Governance, Risk & Compliance: GRC
German Supply Chain Act: Driving ethical practices in the supply chain
In 2011, the United Nations Human Rights Council published its Guiding Principles on Business and Human Rights, requiring companies to protect, respect and remedy adverse human rights impacts to which they directly contribute. A number of European countries, such as France and the United Kingdom, subsequently developed domestic compliance standards for firms with international supply chains.
Most recently, the German Federal Parliament and the German Federal Council passed the Supply Chain Due Diligence Act. This Act imposes strict obligations on German firms to monitor and mitigate human rights and environmental risks in their supply chains. It captures a broad range of firms under its net, and implementation deadlines are fast approaching.
- As of 1 January 2023: Companies with at least 3,000 employees that have their head office, administrative seat or statutory seat in Germany OR companies that have a branch in Germany and employ at least 3,000 employees in this branch.
- As of 1 January 2024: Companies with at least 1,000 employees that have their head office, administrative seat or statutory seat in Germany OR companies that have a branch in Germany and usually employ at least 1,000 employees in this branch.
The German Supply Chain Act
The German Supply Chain Act imposes a range of “due diligence obligations” aimed at reducing the human rights risks posed by global supply chains. The Act provides examples of such risks, including, but not limited to, child and forced labour, slavery, disregard of labour protection obligations, inequality and withholding of an adequate wage.
Under the Act, firms are required to:
- Establish an internal risk management system – companies must assess and monitor their own human rights and environmental risks and those of their direct suppliers
- Define an in-house representative for human rights – firms are to appoint a “human rights officer” responsible for overseeing risk management procedures across the supply chain
- Publish human rights policies – companies must produce a policy statement on their human rights strategy containing the procedure for complying with the obligations of the SCA
- Establish preventative and remedial measures across the in-scope business and its direct suppliers – these are to be informed by the aforementioned risk analysis
- Establish and publish in writing a complaints mechanism through which affected persons, or those with knowledge of possible violations, can notify stakeholders
- Documentation and reporting – firms must report on the fulfilment of their due diligence obligations annually. These reports must be made publicly available on the company’s website within four months of the end of each financial year.
The abovementioned due diligence obligations extend to the entire supply chain of in-scope organisations, including indirect suppliers that pose substantiated risk. In such instances, a company must still address these risks, outline and implement preventative measures, and update its policy statements accordingly.
Consequences of non-compliance
- Fines: The Act provides the competent authority – the Federal Office for Economic Affairs and Export Control (BAFA) – with far-reaching powers of intervention. Failure to comply could see companies faced with a fine of up to €800,000 or to 2% of annual global turnover.
- Revenue impact: Firms that are not incompliance can be excluded from winning public contracts in Germany for up to three years . This is particularly detrimental for those organisations bidding for infrastructure projects.
- Supply chain disruption: If a breach of obligations occurs and the in-scope firm cannot remedy the breach directly with its supplier, BAFA may require the firm to terminate the business relationship with the affected third party. 
Human rights and social responsibility
Corporate social responsibility (CSR) measures have historically focused on outward, rather than inward, gestures with firms investing heavily in environmentally conscious business practices or engaging in charitable work. However, the German Supply Chain Act encourages firms to place equal importance on internal CSR factors through promoting ethical labour practices.
Traditionally, many firms have endeavoured to instil ethical labour practices through organisational values or codes of conduct. The German Supply Chain Act therefore represents a marked step up by mandating firms to monitor and mitigate human rights risks throughout their entire supply chain.
Improving supply chain labour conditions is hugely beneficial for firms for a number of reasons; a happy and content workforce forms the backbone of any business, particularly within critical supply chains, and taking care of employees and meeting ethical standards goes a long way to ensure efficient operations and long-term profitability.
From a broader stakeholder perspective, firms’ ESG (environmental, social and governance) credentials are rapidly rising in importance amongst the investor and consumer communities. The fast fashion industry, for example, has come under intense scrutiny, with many companies failing to provide adequate labour conditions. As a result, some high-street brands have become tainted by allegations of forced labour and human rights violations, leading to reduced sales, poor PR and limited investment. Through ensuring compliance with the German Supply Chain Act, firms can seek to improve their internal operations, while bolstering brand reputation and promoting long-term sustainability.
GRC solutions for compliance management
The German Supply Chain Act promotes transparency and sustainability in an otherwise obscure and opaque industry, but there can be no doubt as to the unique challenges these new obligations bring to firms. It is therefore necessary that in-scope organisations explore ways in which emerging technology can improve supply chain transparency, automate operations and deliver a competitive edge.
An integrated Governance, Risk and Compliance (GRC) solution can efficiently and seamlessly store, mine and extract risk data across a range of sources, whether those come from internal systems, external feeds or third parties.
GRC technology, such as that offered by SAI360, provides executives and boards with assurance that internal and third-party risk is being adequately identified, assessed, managed and monitored. Human rights officers can easily centralise supplier records for a single view of each firm’s risk profile to proactively identify human rights risk and prioritise remediation effort by criticality.
By leveraging technology, companies can facilitate efficient and timely reporting on their human rights risks. Through aggregating risk data from multiple dimensions across the organisation, firms can create a single source of truth, enabling them to make better decisions and keep internal and external stakeholders engaged with real-time reports.
EU Supply Chain Act: significant reforms on the horizon
Organisations should consider the German Supply Chain Act as a precursor to Europe-wide value chain due diligence reform. The European Commission recently presented a draft of its new EU supply chain Act which represents a significant step change from the German legislation. The EU Act requires monitoring of the entire value chain with an explicit focus on human rights and negative environmental impacts, the latter being only an indirect focus of the German Supply Chain Act.
The EU Supply Chain Act captures a far broader range of firms in its proverbial net, extending due diligence obligations to all organisations located in the EU that employ at least 500 people and have an annual turnover of €150 million. Companies that are proactive in monitoring and addressing issues within their entire value chain will be in a far stronger position once the EU supply chain law is implemented.
Learn more about SAI360 offerings on Integrated Governance, Risk and Compliance
 Germany’s Act on Corporate Due Diligence Obligations in Supply Chains:
For companies with annual turnover of more than €400 million, a fine of up to 2% of annual turnover can be imposed (p.18); Revenue impact (p.16) ;Supply chain disruption (p.9)