Logo Created with Sketch. SCHUMANN - EN

How to prepare your risk management for the German Supply Chain Act

The tasks resulting from the Supply Chain Act for companies can only be performed efficiently if established processes are usefully supplemented and IT-supported tools are used effectively.
Blog post
09.09.2021, Prof. Dr. Matthias Schumann

To be established throughout Europe sooner or later

The Supply Chain Act was passed in Germany in July 2021. At the same time, efforts are being made to establish its content throughout Europe. The "Lieferkettensorgfaltspflichtengesetz" (LkSG) will come into force on 1st January 2023. Companies should nevertheless start preparing today so that they can provide information to the Federal Office for Economic Affairs and Export Control if necessary. In the worst case, there is the threat of fines or being excluded from contract allocation, e.g. from public authorities.

These companies are affected

Initially, the Act will be relevant for companies with at least 3000 employees in Germany, regardless of their legal form. One year later the employee minimum will be reduced to 1000. The same applies to German subsidiaries in other countries. Because of the structure of the Act it can also be assumed that the affected companies will expect even their smaller suppliers to observe its legal requirements.

The focus is on protecting human rights

At the core of the new law is the observation of human rights, especially in relation to child labour. The stipulations for ensuring that this is the case are complicated because they not only relate to one's own company but also to direct and indirect suppliers - with different levels of requirement.

Checks on direct suppliers must be documented and when problems are identified, functional plans for solutions must be developed. These measures must also be carried out for indirect suppliers whenever necessary, if a company obtains information about relevant violations.

It must be assumed that companies affected by the Act will therefore also compile relevant information for their indirect suppliers – attempting to achieve coverage that is as complete as possible – or use their strong market position to pass this on as a requirement to their suppliers, who must then prove that they have properly completed these tasks.

Without a considerable increase in costs, it will only be possible to perform these activities if established processes are suitably extended and IT supported tools are utilized efficiently.

Extend existing risk management systems

Already today, risk-aware companies perform creditworthiness checks on their suppliers because the sudden loss of a supplier is often even more financially problematic than the loss of a customer. Such systems can be extended relatively simply to include the necessary risk checks and provide the right documentation for the supplier. Various data sources should be included.

A suitable web-based complaints-management module for employees of the supplier can be made available. With the help of digital, structured self-disclosure forms, essential framework conditions of the supplier for the observation of human rights can be checked and self-commitments required.

We can also assume that information service providers, who today offer marketing data, financial information or creditworthiness ratings for companies, will in future also provide information regarding the observance of human rights.

Use monitoring services

It is also highly probable that in future monitoring services will be available in the internet, especially in the social media, which search for human rights violations by companies automatically and make this information available as a service to those affected.

Combine the data in your system

The information that companies compile about their suppliers or procure from third parties is then added to a digital supplier file (which generally exists already). This file is thereby enriched with further data. When anomalies are discovered based on the various sources of information, the relevant persons in the company are informed, possibly automatically, so that they can initiate appropriate measures to remedy the situation or to change the supplier.

Since such processes need to be adapted to suit the individual situation of the company, implementation should begin in good time in order to be compliant by 2023.