Join Alex Studd, one of Sphera’s product marketing managers, and Heiko Schwarz, CEO of riskmethods, a Sphera company that specializes in supply chain risk management, as they discuss the challenges and opportunities associated with Germany’s Supply Chain Due Diligence Act.
The following transcript was edited for style, length and clarity.
Alex Studd:
I’m Alex Studd, one of the product marketing managers here at Sphera. Today we’re joined by Heiko Schwarz, CEO of riskmethods, a Sphera company that specializes in supply chain risk management. Thank you for joining us on the podcast, Heiko.
Heiko Schwarz:
Thanks Alex. Glad to be here.
Alex Studd:
In this episode, we’re discussing Germany’s Supply Chain Due Diligence Act, the upcoming law which requires companies to monitor their supply chains for unfair and damaging business practices and violations that occur at third-party logistics service providers and distribution partners.
The bill also covers environmental risks that can lead to human rights violations, and while the law is German in origin, it applies to many multinational companies, regardless of where companies are headquartered. If they have a presence in Germany and have at least 3,000 Germany-based employees, they will have to comply with this law beginning on January 1, 2023.
Furthermore, companies with offices in Germany with more than 1,000 Germany-based employees will have to comply with law beginning on January 1, 2024. So, if companies don’t comply, they face paying fines of up to 2% of their annual revenue. The lower limit of these fines can be €50,000, and annual checks will be performed to verify that these companies are complying with that law. Heiko, can you talk a little bit about how this law fits into the overall trend we’re seeing of increased mandates for supply chain transparency and security?
Heiko Schwarz:
Absolutely. If we approach this question from a global level, we see that over the course of the last decade, the number of ESG-related policy interventions has increased by more than a factor of three. We see massive pressure for enterprises to comply with more and more regulations that deal with human rights, working environments, safety conditions and environmental topics.
So, if we look to the European Union (EU), there have been regulations in place in France since 2017 and in Great Britain’s Modern Slavery Act since 2015. We have had regulations in place in the Netherlands since 2019. And now the next big thing coming up is a European-wide regulation for sustainability and human rights. The European Commission drafted this law on February 22, and while it will probably still take some time until this draft passes, we are seeing more and more of these coming. It’s not only a European topic. It’s a global topic where regulations are put in place to make sure that our companies and economies act and behave in a more sustainable and ethical way. The Uyghur Act in the U.S. is another example that illustrates that this push and pressure is not exclusive to Europe, but rather a global effort.
Alex Studd:
Yeah. It’s clear to me, Heiko, this is not slowing down by any means.
Heiko Schwarz:
Definitely.
Alex Studd:
One of the things I’m really curious about here, Heiko, is the concept of risk. The law covers environmental risks that can lead to human rights violations, but what other risks should companies look out for in their supply chain, and how can they mitigate them?
Heiko Schwarz:
From our perspective, the reputational, ethical and environmental perspectives on risk are just a piece of a holistic view on the exposures of supply networks. Physical disruptions of the supply chain coming from a delivery disruption perspective can be caused by changing political circumstances, like the Arab Spring.
We should look after the viability of the ecosystem and the suppliers and the business partners within the supply networks to make sure that they are not going bankrupt and disrupting the supply. There’s also a perspective which relates to market risks, such as currency fluctuations, which can destroy the margin overnight. We need the parts that we buy from our suppliers in the right quantity, at the right time and in the right qualities to be built into the products that are being sent to customers.
All of these different facets should be considered in a holistic perspective of assessing the risk and risk exposures of a supply network. I’m not saying one thing matters more than the other. All compliance and human rights and environmental sustainability aspects should play the same important role when looking at risk compared to the disruption-related ones.
Alex Studd:
So is it fair to say that when you’re looking at this ESG movement, there should not be one priority over the other? This is something that is ongoing—whether it’s environmental or child labor or inappropriate health and safety conditions.
Heiko Schwarz:
Yeah, absolutely. It doesn’t matter why your company is in the news with bad press—whether it’s because of breaches against child labor regulations at the supplier base or forced labor or inappropriate health and safety conditions. It matters that all of these aspects are considered and identified and treated in a preventive manner to contribute to a better world. Therefore, I would not recommend differentiating the importance of all these aspects because every piece of it is important for a holistic approach.
Taking a step back and looking at the requirements of the German Supply Chain Act on a high level, enterprises are now forced to establish a holistic risk management approach and methodology. It is required that ongoing, regular risk analyses are being carried out, and prevention measures are being performed and documented with suppliers and within their own area of influence, meaning the businesses and subsidiaries of the company.
Subsequently, wherever deviations from the regulated standards are identified within the business or its subsidiaries, corrective actions have to be taken, documented and reported in an annual report to the Ministry for Economics and Export Control, which is monitoring the compliance of the regulated enterprises to this regulation.
In addition, these reports must be published on the websites of the organizations to make sure that every consumer and customer of the company can see the progression of these standards for the working environment, pay, safety and environmental affairs.
Alex Studd:
That makes a lot of sense, Heiko, and certainly businesses and people do not willingly want to buy products and consumer goods that involve all of these negative principles that violate human rights, but the law requires companies to monitor their third-party service providers and distributors for violations as well. So how can companies better communicate with and monitor these partners?
