Protecting your brand · 2020. 7. 17. · If you are not able to prove that your product is compliant, the authorities can enforce product recalls. This is not only an expensive process,

Second Issue to reflect the changes due to the COVID-19 outbreak

Protecting your brand

Regulatory and compliance related insights for managing reputational risk

Consumer Markets and Retail SectorKPMG Netherlands

June 2020

2© 2020 KPMG Advisory N.V., registered with the trade register in the Netherlands under number 33263682, is a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved.

The world is changing at a rapid pace, particularly within the Consumer Markets and Retail sector where the rate of change is quickening as the digital revolution reshapes the industry. In addition, the COVID-19 outbreak has brought unprecedented uncertainty and complexity. Revenue and profitability remain key challenges whilst consumers become more skeptical and regulators alike increase their scrutiny. Margins were already razor-thin across many parts and will continue to come under pressure with the online sales acceleration.

Concurrently, more attention is now drawn towards social issues and dilemmas. During the last Business Roundtable in August 2019, held by a group of CEOs of nearly 200 major U.S. corporations, it was concluded that shareholder’s value is no longer the sole purpose of a corporation, breaking with decades of long-held corporate orthodoxy. Corporations – including retailers – therefore must invest in their employees, protect the environment and deal fairly and ethically with their suppliers. Those purposes become more relevant in the COVID-19 era and will directly influence how society perceives company brand.

The need for ethical, social and environmental business models was further highlighted in KPMG’s 2019 Global CEO Outlook Survey as outlined in the following page. 71% of top executives reported that they felt personally responsible for ensuring that their company’s environmental, social and corporate governance policies reflect the values of their customers. For many companies, it means that a set of measures needs to be established to protect their brand.

The regulatory landscape at both country and EU level has reinforced responsible conduct with heavy fines for non-compliance. It is obvious from regulations such as the Dutch Child Labor Act, that retailers must be transparent about their operations and compliance across the supply chain. Retailers also have to deal with high-impact, hard-to-predict events such as the outbreak of COVID-19. In the light of the outbreak, an extensive set of measures are placed to ensure the wellbeing of consumers and staff. As such, retailers must demonstrate that they are taking the right steps to mitigate future adverse effects, and in doing so, they will protect their brand and financial health.

At KPMG we recognize that for retail executives protecting their brands is a complex challenge. It is not a simple task to find the right balance between the commercial and compliance considerations. That’s why we would like to provide you with this publication to support you in managing the risks, whilst striving for growth and profitability.

We continue to welcome conversations with you on any of these areas to understand your needs and share our insights. Please get in touch with our team of experts in the Netherlands and we are more than happy to help.

Leah Jin Partner Risk & Regulatory Consumer & Retail

T: + 31 20 656 29 89 M: + 31 61 224 28 47E: [email protected]

Jeroen SlijkermanSenior Manager Customer & Brand Advisory | Consumer & Retail

T: + 31 20 656 43 30M: + 31 63 089 87 75E: [email protected]

How important is your brand reputation?

Archie KristamuljanaManager Risk & RegulatoryConsumer & Retail

T: +31 20 656 80 24 M: + 31 61 231 70 41E: [email protected]

This publication has been updated to reflect the changes due to the global outbreak of COVID-19. The pandemic accelerated key fundamental trends that were already influencing the sector: 1. Business model evolution 2. The value of purpose 3. The ruthless focus on reducing cost 4. The increased power of the consumer

The recent shifts in retail fundamentals have made these trends even more acute and urgent.

Retailing in a COVID-19 world

Please check for more details on the latest retail trends our Global Retail Trends 2020 Publication

https://assets.kpmg/content/dam/kpmg/xx/pdf/2020/05/global-retail-trends-2020.pdf


Understanding what your consumers care about2019 KPMG Global CEO Outlook*

71% of CEOs feel it is their personal responsibility to ensure that the organization’s environmental, social and governance (ESG) policies reflect the values of their customers.

71% of CEOs say that their organization sees information security as a strategic function and a source of competitive advantage.

67% of CEOs believe in the notion of “acting with agility is the new currency of business; if we’re too slow we will be bankrupt”.

55% of CEOs surveyed in 2019 agreed that they should look beyond purely financial growth to achieve long-term sustainable success.

Environmental and climate change now tops the risk agenda, climbing from its fourth-placed position in 2018.

