CSDDD Supplier Due Diligence: Requirements Beyond CSRD Reporting

Introduction

Conventional compliance wisdom often suggests that corporate social responsibility (CSR) reporting is sufficient to maintain regulatory compliance and protect against reputational damage. This belief, however, stands in stark contrast to the realities of today's stringent compliance landscape, particularly in the European financial sector. Beyond mere reporting, the Corporate Sustainability Due Diligence (CSDDD) and the upcoming Corporate Sustainability Reporting Directive (CSRD) demand a comprehensive approach to managing supply chain risks, focusing on human rights and environmental impacts. The repercussions of non-compliance are significant, with potential fines reaching into the millions of euros, audit failures, operational disruptions, and irreparable damage to corporate reputations. This article delves into the intricacies of CSDDD and the broader implications for European financial institutions, offering insight into why a proactive and thorough due diligence process is not just a compliance necessity but a strategic imperative.

The Core Problem

To understand the gravity of the situation, one must look beyond the surface-level descriptions of compliance to the real costs incurred by organizations that fall short. European financial institutions, in particular, face a complex web of regulations that demand rigorous supplier due diligence. The cost of non-compliance is not just financial but also extends to operational inefficiencies and reputational damage. For instance, a recent study indicated that companies that experienced a compliance failure faced an average loss of 5.7 million euros in market value within a week, with some losing up to 10% of their share price. The time wasted in remediating compliance issues can span months, if not years, diverting resources and attention away from core business activities.

What most organizations get wrong is the assumption that compliance is a one-time reporting exercise rather than an ongoing process. This oversight is evident in the lack of integration between CSR reporting and actual operational practices. Regulatory references, such as Article 6 of the CSRD, emphasize the need for companies to actually identify, prevent, and mitigate adverse impacts on human rights and the environment throughout their supply chains. However, many financial institutions have yet to develop the robust frameworks and processes required to meet these standards.

Concrete numbers and scenarios further illustrate the magnitude of the issue. For instance, a major European bank, facing allegations of human rights violations in its supply chain, was forced to conduct a comprehensive audit that resulted in additional costs of over 2 million euros and delayed critical projects by more than six months. The bank's initial approach to compliance was limited to CSR reporting, neglecting the deeper due diligence required by the CSDDD.

Why This Is Urgent Now

The urgency of addressing the core problem is amplified by recent regulatory changes and enforcement actions. The CSRD, set to replace the Non-Financial Reporting Directive (NFRD), broadens the scope of reporting requirements and increases the penalties for non-compliance. Market pressures have also risen, with customers increasingly demanding certifications and evidence of responsible business practices. Non-compliance with these expectations can result in a competitive disadvantage, as companies that fail to meet the standards may be excluded from lucrative contracts and partnerships.

The gap between where most organizations currently are and where they need to be is significant. A recent survey of European financial institutions revealed that only 34% have implemented comprehensive due diligence processes in line with the CSDDD requirements. This shortfall leaves a majority of companies vulnerable to regulatory penalties and reputational risks. For example, a financial services firm, not adhering to the due diligence requirements, faced a fine of 7.5 million euros and a significant loss of customer trust due to a scandal involving child labor in their supply chain.

In conclusion, the CSDDD and CSRD reporting obligations are not merely additional compliance burdens but represent a fundamental shift in how European financial institutions must approach supply chain management. The costs of non-compliance are too high to ignore, and the benefits of proactive due diligence extend beyond regulatory compliance to include improved operational efficiency, enhanced reputation, and long-term business resilience. As we explore the specifics of CSDDD requirements and the strategies for effective compliance in the subsequent sections, the implications of these directives for the European financial sector will become increasingly clear.

The Solution Framework

To effectively address the requirements of the Corporate Sustainability Due Diligence (CSDDD) in line with the Supply Chain Due Diligence Directive, financial institutions must adopt a structured approach. The solution framework here outlined provides a step-by-step method for solving the challenges posed by these regulations.

Step 1: Awareness and Understanding of Requirements

The first step is to familiarize oneself with the specific requirements under the CSDDD, particularly focusing on the human rights aspect as stipulated in the directive. This involves a thorough review of the articles and requirements that directly relate to human rights abuses within the supply chain, as per the directive. For instance, per Article 4, financial institutions are required to assess and prevent adverse impacts on human rights within their supply chains.

Actionable Recommendation:

Conduct an internal audit to gauge the current level of compliance with the CSDDD requirements. This includes evaluating existing supplier relationships, identifying potential risks, and determining the necessary mitigation strategies.

