UFLPA Webinar: Uncover Your Supplier Risks

March 28, 2023

Product seizures at the border are mounting, do you know if your supply chain is at risk for UFLPA violations? Procurement and planning leaders now need a deeper level of UFLPA-specific supplier risk analysis to avoid disruptions including seizures and fines.  

Join Jon Bovit, Head of Everstream Discover, and Vin Ramundo, Senior Solutions Consultant as they discuss how you can identify potential UFLPA high-risk suppliers in your network and create action plans based on UFLPA supplier risk scores to stay compliant with current guidelines.   

Job Bovit, VP Public Sector and Trade, Everstream Analytics


Jon Bovit

Head of Everstream Discover

Vin Ramundo, Senior Solutions Consultant, Everstream Analytics


Vin Ramundo

Senior Solutions Consultant


Hello everyone, and welcome to our webinar today, Uncovering Supplier Risk for UFLPA Compliance, presented by Everstream Analytics.

I am joined today by my colleagues John Bovit and Vin Ramundo. For the agenda today, John will discuss the challenges of UFLPA compliance and risk and how to uncover supplier risk deep in your supply chain network, and Vin will then walk through a demonstration. At that time, we will then take questions as time allows. And now, I will turn it over to John.


Thanks Lauren, and thanks everybody for joining us today. This is John Bovit. I think everyone’s familiar with this topic, otherwise you wouldn’t have joined us today. But as you can see, the coverage from the media perspective is making the UFLPA Compliance, specifically Uyghur and Forced Labor, just in general, is just making it a real global phenomenon. And I think a lot of chief compliance, officers and supply chain professionals are now really focused on being proactive in addressing this because of that. And you can’t really, every day something else is coming out from literally every direction.

I’m assuming that if you’ve on today you’re familiar with the UFLPA or the Uyghur Forced Labor Prevention Act. It is a US-based law. It is helping to try to weed out forced labor, specifically coming out of a region, specifically in China. And what’s interesting about the law, the way it’s written, is that it really puts the emphasis back on you, being the consuming company going into your products, it kind of makes the importers themselves be able to take due diligence in order to protect and keep the products out of your supply chain. So, it really pushes the emphasis, and it forces everyone to do their due diligence. So thus, why we’re touching on this from a solution perspective.

Now, one thing that I’ll set up front is that we’re taking a very specific approach to address these specific challenges. And if you take a look at them, I think they’ll really resonate with you. The first is, you really want to be proactive versus reactive. If something happens during your customs process while you’re importing goods, it’s basically, and it gets flagged, it’s too late. So, you really need the ability to be proactive versus reactive. The other thing to note, a key area to understand is, you need to understand what’s going on in the sub-tier supply chain. Not just who your suppliers are, but who are they getting the materials from, and so forth down through the supply chain.

And it’s not just a customs and an import-export problem, it’s really a supply chain and a sourcing problem if you take a look at it, because as I mentioned, if it’s hitting and affecting your customs process, it’s often too late, you really need to try to stay ahead of it. And the other thing is that, it’s not a one-time project. I think a misnomer is, is this is something that we need to put a process in place to be able to do it, and then an initial and an ongoing and then also monitor for changes and see if anything pops in the future. So, this needs to be an ongoing process.

Thus, the way that we’ve looked at this, our key requirements to address the UFLPA risk, particularly from a supply chain risk perspective. The first is, is that you need a comprehensive and continuously updated, what I refer to as a UFLPA expanded watch list. So, how are we building and maintaining that is a really critical success factor. The other side of it is, is you need to be able to pierce the veil into your multi-tier supply chain. You need to understand the connections from your suppliers, to their suppliers, to their suppliers and so on, in order to really address this need. You need to be able to match in a really flexible and scalable way, your tier ones or your suppliers to the ones on the watch list, and you need to be able to put those together, which is not necessarily that easy.

You need to be able to have, once you do all these things, you need to be able to then understand and take a risk-based approach. In other words, you’re going to find connections, but how risky are they on a scale? And so, risk assessing, and a scoring model is important. And then finally, being able to have a reporting and analytics platform so you can, again, not only do this once, but do on a repeatable look at where the potential risks are, prioritize and so forth.

