I was reading the New York Times this weekend when an article jumped out at me: yet another example of misconduct in a large company’s supply chain suddenly bursting into public view, bringing grief to a company that clearly hadn’t known trouble was afoot.
Ethics and compliance officers should take note. When we dissect exactly how this misconduct allegation blew up, several lessons about whistleblowers and supply chain risk in the social media age become clear.
Here’s what happened. Beer giant Anheuser-Busch ran a commercial during the Super Bowl on Feb. 3 to promote one of its subsidiaries, Bon & Viv, which sells spiked seltzer water. Bon & Viv bases its marketing strategy on the mythical story of two mermaids founded the drinks in question. So the Super Bowl commercial had two actresses portraying the mermaids as they pitched their seltzer idea to a group of sharks. Shark Tank! Get it?
The problems for Anheuser-Busch started after the commercial aired — because it bore striking similarity to another commercial, never identified publicly, that was fodder for a blistering article published on Vice.com last December.
In that article, actress Ingrid Haas told of a casting agency recruiting actresses to play two mermaids underwater, for an alcohol company’s commercial. When she arrived to audition, the casting manager told Haas and the other women there that they would need to wear a bikini, and dance for 30 seconds in said bikini (to “Milkshake” by Kelis, no less; typically not a song HR would approve for company parties).
Haas told the casting manager that the bikini dancing request was demeaning, especially since it had no relevance for a commercial of two mermaids floating underwater. He dismissed her with a “Welcome to Corporate America. This is how we sell stuff.”
Haas walked off the set without dancing. Then she wrote her article for Vice, a first-hand account of how boorish behavior toward young women still appears in the entertainment world. Haas never named Bon & Viv or Anheuser-Busch in her Vice essay, but once the commercial aired, people deduced those were the brands behind her audition.
Cue the outrage on social media: that the largest beer company in the world indirectly tolerated demeaning treatment of women. Anheuser-Busch, of course, says the behavior Haas describes is “completely unacceptable and goes against everything that our brand and company stand for,” and promised to speak to the production company that shot the commercial.
Supply Is a Chain; Risk Is a Mesh
A rather convoluted story, isn’t it? That’s what struck me about this tale above all: the sheer number of parties involved. A global conglomerate has a subsidiary, which hired a production company, which hired a casting agency, which auditioned an actress. That’s five links of supply chain between Anheuser-Busch to Haas. Include the consumers who drink Anheuser-Busch products, and it’s six. See Figure 1, below.
Corporate compliance officers worry about this issue — visibility down the supply chain — all the time. We spend boatloads of money developing supplier codes of conduct, certification forms, training materials, and monitoring programs to prevent misconduct just like this, for fear that it will ricochet back up the supply chain and expose your company to reputation risk you didn’t even know you had.
Boards want assurance that misconduct in their supply chain is well-governed. So compliance functions impose ever more controls to wring that assurance out of ever longer supply chains.
But consider what Haas did. Her article, and its ensuing attention on social media this week, short-circuited the whole idea of a chain. She didn’t escalate her concerns back to the next logical party on the supply chain. She took her concerns to all parties simultaneously. In our social media world, you can do that.
In other words, while corporations might structure transactions as a chain, the reputation risk from misconduct exists as a mesh, where all parts are connected to all others. Reputation risk in any one segment risks all segments. That connectivity is what social media provides.
So while companies try to govern their operations in a chain, their risk profile is closer to something like Figure 2, below.
And as we’ve said before, social media is not a risk unto itself. Rather, social media amplifies the risks your company already has. So as your supply chain lengthens, and your inability to see misconduct further down the chain gets worse — social media amplifies the reputation risks your company has, but can’t see.
Hence the largest beer company in the world, which truly does devote time, money, and personnel to thoughtful compliance monitoring programs, get surprised by an actress it never met, who had a bad encounter with a casting agency Anheuser-Busch probably never heard of.
Compliance Programs in the Mesh
The question for compliance officers is how to design whistleblower and incident management systems that can work within mesh of reputation and supply chain risk.
It’s an important concern, because consumers have become a cynical bunch with painfully high levels of distrust in business. When they hear about some supply chain misconduct via social media — an actress harassed, conflict minerals mined, environments polluted, slave labor used — they don’t assume that some specific control activity failed. They don’t bother to ask which supplier ignored what code of conduct.
Consumers assume the control environment failed, because leadership doesn’t practice the values it preaches. Is that a correct assumption to make? Probably not often. But people on social media have a funny habit of reaching the wrong conclusions and sticking to them.
That’s why governing misconduct in the supply chain should be a top priority for the C-suite and the board. That’s why building a resilient third-party oversight function — one able to withstand the fierce onslaught of a “negative reputation event” — is so crucial.
What does all that “mesh risk” mean for the compliance function specifically? Two things.
First, it drives up the importance of reputation surveillance. That will be tricky, because for many firms reputation surveillance is not something compliance does. The marketing or corporate communications department might do it — or more likely for many firms, it’s not something that gets done at all.
Compliance or risk officers therefore might want to ask corporate communications how the company can launch that reputation surveillance effort (plenty of vendors offer such services); or learn more about what the company does do to monitor its reputation. Specifically, how does the company monitor what’s being said about the connections between its brand and its suppliers?
Assuming the company does monitor its reputation well and has some system of “reputation red flags” in place, then the company needs a mechanism to match those red flags back to the control activities its supply chain.
That is, when some vendor far down your supply chain does something stupid, and social media is clamoring, “What does this say about Company ABC, that they work with business partners like this?” — you’ll need to be able to summon all the supplier code of conduct certifications, whistleblower complaints, case investigations and dispositions, and so forth, relevant to that allegation. You’ll need to do it precisely and promptly.
All those things, remember, are control activities your company uses to govern its supply chain. Supply chain misconduct might emerge from anywhere in that mesh network of risk; you want to find the control activities that are as close to that part of the mesh as possible.
If the company can provide that audit trail of certifications, attestations, training, and so forth, it can demonstrate a good-faith effort to push standards of ethical conduct down the supply chain.
Will that prevent a blow up on social media? Not always, since social media is an unforgiving place. But it brings the business a step closer to resilience through stormy seas, since in the real world, mermaids won’t be there to bail you out.