Managing and Mitigating Risk from the Supply Chain

1
Managing and Mitigating Risk from the Supply Chain

• Greg Taylor, Supply Chain Management
  ExecutiveBank of America

January 4th, 2005February 1, 2006
January 4th, 2005
January 4th, 2005
2
Bank of America

• Bank of America is the fifth-most profitable
  company in the world
• Consumer and Commercial banking offices in 29
  states and the District of Columbia
• Offices in 31 countries serving clients across
  150 countries
• Over 38 million consumer and small business
  relationships
• Over 16,700 ATMs and 5,800 retail banking offices
• Processes over 8.9 billion checks each year
  (2003)
• Moves more money than the Federal Reserve each
  day
• Supply Chain Management (SCM) at Bank of America
• 11.0 billion total annual sourceable spend
  (total spend 15.4 billion)
• 50,000 suppliers

3
SCM at Bank of America

• Our Role
• Create value
• Prioritize and Drive the Projects with the
  biggest benefits in both productivity and risk
  reduction
• Foster innovation
• New ways to manage and control spend and risk
  across the end to end order to pay process
• Minimize risk
• Ensure rigid vendor management system is
  established, controlled and key metrics are
  managed routinely
• Manage and control an optimized supply base
• Drive supplier diversity
• Establish key targets for diverse spend and drive
  out to line of business sourcing execs
• Community involvement and marketing
• Identify supplier cross-sell opportunities
• Work with line of business partners to identify
  cross sell opportunities

4
SCM at Bank of America

• Our Organization
• Sourceable within the Bank of America
  organization
• Organized by line of business to focus on
  business partners
• Within line of business, a focus on commodities
• Enterprise Supplier managers

5
Application of Six Sigma in SCM

• Process Excellence Map and optimize key
  processes across the supply chain Utilize six
  sigma tools to identify and drive lean process
  improvements
• Major in Majors Key projects that drive the
  biggest benefits
• Rigid Project Management Methodology to manage
  ongoing projects and decision new project
  proposals
• Balance risk mitigation and productivity
  activities, both must be measured and controlled.
• ID Key Business and Process Control Metrics and
  drive performance reviews to reduce variability

6
Supplier Risk Management Why is it necessary?

• The choice
• Engage suppliers in an undisciplined free for
  all approach that opens the company to serious
  operational, reputational and execution risk and
  runaway costs, or
• Engage in an end-to-end process that fully
  identifies the potential risks at each step in a
  carefully designed, multi-step process that will
  lead to a long-term relationship.
• Current risk environment
• Regulatory
• Operational
• Reputational

7
SCM at Bank of America

• How we approach risk
• Build infrastructure to assess and manage vendor
  risk and performance
• Socialize the fact that the lines of business own
  supplier relationships and supplier risk
• Identify which lines of business own the supplier
  relationship
• Work across functional lines (Compliance, Risk,
  Legal) as well as with business partners
• Create tools to track supplier risk

8
Supplier Risk Management Roles and
Responsibilities

• Three Lines of Defense
• 1st Line of Defense Line of Business
• Closest to the changing nature of risk and
  customer needs
• 2nd Line of Defense Operational Risk Partner
  (SCM)
• Advise and assist in managing risk and reward
• Supply Chain Management, Compliance, Information
  Security, Business Continuity
• 3rd Line of Defense Internal and External Audit
• Independently tests the effectiveness of our risk
  management processes

9
Risk Governance

• Program integrates risk partners (Audit, Legal,
  Compliance, Operational Risk), business support
  partners (Corporate Information Security and
  Corporate Business Continuity) and lines of
  business representatives
• Compliance and Operational Risk Committee
• Supplier Manager Risk Steering Committee
• Drives the alignment of key deliverables, creates
  clear accountability between SCM, lines of
  business and business support and risk partners
• Line of Business Champions
• Oversee and coordinate the execution of the
  supplier management program within the lines of
  business

10
SCM Risk Management

• Reviews supplier financial health
• Identifies inherent risks
• Takes deep dives into operational risk, data
  risk, subcontractor risk, supplier risk, recovery
  risk, contingency planning

11
Supplier Risk Management -- Process
Supplier Manager Training Certification
Supplier Manager Tiering Deliverables
Line of Business Champion Reporting
Supplier Manager Program Reporting
Supplier / LOB Risk Mitigation Activities
Supplier Tiering
12
Supplier Tiering Defines the level of supplier
risk and performance management necessary for a
supplier relationship

• Each supplier is categorized in one of four
  tiers, based on three criteria
• How critical the supplier is to Bank of Americas
  operations or line of business
• Sensitive data handling risk
• Amount of annual supplier spend
• Tier determines the annual risk and performance
  management deliverables required for each
  supplier
• Tier 1 suppliers 18 annual deliverables
  evaluating supplier risk, financial viability,
  drivers to supplier performance, business
  continuity
• Tier 2 suppliers 12 annual deliverables, cutting
  across same components
• A simple timeline ensures deliverables are
  completely consistent across the enterprise

13
Supplier Manager Training Certification

• Formal, enterprise-wide Supplier Manager training
  and certification program provides instruction
  in
• Program governance
• Risk identification and mitigation
• Performance improvement
• Performance and risk management deliverables
• Supplier Managers recertify annually

14
Supplier Tier Deliverables
Tier 1 Supplier - Annual Deliverables (18)

• Supplier Manager Certified/Re-Certified
• Supplier Registered Online
• Financial Viability Risk Rating
• Supplier Risk Survey
• Supplier Risk Plan (if required)
• Supplier Performance Scorecard
• Supplier Management Tool (SMT)
• Insurance Certificate Review
• Signed Contract Review

• LOB Contingency Plan
• Supplier Business Continuity Questionnaire
• Supplier Business Continuity Assessment
• Supplier Business Continuity Plan
• Off-shoring Survey
• CIS Supplier Self-Assessment Test (SAT) Initiated
  (if required)
• Supplier Completed CIS SAT (if required)
• Supplier Agrees to Remediate (if required)
• LOB Accepts Remediation Plan (if required)

15
Supplier Tier Deliverables Contd

• Tier 2 Supplier - Annual Deliverables (12)
• Supplier Manager Certified/Re-Certified
• Supplier Registered Online
• Financial Viability Assessment Risk Rating
• Supplier Risk Survey
• Supplier Risk Plan (if required)
• Supplier Performance Scorecard
• Signed Contract
• CIS SAT Initiated (if required)
• Supplier Completed SAT (if required)
• Supplier Agrees to Remediate (if required)
• LOB Accepts Remediation Plan (if required)
• Offshoring Survey

16
SCM Tools Supplier Manager Toolkit Portal
Supplier Manager Checklist (tools)
17
SCM Supplier Performance Scorecard

• A tool to drive improved supplier performance

18
SCM Tools Supplier Manager Certification
Scorecard Metrics
19
SCM Tools
Communicate Deliverable Progress
20
SCM Supplier Level Tracking Sample Scorecard

• A tool that drives improved supplier manager
  performance

21
Conclusion

• As Bank of America grows, Supply Chain Management
  is an integral partner in risk mitigation.
• Our risk management tools and processes are
  imperative to business as usual.

22

• Questions and Answers