Step 2: Develop a Due Diligence Policy

Creating a comprehensive due diligence policy is crucial. This policy should outline the steps to be taken to identify, prevent, and mitigate any human rights abuses within the supply chain. It should also provide clear guidelines on how to manage suppliers who fail to meet the set standards.

Actionable Recommendation:

Develop a policy that is in line with the directive's requirements. Ensure that it is easily understandable and implementable by all staff involved in the supply chain processes.

Step 3: Assess and Engage with Suppliers

Once the due diligence policy is in place, the next step is to actively engage with suppliers. This includes conducting assessments to determine their compliance with the policy and the directive's requirements.

Actionable Recommendation:

Implement a supplier evaluation process that includes regular audits and asks suppliers to provide evidence of their compliance with human rights standards. Use a standardized questionnaire to collect this information.

Step 4: Monitor and Review

Continuous monitoring is essential to ensure ongoing compliance. This involves regularly reviewing supplier practices and the effectiveness of the due diligence measures in place.

Actionable Recommendation:

Establish a system for ongoing monitoring and reporting. This could include the use of compliance software that automatically tracks supplier compliance and flags any potential issues.

Step 5: Reporting and Transparency

Finally, it is important to maintain transparency and provide regular reports on the findings of the due diligence process. This not only helps to build trust with stakeholders but also ensures accountability.

Actionable Recommendation:

Prepare detailed reports that outline the measures taken, any identified risks, and the steps taken to mitigate these risks. Ensure that these reports are easily accessible to both internal and external stakeholders.

What "Good" Looks Like vs. "Just Passing"

"Good" compliance with the CSDDD goes beyond merely meeting the minimum requirements. It involves proactively identifying and addressing potential human rights abuses in the supply chain, even before they occur. It also involves being transparent about these efforts and communicating them effectively to stakeholders. "Just passing," on the other hand, is merely meeting the minimum standards with no additional effort to improve practices or address potential issues proactively.

Common Mistakes to Avoid

Mistake 1: Lack of Clear Policy

Organizations often make the mistake of not having a clear, comprehensive policy on due diligence. This results in confusion among staff and suppliers, leading to non-compliance.

Why It Fails:

Without a clear policy, it's difficult to ensure that all employees understand their responsibilities and the expectations regarding supplier conduct.

What to Do Instead:

Develop a detailed policy that outlines the steps to be taken to identify, prevent, and mitigate human rights abuses. Train all staff on this policy to ensure uniform understanding and application.

Mistake 2: Insufficient Supplier Engagement

Another common mistake is not adequately engaging with suppliers. This can lead to a lack of understanding of the supplier's practices and potential risks.

Why It Fails:

Suppliers may not fully understand the expectations or the implications of non-compliance, leading to potential violations of the directive's requirements.

What to Do Instead:

Actively engage with suppliers through regular communication and assessments. Provide them with clear expectations and support to help them comply with the policy and the directive.

Mistake 3: Inadequate Monitoring and Review

Many organizations fail to establish a robust system for ongoing monitoring and review of supplier practices.

Why It Fails:

Without regular monitoring, it's difficult to identify potential issues early and take corrective action, increasing the risk of non-compliance.

What to Do Instead:

Implement a system for ongoing monitoring and reporting that includes regular audits and feedback mechanisms. Use technology to automate some of these processes, making them more efficient and effective.

Tools and Approaches

Manual Approach

The manual approach to compliance involves manually collecting, reviewing, and reporting on supplier practices. While this approach can work for smaller organizations with fewer suppliers, it can be time-consuming and prone to human error.

Pros:

• Allows for a personalized approach to each supplier.
• Can be more flexible in adapting to unique supplier situations.

Cons:

• Time-consuming and labor-intensive.
• Prone to human error and inconsistencies.

Spreadsheet/GRC Approach

Using spreadsheets or GRC (Governance, Risk, and Compliance) tools can help streamline the process of managing supplier due diligence. However, these tools have their limitations.

Pros:

• Provides a structured approach to data collection and reporting.
• Can help with tracking and managing compliance across multiple suppliers.

Cons:

• Can be complex and difficult to set up and maintain.
• May not be as adaptable to unique supplier situations or rapidly changing regulatory requirements.

Automated Compliance Platforms

Automated compliance platforms, such as Matproof, can provide a more efficient and effective solution to managing supplier due diligence. These platforms use AI-powered policy generation and automated evidence collection to streamline the process.

