Home > Insights > Blog > Supply Chain Risk in 2026: Emerging Threats and Strategic Response

Supply Chain Risk in 2026: Emerging Threats and Strategic Response

Supply Chain Risk in 2026: Emerging Threats and Strategic Response

Full Episode Available

WATCH ON-DEMAND

Supply chain risk used to be a logistics problem. In 2026, it’s a criminal liability. The convergence of surging tariff regimes, accelerating regulatory change, and increasingly sophisticated supply chain fraud has transformed third-party risk management from a back-office function into a front-line strategic imperative. From country-of-origin fraud and FCPA exposure to multi-jurisdictional regulatory divergence and the organizational question of who actually owns supply chain risk, this session delivered a frank, practitioner-driven conversation about how compliance teams can protect their organizations — and their careers — in an era of unprecedented geopolitical and regulatory turbulence.

This episode of The Ethicsverse examines the rapidly evolving landscape of supply chain risk management in 2026, with particular focus on the compliance implications of elevated import tariffs, export control volatility, and cross-border regulatory fragmentation. Drawing on the practical expertise of senior compliance executives and legal practitioners, the discussion explores how the return of high-duty trade environments has materially increased incentives for supplier fraud, including country-of-origin misrepresentation, transshipment schemes, and customs classification abuse — risks that carry False Claims Act and Foreign Corrupt Practices Act (FCPA) exposure for importing organizations. The webinar further interrogates the structural question of ownership within enterprise risk frameworks: whether supply chain compliance sits within procurement, legal, compliance, or cross-functional teams — and the practical consequences of organizational ambiguity in each model. Participants examine how anti-corruption due diligence competencies can be transferred and adapted to address customs fraud detection, and discuss evidence-based escalation frameworks, risk-tiering methodologies, and supplier consequence management as mechanisms for building defensible compliance programs. The session concludes with a treatment of multi-tier supplier visibility (the “supply mesh” problem), traceability technology, and the practical imperative of avoiding analysis paralysis in favor of incremental, risk-based program improvement.

Featuring:

Key Takeaways

Tariff-Driven Fraud Is the Defining Supply Chain Risk of 2026

  • The return of high-duty import environments has dramatically elevated the financial incentive for suppliers to engage in country-of-origin misrepresentation, transshipment fraud, and customs classification abuse, creating a risk landscape compliance teams have not historically been equipped to manage.
  • False country-of-origin schemes — such as routing Chinese goods through third countries like Vietnam, Thailand, or Cambodia to claim a lower-tariff origin — can expose importing organizations to False Claims Act liability, criminal customs enforcement, and Department of Justice investigations entirely separate from any intent on the part of the importer.
  • Compliance officers must reframe supplier fraud risk not as a distant customs problem but as a direct organizational liability, educating leadership that tariff evasion is not a “parking ticket” offense and that the legal and reputational consequences can be severe, even for companies that were unwitting participants.

Regulatory Unpredictability Has Eliminated the Traditional Compliance Runway

  • The conventional U.S. regulatory change cycle — notice of proposed rulemaking, Federal Register comment period, final rule, implementation period — has been effectively abandoned in key areas of export control, with major rules now announced and made effective within 24 hours, leaving compliance teams with no meaningful preparation time.
  • Multi-jurisdictional compliance complexity is compounding this challenge, as regulatory standards across data privacy, export controls, and trade law are increasingly diverging rather than harmonizing, requiring compliance professionals to manage an expanding and often contradictory global regulatory universe.
  • Organizations must invest in dynamic compliance monitoring capabilities and build internal agility into their programs, moving away from static policy frameworks that assume long lead times toward real-time risk tracking and rapid-response protocols that can absorb sudden regulatory shifts.

Supply Chain Risk Is a Third-Party Risk Management Problem — With a Longer Tail

  • Supply chain risk is fundamentally a flavor of third-party risk management, but it extends upstream well beyond direct contractual relationships to encompass sub-suppliers, freight forwarders, customs brokers, and logistics agents who may introduce fraud, bribery, or compliance failures without the importer’s knowledge.
  • The analogy of a “supply mesh” rather than a supply chain is apt: risk can originate multiple tiers removed from the importing organization, leap-frog through intermediaries, and materialize as a regulatory or reputational crisis at the enterprise level, as illustrated by enforcement cases involving staged warehouses and fabricated compliance documentation.
  • Compliance teams should apply the same due diligence rigor to logistics providers and freight forwarders — including examination of their third-party agent networks, payment structures, and anti-bribery programs — that they apply to direct suppliers, recognizing that FCPA exposure can enter through these channels as readily as through more traditional procurement relationships.

