The growing importance of ESG-related supply chain due diligence

 
January 24, 2022

Key takeaways

  • There is a growing legal and regulatory focus on corporates to address the adverse impacts their activities and supply chains have on environmental, social and governance (“ESG”) related issues, including human rights.
  • Although some corporates have previously adopted voluntary international reporting and due diligence standards, it seems increasingly likely that corporates will bear more legal responsibility in relation to their supply chains in the near future, including the prospect of penalties and debarment for EU companies and non-EU companies doing business in the EU that fail to conduct ESG-related supply chain due diligence under proposed EU legislation that would introduce mandatory ESG due diligence for supply chains.
  • Non-EU companies are also impacted by increased legislative and stakeholder pressure calling for companies to be better corporate citizens, with certain laws in the U.S. requiring companies to address human rights issues. Given the patchwork of various rules and mandates under various EU and non-EU regimes, non-EU companies doing business in the EU (as well as EU companies doing certain business in the U.S. for example) will need to harmonize their ESG-related compliance policies to ensure adherence to each regime’s requirements.
  • Companies should assess the ESG impact of their supply chains, by undertaking due diligence across their value chain and take action to mitigate against any material adverse ESG risks.
  • Taking these preventative measures now will ensure corporates root out commercial and legal risks, identify inefficiencies in their supply chain and remediate potential compliance and litigation risks (see our previous OnPoint on Litigation and Enforcement Risks).
  • This OnPoint is the second in Dechert’s “ESG Compliance Series” and provides an overview of prospective mandatory ESG-related due diligence legislation for EU companies and non-EU companies doing business in the EU, together with practical guidance on undertaking supply chain due diligence.

Introduction

There is an increasing legislative trend towards holding companies accountable for their own ESG practices as well as those of business partners within their supply chain.

Many companies will already conduct due diligence relevant to ESG issues in respect of their business relationships and supply chains in accordance with international principles and standards.1 Additionally, certain businesses in some jurisdictions are already subject to existing laws which place reporting obligations on businesses to disclose the actions they take in relation to human trafficking and slavery due diligence in their own business and supply chains, such as the California Transparency in Supply Chains Act 2012 and the UK Modern Slavery Act 2015.

However, there is concern amongst governments, international bodies and stakeholders that the effectiveness of voluntary international due diligence frameworks has proved limited “with a restricted number of undertakings voluntarily implementing human rights due diligence in relation to their activities and those of their business relationships.”2

Move towards mandatory ESG-related due diligence

As a sign of the growing global emphasis on corporate ESG responsibility, new and prospective laws within the EU, its Member States and other countries are now focusing on introducing mandatory ESG due diligence requirements for companies, aimed at ensuring companies take measures to prevent and address adverse impacts on human rights, the environment and good governance occurring in their supply chains and business relationships. As a result and in contrast to the voluntary status of existing ESG due diligence principles, certain companies now face mandatory ESG due diligence requirements and punitive measures / enforcement action for failure to identify and address ESG risks in their supply chain.

EU

At the EU level, the European Commission is considering the European Parliament’s March 2021 outline proposal for a draft directive on Corporate Due Diligence and Corporate Accountability (the “Draft Directive”).3 The Draft Directive is aimed at building on the United Nations Guiding Principles on Business and Human Rights (“UNGPs”) and if ultimately implemented, would introduce a legal duty requiring certain EU companies, as well as non-EU companies that provide goods and services in the EU, to conduct due diligence on environmental, human rights and governance issues in line with the UNGPs, with penalties for non-compliance.

If adopted, EU Member States would be required to implement the Draft Directive into their national laws, imposing requirements for companies to carry out effective due diligence across their entire value chain, encompassing the company’s activities, operations, business relationships4 and investment chains. This includes the company’s direct or indirect business relationships which supply or receive services / products to or from the company (upstream and downstream) or that contribute to the company’s own products or services. This due diligence should be proportionate and commensurate to the likelihood and severity of a company’s potential or actual adverse impacts and their specific circumstances, particularly their sector of activity, the size and length of their value chain, the size of the undertaking, its capacity, resources and leverage.

It is anticipated that the Draft Directive (if ultimately implemented as the EU standard), could help foster the emergence of similar standards in other jurisdictions and a global standard for responsible business conduct in supply chains.

