By Bill McBeath
To Trust or Not To Trust:
What To Share with Trading Partners?
I recently asked a question to a senior supply chain executive:
“ When should you trust your trading partners
and when should you withhold information from them?”
His answer:
“Never and Never.”
His answer was only partly tongue-in-cheek. It highlights
a dilemma we all face. When important information is withheld,
it leads to enormous inefficiencies or even disasters in
the supply chain. Trust is needed to streamline decision
making and interactions in the supply chain. But, in spite
of what “Kumbaya Collaborationists” preach, there
are very real and serious risks with sharing information,
as shown in table 1 below. Not everyone is trustworthy.
Before the virtualization of the enterprise and globalization
of the supply chain, it was not so hard. The boundaries of
your “domain of trust” aligned pretty clearly
with the boundaries of the old vertically integrated enterprise.
Just keep all that confidential information safe inside your
company and you were OK.

Figure 1 - Expanding Domain of Trust
click on image for larger view
No longer. The “domain of trust” now extends
deep into the supply chain. We are so interconnected. Everything
is networked. More to the point, we’ve outsourced so
much that you MUST share confidential information with your
trading partners. If someone else is designing major components
of your product, someone else doing your manufacturing, someone
else servicing your products at your customer’s sites,
and someone else is running your call centers, then by default
you’re sharing confidential customer information, product
designs and IP, production information, etc. And all the
competitive pressures to reduce cycle times, inventory levels,
improve service, and innovate products faster are pushing
companies to integrate more tightly and share more information,
not less. No longer can you afford the sloppiness inherent
in keeping your trading partners in the dark.
Type of Information |
Rewards from Sharing Information |
Risks from Sharing Information |
Product Designs and Roadmaps |
Increased Innovation—Pace of innovation is increased
when trading partners collaborate on designs and roadmaps
Parallel Development—Aerospace, automotive, and high tech depend heavily
on parallel development between OEM, Tier 1, and Tier 2 suppliers. Automotive
OEM shares physical envelope and attachment points with Tier 1 suppliers. High
Tech OEMs give designs to contract manufacturer. Component suppliers share product
roadmaps. |
Stolen IP—Example: Huawei Technologies Co., a
well-known network equipment company in China was sued
by Cisco Systems last year for copying Cisco's software
and source code (right down to the bugs). U.S. losses
to piracy in China alone are nearly $2 billion and over
$10 billion worldwide. |
Run rate, Backlog, Inventory Positions |
Lower Inventory + Higher Service Levels—When
inventory levels and consumption are understood, there
is better matching of supply and demand. |
Lower Allocations—During constrained supply,
customers often overstate run-rate and backlog, and may
understate their inventory to get a larger share of the
constrained component.
Loss of Negotiating Power—A supplier who is hedging production
starts on the upside may not want to disclose that to their buyer, because they will get
beaten down on the price. |
Prospects and Customer Info |
Solution Partnerships — When done right, joint
selling of a more complete offering (total solution)
can be very fruitful for both sellers. |
Back-selling—A partnership is ruined because
your partner goes behind your back and sells without
you to a customer that you introduced them to. |
New Product Introductions, Promotions, and POS data |
Lower Inventory + Fewer Stockouts—Wal-Mart shares
POS data which enables suppliers to more quickly respond
to changing demand. When promotions and NPIs are discussed
well in advance and changes kept up-to-date, both sides
can plan much better. |
Competitive Disadvantage—If it gets in the wrong
hands, competitors find out what you’re selling,
what you’re promoting, and what new products your
introducing, and use that to compete more effectively
against you. |
Quality and failure data |
More Reliable Designs—When comprehensive failure
data is provided, suppliers can improve the reliability of components.
Reduced Inspections— Suppliers’ outbound
inspection data can replace buyers’ inbound inspection. |
Exploitation of Quality Flaws—Competitors can use
your quality problems to sell against you. |
Pricing information |
Better Demand Prediction |
Anti-Trust—In some cases, it is against the law
to share pricing information. |
Forecasts |
Production Planning—Good forecasts are essential
to plan production to meet demand. |
Insider Trading—If someone at the supplier uses
the customer’s forecast to decide when to buy/sell
the customer’s stock, it can lead to insider trading
investigations. This risk also goes the other direction
when the customer has insider information about the supplier’s
future performance. |
Table 1 - Risks and Rewards of Sharing Information with
Partners
Building Strategic Relationships
A clear distinction should be made between strategic partnerships
and more tactical commodity vendor-buyer relationships. Building
strategic relationships takes time and diligence and can
only be done with a small, rationalized set of suppliers.
Done right, suppliers become an extension of the enterprise.
This requires methodically laying out an agreement on what
will be shared, the benefits,
as well as the consequences of breach—building an understanding
of the mutual self-interest and interdependence of the relationship.
Because traditional
relationships are adversarial, it takes a lot of time to
change mindsets.
