing a component that fits in your product usually
only needs to know the physical envelope (attachment points and constraints)
and electrical interface characteristics for their component, rather than
receiving your entire design.
- Actionable
Information—A promising approach is to scrub data into actionable
information. Structured contracts, described in last month's issue (Parallax
View), are a good example. Instead of sharing range forecasts, companies
express future demand via structured contract terms like minimum firm commitments,
lead times guarantees with different pricing for different lead times, capacity
guarantees for upside flex at a higher price, etc.
- Escrow
Account—At least one company had success with another creative approach;
establishing an escrow account that is used if either party violates the agreement.
The money is then reinvested in the relationship to fix the cause of the problem,
for example, joint team education, fixing flawed processes, or new technology.
This dramatically improved the level of trust in that relationship.
Process
It is critical that the policies are backed up by processes and controls to prevent, detect, and correct accidental or deliberate misuse of confidential information, such as:
- Physical
Security—Controlled access to offices, receptionist diligence on
who is allowed in the building, badges, questioning unknown people in sensitive
areas, not leaving confidential documents out in the open, etc.
- Separation
and Rotation of Duties—For example, having a different person control
physical inventory than the one controlling information about that inventory.
- Training
and Testing—Training employees on the procedures and importance of
protecting confidential information (yours and other's under NDA). Testing
awareness and taking corrective steps.
- Logs—Keeping
accurate, tamper-proof records of who accessed what areas, what information,
and when.
- Audits—Auditing
your firm and trading partners to ensure safeguards and proper training. Some
companies have computer-assisted "continuous auditing" of compliance.
Particularly sensitive data may require structural organizational safeguards
as well. For example, some engineering organizations establish a "clean
room" approach that separates the people receiving the highly sensitive
design information and restricts their interactions and communications with
the rest of their engineering organization to prevent the partner's design
information from leaking into their own proprietary designs.
Performance
Policy
and process decisions must weigh trade-offs based on business performance
impact:
- Business
value of sharing information
- Cost
of implementing proposed controls
- Consequences
of compromising the information
Enablers
and Technology
There
are useful technologies available for implementing these practices. Role-based
access controls (RBAC) enable implementation of segmentation—giving access only
to specific people only for the specific chunks of information they need. Digital
Rights Management systems can protect individual documents even after they are
sent outside your company, limiting access and only to specific people and certain
actions (e.g., no printing, no cut and paste, no forwarding, etc.). Private
and industry networks have implemented technologies to protect confidential
data between trading partners; for example, the ANS network enables automotive
OEMs and their suppliers to securely exchange digitally signed and encrypted
confidential design files and business transactions.
Executive
Level Advocates
To
realize the optimum "return on sharing", there should be advocates
for both the sharing and protection of data. Some companies have elevated data
protection to a C-level job—the CISO (Chief Information Security Officer). Senior
supply chain executives must also advocate the benefits of sharing of information.
These decisions should rationally weigh the trade-offs. The supply chain that
maximizes sharing of the right information works like one integrated enterprise,
realizing significant competitive advantages over a supply chain whose participants
withhold valuable information from each other. Smart sharing wins.
This article is from
Parallax View, ChainLink Research's on-line magazine, read by over 150,000 supply
chain and IT professionals each month. Thought-provoking and actionable articles
from ChainLink's analysts, top industry executives, researchers, and fellow practitioners.
To view the entire magazine,
click
here.
About
the Author
Bill
McBeath, Chief Research Officer of ChainLink Research, leads ChainLink's
research efforts, as well as the procurement, strategic sourcing, design collaboration,
and on-line marketplaces practices.
Bill McBeath
can be reached at: bill.mcbeath@clresearch.com.
ChainLink
Research is a bold new supply chain research organization dedicated
to helping executsves improve business performance and competitiveness.