Opedium Advisory

Fewer People, More Rules: Supply-Chain Compliance Under Pressure

Oct 05, 2025

Fewer People, More Rules: Supply-Chain Compliance Under Pressure

"What's happening in the world?" you might ask, and a tsunami of answers and thoughts floods the shores of your mind. And that happens if you only ask the question with regard to a single strand of compliance, not to mention everything else that you may have to consider, fret about, and ultimately deal with as part of what you thought your job was about and what your bosses know it is about...and what you all agree it is about. 

Across Europe, many companies are looking to trim headcount. There is nothing new about that; we see it as a repeating circular event in all manner of business. The thing is, though, that we never learn that cutting your compliance team is not always, and should not always be, the first option. I must admit, for many years, it was a boon for those who sold compliance software. We were able to reassure the ever-decreasing compliance teams that we could stick our software thumbs into the ever-widening cracks of their compliance expectations and stop the flow of anticipated fines and wrist-slaps from the regulator, just like the fabled boy on the Dutch dike. I mean, it was good for business, but was it good for...well, business? 

Cutting your regulatory team in times of financial challenge is akin to cutting your ropes while climbing Everest. It simply should not be done. A Sherpa cutting ropes? Well, you would soon be skidding as fast as your backside would allow down the slope and back to safety while the cries of "It will be fine, don't worry!" ring in your frozen ears. Compliance is the set of ropes and the mountain, the snow, the rain, the wind, the sub-zero temperatures, and grumpy colleagues; well, they are all the working parts of the product you make and the company that makes the product. Not to put too fine a point on it, you kinda need the ropes. 

So, what is driving the push to smaller teams that bear larger obligations, or, more clearly, what is moving companies' risk from managed to exposed? Quite a few things need to be managed while trying to balance the concerns of approachable compliance.

  • Cost pressure and slower growth: higher financing costs and squeezed margins result in stalled hiring, shared roles or "additional role ownership" (more work, same pay!)
  • Regulatory surge: You have heard me bleat about this in the past, but I am not sure the sheepdogs are listening. More markets, more regulations. If you seek to sell your product in new markets, you will face more regulations. Currently, clients are raising flags about expanding disclosure and traceability requirements, what direction those obligations are being pushed, and who is responsible for them within the organisation.
  • Tool sprawl and data silos: Every now and again, a new business term is coined, and I do like this one, "tool sprawl." Too many systems covering too many related tasks and coexisting without connection or consideration.
  •  Talent Churn: Off-boarding (a terrible expression from HR language creators...two steps short of waterboarding) takes away company knowledge with an expectation that it will still, somehow, be there when it is needed. 
  • Geopolitics and logistic friction: Sanctions, export controls, tariffs, and route-disruptive events make supply-chain engagement a moving target, not one you wish to shoot (depending on the department you work for), just one you would like to tie down. 


Five balls to juggle before even considering the impact of dropping one, two, or all of them. So, when you do drop one, and you will, what is the impact of that slip on your business? Again, a manageable snafu if you were a large organisation with the people and the funds to manage issues when they arise unexpectedly. If you are an SME, probably a different outcome:

  • Compliance debt: Tot up your compliance receipts, and you will see overdue supplier questionnaires, partial data, audit slippage, and more.
  • Tender risk: the inability to evidence due diligence knocks you out of consideration even before pricing can be discussed.
  • Cost creep: When you encounter processes that are not standardised across your business, you will find new budgets...hard to find. 
  • Single Point of Failure: A single, standardised process is not an SPoF; having one person who understands it and manages it is. 


Those four points are just the start; it is not an exhaustive list once you consider capacity, financial, operational, and relationship strains that will inevitably appear, especially in smaller companies. 

What are the fixes, if any, that can help you if you hit these barriers? Well, there are many small fixes that can be implemented before you consider gently knocking on your frazzled CFO's office door, cap in hand, seeking more budget. 

1. Prioritise by risk and revenue: Map obligations to where the revenue and regulatory exposure actually sit, often by product line and country. Then, try to focus on the 20% of suppliers that cover 80% of spending, emissions, and content first.

 
2. One ask, many uses: Issue one harmonised questionnaire aligned to your core frameworks, such as due diligence questions, restricted substances, and origin/HS codes for CBAM, to cut duplication, improve data quality, and strengthen regulatory reporting.


3. Assemble the essentials: Give yourself space, a defined space though, to get the ducks in order and pull the pigeons out of the line. You know the ducks: Code of Conduct, Human Rights and Environmental Policies, Supplier Due-Diligence SOP, Sanctions/Export-Control Check Steps, Incident Log, and Corrective-Action Templates. Perfection is a fool's target; get the process right, and that will help with tenders and audits.

 
4. Small steps before leaping: Work on the small e-wins before jumping to large-scale solutions. Shared mailboxes, use Power Query or simple low-code flows to clean vendor data and match IDs. Small, smart automation builds confidence (and evidence) for bigger investment later. 


5. Let the shovel do the work: An old builder used to say that to me during my summer building jobs, and it applies here too, to contracts. Add data-provision clauses, origin declarations, warranties on restricted substances, and right-to-audit to the Ts&Cs. The contract is the shovel!


6. Sprints versus long-distance webinars: Short, snappy, and informative notifications for buyers and planners on "How to read a supplier declaration," "3 red flags in an SDS," or "When to escalate." Short and effective beats long and ponderous. 


7. Consider governance that fits the headcount:Nothing moves faster than a governance committee...once the fifth sub-approval has been signed off by the steering group. Keep it small and reasonable for small and medium businesses. Engage the team in a monthly Risk Huddle (30 mins), and cover the top nonconformities, blocked tenders, and corrective actions. On a quarterly basis, produce a board note that includes a heat map, the fines you've avoided, the percentage of suppliers covered, and the cost-to-comply trend. 



There is more to come on this subject, and it will follow in the next post, but for now, one key thing I would always recommend a client to do is to speak with your peers. There is a wealth of information out there that people are so willing to share over a coffee or a beer. People do like to help!