`

`

`

`

`

*Agile or Irrelevant, Redefining Resilience. 2019 Global KPMG Outlook - kpmg.com/CEOoutlook


The COVID-19 outbreak has a huge impact on customer experience and customer relationship. How will you maintain trust in brand and products and services? How will you reset expectations for today? And how will you recover the customer experience in the future?

COVID-19 has changed the global retail and consumer risk landscape

Protecting your Customer

Protecting your Cash

Managing risk in Supply Chain

Paying your Taxes

Protecting people The COVID-19 has already led to a number of workplace shut-downs and quarantines. Retailers must have a plan that ensures the safety of customers and employees in the shops, warehouses, and offices. Beyond simply creating a crisis communications plan, retailers should also be thinking about how they will manage their workforce under various scenarios.

Retailers may have more time to prepare for the new EU VAT rules for e-commerce. Due to COVID-19, the European Commission proposed to postpone the introduction of the new rules by six months (1 July 2021 rather than 1 January 2021). More details about the new EU VAT rules for e-commerce can be found on page 9.

Retailers have to deal with a variety of supply chain challenges, with those that rely on customer footfall (such as traditional shopping malls and department stores) having taken a considerable hit. The supply chain operations should also be prepared for the forthcoming economic recovery. There is an urgent need to fully align with suppliers on the schedule of production and supply for the second half of the year.

Cash preservation and cash management will be key to retail and consumer brand survival over the next period. However, do not allow yourself to become only focused on the near-term crisis. Plan now for the post-COVID-19 world.

KPMG thought leadership

Consumer and Retail: Cash and the journey past COVID-19.

Update from the European CommissionCommission proposes postponement of taxation rules due to Coronavirus crisis

KPMG thought leadership

Consumer and Retail: Responding to crises and changing consumer behaviour

KPMG thought leadershipConsumer and Retail: Supply chains that will survive and win in the market

KPMG thought leadershipTax and legal considerations flowing from the disruption caused by COVID-19

Protecting privacy amidst COVID-19

European perspective: Privacy in a time of COVID-19

KPMG thought leadershipUnderstanding the people impact of COVID-19

https://home.kpmg/xx/en/home/insights/2020/05/consumer-and-retail-reopening-recovery-preparing-for-new-reality.html

https://ec.europa.eu/taxation_customs/news/taxation-commission-proposes-postponement-taxation-rules-due-coronavirus-crisis_en

https://ec.europa.eu/taxation_customs/news/taxation-commission-proposes-postponement-taxation-rules-due-coronavirus-crisis_en

https://home.kpmg/cn/en/home/insights/2020/02/responding-to-crises-and-changing-consumer-behaviour.html

https://home.kpmg/xx/en/home/insights/2020/04/supply-chains-that-will-survive-and-win-in-the-market.html

https://assets.kpmg/content/dam/kpmg/xx/pdf/2020/04/responding-in-challenging-times-global-tax-and-legal-perspectives.pdf

https://home.kpmg/content/dam/kpmg/in/pdf/2020/04/protecting-privacy-amidst-covid-19.pdf

https://assets.kpmg/content/dam/kpmg/nl/pdf/2020/services/privacy-in-a-time-of-covid-19.pdf

https://assets.kpmg/content/dam/kpmg/xx/pdf/2020/04/understanding-people-impact-of-covid-19.pdf


Measures to protect your brands

How do we ensure the rights of our consumers? — Competition Act— Product Compliance— Algorithmic Pricing— General Data Protection Regulation

How do we prevent payment fraud? — Digital payment fraud— Credit card fraud

How do we comply with tax regulations?— Enforcement of New EU VAT Rules

for e-commerce (2021)— OECD Transfer Pricing Guideline

How do we ensure better business reporting?— Sustainability reporting and performance framework— Climate-related risks— Supplier discounts

How do we manage risks in supply chain?— Supply Chain Transparency— Bribery and Corruption— Money Laundering— Crisis Management

How to do business with respect for human rights?— Modern Slavery Act— Equal Treatment Act— Child Labor (Wet zorgplicht kinderarbeid)

How do we carefully use corporate social media?— In-house social media guidelines

Protecting your Customer

Protecting your Cash

Reporting your business activities

Managing risk in Supply Chain

Paying your Taxes

Protecting people across the chain

Protecting your Social Media Activities

1

2

3

4

5

6

7


Protecting your CustomerHow do we ensure the rights of our consumers?

