Risk is not static: Exploring the implications of the German Supply Chain Due Diligence Act

By and René Petri | 7 minute read | December 7, 2022

semi truck on highway

Regulatory landscape

Across the globe, there are increasing regulatory requirements in place to address environmental, social and governance (ESG) actions needed to create a more sustainable world. While modern environmental regulations have been around for over half a century, we see increasing government actions addressing forced labor, unfair working conditions and modern slavery. These efforts reflect concerns over human rights in modern supply chains, as depicted by the International Labor Organization (ILO) 2021 report. The report stated that 50 million people globally are in conditions of modern slavery, including forced labor. That figure was up by 10 million people from the ILO’s report 5 years prior.

Environmental concerns, modern slavery, and forced labor require a global response—from the adoption of Sustainable Development Goals (SGDs), such as Goal 8 on Decent Work and Economic Growth and Goal 13 on Climate Action, to country-specific regulations, such as the UK Modern Slavery Act and the California Transparency in Supply Chain Act. In June 2021, Germany responded by passing their Supply Chain Due Diligence Act, Lieferkettensorgfaltspflichtengesetz (LkSG).

LkSG requirements and considerations

Starting January 1, 2023, companies based in Germany or German-registered branches of foreign companies with over 3,000 employees must create/update business processes to identify, assess, remediate, prevent, and report on both human rights and environmental risks and related actions of not only their own area of business and direct suppliers, but also their indirect suppliers. Failure to comply with LkSG can result in fines of up to 2% of annual turnover, and/or exclusions from being awarded public contracts.

In response to the requirements of LkSG, we believe there are three important points a company should consider:

  • Risk is a variable, and should therefore not be addressed as a static, once-a-year check exercise. Finding a holistic way to address dynamic environmental, social and governance risks proactively must be a priority.
  • Companies across a supply chain desire to be efficient in achieving regulatory compliance. Suppliers often respond to multiple questionnaires from their clients and the time and human resources required to respond to questionnaires can be significant. It is important to find solutions that minimize the burden on the supplier.
  • Regulatory requirements are on the rise globally, including those applicable to ESG practices, Companies can improve their operational efficiency by implementing compliance solutions that are responsive to evolving regulatory requirements and that can scale to meet their business needs.

To address these issues, IBM and FRDM have partnered to provide a human rights and environmental risk sensing and management solution. The solution uses big data and AI to generate real-time risk signals, up to the supply chain third tier, and provides a team with the ability to respond to these signals and connect suppliers to mitigate risks. It enables companies to detect issues in a timely and dynamic manner. To minimize the cost of compliance to suppliers, there is no cost to sign up to the platform. And the solution is expandable to address changing regulations.

Addressing risk proactively and dynamically

LkSG requires companies to establish a risk management system, perform regular risk analysis, lay down preventive measures for own area of business and multiple tiers of suppliers, and take remedial action. Its scope is broad and extends beyond the companies’ tier 1 suppliers. The main challenge with risk is that it isn’t static. Self-assessment, survey-based tools in the market can only provide a snapshot of a company’s business and supply chain risks, and administering surveys and processing results can be time consuming and resource intensive. These tools are also usually unverifiable, and companies need to trust the accuracy of responses. To address risk proactively and dynamically, it would be desirable to implement a solution that can constantly update and keep abreast of changes in the supply chain and risk levels, while ensuring the information is current.

The IBM FRDM solution leverages big data to generate insights on supply chain environmental, social, and governance (ESG) risk from tier one suppliers to tier 3 suppliers. This platform leverages a company’s spend data and third-party data (including news sources, trade databases, and sanctions databases) to map supply chains and commercial relationships and generate a live risk assessment of a company’s supply chain. Most notably, the proprietary product genome database can build a predictive build of materials (BOMs) that breaks down your purchases to determine the material and services inputs, allowing the platform to map risk up through the third tier. The platform creates dashboards for companies and their suppliers with live risk rating and issues alerts powered by machine learning for ongoing risk alerts. It also provides a forum for supplier engagement on remediation and enables report generation on progress updates and impact tracking.

The IBM FRDM solution also provides risk management and response management services that assist companies with taking remedial action, documenting, and reporting on the applicable due diligence obligations. These services include coverage of and a first-level response to risk alerts, supplier questionnaires, and risk assessment changes. IBM can provide a third-party review of supply chain whistle-blower reports and help to ensure timely escalations to the appropriate parties and expeditious remedial action.

Reducing the burden on suppliers

Suppliers routinely receive audits, surveys, and requirements for trainings from their many customers, generating not only fatigue for their teams, but also a financial burden. It would be desirable for businesses to develop and implement processes that are effective and efficient for complying with LkSG, and to partner with suppliers to lessen the collective burden of compliance.

Most risk assessment platforms in the market today rely on supplier-filled questionnaires and are not verified through audit. They are backward looking in the sense that they ask suppliers about measures they have put in place to mitigate risks. Some of these platforms also charge the supplier a fee to respond to the questionnaire and have their data available to their customers. The IBM FRDM joint solution uses big data to generate insights and risk ratings at no cost to suppliers and doesn’t require suppliers to sign up for any special platform.  Moreover, if companies want to take a deeper dive into their suppliers, they are able to deploy a free digital supplier assessment within the platform.

Having no supplier cost allows companies to collect information from all their suppliers, not just their strategic partners with high order volumes that can pay platform fees. Smaller suppliers can also afford to participate, which is especially important as LkSG requires companies to look at all suppliers, the smallest of whom are more heavily burdened by platform/survey costs. This also means that the companies don’t have to pay out of pocket to cover the cost for these smaller suppliers.

The IBM FRDM solution also saves suppliers time—they don’t have to pay for the platform or module, and they don’t have to be trained on a new platform where they would be entering data. This allows the suppliers to focus on higher value activities, and helps reduce their survey fatigue. Overall, this allows companies to foster healthier relationships with their suppliers, and create more effective supply chain operations.

The evolving regulatory environment

LkSG is Germany’s response to holding companies accountable to creating and nurturing more equitable and sustainable supply chains. It follows other regulations in Europe, such as the French Duty of Vigilance law and UK Modern Slavery Act, and regulations around the world, such as the Australia Modern Slavery Act and California Supply Chain Transparency Act. A similar European Union-wide act is expected to be effective in January 2024.

Companies need to build capabilities that allow them to be nimble and react in a timely manner to growing regulatory demands. With a large number of requirements, it becomes challenging to build teams with expertise in every type of environmental, social and governance request. IBM’s managed services help companies understand the requirements, manage the data, and prioritize follow-up and remediation. With a global presence, IBM is also able to set up local teams that understand the requirements and can work in real time, on the ground with clients. These teams serve as a first level response to risk alerts, supplier questionnaires, and risk assessment changes, and route necessary escalations to the responsible parties in the company.

The IBM FRDM solution provides the ability to adapt to changing or expanded many regulations through AI and machine learning and provides local teams with deep expertise and support.

Conclusion

LkSG is but one of the more recently enacted government regulations on supply chain responsibility. As regulatory bodies, consumers, and employees continue to demand more due diligence around protecting the people in the supply chain and the planet that we inhabit, companies must design and implement solutions that can address risk as a dynamic variable, and scale with the changing environment. Risk is not static, it is ever-changing, and companies need more than a snapshot of their supply chain risk to adequately address shortcomings. The IBM FRDM solution is forward-looking and can adapt to new risk factors and indicators, and expand with new legislations and requirements. IBM and FRDM are ready to support companies as they continue to improve their practices to safeguard the planet and people globally.