Many companies use the quarterly business review, generally
under strict non-disclosure agreements, as the primary forum
for sharing confidential strategies. These planning sessions
at a senior-executive-to-senior-executive level review things
like the changes to market assumptions, scenarios, product
roadmaps and transitions (strategy, timing, risks), and supplier
performance (goals, actuals, and improvement plans). There
are occasional instances where a trading partner abuses this
position of trust, but the end result is usually bad for
the abuser. For example, a CPG company planned a major promotion
with one of its retailers. A week before the planned promotion,
the manufacturer did a promotion on the same exact product
at a lower price at one of the retailer’s competitors.
As a result of that breach of trust, the supplier lost business
and took years to rebuild its standing with that major retailer.
In another instance a supplier of a component under severe
allocation leaked information to one of its customers about
a second customer’s volumes and mix, in an effort to
demand higher prices. The second customer eventually found
out and fired the supplier.
Confidential dialogs can be even more challenging when the
supplier or customer is also your competitor. Even with a
non-disclosure agreement, the sharing of product strategies,
roadmaps and other confidential data is uncomfortable, though
it is done every day. Many of the large diversified conglomerates
that are likely to be both competitors and trading partners
are in the Far East where IP rights are not as strongly upheld.
Another twist: as more and more manufacturing is outsourced
to China and elsewhere, it raises the issue of sharing product
and manufacturing knowledge with companies that could potentially
become competitors of yours. Giant bicycle, founded in 1972
as a contract manufacturer for Schwinn and others, used the
knowledge it learned from its customers about manufacturing
and designing bicycles to build its own brand. Giant is now
the largest bicycle manufacturer in the world and 70% of
its revenue is from its own brand. A number of electronic
contract manufacturers and ODMs are following this same path.
Reducing Information Sharing Risks
ChainLink’s 3Pe™ methodology provides a useful
framework to show how companies can get value from sharing
relevant and useful information, while decreasing the risks
of abuse.
Policy
- Segmentation—The basic foundation for protecting
confidential data is the classic technique used by the military
to protect secrets; classifying data according to its confidentiality
and giving access only on a “need to know” basis.
For example, a supplier designing a component that fits
in your product usually only needs to know the physical
envelope
(attachment points and constraints) and electrical interface
characteristics for their component, rather than receiving
your entire design.
- Actionable Information—A promising approach is to
scrub data into actionable information. Structured contracts,
described in last
month’s issue, are a good example.
Instead of sharing range forecasts, companies express future
demand via structured contract terms like minimum firm
commitments, lead times guarantees with different pricing
for different
lead times, capacity guarantees for upside flex at a higher
price, etc.
- Escrow Account— At least one company had success
with another creative approach; establishing an escrow
account that is used if either party violates the agreement.
The
money is then reinvested in the relationship to fix the
cause of the problem, e.g. joint team education, fixing
flawed
processes, or new technology. This dramatically improved
the level of trust in that relationship.
Process
It is critical that the policies are backed up by processes
and controls to prevent, detect, and correct accidental or
deliberate misuse of confidential information, such as:
- Physical Security—Controlled access to offices,
receptionist diligence on who is allowed in the building,
badges, questioning
unknown people in sensitive areas, not leaving confidential
documents out in the open, etc.
- Separation/Rotation of
Duties—E.g. having a different
person control physical inventory than the one controlling
information about that inventory.
- Training and Testing—Training
employees on the procedures and importance of protecting
confidential information (yours
and other’s under NDA). Testing awareness and taking
corrective steps.
- Logs—Keeping accurate, tamper-proof
records of who accessed what areas/ information and when.
- Audits—Auditing
your firm and trading partners to ensure safeguards and
proper training. Some companies have
computer-assisted “continuous auditing” of
compliance.
Particularly sensitive data may require structural organizational
safeguards as well. For example, some engineering organizations
establish a “clean room” approach that separates
the people receiving the highly sensitive design information
and restricts their interactions and communications with
the rest of their engineering organization to prevent the
partner’s design information from leaking into their
own proprietary designs.
Performance
Policy and process decisions must weigh
tradeoffs based on business performance impact:
- Business value of sharing information
- Cost of implementing
proposed controls
- Consequences of compromising the
information
Enablers/Technology
There are useful technologies available for implementing
these practices. Role-based access controls (RBAC) enable
implementation of segmentation—giving access only
to specific people only for the specific chunks of information
they need. Digital Rights Management systems can protect
individual documents even after they are sent outside your
company, limiting access only to specific people and certain
actions (e.g. no printing, no cut and paste, no forwarding,
etc.). Private and industry networks have implemented technologies
to protect confidential data between trading partners;
for example, the ANS network enables automotive OEMs and
their suppliers to securely exchange digitally signed and
encrypted confidential design files and business transactions.
Executive-level Advocates
To realize the optimum “return on sharing”,
there should be advocates for both the sharing and protection
of data. Some companies have elevated data protection to
a C-level job—the CISO (Chief Information Security
Officer). Senior supply chain executives must also advocate
the benefits of sharing of information. These decisions should
rationally weigh the tradeoffs. The supply chain that maximizes
sharing of the right information works like one integrated
enterprise, realizing significant competitive advantages
over a supply chain whose participants withhold valuable
information from each other. Smart sharing wins.
©2004
ChainLink Research, Inc.
|