What You Don’t Know about Germany’s ‘Supply Act on Corporate Diligence’ Could Cost You
Environmental, social, and governance (ESG) principles in the business world have recently become enmeshed in the culture wars waged by some conservative groups and pundits, who often characterize ESG as “woke capitalism.” That hasn’t stopped the mainstreaming of the movement here and abroad. While in the United States ESG is largely the province of individual corporations and businesses responding to the concerns of stakeholders, legislators increasingly are entering the fray. There are a number of ESG-adjacent rules that businesses are compelled to follow in most liberal democracies. Most recently, Germany has enshrined some of these principles in the German Supply Act on Corporate Diligence Obligations in Supply Chains. If you’re running a business in the United States, you may be wondering why you should care. There are two reasons: The act applies to companies that have a branch in Germany and not just to German-owned companies. Second, it is only a matter of time until possibly more strict directives along these lines are enacted by the European Union.
Tracking human rights violations
The German Supply Act on Corporate Diligence Obligations in Supply Chains went into effect on Jan. 1, 2023. As defined on the Lexology site, it sets out how companies must comply with their due diligence obligations in the field of human rights along their entire supply chain. This involves analyzing human rights–related risks, taking measures to prevent and mitigate human rights violations, setting up grievance mechanisms, and reporting on their activities. In this context, environmental concerns are also relevant when they lead to human rights violations (through poisoned water, for example) or serve to protect human health. Importantly, the act also applies to suppliers. “Suppliers are involved indirectly as soon as a company receives substantiated reports of human rights or environmental violations at that level,” writes Lexology.
Currently, the act applies to companies that have at least 3,000 employees in Germany. Starting Jan. 1 of next year, it will apply to companies with at least 1,000 employees.
It is estimated that the act, as it currently stands, affects roughly 600 German companies. That number will climb to nearly 3,000 by the start of next year.
“The overarching thing to consider for all companies worldwide is how they adapt their risk management framework to consider these mandates globally,” recommends Lauren Britts, VP of Digital Transformation at Certa, which has developed a workflow automation tool that helps enterprises conduct due diligence on their suppliers and manage associated risk. “As business leaders and citizens of the world, it is becoming increasingly necessary to conduct human rights and environmental due diligence worldwide. Evaluating the implications of this new law specific to Germany only would be short-sighted. All companies should take the opportunity to critically apply its principles regardless of where they operate, especially since stricter variations of the German Supply Chain Act like the EU directives are forthcoming,” said Britts. Certa’s platform supports all dimensions of risk including human rights violations, modern slavery, ESG, compliance, financial, regulatory, etc., and ensures suppliers are continuously monitored for any changes in risk levels.
The act is too far-reaching and complex to summarize here, but the full text in English is available on the internet. Jason Anderman, head of legal at Certa, called out some of the principal requirements that businesses should be aware of for PlasticsToday.
Validate your suppliers’ compliance
The due diligence obligations in relation to suppliers include forced labor, child labor, discrimination, violations of freedom of association, unethical employment practices, unsafe working conditions, and environmental degradation, according to Anderman. “Your company policies should cover these subject matter areas, and you should also validate your suppliers’ compliance with key policies such as the Modern Slavery Act,” he said.
To comply with the due diligence obligations, the act states that “enterprises must establish an appropriate and effective risk management system.” Anderman recommends defining “accountable personnel for monitoring supplier compliance and automating those efforts via a defined workflow. Include an ongoing reporting mechanism to senior management documenting key metrics and compliance gaps with given suppliers,” he added.
In terms of risk analysis, Anderman advises segregating the level of risk for given suppliers. “For instance, embedded contractors who interact with your customers should be of particular concern.”
Regarding section six of the act, which addresses preventive measures, Anderman suggests setting up a dashboard for non-compliance reports — with red, amber, and green alerts — indicating time elapsed since the remediation due date to prevent the occurrence of major problems. Remedial action in the event a supplier fails to comply should involve automated action steps, such as an escalation to the supplier’s senior management up to termination of the contract.
Businesses are behooved to make a good-faith effort to comply
Anderman also noted an obligation under the law to report, as stated in the act, “human rights and environment-related risks as well as violations of human rights–related or environment-related obligations that have arisen as a result of the economic actions of an enterprise in its own business area or of a direct supplier.” He recommended adding an icon or tile within your software-as-a-service system (SaaS) to facilitate submission of complaints. You may want to consider adding a link to the German law, Anderman added.
The act, as many media outlets have reported, is complex and vaguely worded, making compliance problematic. But businesses that fall under its jurisdiction should make a good-faith effort. The alternative could be costly. Fines for violations of due diligence and reporting obligations can reach into the millions of euros. “Companies with an average annual turnover of more than €400 million may be fined up to 2% of their average annual turnover for breaches of the obligation to take remedial action or to implement an appropriate remedial action plan at a direct supplier,” reports Lexology.