{"id":17194,"date":"2026-07-14T16:04:59","date_gmt":"2026-07-14T16:04:59","guid":{"rendered":"https:\/\/dmsretail.com\/RetailNews\/why-unchecked-third-party-suppliers-are-becoming-a-board-level-risk-for-retailers\/"},"modified":"2026-07-14T16:04:59","modified_gmt":"2026-07-14T16:04:59","slug":"why-unchecked-third-party-suppliers-are-becoming-a-board-level-risk-for-retailers","status":"publish","type":"post","link":"https:\/\/dmsretail.com\/RetailNews\/why-unchecked-third-party-suppliers-are-becoming-a-board-level-risk-for-retailers\/","title":{"rendered":"Why unchecked third-party suppliers are becoming a board-level risk for retailers"},"content":{"rendered":"<p> <p><a href=\"https:\/\/dmsretail.com\/online-workshops-list\/\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-496\" src=\"https:\/\/dmsretail.com\/RetailNews\/wp-content\/uploads\/2022\/05\/RETAIL-ONLINE-TRAINING-728-X-90.png\" alt=\"Retail Online Training\" width=\"729\" height=\"91\" srcset=\"https:\/\/dmsretail.com\/RetailNews\/wp-content\/uploads\/2022\/05\/RETAIL-ONLINE-TRAINING-728-X-90.png 729w, https:\/\/dmsretail.com\/RetailNews\/wp-content\/uploads\/2022\/05\/RETAIL-ONLINE-TRAINING-728-X-90-300x37.png 300w\" sizes=\"auto, (max-width: 729px) 100vw, 729px\" \/><\/a><\/p><br \/>\n<\/p>\n<div itemprop=\"text\">\n<p><b><i><span data-contrast=\"none\">Third-party supplier oversight is now one of retail\u2019s biggest compliance risks, according to Vantify\u00a0<\/span><\/i><\/b><\/p>\n<p><span data-contrast=\"none\">Retailers are facing a compliance landscape where some of the greatest threats increasingly sit outside their direct control.<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"none\">From greenwashing rules to cyber disruption and senior management accountability, organisations are being judged on how well they understand,\u00a0verify\u00a0and govern the third parties they rely on.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:true,&quot;134233118&quot;:true}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"none\">That creates a clear financial and reputational risk. One unverified environmental claim, one poorly governed technology provider or one long-standing supplier relationship that has not been reviewed for years can quickly become a public compliance failure.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:true,&quot;134233118&quot;:true}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"none\">The wider messaging\u00a0for retailers is\u00a0fundamentally\u00a0simple;\u00a0supplier oversight\u00a0can\u2019t be treated\u00a0as a one-off onboarding exercise. Third-party providers may have worked with a business for years, but without regular due diligence,\u00a0monitoring\u00a0and evidence, familiarity can become a serious risk.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:true,&quot;134233118&quot;:true}\">\u00a0<\/span><\/p>\n<p><b><span data-contrast=\"none\">Greenwashing guidance<\/span><\/b><span data-ccp-props=\"{&quot;134233117&quot;:true,&quot;134233118&quot;:true}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"none\">In January 2026, the Competition and Markets Authority published new guidance,\u00a0<\/span><i><span data-contrast=\"none\">Making green claims: Getting it right<\/span><\/i><span data-contrast=\"none\">, across the supply chain. It was designed to clarify how UK consumer protection law applies to environmental claims made not only by retailers and brands, but also by the manufacturers, suppliers and other businesses that provide the evidence behind those claims.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:true,&quot;134233118&quot;:true}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"none\">The CMA\u2019s message was clear. Greenwashing\u00a0isn\u2019t\u00a0just a marketing risk, but a\u00a0supplier governance risk.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:true,&quot;134233118&quot;:true}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"none\">Businesses that repeat, rely\u00a0on\u00a0or promote environmental claims must take reasonable steps to verify them, rather than simply accepting supplier assurances. Claims about recycled content, sustainable sourcing, carbon impact, circularity or \u201ceco\u201d ranges must be\u00a0accurate, clear,\u00a0substantiated\u00a0and capable of being\u00a0evidenced\u00a0across the product lifecycle.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:true,&quot;134233118&quot;:true}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"none\">In fact, adverts by Adidas, Uniqlo and Calvin Klein have recently been banned by the UK advertising watchdog over potentially misleading claims about recycled clothing and footwear.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:true,&quot;134233118&quot;:true}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"none\">Retailers must therefore question whether their suppliers can substantiate the materials, production processes,\u00a0data\u00a0and certifications that underpin green claims. A retailer may have strong environmental standards within its own business, but\u00a0that\u2019s\u00a0no longer enough,\u00a0if the same level of evidence cannot be produced across its supplier base.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:true,&quot;134233118&quot;:true}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"none\">If a long-standing supplier cannot provide reliable evidence, the retailer\u2019s own reputation is still exposed.