Regulation / Guideline Competition Act Product Compliance

Impact on your business

Key challenges to ensure compliance

The Netherlands Authority for Consumers and Markets (ACM) plays an important role to champion the rights of consumers and businesses. Enforcement spans over:o abuse of power;o horizontal price manipulation e.g. setting

prices to restrict inter-firm competition and earn higher profits;

o vertical price manipulation where agreements take place between supplier and buyer.

Within the EU, infringement could lead to fines up to 10% of annual turnover. In 2019, Google was fined EUR 1.49 billion for abusing market dominance. Nike was fined EUR 12.5 million for banning traders from selling licensed merchandise to other countries within the EEA.

Product compliance is a key topic for retailers to secure license to operate. Products –including private labels need to be listed in each country with distinct regulatory requirements. Product compliance covers product safety, substance regulations, but also labelling as well as social compliance across the supply chain.

If you are not able to prove that your product is compliant, the authorities can enforce product recalls. This is not only an expensive process, but can also cause damage to your brand.

One of the most recent cases took place in late 2019, Tesco and Heinz recalled all Heinz By Nature baby food range after two metal fragments found in jars. Consumers were advised to return the product to the store for a full refund. Enforcement agencies, including UK’s Food Standards Agency shortly launched an investigation.

o Although policy and procedures are usually in place, the implementation of a compliance framework has proven more challenging. A set of compliance-related KPIs needs to be embedded at the individual level.

o Preventative measures (i.e. employee training, scans and assessment) need to be established. Training should be aimed towards relevant positions (e.g. sales, procurement) to ensure alignment on grey areas.

o Product compliance regulations vary per country and continuously update.

o Detailed insights regarding compliance of suppliers (and their network) are not easy to obtain.

o From the headquarters, it is challenging to gain insights and build consolidated risk overview from the local entities.

o Getting products listed implies that there is a need to deal with authorities, with an increased bribery risk. .

Point of View

Periodic anti-trust scan, internal investigation, and compliance assessment are recommended.

Preventative scans would outweigh the cost of non-compliance.

Training should be tailored towards relevant job positions.

Map supply chains & track ingredients. Monitor and improve supplier

performance. Consider a centralized-coordinating role

for product compliance Strengthen supplier relationships.


Regulation / Guideline Pricing Algorithm



Online retail continues its growth globally. Within e-commerce platforms, algorithms play a significant role as millions of customers browse through the product selections every day. Pricing algorithms allow retailers to automatically set different prices to different consumers at different points in time, based on the real-time market information.

o Algorithms would save retailers time that they typically used to set their pricing strategy manually with significantly reduced chance of human error.

o It is also beneficial for consumers as they will have greater information on which to base their decisions.

o Reliance on algorithms might undermine the need to understand consumer behavior

o Retailers might expose themselves to algorithmic mishaps, which could lead to pricing mistakes. This could eventually lead to loss of sales and margin.

o From the ethical perspective, algorithms may lead to price discrimination which is illegal when utilized on the basis of race, religion, nationality, or gender, or if it is in violation of antitrust or price-fixing laws.

General Data Protection Regulation

The GDPR outlines Europe’s baseline expectations for how EU citizens’ personal information should be processed as we continue through the digital revolution. Any retailer that processes the private information of EU citizens is in scope.

There is a tiered fining structure depending on infringement:• Level 1 is 2% of global turnover or

EUR 10m, whichever is higher. • Level 2 is 4% of global turnover of

EUR 20m, whichever is higher).

Since it was introduced almost two years ago, the EU’s GDPR is estimated to have generated EUR 114 million in fines, led to over 160,000 data breach notifications across Europe.

Retailers are now processing and holding an increasing volume of personal information about their consumers, employees, and suppliers. Whilst this represents a great opportunity, it also presents new challenges. Retailers should handle this personal information appropriately and managing the additional privacy risk.

While meeting regulatory obligations is a must, there is a danger of seeing the GDPR as a one-off, ‘tick the box’ activity, rather than a deliberate move towards a privacy-conscious culture, where transparency, consumers’ rights and accountability become second nature to all employees.

Point of View

Guiding principles, including ethical parameters, should be established and embedded in the algorithms.

Periodic audits are recommended.

GDPR should not be perceived as a one-off activity. The work should advance further towards a privacy-conscious culture.

Engage specialists to assess your data privacy maturity from multiple angles.

For companies deemed to have reached a sufficient level of compliance, an expert third party assessment is recommended.

Protecting your Customer (cont’d)How do we ensure the rights of our consumers?