Ownership of Supply Chain Compliance Requires Deliberate Organizational Design

  • No single function can own supply chain risk in its entirety: procurement controls the entry point, compliance provides the risk lens, cybersecurity owns data integrity concerns, ESG manages sustainability and human rights exposure, and legal handles regulatory interpretation — making cross-functional governance a structural necessity rather than an optional best practice.
  • The absence of a defined Chief Supply Chain Risk Officer in most organizations — including companies as large as Lockheed Martin — reflects the historical tendency to conflate supply chain risk with procurement operations, a conflation that leaves trade compliance, export controls, and customs fraud systematically under-resourced and under-governed.
  • Compliance officers should treat procurement as a primary strategic partner, embedding themselves early in sourcing strategy discussions rather than being consulted after supplier decisions have already been made, ensuring that compliance risk inputs inform — rather than merely react to — business decisions.

Anti-Corruption Competencies Transfer Directly to Customs Fraud Detection

  • The pattern recognition, red flag identification, and third-party due diligence skills that compliance professionals have developed through years of FCPA and anti-bribery work are directly applicable to detecting supply chain fraud, because the underlying behavioral dynamic — a counterparty with financial incentive to deceive — is identical.
  • Anti-corruption professionals should be proactively briefed by customs and trade compliance counterparts on how elevated tariff environments have changed supplier incentives, using recent enforcement cases to make the connection concrete and build the cross-functional awareness needed to catch fraud at the intersection of customs and bribery statutes.
  • Compliance teams should treat suspicious “duty savings” proposals from suppliers — such as suggestions to reroute goods through third countries — with the same skepticism they would apply to facilitation payment schemes, because these arrangements frequently involve both customs fraud and FCPA exposure simultaneously.

Risk-Based Prioritization Is Essential to Avoiding Compliance Paralysis

  • Not all supply chain risks are equal across all organizations, and compliance professionals who apply the same level of scrutiny to every supplier and every risk category will exhaust their resources without meaningfully reducing organizational exposure — making a rigorous, company-specific risk assessment the essential starting point for any supply chain compliance program.
  • The 80/20 principle applies directly to supply chain risk management: most material risk typically originates from a concentrated subset of suppliers, geographies, product categories, or transaction types, and compliance programs should be structured to direct disproportionate resources toward those high-risk concentrations rather than distributing effort evenly across the full supplier base.
  • Smaller organizations in particular benefit from working with external consultants to identify and eliminate from scope the supply chain risks that are genuinely inapplicable to their business model, freeing limited compliance bandwidth to focus on the risks that actually matter and enabling more defensible, proportionate program design.

Strategic Influence Requires Speaking the Language of Business Risk

  • Compliance officers who frame supply chain risk purely in regulatory terms — citing enforcement provisions and legal exposure thresholds — will consistently lose executive attention to procurement and finance leaders who frame the same decisions in terms of cost, speed, and competitive advantage.
  • The most effective compliance communicators reframe risk in the vocabulary of business consequence: referencing the stock price impact of supply chain disruptions demonstrated during COVID-19, the reputational damage from being associated with sanctioned suppliers, and the operational fragility exposed by sole-source dependencies resonates at the C-suite level in ways that regulatory citations do not.
  • Political capital within the organization is finite, and compliance professionals must deploy it strategically — choosing carefully which supplier decisions to contest and which to address through contractual mitigation, so that when a genuine red-line issue arises, the compliance function has credibility and leverage to act decisively.

