We explore how the European Corporate Sustainability Due Diligence Directive affects third-party management.
- Discover how the Corporate Sustainability Due Diligence Directive affects third-party management.
- Explore how companies can implement successful sustainable supply chain management practices.
- Find out how companies can proactively enhance their third-party risk management programmes.
For more data-driven insights in your Inbox, subscribe to the Refinitiv Perspectives weekly newsletter.
What is the Corporate Sustainability Due Diligence Directive framework and its extraterritorial impact?
Sustainable supply chain management has become an imperative for companies worldwide. The EU Corporate Sustainability Due Diligence Directive (EUC3D) represents a significant leap forward in third-party risk management. By holding companies accountable for the social and environmental impact of their operations and supply chains, the directive aims to foster a culture of sustainability. Compliance with this directive requires companies to assess and manage their environmental, social, and governance (ESG) risks, disclose sustainability-related information, and ensure supplier adherence to ESG standards.
The proposed legislation applies to both EU and non-EU companies with a higher impact on sectors such as manufactures (textile, food products, agricultural, among others) and extractives (oil and gas, mining, forestry, etc.)
- EU companies with more than 500 employees and worldwide turnover exceeding EUR 150 million or 250 employees and worldwide turnover exceeding EUR 40 million.
- Non-EU companies with a turnover exceeding EUR 150 million, provided at least EUR 40 million of that turnover is generated within the EU.
- Significant implications for small and medium-sized enterprises (SMEs) directly involved in supply chains with larger companies.
Non-compliance with the directive has serious repercussions ranging from legal liability and penalties, reputational damage, financial risks, business disruption and loss of market access and exclusion.
Are today’s due-diligence programmes ready for the directive?
The proposed directive triggers a shift in companies’ approach to due diligence and third-party risk management programmes from a de-risking to an effective risk mitigation culture. With the tools in place today, companies fulfilling the EUC3D requirements may encounter several significant challenges:
Lack of visibility across the supply chain
Gaining visibility into the entire supply chain, including lower-tier suppliers, presents a daunting task. Companies must navigate complex webs of suppliers, each with its sustainability practices. Acquiring comprehensive and accurate data becomes particularly challenging in regions with weak regulatory frameworks and limited transparency. Overcoming this challenge requires innovative approaches to ensure reliable third-party risk intelligence.
Complexity of supply chains
The directive demands holistic reporting on sustainability risks and impacts across the entire supply chain, spanning multiple tiers of suppliers. For multinational companies, managing compliance with ethical and sustainability standards at every level can feel like navigating a labyrinth. Tracking the origin of materials, evaluating their environmental impact, and monitoring labour practices across diverse suppliers is a time-consuming and resource-intensive endeavour. Simplifying the complexity of supply chains is crucial for successful.
The directive requires companies to report on the sustainability risks and impacts of their entire supply chain, including all tiers of suppliers. For many large companies, monitoring compliance with sustainability and ethical standards across multiple tiers of third-party suppliers can be incredibly complex and challenging. For example, if the company sources a particular raw material from different suppliers, it needs to track the origin of the material, its environmental impact, and labour practices of all suppliers. This process can be time-consuming and costly since companies must coordinate with suppliers and manage various types of data.
The management of data in the supply chain due diligence often entails the use of diverse data management systems, leading to the emergence of isolated pockets of third-party risk intelligence. The decentralized nature of due diligence systems, processes, and information introduces an additional layer of complexity, amplifying inefficiencies and increasing the potential for risk exposure throughout the third-party lifecycle. Addressing these issues necessitates a comprehensive and unified approach to data management, verification, and risk assessment, enabling companies to streamline their operations, enhance risk response capabilities, and ultimately strengthen their supply chain resilience.
High cost of third-party risk management implementation
Lower-tier suppliers may not have sufficient resources to comply with the directive’s requirements, and the company in compliance may need to step in and provide support. This support could be in the form of capacity building or sustainability training, which again can be a significant undertaking and require significant investment.
How can companies proactively enhance their third-party risk management programmes to comply with the directive?
Moving away from the tick in the box exercise and proactively developing an effective due-diligence programme is a major culture shift that companies need to comply with the Directive.
Companies should consider the below crucial priorities when navigating the directive with effective due diligence programmes:
Embrace technology for intelligent due diligence
Investing in advanced technologies such as artificial intelligence, machine learning, and data analytics can revolutionise due diligence processes. Leveraging these tools enables companies to automate data collection, verification, and risk assessment. With intelligent due diligence platforms, businesses can efficiently track sustainability data, ensure compliance, and identify potential risks. Integrating technology into supply chain management enhances efficiency, accuracy, and proactive risk mitigation.
Implement a risk-based due diligence process
Companies need to develop an effective and automated risk-based due diligence process that gathers relevant data from suppliers and contributes to the risk assessment based on ethical and sustainable performance. The evaluation process should follow the guidelines of the EUCS3D and should go beyond the first tier of the supply chain to ensure transparency throughout the supply chain. It is crucial to develop a risk-based due diligence programme that tackles risk exposure holistically rather than in siloes. As much as ESG is a priority, other risk factors contribute to a supplier’s risk assessment and are as equally crucial to analyse, mitigate and remediate.
Ensure holistic risk assessments for effective decision-making
Companies need to develop comprehensive risk assessment frameworks that go beyond environmental and social factors. By incorporating financial, operational, cyber, and integrity risks into their assessments and monitoring the supply chain against circumstantial changes to mitigate risk, develop proactive contingency plans and maintain sustainable business growth.
Conduct sustainable supply chain management
Companies can implement sustainable supply chain management practices to ensure that their operations and suppliers comply with sustainable standards. This includes conducting audits, monitoring suppliers’ performance, and implementing corrective actions.
Companies that successfully implement sustainable, ethical, and responsible third-party risk management practices will not only comply with the Directive but also protect their brand reputation, minimise supply chain risks and improve economic and social conditions for both suppliers and affected communities. As such, compliance with the directive should be seen as an opportunity for companies to create value, generate positive change and promote sustainability.