Key Takeaways:

• Subcontractors introduce significant risks to extended supply chains. Hiring companies need direct visibility and oversight to protect their operations.
• A strong subcontractor risk management program requires a unified strategy, starting at the C-suite level.
• Clear expectations of a new subcontractor compliance program should be communicated through all levels of the hiring organization and with all prime contractors.
• Hiring companies must also monitor and enforce compliance standards to ensure proper risk mitigation and management in the field.

Introduction

Subcontracting is vital to modern supply chains, allowing companies to leverage specialized skills and increase flexibility. However, as outlined in our last blog, it also introduces significant risks, including safety incidents, workforce concerns, cyber vulnerabilities, reputational damage, and business disruption.

Those risks are often exacerbated by a troubling lack of visibility from the hiring company down to the many tiers of subcontractors working in their network. Many companies rely on prime contractors to vet, qualify, and manage subs, creating a compliance disconnect between hiring companies and subcontractors.

To properly manage subcontractor risk and compliance, hiring companies must instead take a proactive, deliberate approach. In this article, we’ll explore best practices for managing subcontractor risk, including:

• The need for consistent standards and communication
• How hiring companies can ensure direct oversight over subcontractors
• Tips to ensure subcontractor qualifications and compliance in the field

Consistent Strategy From the Top Down

Developing a company-wide compliance and safety strategy is crucial. This strategy should involve high-level decision-makers across the organization to ensure consistent application across all projects.

As with any major initiative, a company’s stance on subcontractor risk and compliance must start with the C-Suite. Achieving consistent standards is nearly impossible without cohesive and well-communicated buy-in from the top. Clear policies and practices should be communicated across all levels of the company, from corporate leaders to field supervisors.

Cascading Compliance Requirements

The most effective approach to subcontractor risk management is to ensure that all safety and compliance requirements apply to both direct contractors and primes, at the company and worker levels. Doing so ensures that risk practices flow consistently throughout the supply chain, and are easier to manage, monitor, and enforce by the hiring company (as opposed to unique rules for primes vs. subs).

Company-Level Requirements

Just like with any direct contractor, subs should be comprehensively vetted at the company level, including safety history and statistics, safety and sustainability practices and policies, financial health, and potential cyber vulnerabilities. Directly vetting every subcontractor ensures that the hiring company has the visibility and control to ensure the same standard of quality and compliance applies to everyone working for them.

Insurance Coverage

Insurance is one element that may not be consistent from primes to subs. Prime contractors typically handle most insurance requirements, with liability for work performed by subcontractors remaining at the prime contractor level.

However, every subcontractor must have verified workers’ compensation coverage to protect the prime and hiring company.

Worker- and Site-Level Compliance

Robust worker compliance is especially critical for subcontractors, as so much risk exists at the job site where the work is performed. Any worker on a job site, whether employee, prime, or sub, must meet the same training and compliance standards for entering a site and performing work. Making an exception for one worker immediately makes everyone else on the job site less safe.

Site access controls and security can effectively maintain proper worker qualifications and training, especially when paired with on-demand mobile worker training and on-site hazard management tools.

Clear Expectations and Communication

If your current subcontractor management practice is hands-off, the transition to a more proactive, direct program will require clear expectations and communication to all primes and subcontractors. Once you’ve determined what subcontractor requirements will be and how you will obtain and manage subcontractor information, consider these steps:

1. ‍Communicate clearly to your primes: To effectively shift your subcontractor compliance program, your primes must be informed and on-board. Consider multiple communication channels such as in-person town hall meetings, webinars, and emails to help your direct contractors understand the new subcontractor program requirements.‍
2. Be extremely clear in your new expectations: Alert your direct contractors that you have new expectations for your relationship with any subs hired to work on your projects, including that you have direct vetting and oversight. Talk about any new expectations you have of your primes and how the process for hiring subs for your jobs will change.‍
3. Re-examine your contracts: Ensure your contracts specify the relationship dynamics between you, the primes, and their subcontractors, including provisions for direct interaction as needed.

Monitoring and Enforcement

Consistency is paramount not only in communicating strategy and standards, but also in execution. Even with the best risk management strategy, field leaders may be tempted to make small compliance exceptions to keep projects on track (such as telling a worker they can enter a site without proper training, if they take the training within the next week). Likewise, primes may want to circumvent your new requirements to get a sub hired quickly in a pinch.

The problem is that contractors talk, workers may push for more “small exceptions,” and the situation can quickly devolve into more relaxed requirements in practice. Even one unvetted subcontractor or untrained worker can have catastrophic consequences. Monitoring and enforcing subcontractor compliance is crucial to maintaining your safety and sustainability standards throughout your supply chain.

Conduct regular compliance audits, site visits and inspections, and other enforcement strategies to ensure proper qualification and compliance. This is especially critical in disconnected and global operations, to ensure visibility and avoid safety hazards, child labor, quality concerns, and other risks lurking within your extended supply chain.

Conclusion

Properly managing subcontractor risk is essential for all organizations outsourcing work, as almost one third of supply chain disruptions stem from lower-tier subcontractors rather than primes. Hiring companies must ensure direct vetting and oversight of all subs in their extended network, applying the same comprehensive compliance requirements as they have for prime contractors.

Clear, top-down standards, consistent expectations, and transparent communication are key building blocks to creating a strong subcontractor compliance program.

Avetta is a SaaS software company that provides supply chain risk management solutions. Its platform is trusted by over 130,000 suppliers in over 120 countries. Visit Avetta.com to learn more about its subcontractor management tools, prequalification services, and marketplace offerings.