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:true,&quot;134233118&quot;:true}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"none\">The enforcement landscape is also materially tougher. The CMA can now investigate and impose penalties directly under the Digital Markets, Competition and Consumers Act 2024, including fines of up to 10 per cent of global turnover without first going to court.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:true,&quot;134233118&quot;:true}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"none\">Earlier interventions involving ASOS, Boohoo and George at Asda showed the direction of travel, but the risk for retailers is now much more immediate.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:true,&quot;134233118&quot;:true}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"none\">For retailers, the practical requirement is documented supplier due diligence.\u00a0You\u00a0need evidence packs, audit trails, approved claim wording, ongoing\u00a0monitoring\u00a0and escalation routes where claims cannot be verified. Long-standing supplier relationships should not be treated as\u00a0low risk\u00a0simply because they are familiar.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:true,&quot;134233118&quot;:true}\">\u00a0<\/span><\/p>\n<p><b><span data-contrast=\"none\">Cyber-crime and third-party access<\/span><\/b><span data-ccp-props=\"{&quot;134233117&quot;:true,&quot;134233118&quot;:true}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"none\">Another pressing operational risk facing retailers is cyber-crime. This risk grows as stores, warehouses, payment systems, customer\u00a0platforms\u00a0and supplier systems become more interconnected.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:true,&quot;134233118&quot;:true}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"none\">Compromised credentials, weak access controls or poor security practices at third-party IT suppliers can provide the route in. The consequences can be immediate and severe, from systems outages and disrupted fulfilment to data loss, ransom demands, regulatory\u00a0scrutiny\u00a0and lasting reputational damage.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:true,&quot;134233118&quot;:true}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"none\">Recent attacks on major UK retailers, including M&amp;S, Co-op and Harrods, showed how social engineering, third-party supplier access and shared technology dependencies can affect multiple businesses at once.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:true,&quot;134233118&quot;:true}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"none\">The M&amp;S\u00a0cyber attack\u00a0in particular brought\u00a0the risk of supplier-linked disruption into sharp focus. It showed how a weakness outside a retailer\u2019s direct organisation can still lead to operational disruption, lost sales, customer\u00a0frustration\u00a0and reputational damage for the retailer itself.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:true,&quot;134233118&quot;:true}\">\u00a0<\/span><\/p>\n<hr\/>\n<hr\/>\n<p><span data-contrast=\"none\">The financial consequences are not theoretical. Jaguar Land Rover\u2019s 2025 cyber incident, widely reported as having caused major production disruption and substantial losses, also\u00a0demonstrated\u00a0how issues connected to third-party systems or supplier access can cascade through operations,\u00a0suppliers\u00a0and customers.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:true,&quot;134233118&quot;:true}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"none\">For retailers, the lesson is clear. Cyber resilience is inseparable from supplier resilience.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:true,&quot;134233118&quot;:true}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"none\">Robust supplier due diligence, access reviews, contractual controls, incident planning, staff\u00a0training\u00a0and continuous monitoring are now essential to protecting revenue,\u00a0operations\u00a0and customer trust. A third-party supplier that was safe to use five years ago may not be safe today if its controls have not kept pace with the retailer\u2019s own risk profile.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:true,&quot;134233118&quot;:true}\">\u00a0<\/span><\/p>\n<p><b><span data-contrast=\"none\">Senior accountability and supplier governance<\/span><\/b><span data-ccp-props=\"{&quot;134233117&quot;:true,&quot;134233118&quot;:true}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"none\">The Crime and Policing Act 2026 adds another reason for retailers to take supplier governance seriously.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:true,&quot;134233118&quot;:true}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"none\">While physical crime\u00a0remains\u00a0a major issue for the sector, the more relevant compliance point is the way failures in due diligence, onboarding or governance can create exposure for senior managers where supplier activity translates into criminal conduct.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:true,&quot;134233118&quot;:true}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"none\">It\u00a0shifts the issue from operational housekeeping to leadership accountability. If a third-party provider is not properly vetted,\u00a0monitored\u00a0or challenged, the consequences may no longer sit only with procurement, legal or compliance teams. They may reach senior decision-makers who are expected to show that reasonable steps were taken to prevent,\u00a0identify\u00a0and respond to risk.