Procurement, once viewed as a back-office function focused on cost and delivery, is undergoing a fundamental transformation. A surge in supplier-related scandals, spanning labour exploitation, sanctions violations, environmental crimes and cyber breaches, is compelling procurement teams to adopt a new role: that of investigator, risk manager, and watchdog.
The Compliance Squeeze on Procurement
Regulators around the world are tightening the screws on corporate accountability, particularly when it comes to third-party relationships. The European Union’s forthcoming Corporate Sustainability Due Diligence Directive (CSDDD) will require large companies to identify, prevent, mitigate and account for adverse human rights and environmental impacts in their operations and supply chains. Meanwhile, the United States Department of Justice (DOJ) has issued fresh guidance on holding companies accountable for third-party misconduct under the Foreign Corrupt Practices Act (FCPA).
Scandals Forcing a Rethink
Recent scandals have forced companies to reckon with the true cost of blind trust in their suppliers. In 2023, fast fashion giant Shein came under intense scrutiny following allegations of forced labour and opaque sourcing practices. While the brand has denied wrongdoing, investigations revealed systemic weaknesses in oversight and traceability. Similarly, in 2024, a major European automotive manufacturer faced fines after it emerged that one of its metal suppliers had breached EU sanctions on Russian aluminium.
Cybersecurity has emerged as another critical front. The 2020 SolarWinds hack, which infiltrated thousands of corporate and government systems through a compromised software supplier, was a watershed moment. Today, procurement teams are acutely aware that a single vulnerability in a tier-3 supplier could compromise an entire operation.
Due Diligence Goes Deep
In response, leading organisations are embedding advanced due diligence protocols at every stage of the supplier lifecycle. This includes Know-Your-Supplier (KYS) checks, risk scoring, and automated background screening. Enhanced onboarding processes now resemble those used by financial institutions: identity verification, beneficial ownership tracing, sanctions list screening, and ESG performance audits.
Companies like Unilever and Nestlé have launched multi-tier traceability systems that map supply chains down to raw material level. Tools such as EcoVadis, Interos, and Dun & Bradstreet offer integrated risk dashboards combining financial, ethical, geopolitical and cyber indicators, enabling procurement to make data-driven decisions.
The Rise of Forensic Procurement
Beyond onboarding, procurement is becoming more forensic. Post-award contract audits are being used to detect mispricing, undisclosed subcontracting, or fraudulent billing. Third-party risk analytics platforms now provide real-time alerts on supplier litigation, regulatory actions or negative news sentiment.
One leading pharmaceutical firm introduced quarterly forensic reviews of its top 100 suppliers after uncovering undeclared sourcing from high-risk jurisdictions. These audits uncovered pricing anomalies and unauthorised service providers, leading to the termination of over £20 million in contracts.
Cross-Functional Risk Ownership
This investigative approach reflects a wider move towards integrated risk governance. Whereas procurement traditionally operated somewhat independently, it now collaborates closely with compliance, legal, finance, and cybersecurity teams. Responsibility for risk is shared across these functions, with procurement serving as the first line of defence against supplier-related threats.
Industry experts observe that procurement is increasingly recognised as a critical risk management discipline, evolving into a central hub for identifying and mitigating geopolitical, ethical, and operational exposures within supply chains.
Technology as Enabler
Artificial intelligence and machine learning are accelerating this transformation. AI-powered platforms can now screen thousands of supplier entities for anomalies in payment data, legal records, or ESG reports. Natural language processing tools flag suspicious clauses in contracts, while blockchain is being piloted to authenticate supplier claims and transactions.
However, technology is not a silver bullet. Risk visibility remains limited in industries with high supplier fragmentation, opaque sourcing practices, or weak governance. In such cases, on-the-ground audits and whistleblower channels remain essential.
From Buyer to Watchdog
The age of passive procurement is over. The function is being redefined as a strategic risk gatekeeper, one that must not only source competitively but ensure that every supplier aligns with the organisation’s ethical, legal and security thresholds. With the regulatory spotlight now shining brightly on third-party accountability, procurement leaders must be prepared to investigate, challenge and verify.
Sources:
BBC News (2023), “Shein accused of modern slavery in UK probe” https://www.bbc.co.uk/news/business-65452976
Proposal for a DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on Corporate Sustainability Due Diligence and amending Directive (EU) 2019/1937 https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A52022PC0071
Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations https://www.cisa.gov/news-events/cybersecurity-advisories/aa20-352a
