New obligations for companies to conduct risk assessments and take remedial action

Beitrag als PDF (Download)

On 12 February 2021, the Federal Ministry for Labor and Social Affairs (BMAS) together with the Federal Ministry for Economic Cooperation and Development (BMZ) presented a draft bill for a new law regarding the obligation of companies to monitor their supply chains (“Supply Chain Act”). The purpose of the new law is to ensure that internationally accepted human rights standards and certain environmental standards are observed. The legislative process is expected to be completed in March 2021. The new law is supposed to enter into force on 1 January 2023. Initially, the new law will apply to companies or groups of companies that normally have more than 3,000 employees. Companies will be required to perform risk assessments in their supply chains and make reasonable efforts to avoid, mitigate or eliminate violations. There will be administrative fines and the risk of temporary exclusion from public tender processes in case of non-compliance.

What will be protected by the Supply Chain Act?
The Supply Chain Act not only aims to increase the protection of life and health but also names just and favorable working conditions and a reasonable standard of living as protected legal positions. Child labor, slavery and forced labor, violations of the freedom of association, torture and inhumane treatment are specifically named as risk areas. The Supply Chain Act further emphasizes obligations relating to the protection against negative consequences of mercury emission and persistent organic contaminants. The act looks at companies’ own business activities as well as those of their suppliers.

Which companies will be affected?
As currently drafted, the Supply Chain Act would apply to companies with headquarters or a corporate seat in Germany that regularly employ more than 3,000 employees. Employees of group companies are also considered employees of the group parent entity for the purposes of the Supply Chain Act. Leased employees shall be taken into account as well if they work for a company for more than six months. From 2024, the employee threshold is expected to be lowered to 1,000 employees. Small and midsize businesses will not be affected.

What are the obligations for companies?
Companies falling within the scope of the Supply Chain Act have to evaluate their own business activities, regardless of whether these are performed within or outside of Germany, as well as the business activities of their direct suppliers with respect to violations of the afore-mentioned human rights and environmental standards. Indirect suppliers shall be deemed direct suppliers whenever there is evidence that supply chain abuse or circumvention has been undertaken to reduce the standard of due diligence requirements for direct suppliers. Apart from that, indirect suppliers as well as suppliers of raw materials have to be evaluated whenever a company receives complaints from employees of any such indirect supplier or can easily obtain information regarding actual or threatening violations.
If violations or risks of violations are detected, companies are obliged to take measures intended to prevent, mitigate or eliminate negative consequences. The expectation of the Supply Chain Act is that companies try to find solutions together with their supplier or other companies of the same industry. A discontinuation of the contractual relationship with the supplier shall be the last resort only if violations of human rights or relevant environmental standards suppliers cannot be resolved in a different way.
Companies are in principle not measured by the success of their actions but are only required to make reasonable efforts. The exact type of measures and their intensity depend on various factors such as (i) the type and scope of business activities, (ii) the influence a company can exert on the violator of a protected legal position or environmental obligation, (iii) the severity of injury typically to be expected, the reversibility of the violation, the likelihood that a violation of a protected legal position or an environmental obligation materializes, and (iv) the degree by which actions or omissions have contributed to the risk. If risks or violations are identified in a company’s own business activities, they have to be eliminated.
Companies that fall within the scope of the Supply Chain Act will have to publish reports annually in which they describe actual and potential negative implications that their business activities and those of their supply chain have or may have on human rights and relevant environmental standards. The report has to be submitted to the supervisory authority not later than four months after the end of the company’s fiscal year.

What immediate actions do companies need to take when the Supply Chain Act enters into force?
Companies that fall under the scope of the Supply Chain Act will have to introduce and effectively implement an appropriate risk management system. The risk management has to be established in all critical internal business processes in order to detect risks, prevent risks, and stop or mitigate the violation of protected legal positions if and to the extent the company has caused or contributed to such risks within its own business activities or the business activities of a direct or indirect supplier. The risk analysis has to be performed at least once a year and, in addition, on an ad-hoc basis. The results of the risk analysis have to be reported internally to the relevant decision-makers such as the board of directors or the procurement department. The Supply Chain Act also creates an obligation to implement without undue delay a whistleblowing system that allows the reporting of risks or violations in the field of human rights.
Companies will have to immediately choose a person within the company that is responsible for monitoring compliance with the due diligence requirements. The Supply Chain Act expressly mentions as an example the appointment of a human rights officer. The company’s management shall regularly, and at least once a year, inform itself about the work of the responsible person or persons.
Companies have to issue a policy statement on their human rights strategy, unless such a statement already exists. At a minimum, such policy statement has to describe the process by which the company fulfills the due diligence requirements established by the Supply Chain Act, the risks identified as relevant for the company’s business activities, and the human-rights-related expectations that the company has towards its employees and suppliers.
The Supply Chain Act lists a number of recommended preventive measures to address human rights and environmental risks internally and externally. Besides implementing the company’s human rights policy statement, developing and implementing adequate procurement processes and purchasing practices, implementing training measures and risk-based control mechanisms, the Supply Chain Act also recommends the consideration of human rights aspects in the selection of contract partners, the provision of an obligation for contract partners to address identified human-rights-related risks in their own business activities and along their supply chains, and the performance of required trainings and control measures.
The efficiency of measures and processes has to be evaluated annually. Companies have to create, and retain for seven years, documentation on how they comply with their due diligence requirements under the Supply Chain Act.

What are the consequences in case of non-compliance?
Companies that do not comply with their obligations under the Supply Chain Act can be subject to administrative fines and penalty payments. The maximum amount for administrative fines is still under discussion but may be as high as ten percent of the company’s revenue in the preceding fiscal year. Companies that have been subject to a high fine can be excluded from public tenders and public contracts for up to three years.
Compliance with the Supply Chain Act shall be monitored by the Federal Office of Economics and Export Control (BAFA). The Supply Chain Act gives BAFA various rights and powers to force companies to comply with the act.
Individuals claiming that they have suffered from a violation of human rights as a consequence of a company’s failure to comply with the requirements set out in the Supply Chain Act can empower unions or other non-governmental organizations to take legal action, subject to certain conditions. However, the Supply Chain Act does not establish any new or more far-reaching basis for civil law liability of companies than those already existing. In particular, companies are not generally liable for human rights violations by subsidiaries or third party suppliers.
Managers of German stock corporations and limited liability companies will have to review and likely modify their internal compliance management systems in accordance with Sec. 91 para. 2 Stock Corporation Act or Sec. 43 para. 1 Limited Liability Companies Act, respectively. Management board members and managing directors that do not comply with their obligations can be personally subject to significant administrative fines in accordance with Sec. 130 of the Act on Regulatory Offences.

The Supply Chain Act will establish strict legal compliance standards for companies operating in national or global supply chains. Companies would be well advised to assess their existing supplier management systems as soon as possible and start to identify areas for improvement. The thread of exclusion from public tender processes as well as the significant administrative fines for both companies and managers should be reasons to take supply chain monitoring seriously.

Aktuelle Beiträge