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:true,&quot;134233118&quot;:true}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"none\">That makes supplier oversight a board-level issue. Retailers need to know who their third-party providers are, what services they perform, what risks they introduce and when those risks were last reviewed.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:true,&quot;134233118&quot;:true}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"none\">A supplier that has been in place for years should not automatically be considered safe. In some cases, the opposite may be true. Long-standing relationships can lead to outdated contracts, weak audit trails, unclear\u00a0ownership\u00a0and assumptions that no longer reflect the current risk environment.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:true,&quot;134233118&quot;:true}\">\u00a0<\/span><\/p>\n<p><b><span data-contrast=\"none\">Continuous supplier compliance<\/span><\/b><span data-ccp-props=\"{&quot;134233117&quot;:true,&quot;134233118&quot;:true}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"none\">In an already complex retail ecosystem, the environment around brands is changing faster than legacy processes, reporting lines and third-party supplier controls. The result is a growing gap between the risks retailers face and the evidence they can produce to show those risks are being managed.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:true,&quot;134233118&quot;:true}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"none\">Sustainability claims now require evidence across the supply chain. Cyber risk sits across technology, operations, people and third parties. Senior accountability is increasing where failures in governance allow supplier risk to become business risk.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:true,&quot;134233118&quot;:true}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"none\">For brands\u00a0operating\u00a0at scale, compliance\u00a0cannot be seen as a\u00a0static legal checklist.\u00a0It\u2019s\u00a0a continuous exercise in knowing who your third-party suppliers are, what risks they introduce, when their controls were last tested and whether the evidence still supports the claims,\u00a0access\u00a0and responsibilities they carry.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:true,&quot;134233118&quot;:true}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"none\">The danger lies in assuming that a long-standing service provider is automatically a trusted one. Without regular due diligence,\u00a0monitoring\u00a0and clear ownership, familiar suppliers can become a serious financial,\u00a0operational\u00a0and reputational threat.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:true,&quot;134233118&quot;:true}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"none\">Retailers therefore need governance systems that can spot change early, assign ownership quickly and turn supplier risk into practical action before a failure becomes public.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:true,&quot;134233118&quot;:true}\">\u00a0<\/span><\/p>\n<p><em><strong>Click here to sign up to Retail Gazette\u2018s free daily email newsletter<\/strong><\/em><\/p>\n<p><!-- AddThis Advanced Settings above via filter on the_content --><!-- AddThis Advanced Settings below via filter on the_content --><!-- AddThis Advanced Settings generic via filter on the_content --><!-- AddThis Share Buttons above via filter on the_content --><!-- AddThis Share Buttons below via filter on the_content --><!-- AddThis Share Buttons generic via filter on the_content --><\/div>\n<p><p><a href=\"https:\/\/dmsretail.com\/online-workshops-list\/\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-496\" src=\"https:\/\/dmsretail.com\/RetailNews\/wp-content\/uploads\/2022\/05\/RETAIL-ONLINE-TRAINING-728-X-90.png\" alt=\"Retail Online Training\" width=\"729\" height=\"91\" srcset=\"https:\/\/dmsretail.com\/RetailNews\/wp-content\/uploads\/2022\/05\/RETAIL-ONLINE-TRAINING-728-X-90.png 729w, https:\/\/dmsretail.com\/RetailNews\/wp-content\/uploads\/2022\/05\/RETAIL-ONLINE-TRAINING-728-X-90-300x37.png 300w\" sizes=\"auto, (max-width: 729px) 100vw, 729px\" \/><\/a><\/p><br \/><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Third-party supplier oversight is now one of retail\u2019s biggest compliance risks, according to Vantify\u00a0 Retailers are facing a compliance landscape where some of the greatest [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":16422,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[13],"tags":[],"class_list":["post-17194","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-magazines"],"_links":{"self":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/posts\/17194","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/comments?post=17194"}],"version-history":[{"count":0,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/posts\/17194\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/media\/16422"}],"wp:attachment":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/media?parent=17194"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/categories?post=17194"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/tags?post=17194"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}