The Draft Directive is broad in scope and applies to the following EU and non-EU businesses:5

Obligations: The proposed due diligence duty under the Draft Directive would require companies within scope to identify, assess, prevent, cease, mitigate, monitor, communicate, account for, address and remedy potential and/or actual adverse impacts on human rights (including social, trade union and labor rights), the environment (including the contribution to climate change) and good governance, that their own activities and those of their value chains and business relationships may pose. Businesses would not be permitted to pass on due diligence obligations to suppliers. The core components of this due diligence obligation would require companies to:

  • Carry out a risk assessment that takes into account “the likelihood, severity and urgency of potential or actual impacts on human rights, the environment or good governance” and whether their operations and business relationships cause or contribute to or are directly linked to any of those potential or actual adverse impacts.7 If a company concludes that it has not encountered any adverse impacts in these ESG areas, it must publish a statement to that effect (including its risk assessment containing the relevant data).
  • If unable to conclude this, companies must establish and effectively implement a due diligence strategy (to be evaluated at least once a year and revised accordingly). As part of this due diligence strategy, companies should: 
    • Specify the potential or actual adverse impacts identified, map their value chain and publicly disclose relevant information about their value chain.
    • Adopt and indicate all proportionate and commensurate policies and measures aimed at preventing or mitigating such adverse impacts and establish a prioritization strategy to deal with the adverse impacts identified (if not in a position to deal with them all at the same time).
    • Engage with relevant stakeholders when establishing, implementing, evaluating and revising their due diligence strategy.8
  • Ensure that their business partners implement and carry out human rights, environmental and good governance policies that are in line with their due diligence strategies. For example, via contractual clauses, codes of conduct, or certified or independent audits.
  • Develop a grievance mechanism to allow stakeholders to raise reasonable concerns regarding the existence of a potential or actual adverse impact.

Civil liability: EU Member States will be required to ensure they have a civil liability regime in place (with reasonable limitation periods for claims) under which undertakings can be liable and must provide remediation for harm arising out of actual or potential adverse ESG impacts that they (or undertakings under their control) have caused or contributed to by acts or omissions. Companies will not be able to rely on the fact that they respected their due diligence obligations to avoid liability, unless they can prove that they took all due care in line with the Draft Directive to avoid the harm in question, or that the harm would have occurred anyway. There is no reference to criminal or individual director liability in the Draft Directive.

Enforcement: The competent national authorities of the Member States will be responsible for enforcement of the mandatory due diligence regime under the Draft Directive, with powers to investigate compliance, interview affected stakeholders and carry out checks on the undertaking, including examination of their due diligence strategy and grievance mechanism and on-the-spot checks. Sanctions for infringement (and failure to take remedial action within the time period granted) may include fines based on a company’s turnover, temporary or permanent exclusion from public procurement, state aid and public support, the seizure of commodities and other appropriate administrative sanctions.9

Certain EU countries have already implemented similar laws requiring companies to take proactive action to address ESG issues in their supply chains. For example, the 2017 French law on the Corporate Duty of Vigilance requires certain companies to adopt, publish and implement a vigilance/due diligence plan to identify risks and prevent adverse impacts on human rights and environmental issues caused by the company, its subsidiaries, sub-contractors and suppliers. Additionally, in June 2021, the German Parliament adopted the German Act on Corporate Due Diligence Obligations in Supply Chains (the “Act“). The Act will enter into force on 1 January 2023 and requires companies with more than 3,000 employees (with a registered office or branch office in Germany) to analyse human rights and environmental risks within their supply chains, and take measures to prevent, minimize and remedy any identified negative ESG impacts.10

Impact on non-EU companies

Assuming these EU ESG measures pass, non-EU corporates with EU touchpoints will need to accelerate their compliance reviews to capture ESG risks (to avoid the risk of punitive measures) and respond to stakeholder pressure calling for companies to be better corporate citizens. There are already some laws in the U.S. that require companies to address human rights issues. For example, Federal Acquisition Regulations (FAR), 48 C.F.R. § 52.222-50(b) prohibits human trafficking and forced labor by all federal government contractors and their subcontractors, employees and agents. As referenced above, the California Transparency in Supply Chains Act requires disclosure by certain companies doing business in California of such practices in their supply chains. Given the patchwork of various rules and mandates under both federal, state, and EU regimes, non-EU companies doing business in the EU (as well as EU companies doing certain business in the U.S.) will need to harmonize their ESG-related compliance policies to ensure adherence to each regime’s requirements. In the case of non-EU companies, their failure to conform to similar or equivalent ESG standards may subject these non-EU companies to the risk of losing access to EU capital markets and EU-based lenders.