Protecting your CashHow do we prevent payment fraud?

Regulation / Topic Payment fraud



There has been a significant increase in payment fraud cases via social engineering, especially in crisis. Criminal organizations are aiming at multinational companies where bigger payments are more common. They also invest time in performing research and closely monitor their potential victims and their companies.

Retailers need to be aware of the following schemes known as Business Email Compromise:

o CEO Fraud Scheme, a scam in which cybercriminals penetrate company email accounts and impersonate top management to fool an employee in accounting into executing unauthorized wire transfers.

o Other type of fraud where admin clerk receives certain request and accompanying documents to change the bank account details of a supplier.

o Strengthening cyber security measures have become top priority, especially since criminals could utilize crisis situations and spread COVID-19 related (mis)information or offer fraudulent services.

o Retailers need to invest time and effort in trainings, awareness programs, and setting up internal controls. Measures that prohibit payment initiation based on emails or other secure messaging systems need to be established. Users need to pay attention to subject keywords such as payment, request, urgent, and transfer.

o Retailers should consider setting up additional measures i.e. phone calls to suppliers, executives, or other parties to check and confirm information prior to make changes in the database.

Credit card fraud

The credit card industry has issued strict standards on protecting card data and preventing abuse. Every retail company accepting credit cards as one of the payment methods has to comply with the Payment Card Industry Data Security Standard (PCI DSS).

Violations of PCI compliance rules vary between USD 5,000 - 10,000 a month, depending on factors such as transaction volume and number of months in non-compliance. Additionally and more importantly, companies may damage their relationship with the bank, the credit card companies, and the payment processor.

As one of the measures, companies need to conduct a yearly audit on compliance to the PCI DSS. It might be perceived as a costly exercise. However, the risks outweigh the costs of compliance with hefty amount of fines.

Criminal (organizations), on the other hand are developing more advanced techniques to steal credit card data. A set of specific control measures needs to be established on both retailer and customer sides. With so many ends to monitor, retailers need to assess the security from multiple angles.

Point of View

Periodic trainings, awareness sessions, and protocols need to be set up to address different schemes, payment methods, and associated processes.

A strong fraud internal control framework should be established, especially in crisis situations like COVID-19 outbreak.

Exposure to digital risks depends on your current IT Governance and security strategy.

PCI/DSS audits are recommended to assess the effectiveness of security measures.


Paying your TaxesHow do we comply with tax regulations?

Regulation / Guideline Enforcement of new EU VAT rules for e-commerce (2021)



New VAT rules for e-commerce will be introduced in the European Union (EU) to modernize and simplify the VAT system for online sales of goods and combat VAT fraud.The European Commission proposed to postpone the introduction of the new rules by 6 months (1 July 2021 rather than 1 January 2021) due to COVID-19.

Under the new VAT rules, the cross-border sale of goods to consumers will, as a default rule, be VAT taxable in the EU Member State of arrival of the goods.

o Businesses can opt for a one-stop shop so that they are no longer required to register VAT purposes and file VAT returns across multiple EU Member States

o For imports, the low value parcel relief will be abolished for VAT purposes. One-stop shop for import will be introduced.

o Platforms will be responsible for collecting and remitting VAT on certain supplies of goods if they facilitate the transaction.

o The transition from the current to the new system will place a heavy administrative burden on businesses e.g. retailers will need to update their business models, ERP systems and VAT processes, policies and controls.

o Retailers may also need to operate multiple VAT regimes in parallel going forward.

OECD Transfer Pricing Guideline

The Organisation for Economic Co-operation and Development (OECD) Transfer Pricing Guidelines require profits to accurately reflect the values generated by local operations.

Tax authorities are also increasingly using technology to adopt a forensic approach to testing the evidence that transfer pricing policies and documentation rely on.

o Ensuring that “tax models” and transfer pricing policies keep pace with business change, especially where the relative value or the location of key functions changes.

o Ensuring that the models and policies are documented properly and followed in practice.

o Increasing public attention has been paid to corporate tax practices. As such companies’ aggressive tax planning influences how the public perceives the brand.

o More and more national tax authorities are working together to conduct joint audit at multinational enterprises.

Point of View

Assess whether the new VAT rules will impact your business, your VAT position and ERP systems.

Promptly design, implement and test required updates before transitioning and going live on 1 January 2021.

Develop economically supportable transfer pricing policy..

Policies, procedures, controls and systems should be established for setting, monitoring, and testing inter-company transactions.