Now, Everstream took a very specific approach to our solution. And we are, I’ve heard a lot of companies talking about addressing this but really not offering up a very concrete product and solution. And we did just the opposite. We came out with guns blazing and how we can help clients address this issue, and those requirements specifically that I highlighted.

Let me walk through what we’re doing. The first is, we are maintaining our own expansive watch list. That’s key, as I mentioned, you need to understand who’s the, effectively who’s on the US entity list for this, you need to understand the aliases, the subsidiaries, you need to expand that out. You need to understand also, who are suppliers with high-risk locations, in other words, locations in the region. And you need to understand, also build out on that from who is on the watch list to who are their customers, in other words, who’s in the supply chain for them, and then who are their customers’ customers. And I’ll touch on this as a theme shortly, but you need to be able to basically build out the multi-tier supply chain from that watch list. And then again, the watch list is going to be constantly being updated, particularly in future years and as this becomes a more and more global approach, even and beyond just the Uyghur side, and it could be just a forced labor approach in general.

And then, basically once we’ve built out this expanded watch list, we were able to connect the dots via this multi-tiered discovery to see where the connections are. We also want to be able to do a scoring, we want to be able to offer up a score. We’ve created a UFLPA specific score so that you can take a risk-based approach to actually understanding, from your suppliers to this expanded watch list and who’s at potential risk. And then, thus rise the most risky ones to the top, so you can take a risk-based approach to addressing them in sequence.

And then, so that’s putting this in place and offering up reporting analytics. And then the other side of it is, is ongoing incident monitoring so that we can, if things pop up in real-time, we can let you know. So, all of these things come together from the watch list to the sub-tier discovery, to the risk scoring model that we’ve come up with, and then finally the reporting and analytics. So, we’re going to show all that to you today so you can take a look.

The whole idea here, as I mentioned, is to be able to take a particular customer’s, could be a massive list. A lot of our customers have 10, 20, 30,000 global suppliers that are material suppliers, and they want to be able to then understand, “Are any of those on this expanded watch list?” And by expanded watch list, again, what I mean is, who’s on the direct watch list, who are their customers and who are their customers’ customers? That’s on the right-hand side. And then what we do is, we then do a match and risk scoring by comparing these two and then providing effectively our customers back a result that’s floated into the platform, which you will see today.

Now, as I mentioned, the Everstream watch list, and we’re going to continue to invest and maintain this, because it’s constantly changing, more so than you can imagine. And basically, it can be based on specific name suppliers that the government does, it names, it can be suppliers with locations in the region that we’re concerned about, it could be based on looking at high risk products or materials such as cotton, tomatoes and silicone and others. And we need to be able to build out and maintain this watch list on an ongoing basis. So, that’s what we’re doing.

And then again, taking a very simple, graphical example is, a customer can give us a big list of their suppliers and their locations, and we can then do a match and scoring against this expanded watch list, and come back with, effectively a score and findings on where and who’s connected. And I think it allows you to take a very proactive approach.

And we’ll get into the demonstration, Vin will show you in a minute, but just, we’ve been doing this quite often now, and in particular, running test after test to see how we can uncover these connections deep in supply chains for our customers. And there’s one example where we found a particular supplier who was a tier one to a customer. We were able to run the process through, found that there were two matches, two connections, and Vin will show you this live. And then, we we’re able to set up a scoring model so that you can then see that this particular tier one supplier got a score of 21 out of, and then that’s out of 25, our scoring model is from one to 25. So, this would be a very high-risk supplier potentially, because in this case that we identified two suppliers, one’s providing saturated polyesters and one’s providing electrical appliances and parts. And if that’s connected back to that tier one, then that could be a high-risk connection. So again, being able to, in a very automated way, risk assess these suppliers so then you can then take action.

