A company’s supply chain extends the footprint, scope and sphere of influence of an organization, exposing it to factors that are outside the control of internal policies. As such, it’s essential to understand how relationships with other companies within your supply chain can affect your own business – from potential supplier risks to ESG concerns – and make the right decisions about which organizations to partner with.

Supply chain due diligence is an important step in this process. What’s more, it’s increasingly becoming a legislative issue as well. So what is supply chain due diligence, what does it involve, and how is regulation around this topic evolving?

What is supply chain due diligence?

Supply chain due diligence is a process in which a company researches and investigates potential suppliers to identify any risks associated with those businesses. Typically these risks will range from legislative and governance issues to ethical and environmental concerns. For example, companies may need to ensure that the suppliers they work with are not involved in practices such as money laundering, child labor, human trafficking, corruption and bribery, and environmental damage.

By implementing a supply chain due diligence policy, companies can identify any risks that could arise from working with different suppliers. Increasingly, supply chain due diligence is used to ascertain whether proposed suppliers align with the company’s ESG goals and requirements. As a result of this due diligence, companies can then decide whether to work with specific suppliers, and whether suppliers should be asked to take any corrective action before carrying out work for the company.

Different companies will approach the due diligence process differently. In some cases, the main priority of the process may be to ensure that suppliers represent a good relationship fit. For other companies, the overriding goal may be to check whether suppliers are able to fulfill specific supply chain objectives, such as a short order fulfillment time.

Supply chain due diligence legislation

With expectations growing that companies will perform sufficient due diligence on their suppliers, this topic is increasingly becoming a legislative matter in some territories, particularly in Europe. As such, this could be an indication of the direction that US legislation could take in the future.

One significant development is a proposal published by the European Commission (EC) for a Corporate Sustainability Due Diligence Directive. In March 2021, the European Parliament voted to move forward with a proposal for a new piece of legislation that would introduce far-reaching mandatory due diligence obligations. Then, in February 2022, the EC adopted the proposal for a directive on corporate sustainability due diligence.

The proposed directive would require larger EU companies and non-EU companies active in the EU – as well as other companies in high impact sectors – to identify, prevent, end or mitigate adverse impacts of their activities on human rights and on the environment. Under the proposed directive, corporate directors would have a duty to integrate due diligence into their corporate policies, among other actions. The proposed directive would also enable victims to take legal action against damages that could have been avoided with the right due diligence measures.

After being presented to the European Parliament and Council for approval, Member States will have two years to transpose the Directive into national law.

German Supply Chain Due Diligence Act

Separately, in June 2021 the German parliament passed its own Supply Chain Due Diligence Act (previously called the Supply Chain Act). The new law requires large companies in the country to apply due diligence measures to their supply chain activities, and was prompted by a government-commissioned study that found only 13-17% of companies to be in compliance with due diligence obligations on a voluntary basis.

The Act will come into effect on 1 January 2023, and will initially apply to companies with more than 3,000 employees. In 2024, the remit will expand to include companies with more than 1,000 employees. Companies will be required to set up processes to identify and prevent or mitigate environmental and human rights risks in their supply chains. They will also need to publish an annual report outlining the steps they take.

Companies that are found to have breached the act will be subject to fines of up to €800,000, or up to 2% of their average annual global turnover. They will also be excluded from winning public contracts in Germany for three years.

Preparing for a focus on due diligence

With regulators increasingly focusing on the importance of supply chain due diligence, how should companies be preparing for the possibility of further legislation in the future? The following steps can help companies work towards a more effective supply chain due diligence process:

  • Review internal policies. Assess your current supplier selection process and identify any changes that should be made to ensure the process is compliant with your environmental, ethical, and operational goals.
  • Outline supplier risk matrix. Create a risk matrix to assess how different types of supplier risk could affect your business, looking both at the likelihood of disruption and at the impact of any disruption. This should differentiate between risks that need to be avoided completely, and risks that can be mitigated.
  • Create a supply chain due diligence checklist. Put together a formal checklist that potential suppliers will be screened against, both by sending suppliers questionnaires to complete and by carrying out appropriate research. In this way, you can ensure that suppliers are compliant both with your own policies, and with current or impending legislative obligations. This could include:
    • General company information, including ownership of the company
    • Financial and insurance information
    • Reputational risk – e.g. litigation history, negative news, watchlist and politically exposed persons (PEP) screening
    • Operational risk – e.g. employee turnover, business continuity and disaster recovery plans
    • Cybersecurity and information security policies
    • Hiring practices
    • ESG credentials

This process may also include gauging the due diligence conducted on the potential vendor’s own suppliers. While it is important to ensure all key areas are covered, make sure that suppliers are only screened against relevant measures. While all suppliers should be subject to some level of due diligence, companies may choose to conduct a more detailed due diligence process on certain suppliers, depending on the level of risk associated with different relationships.