In the last decade, voluntary frameworks have been introduced to provide guidance on corporate due diligence, fostering business behaviour to respect human rights and, more recently, the environment. Key examples include the original OECD Guidelines for Multinational Enterprises almost five decades ago, the 2011 Updated OECD Guidelines for Multinational Enterprises and the UN Guiding Principles on Business and Human Rights (UNGPs) adopted in 2012.

However, these non-binding principles and guidelines have been implemented with unsurprisingly low corporate adherence and limited scrutiny. Our 2022 Global Third Party Risk Management (TPRM) Survey showed that 41% of respondents believe they have a low level of organisational capability at present to assessing and prioritizing third party ESG risk dimensions. A further 35% say that assessment and prioritisation of ESG risk dimensions is based on judgemental evaluations using expert input or other ad hoc mechanisms, rather than formal quantitative processes.

Driven by increased scrutiny from regulators, investors and consumers, a growing number of countries have now started to implement mandatory human rights and environmental due diligence requirements including Germany, France, Norway, and the Netherlands. In addition, the EU has set out to establish a Union-wide framework. Germany may now be seen to be ahead of the game with its strict Act requirements, as the SCDDA imposes due diligence duties on companies by requiring them to identify, assess and address human rights and environmental related risks as well as end existing violations. And other European countries will soon follow. The proposed European Corporate Sustainability Due Diligence Directive (CS3D) aims to advance respect for human rights and the environment, while also creating a level playing field for companies operating within the EU and avoiding legal fragmentation and competing mandates across borders.

An overview and key takeaways of German Supply Chain Due Diligence Act

The German Supply Chain Due Diligence Act (SCDDA) came into force on 1 January 2023. It applies to companies with more than 3,000 employees whose:

• headquarters, principal place of business, or registered office is in Germany
• headquarters, principal place of business, or registered office is outside Germany but with branches operating in Germany

In 2024, the threshold will decrease to 1,000 employees.

Below is what organisations can learn in preparation for the incoming EU regulations.

• Conduct an appropriate risk analysis to identify human rights and environmental risks in the organisation’s own business, as well as within its suppliers
• Establish appropriate preventive measures and embed these within the organisation’s operations
• Create and implement a remedial action plan and ensure that violations are registered by an appropriate whistle blowing system
• Publish a human rights statement

Companies with a turnover greater than €400 million face penalties of up to two per cent of their annual turnover and exclusion from being awarded public contracts for up to three years.

Avoiding getting caught in fragmented requirements

More countries are starting to implement their own due diligence regulations. The effects of cross-border regulations applying to multinational organisations are likely to collide in some way. Particularly as the implementation will often require different rollout plans.

In practice, companies can end up being confronted with various obligations in the different countries that they – or their supply chain – operate in. Despite the specificities of the various pieces of national legislation, they are all largely built on the same foundation: the UNGPs. This means that efforts towards alignment with the UNGPs will set companies on the right path to compliance with the different pieces of legislation, rather than each new regulation being assessed in isolation. As new regulations come into effect, the requirements to fully comply are also becoming stricter, which reflects the complexity of this topic. This presents a challenge for compliance and implementation if the necessary processes and due diligence are not put in place.

Five key steps organisations can take to avoid a fragmented approach to human rights and environmental due diligence:

1. Ensuring a broad and joined up scope of human rights and environmental topics is included for assessment initially. These include forced labour and slavery, child labour, restrictions on freedom of association, discrimination, deforestation, and illegal violation of land rights.
2. Developing a good understanding of your value chain beyond tier 1 suppliers. The proposed EU CS3D covers the entire chain of activities related to the production and supply of goods by a company. This would encompass the activities of all direct and indirect business partners.
3. Moving to ongoing risk management which includes a robust human rights framework. Move away from the static box-ticking practice. You should consider implementing activities that support ongoing monitoring of suppliers and continuous improvement of their human rights and environmental performance. Reliance on audits and compliance-based approaches to manage and mitigate human rights risks are no longer sufficient on their own.
4. Engaging with stakeholders at all stages of developing or enhancing your approach to human rights due diligence. Adverse impacts on human rights are a business risk. Taking rightsholder’s perspective into consideration is crucial to effectively managing these risks.
5. Developing effective grievance mechanisms and complaints procedures. First, identify the rightsholders who require access to the complaint’s procedure. Next, develop a communications plan to make the procedure accessible and to address the language, literacy and technology barriers that rightsholders may face in accessing the complaints procedure.

How we can help

Corporate responsibility has gained momentum and regulatory action has added pressure on companies to move more rapidly towards respecting human rights and environmental standards amidst geopolitical uncertainty. Strategically embedding these practices as long-term gains instead of just short-term reactive tactics is now imperative. Deloitte combines expertise in ESG and third-party risk management with deep capabilities in sustainable and resilient supply chains. Get in touch to learn more.