Workshop B — Third Party and Supply Chain Due Diligence and Resilience: Revisiting Export Controls, UFLPA and Sanctions Risk Assessments, Compliance, and Monitoring from Start to Finish
Toochi Ngwangwa
US Global Trade Counsel
Sandvik Manufacturing Solutions
Bryce Bittner
Managing Counsel, International Trade Legal
McKinsey & Company
Workshops are offered In-Person only
Third party risk management in China is increasingly critical due to the complexities of operating in China’s dynamic regulatory environment and the reliance on extensive supply chains and partnerships. As companies engage with local vendors, suppliers, and other third parties, they must navigate risks related to compliance, cybersecurity, operational integrity, and geopolitical tensions.
- Data protection and privacy around third partes in China
- Personal Information Protection Law (PIPL): Navigating China’s strict data enforcing handling requirements for personal information, impacting how third parties manage and transfer data
- China’s Data Security Law (DSL): Data localization and assessing security risks related to data handling by third parties
- Network security measures: Third party compliance with China’s Cybersecurity Law, which includes requirements for network security and data protection
- Critical Information Infrastructure Protection (CIIP): Practicing enhanced data protection for critical sectors, requiring third-party vendors to implement rigorous cybersecurity measures
- Environmental and Social Governance (ESG)
- Environmental regulations: Third parties must adhere to local environmental laws and corporate sustainability practices
- Labor laws: UFLPA compliance practices, including worker rights and safety regulations
- US sanctions on China
- Sanctions on Xinjiang Production and Construction Corps (XPCC) and implications for compliance
- China’s countermeasures: Understanding China’s Countering Foreign Sanctions Law
- US sanctions on Hong Kong
- Special status of Hong Kong in U.S. legislation
- Consequences of determination that Hong Kong is not autonomous
- Export and reexport requirements that would apply if special status is revoked
- Hong Kong Autonomy Act and potential sanctions on foreign financial institutions
- Third-Party audits and assessments
- Regular audits: Conducting regular audits of third-party operations to ensure compliance with contractual obligations and ethical standards
- Risk assessments: Comprehensive risk assessments covering operational practices, financial health, and compliance with local laws
- Technological integration and innovation
- Predictive analytics: Leveraging data analytics to predict and mitigate risks associated with third-party operations
- AI and automation: Using AI and automation for efficient third-party risk monitoring and compliance management
- Blockchain: Implementing blockchain technology for transparent, secure supply chain management and traceability