Reminders for Risk Teams in the Wake of the Tragic Baltimore Bridge Collapse
A Third-Party Risk Management Perspective on Supply Chain Disruption
On Tuesday, March 26th, Baltimore’s Francis Scott Key Bridge collapsed after being hit by a container cargo ship, which had lost power shortly before impact and made a mayday call. Most importantly, the devastating loss of lives cannot be overstated. Yet, it’s also critical that we learn from these events as much as we can. In this instance, the fallout is three-fold: in addition to the catastrophic loss of lives and significant infrastructural damage, the incident is predicted to cause significant supply chain disruptions. The collapse severed ocean links to the Port of Baltimore, which provides about 20,000 jobs to the area.
The Port of Baltimore is also the top port in the nation for automobile shipments and a major proponent of coal, tofu, and other goods, meaning significant delays and reroutes are on the horizon. Here’s what you can expect in terms of supply chain impact — and exactly where this incident serves as a stark reminder to verify your third-party risk management best practices so you can stay ready (not reactive) for when disruption occurs.
The Impact of the Baltimore Bridge Collapse on the Supply Chain
Built in the 1970s, the 47-year-old Baltimore Bridge is predicted to take many years and cost hundreds of millions of dollars to rebuild. So, what happens in the meantime?
On Tuesday, the Port of Baltimore said that vessel traffic would be suspended in and out of the port until further notice, but trucks would still be processed in its terminals.
The ripple effect has extended to additional ports as well. Numerous vessels stranded in the harbor were initially scheduled to visit various U.S. ports for cargo handling operations before continuing overseas, an intricate logistical process upturned by the Baltimore Bridge collapse. Cargo will now have to be rerouted to other ports, figuring out on-the-go where there is enough capacity to move things. Right away, we can expect disruption to the supply of cars, coal, and other goods.
Consider the following:
- The Port of Baltimore was the 17th largest in the nation by total tons in 2021
- Baltimore is the nation’s top port for automobile shipments
- The port ranked second in the country for exporting coal last year
“It just shows how you throw a wrench in the supply chain, and the impact is not just confined to that one port,” said Mike Steenhoek, Executive Director of the Soy Transportation Coalition, in a Washington Post article that delves deeper into the collapse of the Baltimore Bridge and its lasting effects.
Building Back Stronger: Third-Party Risk Management Perspectives on Expected Supply Chain Disruptions
The collapse of critical infrastructure like the Baltimore Bridge (among other natural or artificial disasters) can cause a knock-on effect of delays and disruptions across transportation networks, supply chains, and local economies. For risk professionals, gaps in third-party risk management program could exacerbate many of these challenges and wait times when breakdowns occur. Having contingency planning and alternative vendor strategies in place, on the other hand, can help minimize the fallout and empower teams to act quickly.
Here are a few critical reminders for risk professionals to keep on their radars regarding third-party risk management best practices:
- Vigorous Vendor Due Diligence: Risk professionals must thoroughly assess the capabilities, reputation, financial stability, and compliance with safety regulations of potential partners before entering into agreements. Comprehensive due diligence helps identify red flags and mitigate risks associated with unreliable or non-compliant third parties.
- Continuous Monitoring: Just as regular inspections are crucial for ensuring structural or procedural integrity, continuous monitoring is essential for overseeing third-party relationships. Risk professionals should implement monitoring mechanisms to track third-party vendors’ performance, adherence to contractual obligations, and compliance with regulatory requirements. Timely identification of issues allows for proactive intervention and risk mitigation measures.
- Clear Contractual Obligations: Clear and comprehensive contractual agreements are vital for delineating responsibilities, expectations, and liabilities in third-party relationships. Contracts should incorporate robust provisions related to risk management, data protection, security measures, indemnification clauses, and incident response procedures. Organizations can enforce accountability and mitigate legal and financial risks arising from third-party engagements by establishing clear contractual obligations.
- Contingency Planning: Despite thorough risk assessments and preventive measures, unforeseen events such as natural disasters or infrastructure failures can disrupt third-party operations and pose significant risks to organizations. Risk professionals must develop contingency plans and business continuity strategies to mitigate the impact of such disruptions. Contingency planning involves identifying alternative vendors, establishing redundant systems, and implementing recovery procedures to ensure continuity of operations in the event of a crisis.
- Liquidity Planning: Just like your contingency plan of action, ensure you don’t face financial constraints while production is impacted by strategically allocating funds. One way to do this would be to quantify these risks and simulate value-at-risk (which shouldn’t exceed your risk-bearing capacity).
- Stakeholder Communication: Effective communication fosters transparency and collaboration in third-party risk management efforts. Risk professionals should maintain open communication channels with internal stakeholders, third-party vendors, regulatory authorities, and other relevant parties. Transparent communication facilitates the exchange of information, facilitates risk awareness, and enables prompt response to emerging threats or concerns.
It’s critical to conduct proper risk assessments of your third parties/vendors to ensure they have a full backup plan (like a backup vendor) for these circumstances. If they turn out to be a single source for your service, you could be facing longer delays, bigger disruptions, and long-term consequences. Like anything, the earlier you understand and can assess the impact before it happens, the better prepared you are to recover and build back stronger.
Elevate your GRC program today!
Reach out to our team with any questions, schedule a demo or learn more about Mitratech’s GRC solutions.