Since its enactment in January 2021, the US Holding Foreign Companies Accountable Act has reshaped not only the compliance expectations for foreign issuers in US capital markets but also, indirectly perhaps, the risk management frameworks of the US institutions investing in or doing business with them. While its primary thrust is to ensure that foreign companies listed on US exchanges submit to the scrutiny of the Public Company Accounting Oversight Board, or PCAOB, its ripple effects extend well beyond investor disclosures. The supply-chain implications, though less discussed in public forums, have not gone unnoticed among cautious asset managers and procurement teams. It would seem that the integrity of a supplier’s financial reporting is now, more than ever, a piece of the due-diligence puzzle that can’t be safely overlooked.

 

What complicates the matter is that, in some cases, the firms in question are significant nodes in critical supply chains—electronics components, pharmaceuticals, industrial machinery. It’s not always easy to draw the line between capital market compliance and operational risk. Yet, the HFCAA forces the issue in a way that few other measures have. Foreign firms that fail to comply with PCAOB audit inspections risk being delisted from US exchanges. On its face, this is a capital markets concern. But if those same firms are key suppliers, the financial opacity implied by non-compliance raises legitimate questions about their long-term viability, or at the very least about the robustness of their internal controls. There’s a tendency, perhaps understandable, for supply chain risk managers to assume that financial and operational risks sit in separate silos. The reality is a good deal more entangled.

 

Asset managers, especially those with exposure to emerging-market suppliers, have started to adapt their approaches. Cross-referencing vendor financial statements with PCAOB’s published audit reports has become, in some circles, a routine task. The PCAOB’s open audit report listings—though they might appear, at first glance, somewhat dry—are proving a valuable starting point. They enable a quick screen: is this supplier’s parent entity subject to audit oversight? Is the auditor itself inspected and found in good standing by the PCAOB? And, crucially, have there been material deficiencies flagged in any of the recent reports? For many firms, this isn’t about black-and-white answers. It’s about layering financial transparency into a broader matrix of supply chain due-diligence factors. There’s some debate, of course, about how far to take this. A flagged audit doesn’t necessarily imply operational risk. But it does, at minimum, prompt further questions.

 

Where firms are beginning to coalesce, if tentatively, is around building formal due-diligence checklists that integrate financial verification into supplier assessments. These checklists typically start with basic questions: is the supplier’s ultimate parent company listed on a US exchange? If so, is it subject to HFCAA provisions? Are PCAOB inspections possible and up-to-date? From there, the checklist might extend to secondary items: what’s the nature of the supplier’s auditor relationship? Is there alignment between audit findings and the financial representations provided in procurement disclosures or vendor onboarding materials? Again, none of this is necessarily definitive. But it represents, arguably, a step forward in connecting financial oversight with supply-chain governance in a way that feels practical rather than performative.

 

It’s interesting, too, how different firms are interpreting the spirit of the HFCAA in their supply chain practices. Some US asset managers, particularly those with significant passive exposure, seem to take a stricter stance—perhaps because of reputational concerns or regulatory sensitivities. Others, particularly those in more niche or actively managed strategies, adopt a somewhat more pragmatic view. They’ll monitor PCAOB reports and HFCAA-related developments, yes, but their primary focus remains operational continuity and supplier performance. There’s no uniformity here, and perhaps that’s unsurprising. The regulation was never designed, after all, with supply chains in mind. Yet here we are, watching as it shapes supplier assessment frameworks in ways few anticipated.

 

An undercurrent in these discussions, and one that’s worth acknowledging, is the tension between data availability and actionability. The PCAOB’s audit inspection reports are a useful tool, no doubt. But they don’t cover every foreign supplier, nor do they always provide the granularity a supply-chain risk manager might wish for. This creates a somewhat patchwork approach—where open data is supplemented, often unevenly, by direct supplier engagement, contractual representations, and, in some cases, third-party verification services. Some asset managers have begun working more closely with their procurement colleagues to close these gaps, recognizing that financial verification isn’t a standalone exercise. It’s part of a broader tapestry of due diligence, touching on everything from ethical sourcing to cybersecurity.

 

It’s possible, even likely, that as the HFCAA matures and as enforcement patterns become clearer, the integration of financial audit data into supply-chain checks will become more standardized. But for now, there’s still a degree of experimentation. Firms are feeling their way, balancing regulatory expectations, operational realities, and the limits of what current data infrastructure allows. Some of this experimentation will likely inform best practices down the line. And some, inevitably, will fall by the wayside, as firms refine their approaches and discard what proves impractical.