ERAI Blog

Supplier Selection, Choosing Wisely

Anne-Liese Heinichen

In the movie Indiana Jones and the Last Crusade, Harrison Ford’s character is forced by a Nazi cooperator to find the Holy Grail to save his father from certain death. From a table replete with various different chalices, the evil Nazi incorrectly chooses the most ornate one and subsequently dies. The Crusader knight that has been guarding the Grail admonishes, “he chose poorly”. Indiana Jones picks the simple wooden chalice by intuitively guessing it would be the cup of a carpenter (Jesus) and saves the day. The Crusader knight confirms his choice with, “you have chosen wisely”.

Unfortunately, selecting a supplier for your organization is not as cut and dry as in the movies. Common industry best practices cite requirements such as audits (on-site preferable), adherence to industry standards, quality certifications (which should always be validated), documented warranties and return policies, documented counterfeit mitigation policies, personnel certifications and training, documented purchasing and acceptance processes, trade references, performance history, and any recorded problems reported by industry data sources such as ERAI and GIDEP. These steps are vital in “weeding out” any companies that could put your organization in harm’s way and are important in reducing the risk posed by uninformed suppliers that can threaten your supply chain.

A recent example highlights how asking the right questions should be an integral part of your organization’s documented counterfeit mitigation program to identify supplier risk. An individual sought to subscribe her distribution company to ERAI’s services. When queried whether the company had a counterfeit part mitigation policy and/or control plan, the individual responded by asking, “which one is the normal?”. In other words, the individual wanted to be clued in as to how she should respond, making it likely that the organization did not have either the policy(ies) nor process(es) in place.

Another organization reached out to ERAI to report that a company was falsely proclaiming to be a Defense Logistics Agency (DLA) Approved Laboratory. The purpose of the QTSL Program is to mitigate the risk of nonconforming or counterfeit semiconductors and microcircuits entering the supply chain for the military by testing and other quality assurance demonstrations prior to award. Upon closer examination, it was concluded the “Quality” section of the company’s website was a verbatim copy of a government prime contractor’s test analysis portion of their copyright protected website.

ERAI became aware of a fraudulent company after an organization sought to verify their alleged ERAI membership after seeing ERAI membership advertised on the company’s website. Along with fraudulently claiming to be a member of ERAI, the company purported to have certification to ISO/IEC 17025:2005, SAE AS6081, ISO 9001:2015, AS9120B and Environmental Health and Safety Management System. By contacting the registrar listed on the certificates, ERAI was able to verify that all of the certifications appearing on the company’s website were counterfeit. Additionally, during the investigation, it was discovered that the company had stolen the vast majority of the website content, including images and videos, from the website of another independent distributor with in-house testing capabilities. Organizations that make false claims regarding memberships, certifications or quality processes should be considered extremely high risk.

Three companies, all with locations in Shenzhen, China and Hong Kong, separately applied for ERAI membership within a span of a few days. All three companies provided mainland China VAT licenses which were verified by a Chinese government-run database. ERAI staff noticed that the Hong Kong locations cited by two companies as warehouses were identical. When asked, one company stopped responding to ERAI’s inquiries while the other admitted that the address belonged to a third party logistics service that “help most IC company to manager their stock…[it is] one of the IC stock center, it means it is more easy to delivery stock to other client's warehouse.” One company shares an identical address with an organization that was reported by ERAI four times, including once for counterfeit documentation and once for suspect counterfeit product. The second company’s owner and corporate shareholder contacts are listed in the same aforementioned-reported company and shares a Hong Kong address with another organization reported for supplying counterfeit product. The third company, who ceased communications with ERAI, shares a primary point of contact with six other companies and denies any connection with those six companies. Note: of the six companies, two were previously identified by ERAI as having supplied suspect counterfeit product.

In another instance, ERAI was contacted by a member with a question regarding a company’s listing on the US Entity List. The Entity List is a list of foreign businesses, research institutions, government and private organizations, individuals, and other types of legal persons administered by the Bureau of Industry and Security of the US Department of Commerce. These companies and individuals are subject to specific license requirements for the export, reexport and/or transfer (in-country) of specified items.¹ The distributor was performing due diligence on whether a company should be added to their approved vendor list and uncovered a listing in a third party database which contained a similar company’s name. Although the company name differed by one letter (a instead of e), the Member contacted ERAI for assistance. An ERAI investigation determined that the companies were indeed separate entities with different owners. The company whose name ended with the letter “e” was listed on the Entity List. The other organization whose name ended with the letter “a” was owned by the same individual (according to the Hong Kong Integrated Companies Registry Information System) as another company that was named in the same listing as the company whose name ended with the letter “e” on the Entity List, as participating in a network that imported items into China and Hong Kong and subsequently on to end-users associated with the government of Syria.

An Asian contract manufacturer contacted ERAI requesting a free report on an independent distributor located in France they were considering adding to their approved vendor list. Although ERAI did not have information in our proprietary database regarding this company, an investigation uncovered:

No company was registered under this name in the French Registry at www.infogreffe.com.
The company’s website domain was registered one year ago allegedly from Delhi, India; the company purported to have a location only in Paris, France.
The company’s address listed on the website was incomplete: only a street name was provided.
No record of a company by this name was found in the Dun & Bradstreet database.
A Google image search for one of the alleged employees yielded a search result for an individual working as a clinical recruitment consultant based in Norway. The images of both the alleged employee and the Norwegian consultant were identical.

Useful Tips:

Verify all certificates appearing on a company’s website. If not present on the website, request copies and verify the certificates with the appropriate registrar. Do not validate a certificate using links or phone numbers provided on certificates. ERAI has previously encountered a counterfeit certificate containing “fake” registrar contact information; contact the registrar yourself directly by performing an Internet search.
Perform on-site audits of suppliers whenever possible prior to adding them to an AVL (Approved Vendor List). If not possible, always verify a company’s registration in as many locations as possible and perform Internet searches for addresses and use map searches. Do the address locations exist, is the company listing a mailing store or shared office space as a location and do other organizations list the identical address as offices? Question your potential supplier and establish if the company is really working at the address(es) as they claim.
Routinely copy and paste text from the company’s website and perform an Internet search. Are they plagiarizing from other companies?
Perform Google image searches on individuals, offices, and products shown in a company’s website at https://images.google.com/. Images can be easily uploaded using this tool.
ERAI Member Tip: ERAI Members search the US government's Consolidated Screening List (CSL). Per the Bureau of Industry and Security, "the CSL is a streamlined collection of nine different "screening lists" from the U.S. Departments of Commerce, State, and the Treasury that contains names of individuals and companies with whom a U.S. company may not be allowed to do business due to U.S. export regulations, sanctions, or other restrictions. If a company or individual appears on the list, U.S. firms must do further research into the individual or company in accordance with the administering agency’s rules before doing business with them." The information is provided directly from the International Trade Administration (ITA) Developer Portal and is included in your ERAI membership under the Search tab - US Consolidated Screening List.

ERAI encourages all organizations, regardless of ERAI membership status, to contact our office for assistance with your organization’s verification process. Prior to sustaining a loss or receiving counterfeit goods, if you receive a suspicious email or if you need tips on locating information publicly available on the Internet, let us know. As illustrated above, even small insignificant details can be valuable data. Contact our office at 239-261-6268 or eraiinfo@erai.com with any inquiries.

_____________________________________
¹ https://bis.doc.gov/index.php/policy-guidance/lists-of-parties-of-concern/entity-list