Reporting business activitiesHow do we ensure better business reporting?

Regulation / Topic Integrated reporting and sustainability performance management



More than 80% of a company’s value comes from intangibles, yet often the focus of performance management and reporting is on financial information.

Driven by EU legislation, IASB initiatives on wider non-financial reporting, and investors’ and customers’ expectations, retailers are expected to manage and report on non-financial information such as employee engagement, environmental impact and healthy and sustainable products.

Reporting and internal management of non-financial information that impacts financial value and addresses key environmental and social impacts, will need to evolve in order to stay in sync with the external developments.

o There is a multitude of non-financial topics and indicators that retailers can choose to manage and report on, and it can be confusing where to focus. In addition, there may be challenges in data collection and oversized reports. Focusing on a small number of financially material topics helps create maximum value while minimizing the reporting burden.

o Integrated reporting should start with an integrated strategy and integrated management, embedding non-financial information in company processes and controls, including risk management and operational review cycles.

o Selecting the right KPIs to effectively measure and manage progress is critical to drive performance.

Point of View

Retailers should limit the non-financial information managed and reported.

Material non-financial information should receive the same level of control as financial information.

Assurance allows for credible reporting of non-financial information.

Climate-related risks

The Task force on Climate-related Financial Disclosures (TCFD) has developed a disclosure framework to report on the financial risks from climate change. The framework is now widely used by the regulators and investors around the world.

The EU Non-Financial Reporting Directive requests certain companies to report information on this subject. It is expected that climate-related reporting will soon become mandatory and that the scope of eligible companies will be expanded.

For retailers such information relates to, among other things, supply chain and physical risks.

Not reporting on climate change related risks may result in non-compliance with applicable regulations, leading to both legal and reputational risks for retailers.

o Climate-related risks are a relatively new area for corporations, making it challenging to identify the associating risks and opportunities and assess the impacts on the firm’s strategy.

o Internal processes should be aligned with climate-related risks, ensuring relevant measurement of KPIs, setting appropriate targets, and integrating the climate risks in the holistic risk management processes.

o Scenario analyses should be performed to meet investors’ needs and the frameworks’ requirements. The area is relatively new to many corporation and therefore would require a dedicated project to make the analysis.

Retailers can benefit from the TCFD guidance to start understanding, managing and disclosing their climate related risks and opportunities

Scenario analyses are critical to fully understand the potential impact of climate change on the business, not just from a market transition but also from a physical risk perspective


Reporting business activitiesHow do we ensure better business reporting?

Regulation / Topic Supplier discounts



As common practice in the retail sector, supplier discounts or allowances have become the subject of interest to legal and regulatory authorities.

Supplier discounts in many cases are an important source of income for retailers. The proportion is quite substantial as it could contribute to roughly 8-12% of total annual sales. Unfortunately, allowances could also be used to commit fraud. Many accounting scandals originated from mishandling and manipulation of discounts.

o Accounting for supplier bonuses remains a complex area which requires close monitoring from a compliance and performance perspective. Often allowances are based on future events (e.g. purchase volumes over a specified period of time) and require considerable estimates by management that may be manipulated or biased.

o A clear accounting guidance with regard to discounts and bonuses needs to be established.

o Changing regulation will add further complexity. In a number of countries, a legislation is currently proposed to reduce the volume discounts and it requires suppliers to issue debit notes (instead of suppliers issuing credit notes).

o Worth mentioning that underlying IT systems for registering and forecasting this income stream are of importance from a compliance and performance perspective.

Point of View Consider the use of Procurement Data Analytics solution that goes several steps further by

offering, among other things, the transparency in procure-to-pay process, transparency in contract and supplier compliance, and identification of savings possibilities.


Managing risk in Supply Chain How do we manage risks across the Supply Chain?

Regulation / Guideline Supply chain transparency



Retailers are facing scrutiny of their supply chain from the governments, consumers, NGOs, investors and other stakeholders. Nowadays, retailers are obliged to be transparent about ingredients, food fraud, animal welfare and child labor of the (private label) products they sell. The ability to fully comply with different guidelines that relate to business practices, sustainability mandates and track-and-trace laws, has become crucial.

In addition to a more complex legislation that they must adhere to, there are also national and international sectoral covenants, of which more and more are signed up to. Among the signatories are retailers and upstream suppliers. A commitment made to such a covenant implies that retailers have been taking responsibility for their supply chain and being accountable.

