Supply Chain Compliance
We advise our clients in identifying, assessing and documenting their risks within their own business area as well as along their supply chain. In addition, we review existing procurement strategies and practices for effectiveness and ability to adequately address and mitigate the identified risks.
On January 1, 2023, the Act on Corporate Due Diligence to Prevent Human Rights Violations in Supply Chains – the Act on corporate due diligence in supply chains (Lieferkettensorgfaltspflichtengesetz, LkSG) – will come into force, imposing due diligence obligations on companies based in Germany in connection with human rights and environmental risks. Companies with more than 3,000 employees in Germany will then have to comply with the due diligence requirements standardized in this law next year, whereas companies having between 1,000 and 3,000 employees will not be subject to this obligation until one year later.
Your company may already have taken the first measures for implementation. Perhaps you have already initiated the risk analyses, possibly already prepared a policy statement or appointed a human rights officer in your company. However, you may still be at the very beginning of the implementation process, or you may want to involve additional resources for individual measures in a process that is already at an advanced stage. In this case, it may be useful to provide the persons involved with an initial overview of the requirements of the LkSG, so that they know which measures and requirements they will be faced with and how – in our experience – they can be implemented in a legally certain and efficient manner.
Overview
- The term supply chain includes much more than the direct and indirect suppliers of a company. Supply chain in terms of LkSG refers to the entire life cycle of a service or product, beginning with the extraction of raw materials and production up to delivery to the end customer. Relevant are all steps in Germany and other countries that are required to manufacture the products or provide the company’s service, including logistics services and disposal of waste products in the manufacturing process. An interesting question can for example be whether the supply chains of foreign subsidiaries of the company that are not subject to due diligence are covered or how to deal with intercompany contracts.
- We support you in determining your supply chain and, together with you, define the necessary scope of the due diligence obligations related to it.
- In line with the increasing importance of environmental, social, and governance-related aspects (ESG) in corporate compliance, the LkSG also includes elementary environmental protection obligations – to a certain extent as a subset of human rights – in the scope of due diligence.
- Section 2 (3) of the LkSG defines the environmental risks to be included in risk management under LkSG with reference to three named international environmental agreements, namely the so-called Minamata Convention on Mercury, the Stockholm Convention on Persistent Organic Pollutants (so-called POPs Convention) and the Basel Convention. These are agreements which, in addition to the protection of the environment, also serve the protection of human health. According to the regulatory technique of LkSG, reference is not made comprehensively to these international agreements, but rather to a total of 11 individually named prohibitions from the respective international agreement, without these being reproduced in the LkSG, which makes application in practice significantly more difficult.
- LkSG defines the concept of human rights risk based on 12 listed prohibitions, for example the prohibition of child labor, forced labor, slavery, disregard for certain occupational health and safety obligations, discrimination, and disregard for freedom of association, and a catch-all provision. This specifies the cases in which a violation of the legal positions protected in Section 2 (1) LkSG is threatened.
- The prohibition in Section 2 (2) No. 9 LkSG is highly relevant here. According to this, companies in the supply chain must observe the prohibition of causing harmful soil change, water pollution, air pollution, harmful noise emissions or excessive water consumption, insofar as this significantly impairs the preservation and production of food, impedes, or destroys access to safe drinking water or sanitary facilities, or harms the health of a person. This is worded as a kind of environment-related general prohibition. The two-part offence, however, only prohibits the causation of a named harmful environmental impact if this also violates one of the named human rights.
- The numerous references to international agreements and sometimes bulky facts set up in the LkSG make it difficult to apply them in operational practice. Do not hesitate to contact us, we are familiar with the human rights and environmental requirements and their implementation in the risk analysis.
- A core component of the due diligence obligations is the continuous identification and assessment of risks related to human rights and the environment. This covers the company’s own business operations on the one hand, and its direct suppliers on the other. Ideally, it should be integrated into a company-wide risk management system.
- With our years of experience in compliance risk management and risk analysis, we support you in identifying and assessing potential risks. Our digital, cloud-based solution for structured recording, assessment and documentation of compliance risks also supports you on an ongoing basis, enabling you to prioritize the preventive and remedial measures to be taken and roll them out on a risk basis. In doing so, we create synergies with existing risk analysis approaches, e.g., within the framework of your existing compliance management system.
- LkSG imposes extensive documentation and reporting obligations. Affected companies are not only required to submit a declaration of policy, but also to document the fulfillment of due diligence obligations comprehensively and on an ongoing basis within the company.
- After the end of a fiscal year, a report on the fulfillment of due diligence obligations must also be submitted annually to BAFA via electronic access and simultaneously be published on the company’s website. The report is the central document that demonstrates compliance with due diligence obligations to BAFA and the public and must therefore be prepared with the utmost care. BAFA has admittedly published a comprehensive catalog of questions in advance in October 2022 to harmonize the report to be prepared, which will also be the basis for entering the report (via an online entry mask). Nevertheless, the effort required to complete the report should not be underestimated. The questionnaire comprises 37 pages and 437 questions and free text fields. Only if there is no risk or no violation of an obligation related to environmental law or human rights, a considerably shortened report can be submitted.
