Thorough third-party due diligence and ongoing monitoring are essential elements of a robust compliance program and help to protect organizations from costly legal repercussions, reputational damage, and major business disruptions linked to supply chain issues. Preventing human rights abuses and violations in the global supply chains plays a key role in mitigating third-party risk.
As the regulatory environment expands, companies worldwide must rigorously and continuously assess and monitor their supply chains to withstand increased scrutiny and mitigate potential third-party risks. Regulatory demands, plus heightened scrutiny from key stakeholders – such as investors and consumers – and the potential for adverse media attention if human rights abuses are found in the global supply chain are all reasons for organizations to focus heavily on this issue, as pressure builds from many different directions.
The current legal landscape
Europe continues to lead the way regarding supply chain-related due diligence requirements, including the protection of human rights and the prevention of human rights violations. What follows is a high-level summary of how supply-chain due diligence regulations globally address human rights and environmental protections from a due diligence and reporting standpoint.
European Union’s Corporate Sustainability Due Diligence Directive
The EU’s Corporate Sustainability Due Diligence Directive (CSDDD), which entered into force on July 25, 2024, establishes, in part, a corporate due diligence duty for large companies to identify and address adverse human rights impacts, such as child labor, and environmental impacts, such as pollution, in their operations, those of their subsidiaries, business partners, and in their “chain(s) of activities” where there exist direct or indirect established business relationships.
The CSDDD will further require large companies to adopt a “transition plan for climate change mitigation,” intending to ensure through “best efforts” that business models and strategies are in line with the Paris Agreement’s aim to limit global warming to 1.5° Celsius and to achieve climate neutrality as established in Regulation (EU) 2021/1119.
Member states are directed to transpose the CSDDD into national law by July 26, 2026, and to apply those laws to companies on a staggered schedule according to the companies’ employee counts and net worldwide turnover.
Corporate Sustainability Reporting Directive
Under the EU’s Corporate Sustainability Reporting Directive (CSRD), which entered into force on January 5, 2023, certain large companies and all listed companies must disclose information on what they see as risks and opportunities arising from social and environmental issues. They must further disclose how their activities impact people and the environment. Some non-EU companies will also have to report if they generate over 150 million euros on the EU market.
The first rollout of the disclosure obligations, which will come into force in stages, applied to the 2024 financial year, with reports to be published in 2025. Companies subject to the CSRD must make reports in line with the European Sustainability Reporting Standards (ESRS).
On August 7, 2024, the European Commission published a set of Frequently Asked Questions clarifying the interpretation of certain provisions on sustainability reporting obligations set out in the CSRD. Companies should refer to this set of FAQs, as its stated aim is to “facilitate the compliance of stakeholders with the regulatory requirements in a cost-effective way and to ensure the usability and comparability of the reported information on sustainability.”
German Supply Chain Due Diligence Act
The German Act on Corporate Due Diligence Obligations in Supply Chains, which took effect on January 1, 2023, creates “due diligence” requirements aimed at addressing human rights and environmental issues, such as child labor, forced labor, and other global supply chain issues, like responsible waste management and availability of safe drinking water.
Due diligence requirements include conducting risk assessments to determine whether any business activities could lead to human rights violations or environmental damage. Measures must also be taken to prevent or end any issues. A mechanism must also be in place for the reporting of human rights-related or environmental risks or violations.
The scope of the due diligence obligations applies to Germany-based companies, or German-registered branches of foreign companies, with over 1,000 employees. In some situations, the due diligence obligations could also apply to indirect suppliers if evidence exists that potential violations likely took place.
Due diligence procedures must be monitored and documented. Reports must be published and submitted annually to the Federal Office for Economic Affairs and Export Control regarding how the company has met its due diligence obligations.
Other states and countries
Outside the EU, other countries have passed their own stringent due diligence requirements pertaining to human rights and environmental protections, and the reporting of such violations. These include the United Kingdom’s Modern Slavery Act; Canada’s Forced Labour in Supply Chains; France’s Duty of Vigilance Law; and California’s Transparency in Supply Chains Act in the United States.
Compliance best practices
Preventing human rights and environmental violations in global supply chains is a hot topic in many parts of the world. Not only is it a growing regulatory issue that brings with it costly and complex due diligence obligations, but it’s an issue that is increasingly being pushed by investors, consumers, and other key stakeholders alike.