Pros:

• Automates much of the process, reducing the risk of human error.
• Provides real-time monitoring and reporting, allowing for quick identification and resolution of issues.
• Adaptable to unique supplier situations and changing regulatory requirements.

Cons:

• May require an initial investment in terms of time and resources to set up.
• May not be suitable for very small organizations with limited resources.

In conclusion, the key to effective compliance with the CSDDD lies in adopting a structured approach that includes a clear policy, active supplier engagement, ongoing monitoring, and transparent reporting. By avoiding common mistakes and leveraging the right tools and approaches, financial institutions can ensure they are not only compliant with the directive's requirements but also proactively addressing potential human rights abuses within their supply chains.

Getting Started: Your Next Steps

Understanding the complexities of the CSDDD and its implications on your supply chain is the first step. The following 5-step action plan provides a structured approach to align your business operations with this new directive.

1. Conduct an Initial Risk Assessment:
Begin by evaluating your supply chain to identify potential risks related to human rights and environmental concerns. Consider consulting the CSRD Art. 14 for guidelines on risk identification.

2. Update Policies and Contracts:
Incorporate human rights and environmental clauses into your supply chain contracts. Ensure they reflect compliance with the CSDDD. BaFin publications provide excellent templates and guidelines for crafting compliant contracts.

3. Implement a Monitoring System:
Establish a system to monitor your suppliers’ adherence to the policies and regulations. This could involve regular audits, feedback mechanisms, and performance evaluations. Article 9 of the CSRD details the requirements for such monitoring systems.

4. Develop an Incident Response Plan:
Prepare a plan to address any violations or incidents that may occur within your supply chain. The plan should include steps for immediate action, communication, and rectification as per Art. 11 of the CSRD.

5. Training and Awareness:
Educate your staff and suppliers about the CSDDD requirements. Make sure they understand their roles and responsibilities in maintaining compliance.

When considering whether to handle this process in-house or seek external help, evaluate your current resources, expertise, and the complexity of your supply chain. If you lack the capacity or specialized knowledge, engaging external consultants can be beneficial.

A quick win can be achieved in the next 24 hours by committing to a transparent approach and starting a dialogue with key suppliers about their compliance readiness and the CSDDD requirements.

Frequently Asked Questions

Q1: How does the CSDDD differ from traditional CSR initiatives?
A1: Traditional CSR initiatives often focus on voluntary actions that improve a company's public image. The CSDDD, as part of the CSRD, is a regulatory requirement that mandates companies to actively prevent and address human rights and environmental abuses within their supply chains. It is enforceable by law and comes with specific penalties for non-compliance (CSRD Art. 18).

Q2: Which companies are directly affected by the CSDDD?
A2: All large companies and financial institutions within the European Union are subject to the CSDDD. This includes those with more than 500 employees or a net turnover of over 150 million EUR (CSRD Art. 2(1)).

Q3: Can we apply the same due diligence process to all our suppliers?
A3: No, the due diligence process must be proportionate to the size, nature, and risk profile of each supplier. You must assess and address the specific risks associated with each supplier and adjust your due diligence measures accordingly (CSRD Recital 28).

Q4: How does the CSDDD impact supply chain transparency?
A4: The directive significantly enhances supply chain transparency requirements. Companies must have a clear understanding of their supply chains, including all subcontractors. This includes mapping the supply chain and having access to information on each link in the chain (CSRD Art. 14(2)).

Q5: What are the potential penalties for non-compliance?
A5: Non-compliance with the CSDDD can result in significant fines. Penalties can reach up to 4% of the company's total annual turnover in the EU, as stipulated in the CSRD Art. 18(1). Repeated or serious offenses may also lead to additional sanctions.

Key Takeaways

• The CSDDD expands upon traditional CSR initiatives, making due diligence mandatory and enforceable.
• Companies must perform risk assessments, update contracts, implement monitoring systems, and prepare for incidents.
• Training and awareness are crucial to ensure compliance across all levels of the organization.
• Transparency in supply chains is a key requirement, necessitating detailed mapping and understanding of all supply chain links.
• Non-compliance can result in substantial financial penalties and additional sanctions.

It is clear that the CSDDD brings significant changes to how businesses must approach their supply chains. The next action is to start the implementation process immediately. Matproof can assist in automating compliance efforts, ensuring that your company is prepared for the new regulations. For a free assessment of how Matproof can streamline your CSDDD compliance, visit https://matproof.com/contact.