In her guest blog, You need to get ready for Germany’s Supply Chain Due Diligence Law. Here’s how! Agnes Erben, Partner & Head of Sustainability Advisory at H&Z sets out a methodology for compliance. You may not be affected just yet. Currently the law only applies to companies doing business in Germany and that have more than 5,000 employees. This could include, of course, American companies with large subsidiaries in Germany. But the scope will broaden over the next couple of years and in parallel, the EU is ready to announce a similar but even stricter measure that will apply to all companies with 500 or more employees (and a relatively small turnover). Moreover, the EU directive demands that companies do due diligence just with their Tier 1 suppliers, but with the entire value chain.
But how should you exercise due diligence in your supply chain in practice? Agnes said, “You could do it manually or using a spreadsheet. But I would advise against it! The effort would be huge and probably impossible for any company above a certain size and with a large network of suppliers. You really need a technology platform if you are serious about compliance.”
That’s why I would like to take up the story at this point. A solution such as JAGGAER Supplier Management will help you to comply with the Supply Chain Due Diligence Law (LkSG) with far less manual effort than would be otherwise required. But there is still work to do! Agnes first set out some of the organizational measures you need to put in place. These include establishing a risk management process, defining responsibilities and defining a policy statement – all outside the scope of JAGGAER (or any other technological solution!) but vital first steps. All the steps you need to take are set out in Figure 1.
Figure 1: Steps towards supply chain due diligence
The next step is also an internal one, but most large companies already have it in place: establishing a mechanism for whistleblowers inside outside the organization to communicate any breach or potential breach of the policy. This is typically embedded in the company internet, but it could also be supported by an external feed, for example provided by our partner riskmethods.
JAGGAER gets involved at the next stage, which is to include appropriate due diligence questions in your supplier profile. You should capture all of this information from your Tier 1 suppliers, i.e. all of the suppliers with whom you have a direct relationship. Next you need to set up a process for running a risk analysis, at the very least on an annual basis but probably quarterly or monthly depending on your sector. From a system perspective, this involves creating a risk scorecard in JAGGAER and you may already have a risk scorecard in place to cover other forms of supply chain risk, perhaps with external data feeds from companies such as EcoVadis, riskmethods and Dun & Bradstreet, so it is a matter of extending this to include the ESG dimension. The feeds will not only push risk alerts but also provide you with risk KPIs on certain suppliers.
The next stage really goes to the heart of the LkSG. Whereas everything up to this point is internal and essentially reactive, the whole point of the LkSG is to take action if you get any information regarding malpractice, such as the abuse of human rights law or environmental standards, in your supply chain. It’s not good enough simply to say that you have put a policy in place, and you have a risk scorecard! Nor is it good enough to say that the problem is outside your control. You have to set up a mechanism that opens a case (e.g. via a manual or automatic ticketing system) to be followed through to resolution. That means you also need to have some corrective and preventive measures defined and in place.
Finally, you need to put some strategies in place for proactive compliance. You need to embed supply chain due diligence in your day-to-day procurement activities. For example, you need to build ESG and supply chain due diligence criteria into your sourcing processes and sourcing events.
Figure 2: JAGGAER Supplier Management dashboard with the addition of a due diligence tab
To illustrate how this works in JAGGAER, Figure 2 shows a typical supplier dashboard. It contains a lot of useful information including a supplier profile, supplier activities, performance evaluations, spend data etc. together with various related documents such as contracts. We can expand on this by adding another tab with a heading such as “Supply Chain DD” where we bring together all the information that is required to ensure compliance with the LkSG. When you are onboarding suppliers, you can already include questions such as “Do you have a risk management process?” or “Have you been certified as an ethical trader?” and “Have you carried out awareness training on issues such as modern slavery and bribery?” Answers to these kinds of questions can be seen in the section to the left of the dashboards.
In the middle of the dashboard we can see data from third parties such as riskmethods and EcoVadis. Such suppliers of data feeds can send you alerts as they arise together with risk KPIs, which serve as a starting point for monitoring risks. I say starting point because data is just data – it’s of little utility unless you are doing something with it! In this case you must take all the relevant internal and external indicators in the data and build your own risk assessment. This is shown as a click-through item in the top right of the dashboard. When an alert is received, either from a third-party data supplier or perhaps from an external whistle blower, you then require the case management mechanism. This is also shown on the right-hand column, in the middle. You can now take an action. The alert might not affect you directly, but you might, for example, send out a query to your Tier 1 suppliers to ask if they are impacted by the issue, or if any of their own suppliers are impacted, and if so, what actions are they taking to resolve the issue? When you get the response, you can decide on whether follow-up actions are necessary, and monitor these, also in JAGGAER.
There is no risk score for a supplier that applies for every buying organization, so there will never be a definitive listing that you can follow. Each buyer will have to assess things for itself. A Tier 4 supplier (e.g. of a metal) might be strategically important to one company but of no significance to another.
But the good news is that with this solution you have the opportunity to track possible risks (and opportunities, of course!) beyond your Tier 1 suppliers to achieve greater visibility across the supplier network. This will not only enable you to demonstrate compliance with the LkSG; it will also equip you to manage any future national or international legislation on due diligence.
In summary, JAGGAER Supplier Management provides the technology platform to enable you to exercise due diligence over your supply chain. First, however, you must put the internal processes in place and then you must also develop the data content for supply chain risk assessments and processes for reporting and taking action when necessary.
