Supply Chain Due Diligence: New Regulations and What You Need to Do

Editor’s note: This is the fifth article in an ongoing series on the crucial role of supply chains in balancing the evolving needs of customers and making progress toward meeting ESG (environmental, social, and governance) goals and an evolving landscape of government regulations.

Today, every company is on a tightrope trying to balance growing their business, ensuring supply chain resiliency, and addressing ESG risks and performance. The supply chain function is the bridge between internal silos and the suppliers that are critical to success. The challenges have become more pressing due to the rapid proliferation of supply chain due diligence laws.

Countries worldwide are enacting new laws and directives that require companies to assess their suppliers’ environmental and human rights practices. These regulations are largely based on the Organization for Economic Cooperation and Development (OECD) Due Diligence Guidance for Responsible Business Conduct published in 2018.

Failure to walk that tightrope now carries the risk of legal charges and fines in addition to reputational damage. The confluence of new laws and increased focus on environmental and human rights considerations by business customers and consumers means that the tightrope supply chain leaders must navigate is getting higher and higher off the ground.

More laws and directives

Several European countries have already enacted laws aligned with the OECD guidance, including Germany’s Supply Chain Due Diligence Act and France’s Corporate Duty of Vigilance Law. Whereas these laws broadly cover all product categories, the U.S. has passed the Uyghur Forced Labor Prevention Act, specifically requiring companies that import cotton products from the Xinjiang region of China to conduct due diligence and certify that the goods were not produced using forced labor. Canada introduced the Corporate Respect for Human Rights and the Environment Aboard Act, and Japan has the Guidelines on Corporate Human Rights Due Diligence.

In June 2023, the European Union Parliament approved the Corporate Sustainability Due Diligence Directive (CSDDD), mandating more rigorous due diligence for EU companies and those operating within the EU. The directive requires companies to identify, prevent, mitigate, and account for negative environmental and human rights impacts from their operations, subsidiaries, and value chains. The EU expects approximately 13,000 EU companies and 4,000 outside the EU to be directly affected.

Related:

Read part 1: Supply chain: The intersection of ESG and the new customer

Read part 2: The supply chain is the hub for creating new constellations of value

Read part 3: Unlocking competitive advantage through strategic data sharing

Read part 4: Supply chain must lead the shift from risk mitigation to competitive advantage

Supply chain leaders should note that these laws and directives go far beyond requiring pre-contract due diligence on the supplier. They demand an analysis of the potential environmental and human rights impacts of supplier relationships, followed by collaborative efforts with suppliers to mitigate these risks. In practical terms, this means you need to develop an appropriate action plan, monitor progress in implementing the plan, and report on the outcomes.

Supply chain due diligence program

As we pointed out earlier in this series, cross-functional collaboration is critical to be able to put the management systems in place to meet the new laws. A careful analysis of the laws shed light on what organizations need to do to have an effective supply chain due diligence program that will consistently meet the requirements.

Here’s a quick look at the management system elements and how they fit together into a cohesive, effective program. While companies may have many of the elements already in place, it is important that they are applied to environmental and human rights issues.

1. Supply chain mapping: The first step in establishing a supply chain due diligence program is to identify and map the organization’s supply chain partners, looking at who provides services or materials and where they are located.

2. Risk assessment: An effective program is risk-based. It is important to have a process for evaluating the likelihood and potential impact of supply chain risks and prioritize them across the environmental and human rights spectrum.

3. Strategy & goals: Supply chain due diligence should be aligned with the overall business strategy and ESG goals. The due diligence process should provide data needed for tracking progress and public reporting.

4. Policies, procedures & records: The due diligence program should be defined in a reasonable number of policies and procedures, shaped by the risk assessment and the relevant laws.

5. Responsible supply chain engagement: ESG expectations should be communicated to suppliers frequently and through a Supplier Code of Conduct. There should be a process in place for vetting, approving, and onboarding new suppliers, as well as the considerations made if/when disengagement with a supplier is warranted.

6. Governance and oversight: Senior leadership’s level of involvement is important in embedding responsible supply chain engagement practices and mitigating potential supply chain risks. Part of an effective program is having trusted grievance reporting channels for employees, suppliers, and other stakeholders to access.

7. Training & communication: Effective training and communication is critical to building awareness of the ESG expectations and gaining commitment internally and with suppliers. Information should also be communicated on what actions should be taken to meet the legal requirements.

8. Monitoring: An ongoing process is needed for assessing the supplier’s ability to adhere to the supply chain due diligence expectations for mitigating potential risks.

9. Corrective action & collaborative remediation: Define the corrective actions required of suppliers or to be conducted in collaboration with suppliers. This includes assessing the roles and responsibilities in the remediation efforts, as well as assessing the effectiveness of remediation efforts.

10. Stakeholder engagement: Engage with external stakeholders (including workers of suppliers) to establish and monitor the ongoing effectiveness of the supply chain due diligence strategy and related goals. This includes how the organization considers potential impacts its supply chain has on the communities of its suppliers.

11. Reporting & disclosure: Reporting is a critical requirement in meeting the supply chain due diligence regulations. There should be a process in place for assessing the reliability of the data being collected from suppliers and third parties (e.g., audit firms, consultants) and for determining the appropriate level of transparency and disclosure.

The elements above can be used as a checklist to do a quick assessment of where your program is today. Remember that supply chain due diligence laws and directives generally cover environment and human rights, so your program needs to address both issues even if you believe that one issue is more material and relevant to your business. Use the risk assessment as a tool to determine the inherent risks you face considering your business and the relevant laws. The results will be critical in taking reasonable steps to prioritize your actions and mitigate your supply chain risks.

The next article in this series will look at the three tracks that every supply chain leader must understand and orchestrate to succeed in embedding ESG considerations: supplier cooperation, data availability and internal buy-in.

About the author:

Craig Moss is executive vice president of Ethisphere and director of the Digital Supply Chain Institute.

SC
MR