Amid lingering COVID-era supply chain disruptions, geopolitics, heightened awareness of workforce human-rights abuses, as well as new global legislation in support of environmental, social, and governance (ESG) issues, supply chain due diligence and human rights risks have risen in importance to become a major focus for businesses and governing bodies alike. In the process, the practices associated with supply chain due diligence are being reshaped or, in some cases, replaced outright.
The International Labour Organization (ILO) estimates that modern slavery/forced labor affects over 50 million people. To combat this global phenomenon that impacts supply chains, governments in the EU, the US, and elsewhere have enacted laws that place responsibility firmly with business enterprises to ensure sufficient and robust due diligence and monitoring regulations on a variety of issues, including money laundering, child and forced labor, human trafficking, corruption, and bribery.
Maintaining supply chain integrity has become increasingly a matter of legal jurisdictions, and more than ever, these businesses must be thoroughly up-to-date on any government-sanctioned parameters and restrictions that may apply to their supply chains and related business practices. Given the increased regulatory requirements, it is imperative that businesses with an international presence be proactive in monitoring current and emerging ESG regulations to avoid fines and reputational damage, as well as to remain competitive.
Prominent examples include:
- The Biden administration’s passage of the Uyghur Forced Labor Prevention Act (ULFPA), a bipartisan bill that bans imports from China’s Xinjiang region unless the importer can prove they were not made with forced labor.
- The draft European Supply Chain Act requires EU companies to audit their suppliers along the entire global supply chain, including all direct and indirect business relationships. The aim is to ensure compliance with applicable human rights standards and environmental protection in order to promote a fairer and more sustainable global economy as well as responsible corporate governance.
- The German Supply Chain Act (LkSG), a nationwide corporate law, came into effect in January 2023 and obliges German companies to comply with nine high-level requirements to protect people and the environment, including establishing a risk management system, assuring internal compliance, and taking remedial action, when necessary, among other protective supply chain measures.
The ascent of environmental, social, and corporate governance as a key measure of corporate sustainability has only added to the burden businesses must shoulder.
The Legislative Landscape for Supply Chains Is Evolving
Europe has been the locus of a range of legislation that addresses the risks posed by insufficient supply chain due diligence. Various EU member states, including France, the Netherlands, Norway, Switzerland, and Germany, already operate under national policies for supply chain due diligence and ethical sourcing. Most of those due diligence schemes, however, approach the impact of a new proposed directive, adopted by the European Parliament in March of 2021.
The United States
In the US, going back to 2010, the California Transparency in Supply Chains Act of 2010, for example, requires certain large retailers and manufacturers to publicly disclose efforts they are taking to identify and eliminate human trafficking and forced labor in product supply chains. In 2019, the widespread alleged abuses in the XUAR – e.g., arbitrary detention of at least 1.8 million Uyghurs, Kazakhs, Kyrgyz, and members of other Muslim minority groups as well as forced labor, torture, and political indoctrination – led to the issuance by US Customs and Border Protection (CBP) of Withhold Release Orders (WROs) against certain goods produced by specific companies in the region.
So it wasn’t a surprise when the bi-partisan Uyghur Forced Labor Prevention Act, by far the most sweeping regulation aimed at China that has been issued by the US, officially came into force in June 2022. The law bans imports from XUAR – spanning the import of all products derived from goods and services in the region – unless the importer can prove they were not made using forced labor.
The UFLPA will require companies to clearly identify supply chain links to the XUAR and, if they exist, reassure regulators that these supply chain links do not involve forced labor. Accordingly, the Forced Labor Enforcement Task Force (FLETF) released strategic guidance on achieving compliance through supply chain tracing and effective supply chain management. The Strategy, released in June 2022, widely aligns with the UN Guiding Principles on Business and Human Rights and the OECD Guidelines for Multinational Enterprises.
