Key Takeaways

• Many companies only vet and prequalify their prime contractors and suppliers, leaving subcontractors unchecked. This can lead to hidden risks due to a lack of visibility.
• Relying solely on prime contractors to manage subcontractor compliance and risks is problematic as the hiring company may be unaware of the qualifications, safety records, or compliance of all subcontractors involved.
• Subcontractors can introduce various risks, including safety incidents, workforce and human rights issues, financial instability, quality concerns, and cyber threats.
• Incidents involving subcontractors can lead to severe consequences such as reputational damage, project delays, business disruptions, and dissatisfaction among customers, employees, and investors.

‍

Subcontractor Risks are Inherently Hidden

Subcontracting is more prevalent than ever in today’s supply chains, with estimates showing that 60-70% of outsourced work is performed by subcontractors. This practice can be efficient for hiring companies and prime contractors to meet project needs, but it also comes with significant risks. One report found that 32.3% of supply chain disruptions originated not from prime contractors but from lower-tier subs.

The key reason for subcontractor risk is a lack of visibility for the hiring company (and sometimes even for the original contractor, as subcontracting can often go down multiple tiers). Many companies vet, prequalify, and require MSAs/contracts only with their prime contractors and suppliers, with no direct link or visibility to subcontractors.

In our previous post we explained the key terms, responsibilities, and common challenges related to subcontractor management.  

In this post we will examine:

• Why hiring companies shouldn’t rely on their primes to vet and manage subcontractors
• The risks that subcontractors introduce to a supply chain
• The potential fallout for a hiring company

Relying on Primes to Manage Subcontractor Risk is Risky

When a hiring client has a network of subcontractors without full visibility, the risks are significant. For many clients, the answer is to rely on prime contractors to properly vet potential subs, ensure adequate qualifications, and enforce compliance requirements. This expectation may even be written into contracts with the prime, holding them liable for any damage caused by their subcontractors. Unfortunately, such an approach does not fully insulate an organization from risk by today’s standards or stakeholder expectations.

Hiring Clients are Still on the Hook

Organizations that rely on prime contractors to manage subcontractor compliance usually justify that approach with strong contractual agreements with the prime, releasing the hiring company from legal or financial liabilities arising from a subcontractor.  

In theory this should protect the hiring client from any associated risks with subcontractors. In practice, however, many other consequences can significantly impact a hiring company when a subcontractor is involved in an incident within its network, including project quality concerns, project delays, cyber threats, reputational fallout, and regulatory violations.  

It will not matter to shareholders, workers, customers, investors, and regulators whether or not the hiring company is “contractually liable” if there are labor violations, massive project delays, or devastating media coverage about an incident associated with that company.

Common Risks Posed by Subcontractors

All the risks associated with hiring a contractor are present with lower-tier subcontractors. In the same way any prime could have a safety incident, quality issues, or a cyber threat, so could a subcontractor. The difference is that hiring companies generally have much more robust vetting, qualification, and monitoring processes to manage those risks with their direct contractors.

When the risk is at the subcontractor level, however, it can often be left unnoticed or unmanaged due to the lack of direct visibility and communication with the hiring client. The signal attenuation that takes place between the client, contractor, and subcontractors leads to a larger number of hidden and unmitigated risks that can have enormous financial and reputational consequences.

Common Subcontractor Risk Scenarios

• Safety incidents: Without direct vetting, a hiring company can’t know the qualifications of subcontractors working on a project. Untrained workers and unsafe work conditions endanger everyone on a job site, making accidents more likely. ‍
• Workforce and human rights issues: When a hiring company lacks oversight into its extended network of subcontractors and lower-tier suppliers, workforce issues such as working conditions, fair wages, child labor, modern slavery, and more can hide beneath the surface. ‍
• Financial instability: Subcontractors are often small businesses that tend to be more financially vulnerable. Without direct vetting, a hiring client can’t know if a sub of a sub of a sub is on the verge of bankruptcy which may lead to delays or poor-quality work. ‍
• Quality: When a prime contractor outsources manufacturing, production, distribution, or labor to one or more subs, the hiring company loses crucial visibility into the quality of all components that result in the end product.
• ‍Cyber threats: Every member of a value chain is a potential vulnerability when it comes to cyber threats. A cyber-attack on even the smallest subcontractor could have severe ramifications up and down the supply chain.

Impact of Subcontractor Incidents

The above examples can have serious consequences for the hiring company, regardless of direct financial or legal liability:

• Severe reputational damage due to widespread media coverage of an incident or event
• Project delays when a subcontractor becomes unable to fulfill a job due to bankruptcy, an accident, or other adverse event
• Business disruption in the face of cyber threats, recalls, investigations, and more
• Customer, employee, and investor displeasure
• Penalties, fines, and project shutdowns due to subcontractor regulatory violations

Examples of Subcontractor Incidents with Massive Fallout

In 1999, a massive crane collapsed in Milwaukee, WI, during the construction of a new baseball stadium for the Milwaukee Brewers. A subcontractor was operating the crane when the collapse killed three workers. The subcontractor and prime faced millions in lawsuits and OSHA penalties. The Milwaukee Brewers (the hiring client) were on the hook for $100 million in repairs and significant negative media coverage, ultimately leading to a project completion delay of one year.

In 2013, Nestle was forced to suspend product deliveries and issue recalls for all products that contained beef from a particular subcontractor. Traces of horse DNA were found in quality tests of these products. Though the quality issues came from a subcontractor, not a direct contractor, Nestle still had to endure the severe reputational and financial consequences of the recall and negative media coverage.

Conclusion

Subcontractors are vital to most companies’ supply chains but also bring risks that should not be ignored. Relying on prime contractors to ensure subcontractor qualifications and compliance is an outdated model of managing subcontractor risk. Instead, hiring companies should be proactive in applying the same rigorous vetting and compliance requirements to subs as they do to their prime contractors.  

In our next post we will discuss best practices and strategies for managing subcontractor risks.

Avetta is a SaaS software company that provides supply chain risk management solutions. Its platform is trusted by over 130,000 suppliers in over 120 countries. Visit Avetta.com to learn more about its subcontractor management tools, prequalification services, and marketplace offerings.  

‍