The coming into force of the Uyghur Forced Labor Prevention Act (UFLPA) has dramatically altered sanctions risk for a wide swath of companies importing goods into the United States. The Act presumes that any product supply chain that includes China’s Xinjiang Province in any way includes material that was made with forced labor and is thereby prohibited. The onus is on the importer to rebut that presumption through demonstrable due diligence and supply chain tracing and management, reaching through the supply chain down to the raw materials. Given the vast array of products that emanate from the region, from 20 percent of the world’s cotton to more than 40 percent of its polysilicon, the effects of the Act are expected to reach a wide swath of companies—few of which are prepared for the level of supply chain scrutiny that UFLPA is now unleashing.
As organizations seek to respond to these higher expectations, they should look beyond merely complying with UFLPA, as considerable as that task is. UFLPA is just the most recent example of how managing sanctions risk is becoming more complex and challenging. For example, while sanctions have long been a foreign policy tool of the United States, the European Union, Australia, Japan and others are increasingly turning to sanctions as well. This March, for example, the EU published the draft of its Corporate Sustainability Due Diligence Directive, which includes sanctions for non-compliance regarding human rights due diligence. The current unstable geopolitical environment means that there will be a steady stream of similar regulations.
The UFLPA also signals a more proactive approach by the government regarding sanctions enforcement. Historically, companies could take a “wait and see” approach to managing sanctions risk, but doing so is less viable when U.S. Customs and Border Protection, the agency charged with enforcing the Act, has significantly increased its staffing and another personnel wave is requested for next year. This is part of a larger trend toward more aggressive commercial regulatory enforcement, which can also be seen in the realms of CFIUS and antitrust.
In addition to more proactive enforcement by government, dealings with sanctioned entities also bring considerable reputational risk in the form of censure by a social-media empowered public and investors and business partners placing increasing weight on ESG issues.
All these factors combine to form a new normal that calls for a more agile approach to managing sanctions risk. As companies upgrade their sanctions risk management capabilities, they may benefit from the considering the following:
Ensure adequate resources. At many organizations, due diligence capabilities have already been stretched thin, first by the reconfiguring of supply chains during the pandemic followed by Russia’s invasion of Ukraine. The due diligence budget line needs to reflect this reality, and the function needs engaged oversight by a senior member of the legal team, supported by specialized outside counsel.
Be more forward-thinking. While the crises in Ukraine and Xinjiang may appear to have upended supply chains out of nowhere, the warning signs were there for those who monitored the situation closely. Consider that the UFLPA was first proposed in Congress more than two years ago. In the same way that corporate R&D departments spend effort on anticipating new product trends, corporate risk management departments need to widen their aperture, looking more broadly at geopolitical developments in an effort to anticipate risk before it gathers momentum.
For example, at the beginning of July, the director of the FBI stated his view that China was proactively working to insulate the country from the effect of sanctions—such as might occur should China undertake an invasion of Taiwan. In the face of such a statement, companies would be foolhardy to neglect to have supply chain contingency plans in place should relations between China and the West deteriorate further.
Double down on controls and documentation. The UFLPA is explicit in the importance it places on documenting due diligence efforts, from a mapping of each step of the supply chain to gathering and maintaining records regarding merchandise and materials. However, the public availability of corporate records across jurisdictions is far from uniform. Due diligence of suppliers in some emerging markets, for example, may require experienced local researchers who can make on-site visits to record repositories. In countries without a tradition of transparency, access to needed records may be restricted—or the records may simply not exist. In these cases, companies must be prepared to document their efforts and justify their risk assessment.
Take a risk-based approach. The UFLPA is notable for making companies responsible for managing sanctions risk in their supply chain down to raw materials; future sanctions promoted by other issues may be similarly all-encompassing. The breadth of this remit makes one-size-fits-all due diligence impractical. Instead, supplier due diligence needs to be tailored to the risk profile of the entity and what is being procured. For some suppliers, public records and questionnaires may be sufficient; for others, independent verification, on-the-ground investigation and interviews with industry sources may be called for.
Make due diligence ongoing. Many firms center their due diligence on supplier onboarding. But the due diligence process only covers a moment in time and fails to capture changes in the supplier’s sourcing and work practices. This approach, questionable in earlier times, is now plainly inadequate in the face of the ongoing vigilance required by the UFLPA. Due diligence needs to occur on a regular basis, determined by the supplier’s risk profile.
Have the appropriate response mechanism. The UFLPA both significantly complicates and raises the stakes for organizations regarding sanctions risk management. It is therefore critical to ensure that there is an adequate control mechanism for identifying due diligence red flags and then escalating issues in a timely manner to the appropriate decision makers.
The Uyghur Forced Labor Prevention Act isn’t a mere piece of legislation. It represents an existential shift in supplier due diligence, in the same way that the Patriot Act represented an enduring change in know-your-customer/anti-money laundering diligence. Corporate due diligence functions need to respond in kind to successfully navigate this new environment.
Key U.S. Government resources for UFLPA compliance
U.S. Customs and Border Protection (CBP) UFLPA website
CBP Guidance for Importers
U.S. Department of Homeland Security Report to Congress
Homeland Security UFLPA FAQs