Defined Risk Standards and Documentation Are Non-Negotiable

  • Compliance officers who render risk opinions verbally or informally — without written documentation, defined risk standards, and explicit assignment of risk ownership to the appropriate business leader — are exposing themselves to personal accountability for decisions they did not make and cannot control.
  • Every risk owner in the supplier approval process should operate against a clearly articulated standard of “acceptable risk” for their domain, so that when a compliance team identifies an issue, the conversation is structured around an objective framework rather than an ad hoc negotiation that shifts with organizational dynamics and individual risk appetites.
  • Written compliance advisories, saved email chains, and formal risk escalation records are not bureaucratic overhead — they are the evidentiary record that protects compliance professionals when risk owners who overruled their recommendations later seek to reassign accountability after a negative outcome materializes.

Supply Chain Traceability Has Become a Strategic Compliance Imperative

  • Detailed supply chain mapping — documenting not just direct suppliers but sub-suppliers and the inputs they rely on — is no longer a future aspiration or a nice-to-have capability; it is a foundational requirement for any organization that wants to credibly assess, monitor, and demonstrate control over its end-to-end compliance exposure.
  • Traditional onsite audits are no longer sufficient as a standalone control: sophisticated fraud actors have demonstrated the willingness and capability to stage entire manufacturing facilities, fabricate documentation, and construct false compliance narratives designed specifically to defeat conventional due diligence visits.
  • Technology — ranging from supply chain mapping software and AI-assisted monitoring tools to contract management platforms with embedded compliance triggers — should be evaluated not as an efficiency play but as a risk management necessity, particularly as the complexity and speed of supply chain change outpaces what manual oversight can realistically track.

Supply Chain Compliance Is Now a Board-Level Strategic Priority

  • COVID-19, the Russia-Ukraine conflict, U.S.-China decoupling policies, and a series of high-profile ransomware incidents have collectively settled the question of whether supply chain risk deserves strategic attention at the executive level — the answer is unambiguously yes, and compliance officers no longer need to make the case for why it matters.
  • Organizations that have not yet embedded supply chain compliance into their sourcing strategy, geopolitical risk assessment, and manufacturing footprint decisions are falling behind peers and customers who now treat supply chain resilience as a competitive differentiator and a governance expectation.
  • Compliance professionals entering 2026 should position themselves as strategic advisors on supply chain redesign — not just enforcers of existing rules — bringing a compliance lens to decisions about supplier diversification, nearshoring, and technology investment that will shape organizational risk profiles for the next decade.

Conclusion

Supply chain risk in 2026 is no longer a niche compliance specialty — it is a board-level strategic concern with direct implications for legal liability, organizational reputation, and business continuity. The insights shared by Lila Landis, Jeffrey Schwartz, and Matt Kelly underscore three overarching themes: that the incentive environment for supplier fraud has fundamentally shifted and demands a corresponding shift in compliance vigilance; that organizational ownership of supply chain compliance must be deliberate, cross-functional, and supported by defined risk standards; and that compliance professionals who learn to speak the language of business strategy — not just regulatory obligation — will be best positioned to protect their organizations and demonstrate irreplaceable value. For compliance officers, ethics leaders, and HR professionals, the message is clear: the supply chain is no longer a logistics function. It is a compliance frontier.

Categories:

GRC Software Knowledge Hub

Get E&C industry insights
EV Healthcare: The 2026 State of Compliance
Blog, Ethicsverse Masterclasses, Webinars
EV Healthcare: The 2026 State of Compliance
Explore More
Former Federal Prosecutor Perspectives: Enforcement in Education
Blog, Ethicsverse Masterclasses, Webinars
Former Federal Prosecutor Perspectives: Enforcement in Education
Explore More
Ethics Essentials: Setting the Scope of an Investigation
Blog, Ethicsverse Masterclasses, Webinars
Ethics Essentials: Setting the Scope of an Investigation
Explore More
2026'Q1 What's New at Ethico: Product Innovation Showcase
Blog, Ethicsverse Masterclasses, Webinars
2026’Q1 What’s New at Ethico: Product Innovation Showcase
Explore More
Amplify Compliance Influence: Mastering Storytelling & Personal Branding
Blog, Ethicsverse Masterclasses, Webinars
Amplify Compliance Influence: Mastering Storytelling & Personal Branding
Explore More
EV Healthcare: Managing The AI Work-Slop Problem
Blog, Ethicsverse Masterclasses, Webinars
EV Healthcare: Managing The AI Work-Slop Problem
Explore More