It’s critical for companies and their compliance programs to effectively and proactively address potential human rights and environmental violations in their supply chains not just for the sake of satisfying regulatory obligations, but because it’s the right approach to take ethically and morally.
The following are best practices for companies of all sizes, across all industries and regions, to consider as they look to enhance human rights and environmental protections, and proactively manage and mitigate such risks, in their global supply chains.
Begin by looking through the lens of the “ Universal Declaration of Human Rights.” Compliance regulations are ever-changing. Values and principles never do. Many global regulations that address human rights today take inspiration from the United Nations’ longstanding “Universal Declaration of Human Rights.” The foundation of this document plainly and simply speaks to the rights and freedoms that apply to all humans – such as freedom of speech, freedom from slavery, servitude, forced labor, and more. Always begin with a lens of principle, not regulatory obligation.
Establish the compliance basics
Take a cross-functional approach. Some regulations are more comprehensive than others, particularly regarding due diligence and reporting obligations. As with many laws, taking a cross-functional approach will help ensure the company meets its regulatory obligations across the global supply chain. The functional heads of legal, compliance, risk, human resources, finance, procurement, and senior leadership should all come together, as each provides a different lens, resulting in a whole-of-entity perspective.
Have a regulatory roadmap in place. With the help of technology that can automatically track new regulations, figure out which regulations globally apply to the business. Which does it fall in scope with by company size, region, and who its business partners, suppliers, and third-party vendors are?
Risk rank suppliers. Having a cross-functional team in place helps to holistically map out where human rights and environmental violations are most likely to lurk in the supply chain. Identifying high-risk suppliers will vary based on each company’s unique risk profile, but can include the following:
- Spend-based due diligence: Rather than boil the ocean, conduct due diligence starting with a manageable number as determined by the business. Procurement and/or finance can help provide information about the top suppliers by spend. In other cases, the company may have a technology solution that makes this information easily accessible.
- Due diligence by region: To risk assess human rights violations specifically, one resource is the U.S. Department of State’s “Trafficking in Persons Report,” which annually ranks countries by risk. For country-specific environmental risk, another resource is the World Bank’s “ Country Policy and Institutional Assessment” (CPIA) data.
- Due diligence by industry: Walk Free, Amnesty International, and Human Rights Watch are examples of organizations that provide additional information on supply chain risk.
Trust, but verify. Conduct spot checks against the company’s human rights policy. Conduct in-person audits, where and when possible. Conduct supplier questionnaires and due diligence assessments, and then check against responses. For example, a supplier that ticks a box in a questionnaire stating it has a human rights policy but is not forthcoming about providing one when asked may be a red flag.
Have an escalation process in place. For example, if compliance catches wind of a potential human rights violation in the supply chain and procurement, or any department, continues to sit on the material that compliance needs, no enforcement agency is going to look favorably upon compliance gaps or internal control weaknesses. The entire company will fall on the sword. An escalation process is critical to reduce regulatory risks and financial fines and penalties.
Remediate and document. Remediate any compliance gaps. Develop and document the implementation plan and remediation steps.
Final words
A company that is seeking to mitigate human rights and environmental violations in the global supply chain should start with values and principles as a baseline. From a regulatory compliance standpoint, start with the basics by having in place a supplier code of conduct that expresses the company’s human rights and environmental expectations of its suppliers. Additionally, conduct honest assessments regarding internal hiring and sourcing practices.
With the assistance of automated technology solutions, continuously conduct thorough due diligence on high-risk suppliers and third parties. Have in place internal reporting and monitoring controls, including a whistleblower hotline, and an escalation plan for when potential problems are reported or discovered.
2025 prediction
As human rights and environmental due diligence obligations grow and evolve, as they are sure to do, demands on the compliance program will continue to grow and evolve as well.
We can expect to see increasing emphasis on transparency in diligence efforts and increased pressure on those in the supply chains to participate in the upstream oversight. Enforcement actions in the EU remain uncertain, as Member States must first transpose the Directives into national law.
2025 Top 10 Trends in Risk and Compliance
For deeper insights into the most pressing topics for risk and compliance leaders, download the full eBook and watch the companion webinar on demand.