And the whole idea is to be able to run this, think of it as a big scan so we can, a big deep scan in your supply chain that we can continuously run to be able to identify and then allow you to analyze and then effectively take an action plan on how to assess and manage these risks that pop up. And again, what we want to do is not wait till something gets caught in customs. What we want to do, is take a proactive approach and then prioritize these for you, and we’ll show you that in a minute.

And then, the other side that, and we’ve been doing this for more than 10 years now, where we have a continuous monitoring for global risks and incidences and disruptions. And we basically have expanded it to make sure that we cover all the things that are related to the UFLPA and so forth. And we’re doing this 24/7. So, if we catch something that happens, as this example, there was a particular supplier that got shut down there, may or may not be impactful, but at least we’re catching it, notifying you and you can take action as needed. So being able to know that we’re constantly putting our finger on the pulse of what’s going on, particularly in this region is really important.

Now, the idea is, is how does this and taking advantage of this product, how does this help you? And I think it kind of helps from two different dimensions. The first is, is that it can help you avoid the costs of having a problem particularly, and those costs can come… And the second would be the revenue protection, right? Because if you can’t ship a product to a customer, that could have a revenue, and you didn’t meet expectations for your customers. The other side of it is, if something gets stuck in customs or there’s a problem, A, it could be a compliance issue, it could be potentially a legal issue, it is a law as we know. And then finally, this stuff more and more is becoming potentially a brand issue as we know. And you don’t want to be the one that gets out there with, “Hey, you’re leveraging forced labor.”

So, we believe taking this proactive approach, scanning every supplier that you have and being able to proactively analyze that is the way to go to avoid cost problems or revenue issues. And finally, just to put it in context for Everstream, we do offer a comprehensive supply chain risk platform in general, not just for UFLPA, but supply chain risk management across the board, that’s inclusive of planning, sourcing, making and deliver, including being able to understand where your risks are, monitoring, doing risk assessment, and also, monitoring for as goods are moving through the supply chain if there’s potential risks, whether those are on the transportation side or not. And with that, Vin, I will pass it to you to give a quick demo.


Hello everyone. What I’d like to do is walk through what John has eloquently talked about regarding the UFLPA risks. So this is the main dashboard that our customers can look at and leverage to really understand all their suppliers and understand the risk associated with them. So what you could see here is, I have a couple suppliers that are at a high risk and we have this sorted by the max score, the 25 means that they are an entity on the list, so they have a couple suppliers within that and they have five sub tiers within that. This is a pretty high, this Posco entity has some pretty high exposure.

We can then drill into this to get into the application so that we can go in and actually look at the risk. You can see here it’s a high risk. You can see that we have the high-risk supplier right here, you can see that it’s in there as well. You can see the score, the 20, and then you can also see the network. So you can see PlastiCo is the tier one supplier, PrintiCo’s a tier two supplier. And if we drill this out and expand it, you can actually see all the different entities associated. With these guys here, you can see this is one of those entities. You can see the relationships, you can see the flow of goods. And we can actually see through the multi-tier, you can see that Toyo Inc. Compounds’ a example of that.

If we then drill into this, we can actually look at that entity within the system, you can see the Xinjiang Blue Ridge Tunhe, you can see the incident. You can see that this is on the UFLPA sanction party list. We can go back, we can also see specific information, it’s a polyester manufacturer, it’s a material supplier. You can actually have a link into the UFLPA list so you can get into more further detailed information.

And we also have the ability to look at the product flows and the lanes associated in those relationships. So you can see here we have that pyramid technology to Tune to Toyo Inc. Compounds. I can drill into that lane and see the physical flow of those goods, of how it would route, as well as the type of products. Being able to see and understand all those relationships in the multi-tier without the customer having to give us that information. The customer gives us the tier one supplier and then we build the relationships back. And what this really focuses on and enables you to do, is to really, when you’re looking at this, to try to find the needles on the haystack. Start working with the suppliers that have the highest potential of sub-tier risk with in regards to Uyghur, so that you can work on those and make sure that those are taken care of first.


Thank you, John. Thank you, Vin. And thank you to all of our attendees who joined today. Keep an eye out for a copy of this recording to hit your inbox soon. And thank you, and have a great day.

Share this post