EU Corporate Sustainability Due Diligence Directive and Third-Party Risk Management

EU Corporate Sustainability Due Diligence Directive Penalties for Non-Compliance

Companies can be held legally responsible if they fail to adequately identify, prevent, mitigate, or end actual or potential adverse impacts on human rights and the environment, and this failure leads to harm. However, the CSDDD leaves the individual EU Member States responsible for establishing penalties for non-compliance with the directive's obligations according to their legal frameworks and traditions.

In general, penalties for non-compliance must be effective, proportionate to the severity of the non-compliance, and dissuasive enough to prevent future violations. Penalties can include fines of up to 5% of their net worldwide turnover, orders to cease the non-compliant behaviors or other administrative sanctions, and can involve public disclosure (e.g., “naming and shaming”) which can harm a company’s reputation.

Prepare for EU Corporate Sustainability Due Diligence Directive Requirements

Organizations can start preparing today to meet the obligations of the CSDDD even before it fully comes into force. Early preparation will not only help ensure compliance but also facilitate a smoother transition to the new requirements. Here are seven steps organizations can take now.

1. Evaluate Current Internal Practices

Build a cross-functional team of key stakeholders responsible for supply chain operations, procurement, compliance, and meeting legal obligations. This team should evaluate your company’s current supply chain due diligence processes, sustainability initiatives, and compliance mechanisms, identifying gaps between current internal practices and the requirements outlined in the directive. Results of the evaluation should be revised internal policies, codes of conduct, and procedures for sourcing, selecting, and continuously evaluating suppliers, as well as offboarding suppliers that fail to address risks. Ensure that these policies are clearly communicated and accessible to all supply chain partners.

2. Enforce Due Diligence Requirements in Supplier Contracts

Since the directive applies to the entire supply chain, ensure that all supplier and business partner contracts include enforceable language for conducting due diligence, remediating findings according to agreed-upon service levels, and reporting. This may involve revising contracts, conducting joint assessments, and providing support or training to suppliers.

3. Develop or Revise Due Diligence Strategy

Based on Step 1, develop a comprehensive supply chain due diligence strategy (or revise your existing one) that aligns with the directive's requirements and your organization’s third-party risk management or broader enterprise risk management programs. This strategy should cover human rights, environmental impacts, and governance aspects throughout your supply chain – as well as other risk types such as data breach risks, financial failures, and operational disruptions.

Start by conducting an inherent risk assessment to profile and tier all suppliers according to the impact that a supply chain disruption or negative due diligence finding could have on your business’ operations. The results of this inherent risk assessment will categorize suppliers and expose potential problems that can dictate further diligence.

4. Assess Supply Chain and Business Partners

Implement or enhance risk management systems to identify, assess, and mitigate adverse impacts on human rights and the environment. Leverage a central platform for managing suppliers and regular risk assessments. Look for solutions that include many pre-built assessment templates that will enable your team to flexibly evaluate the ESG practices of your supply chain partners. A central platform should also include data collection, evidence management, and workflow-based routing rules and tasks for issue escalation based on answers.

5. Remediate Supply Chain Risks

Suggest specific remediations for risks that exceed the organization’s risk appetite and use contractual obligations to enforce them. Supplier risk management platforms offer built-in remediation guidance for all questions and possible risks, improving efficiency and reducing the time required to meet risk reduction requirements.

6. Plan for Transparency and Reporting

Prepare to meet the directive's transparency and reporting requirements by developing a framework for public reporting on your due diligence processes, findings, and actions taken to address adverse impacts. Common ESG domains to structure reporting around include community; CSR strategy; emissions; human rights; management; product responsibility; resource use; shareholders; and workforce protections.

To accomplish this, many organizations select a common framework for ESG reporting such as:

• Global Reporting Initiative (GRI)
• ISO 26000
• Sustainability Accounting Standards Board (SASB)
• Task Force on Climate-Related Financial Disclosure (TCFD)
• United Nations Global Compact (UNGC)

The results of this reporting can be directly mapped to CSDDD requirements using a central risk management platform.

7. Continuously Monitor for Supply Chain Updates

Assessments are essential for gaining an insider’s view into a company’s ESG practices. However, a lot can happen between annual report submissions. That’s why it is important to validate regular due diligence assessment results with continuous insights into reputational information, adverse media and negative news, regulatory and legal actions, sanctions, and more. You can then correlate continuous monitoring intelligence with assessment results to validate findings and suggest any further required remediations. Consolidate these different sources of intelligence under a single pane of glass so that you maximize your due diligence efforts and can extend this information to internal stakeholders.

By taking proactive steps to align your operations and supply chains with the principles of the CSDDD, your organization not only prepares for compliance but also positions itself as a leader in corporate sustainability and responsibility.

How Prevalent Can Help Prepare Your Organization for EU Corporate Sustainability Due Diligence Directive Compliance

The Prevalent Third-Party Risk Management Platform enables you to address supply chain risks by automating survey-based assessments of supplier ESG practices and validating the results with continuous external monitoring of their real-world practices. With Prevalent, you can:

• Establish compliant sourcing, selection, and termination practices by evaluating supplier security, operational, ESG, and financial risks in a central platform extensible to all internal stakeholders
• Enforce ESG-related contractual provisions in supplier contracts, seamlessly integrating contract lifecycle management with the due diligence process
• Profile and tier all suppliers according to the risk they present to your organization, helping to simplify further due diligence
• Identify, assess, and remediate actual and potential adverse impacts on human rights and the environment in supply chains in a centralized risk management platform backed by workflow, issue management, and built-in remediation guidance
• Simplify audits and public reporting with built-in compliance framework mapping and stakeholder-specific reporting
• Continuously monitor for supplier ESG, reputational, financial, and operational risks that can impact your organization, centralizing findings in the platform and enabling action

For more on how Prevalent can help mitigate ESG risks in your supply chain to address the requirements in CSDDD, contact us today to schedule a personalized demonstration.