In an effort to embed corporate responsibility and human rights principals into supply chains, the US CBP has thus far been very aggressive in its enforcement of this new law, with confirmation of numerous WROs issued against various goods bound for the US, and revision of the voluntary Customs Trade Partnership Against Terrorism (“CTPAT”) Security and CTPAT Trade Compliance programs to include forced labor due diligence requirements. This allows CBP to seize goods that are not limited to a specific place of origin or entity in the supply chain. In the first eight months of FY2022, CBP had detained more than 2,000 shipments, valued at $393.6 million, over forced-labor concerns, according to the CBP’s trade chief AnnMarie Highsmith. In one example from July 2022, the CBP began detaining large shipments of solar cells and solar panels made of polysilicon, specifically requiring documentation for sourcing of quartzite that none of the suppliers were able to provide. In other instances, CBP applied WROs to detain raw sugar and sugar-based products produced in the Dominican Republic by Central Romana Corporation Limited (Central Romana), as well as fresh tomatoes produced by the tomato farm Agropecuarios Tom S.A. de C.V., and Horticola Tom S.A de C.V., and their subsidiaries, over concerns of forced labor.
The European Union
The European Commission (EC) for a Corporate Sustainability Due Diligence Directive was given the green light by the European Parliament in March 2021. The Directive introduces far-reaching mandatory due diligence obligations. In February 2022, the EC adopted the proposal for a directive on corporate sustainability due diligence. The Directive has been presented to the European Parliament and Council for approval. Member States will have two years to enact the Directive as national law.
Under the proposed Directive, larger EU companies, as well as non-EU companies that are active in the EU, must identify and mitigate adverse impacts of their activities on human rights and on the environment. Corporate directors would have a duty to integrate due diligence into their corporate policies, among other actions. The proposed Directive would also enable victims to take legal action in response to damages that could have been avoided with the right due diligence measures. However, companies that had conducted proper due diligence will not be held liable, according to the proposed Directive: “The company should not be liable if it carried out specific due diligence measures. However, it should not be exonerated from liability through implementing such measures in case it was unreasonable to expect that the action actually taken, including as regards verifying compliance, would be adequate to prevent, mitigate, bring to an end or minimize the adverse impact.”
Unprecedented in terms of mandate, scope, and enforceability, the Directive will increase EU scrutiny of business operations’ impact on the environment and people globally, not just in the 27-country bloc. Transposing it into national systemic laws will require significant efforts on the part of EU member states.
Once in effect, the law will require companies to monitor, identify, prevent, and remedy risks to human rights, the environment, and governance in their operations and business relationships, including suppliers and subcontractors. Under the mandate, companies will be held accountable for things such as minimum age requirements and occupational safety. It also calls upon businesses to take “all proportionate and commensurate measures,” and “make efforts within their means,” to prevent adverse impacts in various areas of corporate responsibility. The proposed rules will be enforced through administrative supervisions and civil liability through Member State entities.
In Germany, meanwhile, a government study had revealed that very few companies were voluntarily meeting due diligence obligations. The result was the Supply Chain Due Diligence Act (previously called the Supply Chain Act, known as Sorgfaltspflichtengesetz or Lieferkettengesetz), effective January 1, 2023. Large companies in Germany now must regularly assess their supply chain activities with a view to applying human rights and environmental due diligence measures. Due diligence obligations for corporate entities include:
- Setting up a risk management system and carrying out a risk analysis;
- Defining in-house responsibility for compliance;
- Performing ongoing risk analyses;
- Adoption of a policy statement of corporate human rights strategy;
- Anchoring preventive measures in your own business area and in relation to direct suppliers;
- Immediate implementation of corrective measures in the case of detected legal violations;
- Establishment of a complaints procedure in the event of legal violations;
- Implement due diligence obligations with regard to risks at indirect suppliers; and
- Documentation and reporting requirements for fulfilling due diligence requirements.