In the Netherlands, agreements promoting International Responsible Business Conduct (IRBC agreements) involve partnerships between businesses, government, unions and NGOs. Together, these partners work to prevent such abuses as exploitation, animal suffering and environmental damage. Such agreements exist, among other things, for Garments & Textiles, the Food Products sector and the Floriculture sector.

Retailers often have not much insight into the value chains beyond their direct suppliers. In addition, it can be questioned to what extent these suppliers have in-depth insight into their upstream value chains. The product supply chains are often long and complex.

As a result, retailers lack visibility – the ability to look into the supply network, including the geographical origins of raw materials – as well as traceability – the ability to track and trace products and materials throughout the end-to-end supply chain. Such non-transparent supply chains can leave retailers sightless, resulting in greater uncertainty, a higher exposure to risks, and supply chain disruptions.

Next to that, sourcing contracts are often short-term and do not include performance targets on social and environmental issues, which limits the incentives for suppliers to make investments into their social and environmental practices.

Point of View

Map your supply chain to better understand in which countries your products are produced and how suppliers are acting in order to drive positive social and environmental impact across the value chain

Monitor and improve supplier performance through integration of technical solutions and the use of data & analytics to enable decision-making

Strengthen supplier relationships and aim at long-term, future-proof partnerships


Managing risk in Supply Chain How do we manage risks across the Supply Chain?

Regulation / Guideline Bribery and Corruption



As retailers run day-to-day operations and expand their business footprint, they will need to get in touch with various stakeholders across the supply chain. Bribery and corruption risks could materialize. For example:

• It could take form in kickbacks from suppliers or other parties where staff receive a compensation for favorable treatment or other improper services.

• It could take form when engaging with public officials, where payments or favors are exchanged for obtaining a business license.

Legislation in the Netherlands is very clear: bribery is prohibited under all circumstances. Under British legislation, it is forbidden to engage third parties who are guilty of bribery anywhere in the world. Not taking adequate measures to prevent is a punishable offence.

o Procurement is one of the most vulnerable areas. Policies and procedures, as well as multiple stages of tender approval are fundamental. Segregation of duties is a strong measure, as it is limiting the proliferation of discount schemes. A proper recording of all contractual agreements would help in preventing corruption risk.

o It is not less important to embed additional measures through job rotation, employee training, and (third party) screening.

o The conduct of business partners should be assessed through screening. You do not want to deal with business partners that expose your company to a bribery and corruption risk.

Money Laundering

Criminal money increasingly infects regular trade flows and the retail sector cannot ignore this risk. Money laundering is a major risk in the retail sector and it could take form in the following means of transaction:

o Payments in cash.o Payments of invoices done by other

parties than the contracted party. o Investments via complex financial

constructions.

The Dutch Anti-Money Laundering (AML) law and the British Money Laundering Regulations require organizations to report large cash payments as unusual transactions.

In 2019, legislation was proposed in the Netherlands to prohibit cash payments in excess of EUR 3,000.

Awareness is the most important measure to combat money laundering. The rules surrounding unusual and suspicious transactions are becoming stricter. Employees – from store to the corporate level must stay alert to signals. Moreover staff in the shop floor must be trained.

Similar to measures to mitigate bribery and corruption risks, screening is required to identify the historical information of suppliers and customers. This could include sanction screening that fulfills Anti-Money Laundering requirements.

By building up knowledge of and an eye for the current manifestations of money laundering, retailers take an important step towards controlling those risks.

Point of View

Periodic risk assessment and evaluation of ABC program controls and governance structures are recommended.

Awareness training and focus on culture and behavior are especially important.

AML assessment is recommended to continuously improve and respond to regulatory orders.

Implementation of Monitoring Tools are recommended to improve compliance and reduce cost


Managing risk in Supply Chain (cont’d)How do we manage risks across the Supply Chain?

Regulation / Guideline Crisis Management



In today’s highly interconnected global economy, organizations face a myriad of threats of internal and external disruptions to business operations. The year of 2020 began with the outbreak of COVID-19 that was first reported from Wuhan, China on 31 December 2019.

Stocks plunged and the world had suffered the worst economic downturn since the Great Depression. Retail shops, restaurants, and transport providers are all impacted. International retailers temporarily closed operations until further notice. Retailers have been particularly exposed to commercial losses whilst at the same time they have to continue paying bills, including employees' pay. Any delay resuming operation and selling goods will lead to cash-flow problems. Additionally, there is a growing concern about integrated (international) supply chain. Many cases have indicated possible extensive disruption ahead - for retailers across the globe..