Separately, the UK government and Parliament are continuing to increase obligations on companies to prevent modern slavery from occurring in their business and supply chains. In June 2021, the Modern Slavery (Amendment) Bill was introduced in the House of Lords, proposing various amendments to the Modern Slavery Act 2015,11 including: (1) new criminal offences of supplying false or materially incomplete information in a modern slavery and human trafficking statement and continuing to source from suppliers that fail to demonstrate a minimum standard of transparency following receipt of a formal warning by the Independent Anti-Slavery Commissioner; and (2) new transparency obligations requiring companies to make additional disclosures and enhance their modern slavery compliance programmes to publish and verify information about the country of origin of sourcing inputs in its supply chain and arrange external supplier audits/spot-checks.

Stakeholder pressure and risks of non-compliance

Beyond legislative initiatives, companies also face increasing pressure from stakeholders, customers and non-governmental organizations to demonstrate high ethical standards in their business practices and supply chains. Companies who fail to meet these standards or make false statements about their ESG performance face significant legal and reputational risks. For example:

  • An undercover investigation by a UK newspaper alleged poor working conditions and underpayment of workers in some UK supplier factories of a global fashion retailer, resulting in a 50% hit to the company’s share price in 2020. Further to this, the company has faced investigations by the UK authorities and a potential investigation by the U.S. border authorities that could jeopardise the company’s ability to import into the U.S.
  • In September 2021, the highest court in France paved the way for a building materials company to be prosecuted for complicity in crimes against humanity in Syria’s civil war, over allegations that the company’s Syrian subsidiary paid armed groups (including the Islamic State (IS)) via intermediaries to ensure that its supply chain and logistics remained operational at its factory in Syria during the early years of the country’s war. The French authorities’ investigation into the matter is still ongoing.
  • In the U.S., since early 2019, victims of sex trafficking have brought dozens of lawsuits against hotels and other hospitality industry participants in federal courts nationwide, pursuant to Title 18 U.S. Code Section 1595(a), the civil remedy included in the Trafficking Victims Protection Act of 2000, codified at 22 U.S.C. §§ 7101-7114 (“TVPA”), as amended. The TVPA prohibits a variety of practices, such as forced labor, debt slavery, and sex trafficking and also criminalizes attempts to engage in these activities. Among its prohibited activities, Title 18 U.S. Code Section 1591(a) of the TVPA punishes criminally the sex trafficking of minors as well as the sex trafficking of adults by force, fraud or coercion. To civilly vindicate the TVPA’s various criminal prohibitions, Section 1595(a) allows victims to bring civil actions in federal district courts against any perpetrator as well as any person or entity who “knowingly benefits, financially or by receiving anything of value from participation in a venture which that person [or entity] knew or should have known has engaged in an act in violation of" the TVPA. As such, under Section 1595(a), sex-trafficking victims have brought civil causes of action against companies, such as hotels, that knowingly benefited from participation in ventures they knew or should have known engaged in acts in violation of the TVPA’s Section 1591(a), the specific federal criminal statute prohibiting sex trafficking.

In contrast, companies who demonstrate strong ethical standards and due diligence practices from an ESG perspective are likely to see a number of benefits to their business and operations, including:

  • Enhanced investor confidence;
  • Cheaper credit lending and/or more flexible lending;
  • Accurate ESG management information will give companies better oversight, control and understanding of their supply chains, leading to improved supply chains, with companies benefitting from better business conduct, enhancing efficiency and innovation;
  • Verified ethical supply chains will give companies a competitive advantage and help them to preserve and build their customer base, as customers are increasingly interested in companies that demonstrate high ethical and sustainability standards;
  • Stronger brand and reputation; and
  • Demonstrating strong corporate ethical values is likely to have a positive impact on the company’s internal structure, such as staff satisfaction and retention.