The German Directive applies initially to companies with more than 3,000 employees; that number will eventually expand to include companies with more than 1,000 employees. The penalties for failure to observe these restrictions are not inconsequential. Companies found to have violated the act will be subject to fines of up to two percent of their average annual global revenue. They will also be excluded from winning public contracts in Germany for three years.
In coordination with the United Kingdom and other international partners, the Canadian government released a statement in January 2021 announcing that it would adopt measures designed to address the alleged human rights violations in the Xinjiang Uygur Autonomous Region (XUAR).
In November of 2021, Canada continued its commitment to eradicating human rights abuses and modern slavery in supply chains with Senate approval of Bill S-211, which made several improvements upon its predecessor Bill S-216. The changes featured in this legislation are indicative of a larger trend of expanded reporting and data sharing obligations for organizations worldwide. As a result of Bill S-211, both government and private entities will be required to provide the minister of public safety and emergency preparedness with an Annual Report that discloses all due diligence and risk mitigation activities conducted in the previous fiscal year. These reports must also be publicly available, thus, furthering the push for data sharing and availability. The bill in expected to come into effect as early as 2024.
Although the Bill is largely unchanged compared to its predecessor, Bill S-216, some key amendments to the original include:
- An expanded definition of “child labor;”
- The supplementary information that must be submitted with each annual report is broader and must include information regarding diligence processes relating to forced and child labor;
- Annual reports must be approved by the entity’s governing body;
- Private entities can now submit single or joint reports for related entities; and
- Federally regulated corporations must provide the annual report to each shareholder together with their annual financial statements.
Pending Legislation Elsewhere
Heightened scrutiny of supply chains has become a priority in other European jurisdictions, such as Finland, Romania, and Belgium, among other countries, where legislation is pending. Belgium’s Federal Parliament voted to approve supply chain due diligence measures in 2021, and similar legislation in Austria is with the parliament, though some observers doubt Austria will be enacting anything soon. In Norway, a law that provides oversight of business transparency, human rights, and working conditions is already in force.
Managing Supply Chains in a New Era of Oversight
The new era of supply chain due diligence demands a different approach on the part of businesses that depend on supply chains, domestically or abroad. Of course, many companies have already enacted policies and procedures that address adverse human rights and environmental impacts. Supply chain operations are often opaque, and most companies do not have full visibility into their entire supply chains. In some jurisdictions and sectors, for companies to reset their overall compliance activities based on proposed regulations, businesses will still need to prepare for the sea change in supply chain oversight.
Companies first must determine whether and to what extent their business falls within the scope of the Directive, UFLPA, or any subsequent legislation. Subsequently, a high-level gap assessment can be useful in identifying any work that will be required to comply with requirements laid out in the various supply chain legislation outlined above. An assessment of current suppliers and how the selection process may need to be updated is a good first step in ensuring a fully compliant supply chain operation.
Businesses would be wise to upgrade their compliance checklists and develop a screening process that can be applied to existing and potential suppliers. Relevant criteria to consider include:
- Re-assessing corporate culture to ensure that employees understand and enact the new regulations.
- Determining actual ownership of the supplier.
- Conducting research into any litigation history, negative media and internet coverage, and the presence within the operation of politically exposed persons (PEP).
- Assessing and identifying operational risks, such as employee turnover, business continuity, and disaster recovery plans.
- Reviewing cybersecurity and information security policies.
While all suppliers should be subject to some level of due diligence, companies who only adopt automated third-party and vendor solutions may choose to also conduct a more detailed due diligence process on certain suppliers, depending on the level of risk associated with different relationships and exposure to location-based risk. In all events, a comprehensive, up-to-date examination of existing supply chain due diligence systems will go far in ensuring a business is prepared to meet the challenges of today’s new, far-reaching regulatory requirements.
To learn how IntegrityRisk can help with meeting today’s requirements on supply chain management, contact the experts at Integrity Risk International.
Originally published Oct 5, 2022. Updated Jan 24, 2023.