Besides a global pandemic, cyber security remains a key topic within the crisis management domain. The impact of WannaCry virus in 2017 was felt by companies. The incident proved that factory and warehouse automation might be vulnerable and requires more attention.

Some risks can be planned for, monitored, and mitigated; but other high-impact, hard-to-predict events are occurring more often. Is your organization’s supply chain fully prepared to respond?

Crises or catastrophic events typically have the potential to critically impact a company’s ability to achieve its mission, frequently result in significant financial or reputational loss, and almost always require an immediate cross-functional and cross-organizational response across the supply chain.

It is particularly challenging to assess the contagion effect of the risk, as we learn from the events such as the outbreak of coronavirus and the 2008 global financial crisis. The traditional risk assessment methodology with impact and likelihood matrix may be limiting in increasingly complex and global retail organizations.

Point of View

Effective crisis planning and response can limit business interruption and the associated costs of a crisis and its aftermath.

Consider the implementation of Dynamic Risk Assessment that takes into consideration risk interconnectedness and the velocity with which risks can impact business operations. By exposing the expected contagion effects, you can objectively measure the genuinely significant threats and build more pertinent risk mitigating actions.

Perform crown jewels assessment within the supply chain from a cyber security perspective for processes owned by the company and outsourced to the third-party.


Protecting people across the chainHow do we do business with respect for human rights?

Regulation / Guideline Modern Slavery Act Equal Treatment Act (AWGB)

Child Labor (Wet zorgplicht kindarbeid)



Human rights consideration have been embedded in the supply chain through various types of requirements. The British Modern Slavery Act is perceived as leading regulatory requirements that broaden accountability of companies.

The act requires companies to draw up an annual statement in which they explain how they deal with the theme of modern slavery and human trafficking, that is, to explain what they have done to ensure there is no modern slavery in their supply chains.

Sanctions for non-compliance are limited at the moment, but legislation is prepared to be able to fine non-compliance with a percentage of turnover.

The first article of the Dutch Constitution states that every individual is treated equally in equal cases.

The Equal Treatment Act (Dutch: Algemene wet gelijke behandeling, AWGB) particularly stipulates that it is forbidden to discriminate against a person on many grounds including religion, political convictions, race, and gender. Within employment area, it covers various elements such as salary, holidays, promotion, training and education, dismissal, and working conditions.

Employers who fail to comply with the AWGB could be fined and suffer reputation damage.

According to the recently approved Dutch Child Labor Act (Wet zorgplicht kinderarbeid) every company selling products or services in the Netherlands or from the Netherlands has to declare to do the necessary to prevent that these goods or services are produced using child labor.

If a company is fined twice within five years, the next violation can lead to imprisonment of the responsible director. Failure to comply with the law can lead to imprisonment and fines of EUR 750,000 or 10% of the company’s annual turnover.

.

Every company with activities in the UK is liable to the Modern Slavery Act. Corporations would require thorough knowledge of and deep insight in their supply chain to be able to draw up an adequate MSA statement.

Within the retail sector, this will require additional effort in research and reporting.

o The Dutch Equal Treatment Commission –may conduct an investigation to determine whether discrimination has taken place. The outcome might be used by Public Prosecution Service with potential penalties under the criminal law.

o Be sure you treat all your employees equally in equal cases, as stipulated in your company’s policies and regulations.

o Companies covered by the law have to submit a statement declaring that they have carried out due diligence related to child labor in their full supply chains.

o Companies could opt to avoid sourcing from countries with a high risk of child labor. This could be challenging, particularly for retailers with a wide range of product offering.

Point of View

Define a risk assessment framework for high-risk suppliers.

Perform self assessment to assess the maturity of policies, systems, controls, and mechanisms to respond to allegations.

Monitor, report, and demonstrate continuous improvement.

Monitor your organizational culture and soft controls to detect possible shortcomings in the way non-discrimination is everyday practice.

Define a risk assessment framework for high-risk suppliers.

Map supply chains and track product ingredients.

Strengthen supplier relationships.

Monitor, report, and demonstrate continuous improvement.


Regulation / Guideline In-house social media guidelines



The continued ubiquity of social media presents both opportunities and challenges for Dutch businesses. Many retailers have recognized the opportunities and are using social media channels for marketing, sales and customer service purposes.

