Blog series: Supply chain due diligence in practice
At IntegrityNext, we have developed a comprehensive five-step process that allows companies to meet all the critical due diligence requirements of the German Supply Chain Act with minimal effort. This blog series sheds light on insights gained from customer projects throughout the process and concludes with an outlook on what can be learned for the upcoming EU Corporate Sustainability Due Diligence Directive (CSDDD).
You can find the first part of our blog series on impact identification here.
The German Supply Chain Act at a glance
The German Supply Chain Act came into effect on January 1, 2023. It requires companies with at least 1,000 employees to carry out human rights and environmental due diligence on their upstream suppliers. Its overall goal is to prevent human rights violations and environmental harm along global supply chains. Companies must meet nine key requirements, including conducting regular risk analyses, implementing preventive and corrective measures, and reporting on their actions.
The IntegrityNext due diligence approach
The IntegrityNext five-step due diligence process (see Figure 1) provides an end-to-end solution for regulatory compliance and is based on internationally recognized frameworks such as the OECD Due Diligence Guidance for Responsible Business Conduct.
- Step 1 helps companies perform a baseline assessment to pinpoint relevant adverse impacts that may exist along the supply chain.
- Step 2 identifies high-risk areas and critical suppliers, enabling companies to prioritize resource allocation and required actions.
- Step 3 focuses on action and improvements. When negative impacts are detected, companies should develop and implement targeted preventive or corrective measures to address these issues.
- Step 4 involves the monitoring of progress and documentation of results to determine whether the due diligence strategy needs refinement.
- Step 5 ensures comprehensive reporting on the due diligence process, including actions taken, in accordance with legal requirements.
Figure 1: The IntegrityNext supply chain due diligence process
Step two: Prioritizing impacts
The German Supply Chain Act allows companies to prioritize adverse impacts identified during the initial stage of the due diligence process, guided by specific criteria to ensure effective mitigation strategies. Notably, the law does not require companies to manage every risk across the entire supply chain. Instead, companies can focus on high-risk suppliers, allowing for a more targeted and efficient approach to risk management.
The process of impact prioritization is rooted in the principle of appropriateness as an overarching framework for due diligence. The IntegrityNext solution supports organizations by assessing potential adverse impacts using four key criteria: a company’s ability to influence suppliers, the severity of impacts, the probability of occurrence, and its contribution to causation.
Through the IntegrityNext Impact Value, companies can prioritize suppliers and business units based on these criteria, enabling more effective follow-up actions. The IntegrityNext Heat Map complements this process by helping companies prioritize material risk topics according to their severity and likelihood of occurrence. These prioritized impacts must be updated annually in a policy statement and reported to the German Federal Office for Economic Affairs and Export Control (BAFA).
Challenges for companies in prioritizing impacts
The BAFA provides only vague guidance on how companies can effectively prioritize adverse impacts, leaving many questions unanswered. For instance, larger organizations are generally expected to do more than smaller companies, but without clear thresholds it’s difficult to determine what the expectations are in practice. The same uncertainty applies to different types of business activities: while some are riskier than others, the law lacks clear definitions. As a result, many companies are left wondering how to interpret key terms like “appropriateness” and how to ensure compliance with the law.
One of the main challenges is translating the four criteria – ability to influence, severity, probability of occurrence, and contribution to causation – into actionable strategies for prioritization.
- Ability to influence: The German Supply Chain Act requires companies to exert leverage where they have the most influence over their suppliers. One way to assess influence is by analyzing spend volume data. For example, calculating the share of a company’s spend relative to the supplier’s total revenue can be a starting point. However, supplier revenue data is often unavailable, forcing companies to make assumptions about their influence based on spend levels. This assumption can sometimes be misleading, as spend volume does not always correlate with the ability to shape a supplier's practices.
- Severity: Measuring the severity of adverse impacts can be challenging. Severity reflects the extent of potential harm, such as human rights violations, in terms of intensity, scope, and irreversibility. However, the absence of clear guidance and consistent international standards complicates efforts to rank these impacts. For instance, should child labor be considered more severe than environmental harm? To what degree does this depend on the specific context? Companies are often left without clear answers, making prioritization difficult and subjective.
- Probability of occurrence: Evaluating the likelihood of an adverse impact happening relies on accurate data from suppliers, which is often hard to obtain, particularly in high-risk regions. Without reliable data, companies struggle to conduct meaningful risk analyses and draw valid conclusions about potential impacts in their supply chains.
- Contribution to causation: Determining the extent to which a company contributes to an adverse impact is another challenge. While companies are typically held accountable for impacts within their direct operations, it’s less clear when it comes to their supply chain. For example, how much do a company’s pricing policies or delivery terms contribute to labor rights violations or environmental harm? Each situation requires a detailed, case-by-case analysis to fully understand a company’s contribution.
Key lessons from our customer projects
Based on numerous projects with customers who have successfully implemented the German Supply Chain Act, we have gained key insights on how to approach the challenges of impact prioritization:
- See prioritization as an opportunity: Impact prioritization allows companies to allocate limited resources more efficiently. While the process may seem elusive, companies should take proactive steps to mitigate adverse impacts, even if the initial approach isn’t perfect. Getting started and aiming for continuous improvement over time helps companies reduce risks and facilitate compliance.
- Strengthen internal collaboration: Raising awareness of sustainability across the company is crucial. Engaging different departments – such as compliance, sustainability, procurement, and legal – ensures a coordinated and more robust approach to impact prioritization. For example, evaluating the severity of an impact typically depends on various factors and should involve multiple teams. Buyers, for instance, can frequently offer relevant insights into the company’s influence over suppliers.
- Establish a solid data foundation: Reliable data on suppliers, spend volumes, supplier performance, and other parameters is essential for accurately assessing risks and a company’s leverage over suppliers. It’s important to begin due diligence even with imperfect data and seek pragmatic solutions as the process evolves. IntegrityNext enriches available supplier information with revenue data from Dun & Bradstreet to provide a more robust analysis.
- Ensure comprehensive documentation: There is no single “correct” approach to impact prioritization, especially in relation to the three criteria of severity, influence, and likelihood of occurrence. Therefore, companies must clearly explain and document their chosen strategy. A well-documented approach helps justify decisions to the German regulator BAFA.
- Use available tools in the market: Developing impact prioritization capabilities in-house can be time-consuming and resource-intensive. IntegrityNext can simplify this process by offering automated risk assessments to determine the likelihood of an impact’s occurrence, severity analysis to rank adverse impacts, and third-party data integration to evaluate leverage over suppliers. These tools provide companies with the insights they need to make informed decisions quickly and efficiently.
By leveraging internal collaboration, the full breadth of available data, and external tools, companies can navigate the complexities of impact prioritization with greater confidence.
To learn more about the IntegrityNext due diligence solution, please schedule a demo of our platform with one of our experts.
Request demo