Heiko Schwarz:
An interesting side note here is that the regulation does not differentiate between the different nature of suppliers and business partners. That means that irrespective of the importance or the influence of suppliers, enterprises are forced to have a look at the entire supply base and business partner base of a company. There’s also not a strong differentiation between tier one and tier N business relationships, which means companies have to monitor all their suppliers and carry out ongoing risk analysis for all of them.
Therefore, a manual approach is no longer feasible to comply with the regulation. Additionally, also to look at the lower tiers, in certain geographies or nations that are typically more exposed to human rights breaches than others, Cambodia would be a region where companies are going to be forced, according to the regulation, to start with mitigation and prevention. Once something is identified in a lower tier of a supply network, even though companies don’t have any contractual agreements with those business partners, it’s going to be super challenging for enterprises to comply.
Also, in terms of the collaboration that you mentioned earlier, I believe that we have to make our business partners and suppliers part of the solution. They are part of the problem and making them part of the solution means collaboration in combination with pressure is probably the right way to go.
Alex Studd:
Well, certainly that is enough as it is, but I know there’s more. What are some of the other compliance challenges that companies are facing or are going to face?
Heiko Schwarz:
We see plenty of businesses that do not have automation in place to comply with these requirements, which leads to substantial manual efforts. We also see that if the top management requires a business case that illustrates ROI, it makes the implementation and the backing for the ones that have to comply much more difficult, because you are going to need to invest money to avoid hits on the business.
There’s the argument that if it’s a regulatory requirement, who cares about business case? Compliance managers and supply chains are still often requested to provide an ROI scheme. Aside from these challenges, there are hefty reporting efforts required to show progress because enterprises are forced to publish all that information to the website and keep the history, over the course of the last seven to eight years. So everybody can track and see how compliant these organizations are, and as I said, the capacity and the effort for information gathering, the continuous updates and monitoring and filtering out which information is ultimately relevant and could be an indicator for a breach or non-compliance situation is really a big burden for enterprises.
Alex Studd:
That’s super interesting, Heiko. I’m certainly no political scientist, but when I look at this law, and all these laws that are happening, with this requirement for companies with 3,000 Germany-based employees in January and 1,000 in the following year, this is going to ultimately affect all businesses globally. There are no signs of this slowing down, so whether this is going to impact you in one year or two years or further down the road, it will impact all organizations. Can you dive into what companies need to start doing now in order to be compliant with the Supply Chain Due Diligence Act and all the other acts that are going to be taking shape over the next couple of years?
Heiko Schwarz:
First of all, start implementing a practice and methodology that tackles this topic. We have seen too many enterprises hesitating and thinking about how to interpret article one, article two, article three and so on. Time will show how the ministry and the authorities will interpret the regulation because it’s written very weakly in certain areas, and that is done on purpose because these weak formulations create a kind of uncertainty for the businesses, meaning it forces you to interpret those regulations as strictly as possible to avoid any kind of risk in terms of penalties or exclusions from certain markets.
Gather risk information, create transparency within the supply network, start monitoring how the current exposure in terms of the risk is changing and start to analyze how this is impacting the business and the reputation and the compliance.
Then start kicking off mitigation actions—either in a preventive manner, once you identify that the exposure is there in an inherent manner, but nothing has happened so far—or take action if risk has already materialized in order to document that you started with approaching the business partners and driving better compliance moving forward. These are five very concrete steps that business should take to set up and get prepared for the upcoming challenges.
Alex Studd:
Heiko, I’m not asking you to predict the future, but we’re running out of time. January 1 is around the corner. Do you anticipate a lot of companies are actually going to get fined for violating this and not getting all their books in order between now and January 1?
Heiko Schwarz:
I think we will see those cases. I think the public audience, but also the entrepreneurs are really curious to which degree of severity the fines will be materializing. Looking at our businesses here in the central European region, I still see a huge gap of capabilities that are required versus what is already in place today, and that can only lead to one conclusion: there will be non-compliance with regard to these regulations.
Alex Studd:
Fair enough. Heiko, any final thoughts before we wrap up?
Heiko Schwarz:
Yeah, sure. I think we should look at those requirements and obligations and turn them into an opportunity for businesses. Yes, it’s imposed by regulators, and yes, you have to spend time and money and resources to comply, but there are huge upsides if it’s done in an excellent and mature manner. Not only to contribute to a better world and ethical behavior within the supply networks, but also, it should be our intention to protect the reputation of the business and to make sure that we really contribute to a sustainable economy where human rights play an important role.
And, as we already touched on before, this shouldn’t go without looking at all the exposures that put the supply chains at risk from a disruption perspective. I mean, the media have been crowded with supply disruption scenarios since COVID broke out. Examples include the cars that consumers ordered that were delivered late, potatoes that were rotten in containers.
McDonald’s couldn’t sell French fries anymore, and the electronic devices that children wanted to have under the Christmas tree were delivered six months later in June. All these facets can be considered when implementing a holistic supply chain risk management methodology to avoid revenue shortfalls for the business, to protect the margins, to make sure the customers are happy and that we deliver in proper time, quantity and quality. So there’s a huge upside that is a big reward if we approach this topic the right way.
Alex Studd:
Wonderful. Heiko, I know there are a lot of moving parts in this, and we’re excited to keep continuing the conversation as this law goes into effect and continues to progress, and of course other laws that are taking place around the world that will affect all global supply chains. So Heiko, thank you so much for your insights on this and thank you for joining us on the SpheraNOW ESG podcast.
Heiko Schwarz:
Thanks Alex. Appreciate being here.