- Insofar as companies are also subject to the non-financial declaration/group declaration (§ 289b, 315b HGB), this does not (yet) release them from the reporting obligation under LkSG. (Art. 11 of the Commission’s proposal for a future EU Supply Chain Directive provides for this for the non-financial statement under EU Directive 2013/34 on sustainability reporting). The non-financial declaration/group declaration cannot be used to fulfill the LkSG reporting requirement either, as the latter requires disclosure of all identified risks, while the former is limited to naming significant risks.
- Since the report must be submitted to BAFA no later than four months after the end of the fiscal year and published on the company’s website, companies with a fiscal year that is staggered compared to the calendar year in particular have little time to prepare the first report.
- We advise you on the preparation of the required reports and documentation or review existing draft reports for completion and any need for an update.
- LkSG sets out a series of preventive measures that obligated companies must take regarding their immediate suppliers, depending on the risk identified. This begins with the contractual assurance that the company will comply with the human rights and environmental expectations (supplier code) drawn up by the company and “address” them in its own supply chain. This is supplemented by trainings and audits at the supplier. All these measures require a contractual arrangement with the suppliers.
- We support you in reviewing your supply and framework agreements, both from the customer’s and the supplier’s point of view. If necessary, we draft contractual clauses or design your general terms and conditions of purchasing or sales.
- When defining the individual due diligence obligations, the law distinguishes between the obligated company itself, its own business ares, which may also include domestic and foreign subsidiaries, and direct and indirect suppliers. While obligations such as the duty to issue a declaration of policy or the appointment of a human rights officer only apply to the obligated company itself, the risk analysis and individual preventive measures must also be extended to the company’s own business area and direct suppliers in varying degrees. The determination of the own business area as well as the direct suppliers to be included can be complex in individual cases. For its own business area, it is necessary to determine the subsidiaries over which the obligated company has a determining influence.
- For the determination of the direct suppliers, it is important with which group company contractual relationships exist, if necessary, also in the form of framework agreements. We support you in determining your own business area and in developing the due diligence measures to be implemented there.
- The law distinguishes between preventive and remedial measures. Common measures in the company’s own business area include the implementation of a human rights strategy in all relevant business processes, the implementation of risk-minimizing procurement strategies and purchasing practices, the provision of training, and risk-based control measures. Remedial measures must be designed in such a way that they are mandatory (in the company’s own business area in Germany) or ‘as a rule’ (abroad and at affiliated companies) and lead to an end of the violation. Possible measures always include the consideration of joining corresponding industry initiatives. Measures related to suppliers include contractually agreeing on risk-based control measures (e.g., in the form of supplier audits), addressing clear expectations in supplier selection, and contractually assuring compliance with and appropriately addressing these expectations along the supply chain. If human rights violations have already occurred or are imminent, they must be stopped as soon as possible. If this is not possible in the short-term, a concept for prompt termination and minimization must be drawn up and implemented.
- We advise you on which measures are suitable and promising and how they can be implemented most effectively.
- Obligated companies must ensure that internal responsibility for monitoring risk management is defined – for example, by appointing a human rights officer. The law is not specific about the scope of the responsibilities of such a resource, as risk management explicitly includes ensuring compliance with all due diligence obligations. In addition, no further requirements and specifications are codified for a human rights officer, for example regarding independence, being bound by instructions, expertise, authority, and liability. In any case, the position of the human rights officer should be filled well in advance of the start of the risk analysis in order to be able to monitor it sufficiently and effectively. Depending on the corporate environment, it may make strategic sense to appoint a group-wide human rights officer, to appoint a majority of persons with the involvement of various departments, or to outsource the task externally.
- Gladly we advise you on the legally compliant and effective conceptualization of this role within your company.
- LkSG requires the establishment of an appropriate complaints system for reporting human rights- and environment-related risks or violations. The requirements for this are similar to those for a whistleblowing-system based on the EU Whistleblowing Directive (EU 2019/1937) and the corresponding German implementation law: complaints systems must include measures to protect the identity confidentiality of the whistle-blower, and the prohibition of discrimination applies. However, there are also differences, so companies are well advised to check their existing systems for compliance with both laws.
- We advise you on the requirements of both sets of regulations and on how to integrate the requirements of the LkSG into your existing reporting system. Furthermore, we support you in the introduction or revision of a legally compliant, efficient, and rule-compliant investigation concept.
- Regardless of whether and from which time on your company itself is an obligated company within the meaning of the LkSG, the law may already have an impact on your company today. It is possible that one or more of your customers fall within the scope of LkSG. They will approach you with requests not only to commit to their supplier code, but also to extend it throughout your supply chain. In addition, your customers will want to negotiate training and auditing clauses into their contracts. This is a legitimate concern from their point of view, as they are legally obligated to take appropriate preventive measures towards suppliers. Conversely, since your company does not want to enter an obligation to pass on countless supplier codes from customers, it makes sense to establish self-imposed obligations, for example through own codes and training programs.
- We support you in creating this documentation and communicating it with your obligated customers.