Practical guidance

Companies should act now to design and implement ESG due diligence policies based on the following elements, and ensure these are incorporated into companies’ governance structures, with appropriate allocation of responsibility to management and legal/compliance functions:

  • Understand third-party risk in the company’s supply chain: Companies should take steps to identify the third-parties in their supply chain (such as suppliers, distributors, agents, consultants and customers) and undertake a recorded risk assessment of the actual and potential impacts on human rights, the environment or good governance caused by, contributed to or directly linked to their own business and their supply chain. This should include regulatory, reputational and geopolitical considerations, taking into account the jurisdiction(s) and sector(s) they operate in, the products or services involved and any links they may have to government entities.
  • Develop a due diligence strategy setting out measures aimed at preventing or mitigating adverse impacts identified: Companies should manage ESG risks on a material threshold basis, taking into consideration the level of severity, likelihood and urgency of the different potential or actual adverse impacts, their scale and how remediable they might be. This process, including how to address and report such risks, should promote transparency and stakeholder engagement. Companies should conduct risk-based ongoing monitoring of new potential risks and revise their due diligence strategy and processes accordingly.
  • Create a holistic compliance programme: Companies should integrate ESG risk-testing and monitoring into pre-existing compliance frameworks, business strategy planning processes and other company policies.
  • Ensure business partners act in line with the company’s due diligence strategy: Companies should engage with their supply chain and business relationships to promote and develop strong ESG practices, including through the use of ESG action plans, contractual clauses (requiring adherence to ESG policies aligned with the company’s due diligence strategy) and audit rights.

How Dechert can help

For more information on our capabilities in this area, please visit our ESG page.

Endnotes:

1 For example, the United Nations Guiding Principles on Business and Human Rights, the International Labour Organization (ILO) Tripartite Declaration of Principles concerning Multinational Enterprises and Social Policy, the Organization for Economic Co-operation and Development (“OECD”) Guidelines for Multinational Enterprises and the OECD Due Diligence Guidance for Responsible Business Conduct.

2 European Parliament resolution of 10 March 2021 with recommendations to the European Commission on corporate due diligence and corporate accountability (2020/2129(INL)), Annex to the Resolution containing recommendations for drawing up a Directive of the European Parliament and of the Council on Corporate Due Diligence and Corporate Accountability (the “Draft Directive”), Recital 4: https://www.europarl.europa.eu/doceo/document/TA-9-2021-0073_EN.html.

3 See note 2. Following a number of delays, the European Commission’s proposal is not expected until later in 2022.

4 Under the Draft Directive, “business relationships” means subsidiaries and commercial relationships of an undertaking throughout its value chain, including suppliers and sub-contractors, which are directly linked to the undertaking’s business operations, products or services.

5 Draft Directive, Article 2.

6 The European Parliament has recommended the European Commission identifies high-risk sectors of economic activity with a significant impact on human rights, the environment and good governance in order to include the small and medium-sized undertakings operating in those sectors within the scope of the Draft Directive.

7 Draft Directive, Article 4(2).

8 Under the Draft Directive, “stakeholders” covers individuals and groups of individuals whose rights or interests may be affected by the potential or adverse impacts, as well as companies whose statutory purpose is to defend such related ESG issues. For example, workers and their representatives, local communications, trade unions, civil society organizations and the company’s shareholders.

9 In respect of the potential level of administrative fines that could be imposed, the Draft Directive encourages the European Commission and Member States to provide for administrative fines comparable in magnitude to those for breaches of competition and data protection law. For example, fines of up to €20 million or up to 4% of a company’s worldwide annual revenue from the preceding financial year (whichever amount is higher) can be imposed for the more serious infringements of the EU General Data Protection Regulation (GDPR).

10 The Act will be extended to companies with 1,000 or more employees from 1 January 2024.

11 Under the Modern Slavery Act 2015, commercial organizations that carry on a business or part of a business in the UK, supply goods or services and have an annual turnover of £36 million or more are required to publish an annual modern slavery and human trafficking statement, setting out the steps they have taken to prevent modern slavery in their business and supply chains. The Modern Slavery (Amendment) Bill is a Private Members Bill (meaning that it may not be adopted in its current form) and is still progressing through both Houses of the UK Parliament.

Subscribe to Dechert Updates