Besides these clear upsides of direct and open communication with customers, there have been countless situations where social media channels threatened the reputation of brands. We have seen many instances where ‘unfortunate’ company messages became a source of public outrage. In addition, any customer and employee experience with the brand (online or offline) has the potential to end up on social media. Such experience could turn out to be both positive endorsement or, on the contrary, negative events which could spread quickly and almost uncontrollably. Also ‘fake’ messages could harm businesses significantly if not addressed quickly and adequately.

So how could retailers prevent and, when necessary, minimize the damage? • Social media strategy should be aligned with the brand purpose, customer, and business

needs.• To support this strategy and protect the reputation, social media policies or guidelines need

to be established. Such policy consists of the governance of social media activities, and guidelines for corresponding employees on how to use social media.

• If multiple staff are granted access to the company’s social media feeds, it might be a good idea to establish an additional safeguard to ensure that everything posted is appropriate.

Compliance with internal social media guidelines would help corporations in protecting their brands. External factors, however, come into play as customer experience and opinion could be a source of social media exposure.

Besides clear guidelines, it is also important to:o monitor social media activity to quickly spot risks;o be prepared for a crisis – have incident support in

place to respond immediately when necessary;o simulate issues.

Retailers who are well prepared and considered aforementioned measures are far better equipped to prevent social media risks from occurring.

As such, Social Media Team, Public Relation unit, and Information and Communication team alike should be able to properly respond to and minimize reputational damage in the worst case scenario.

Protecting your Social Media ActivitiesHow do we carefully use corporate social media?

A clear-cut social media governance program should be developed to cover risk management, govern the ‘voice of the company’ and security aspects for social media.

Social risk analysis is recommended, across reputation, regulatory and operations in order to help mitigate and reveal emerging risks.

Point of View


Five key questions to protect your brand by managing compliance

3

2

1

4

5

How well do you understand and prioritize regulation that impact your business?

How do you demonstrate that your business complies with regulations to those charged with governance?

Do you have sufficient internal and external assurance to give regulators, the board, and your customers confidence in the quality of the internal processes in the regulatory disclosure?

How do you establish strategic, cost-effective internal risk and control systems to ensure regulatory compliance?

How do you anticipate new regulatory developments and plan and implement new strategies to ensure compliance once they come into effect?

0

10

20

30


List of contributors to this publication

René Aalberts, Sector Lead Consumer & Retail, KPMG [email protected]

Jeroen Slijkerman, Senior Manager Customer & Brand [email protected]

Sander Klous, Partner Big Data Analytics [email protected]

Frank van Praat, Senior Manager Trusted [email protected]

Ronald Heil, Partner Cyber [email protected]

Loek Helderman, Partner [email protected]

Andy van Esdonk, Senior Tax [email protected]

Valentijn Kerklaan, Partner DPP Forensic [email protected]

Leen Groen, Partner [email protected]

Patrick Ozer, Partner [email protected]

Noortje de Rooij, Senior Manager Risk and [email protected]

Wim Bartels, Partner [email protected]

Jerwin Tholen, Partner [email protected]

Mark Didden, Senior Manager [email protected]

Paulien Eckhardt, Senior Manager [email protected]

Andrea Bolhuis, Manager [email protected]

Consumer & Retail

Big Data Analytics

Cyber

Tax

Forensic

Sustainability

The authors wish to thank the following individuals for their contributions to this publication:Geert Dekker, Senior Consultant Internal Audit Risk & ComplianceHafsa Attannaz, Consultant Internal Audit Risk & Compliance

KPMG on social media KPMG app

The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation.

© 2020 KPMG Advisory N.V., registered with the trade register in the Netherlands under number 33263682, is a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved.

The KPMG name and logo are registered trademarks of KPMG International.

http://to.kpmg.nl/2iv8HTV

http://to.kpmg.nl/2iv8HTV

http://to.kpmg.nl/2j4tejc

http://to.kpmg.nl/2j4tejc

http://to.kpmg.nl/2i6b5NQ

http://to.kpmg.nl/2i6b5NQ

http://to.kpmg.nl/2i6acoF

http://to.kpmg.nl/2i6acoF

http://to.kpmg.nl/2ivbvAp

http://to.kpmg.nl/2ivbvAp

http://to.kpmg.nl/2hOgmvR

http://to.kpmg.nl/2hOgmvR

Documents

Protecting your brand · 2020. 7. 17. · If you are not able to prove that your product is compliant, the authorities can enforce product recalls. This is not only an expensive process,