As we reach the first anniversary of the introduction of the German Supply Chain Due Diligence (LkSG) act, it's worth reflecting on the transformations and impacts this legislation has brought, particularly in mitigating supplier-related risks.
This new piece of legislation, which came into effect in January 2023, has compelled large corporations to prioritize human rights and environmental considerations within their supply chains. In many ways this made Germany a forerunner, and the LkSG has formed part of a broader global trend with governments around the world passing corporate transparency and due diligence laws aimed at tackling ESG offences including modern slavery, forced labor, and human trafficking, and environmental abuse. While focussing on corporate sustainability and responsible supply chains, the law also brought supplier due diligence into sharper focus.
The LkSG act initially obligated companies with 3,000 or more employees to implement "appropriate measures" to respect human rights and the environment across their supply chains. However, in 2024, its scope has now expanded to include companies with over 1,000 employees. This expansion significantly increases the number of corporations under its jurisdiction from around 900 to just below 4,000 organizations.
And the act has proven to have impact. The first complaint was filed with the German Federal Office of Economic Affairs and Export Control by garment workers claiming factories has not been adequately monitored, which endangered the safety for employees. Penalties for non-compliance vary according to the severity of the offence. Companies with an annual global turnover exceeding €400 million face fines of up to 2% of turnover, and those fined €175,000 (or more) risk exclusion from public procurement for up to three years.
Many procurement, compliance, and risk teams are still working on understanding how to deal with supplier due diligence in an optimal way while adapting processes to meet the requirements of the law. But the effectiveness of the LkSG law largely depends on how companies apply it. There have already been high-profile cases causing significant reputational damage to firms who have been found to have flaws in their supplier due diligence processes, which leave them exposed to financial and reputational risk.
In June 2023, a legal case was filed by the European Center for Constitutional and Human Rights (ECCHR), a non-profit organization, against three major German automotive companies. The case was filed under the German Supply Chain Due Diligence Act. The ECCHR alleged car manufacturers had not adequately explained how they were addressing human rights as part of due diligence. The complaint was filed with the Federal Office of Economics and Export Control (BAFA), the regulator for the LkSG act.
BAFA will decide what action should be taken in relation to these companies, which could include making recommendations for due diligence processes or issuing administrative sanctions if it finds that the companies didn’t take appropriate preventive and remedial measures.
The German regulator, BAFA, will now actively monitoring hundreds of organizations to ensure they understand and are complying with the LkSG law across their entire supply chain. Companies under its jurisdiction must:
Enrico Aresu, Director, Financial Crime Compliance Industry Practice Lead covering DACH, BeNeLux & CEE, emphasized that “…companies have a duty of care, not a duty of success under this law. While the aim is to minimize human rights and environmental violations within supply chains, the regulator understands the complexities and challenges of completely eradicating these crimes. For the first year, the regulator wanted to focus on two main areas of implementation: the complaint mechanism or process and how a company’s responsibilities were mirrored throughout the organization.
What's crucial for businesses now is to have a good risk analysis framework in place, to understand the law, to implement strategies to comply with it, to act swiftly when issues need to be reported, and to bridge gaps when violations occur.”
This legislation, along with similar laws in the US, UK, France, Norway, and Australia, necessitates companies have the right supplier due diligence framework in place to prevent human rights and environmental violations, and to avoid fines and costly reputational damage.
Organizations now need to connect their risk policy to their risk analysis framework. Each company’s policy should consider what risks that particular organization is likely to face, and therefore what mitigation measures it should take. Then analysis can be effective at targeting the right areas of risk.
Businesses need to implement and evolve a human rights strategy policy statement, define organizational responsibilities, and then carry out due diligence or risk analysis that’s broad and deep within what is likely to be a complex, global supplier network.
Moody’s solutions can help decode complex supplier networks and digitize supplier due diligence, so organizations understand who they are doing business with and can make decisions with confidence.
Our leading global entity data, curated risk profiles, automated due diligence workflows, and AI-enabled smart screening, help organizations build a picture of risk across their supplier networks.
For more information, please get in touch – we would love to hear from you.