What is meant by sustainability in the supply chain?

The concept of sustainability positively includes the strengthening of standards and human rights and negatively the avoidance of harmful behavior. Sustainability in the supply chain means not only improving the behavior of one's own company, but also demanding this from suppliers and sub-suppliers.

Why is it important to ensure supply chain sustainability?

The globalization of the past few decades has been characterized by low freight prices and unregulated growth. Various events have put unrestrained global supply chains under stress.

• Floods in Thailand 2011: computer/ electronics industry
• Big fire in Dhaka, Bangladesh 2012: textile industry
• Rana Plaza building collapse in Dhaka, Bangladesh 2013: textile industry
• Fire in Kunshan, China 2014: metal processing/ automotive
• Zero production/Logistics delays and shutdowns due to Covid-19 in China and East Asia: All industries
• Energy and raw material shortages due to the Ukraine/Russia war and sanctions/counter sanctions: All sectors

If you look at the list of events, you can see that

• the global supply chains also mean globally distributed risks
• sooner or later the risks of the suppliers automatically become risks for the buyers
• some of the problems could have been avoided by pressure to comply with sustainability and safety standards

It therefore makes sense for every company not only to deal with its direct suppliers and their classic qualification, evaluation and re-qualification (creditworthiness, capacity, reliability, quality, delivery reliability, etc.) and to identify and manage risks, but also with the pre- and pre-pre-suppliers, the entire supply chain.

Analyzing the sustainability of its own supply chain should therefore be a normal aspect of risk management for every company in its own interest.

What is the German Supply Chain Due Diligence Act?

The new Supply Chain Act or Supply Chain Due Diligence Act (real name “Supply Chain Due Diligence Act”) came into force in June 2021 after years of pressure from human rights organizations.

It states that companies in Germany must examine their suppliers and their sub-suppliers (so-called indirect suppliers) to see whether they are violating human rights, the environment or sustainability. Companies must actively take care of prevention, implement active measures if violations are noticed at suppliers, and document all this and report about it publicly. Regular inspections by state authorities are planned, and complaint systems must also be set up.

Who is affected by the German Supply Chain Act?

From 1.1. In 2023, companies with more than 3,000 employees in Germany must comply with the law, at least show a so-called duty of care during the tests by the Federal Office for Export Control. From January 1st, 2024, companies with more than 1,000 employees will be affected.

What does the law require? (overview)

The law lists a catalog of topics/risks for which all companies should analyze their supply chains:

Violations of the law include:

• Employment below the respective minimum age
• Child labor for children under the age of 18
• Forced labour
• All forms of slavery
• Unequal treatment in employment
• Harmful environmental changes
• Evictions or expropriations
• Security forces displaying inhumane behavior
• Violations of human rights
• Mercury processing
• Chemicals according to the Stockholm Agreement
• Non-environmentally sound waste management
• Export of hazardous waste

Requirements of the law are:

• Compliance with occupational safety and health obligations
• Safety standards when providing and maintaining the workplace, the workplace and the work equipment
• Protective measures against the effects of chemical, physical or biological substances
• Measures to prevent excessive physical or mental fatigue
• Adequate training and instruction of employees
• Workers must be free to organize or join unions
• Forming, joining or activity in unions must not result in punishment or retaliation
• Unions must be allowed to operate freely (right to strike/collective bargaining)
• Payment of minimum wages

Companies directly affected must set up a risk management system that covers all their own actions and those of their direct and indirect suppliers.

All suppliers in all supply chains should be required to comply with these rules by contract and by means of tests and controls.

What exactly does the law require?
Observe due diligence

Companies must adequately observe human rights and environmental due diligence in their supply chain.

The law specifically names these obligations in Section §3:

• Establishment of a risk management system
• Determination of an internal responsibility
• Carrying out regular risk analyses
• Submission of a policy statement
• Anchoring preventive measures in your own business area as well as towards direct suppliers
• Taking remedial action
• Establishment of a complaints procedure
• Implementation of due diligence obligations towards indirect suppliers
• Documentation and reporting

Implementation of risk management

Risk management in purchasing does not exist in many companies. Risk management in procurement means listing the various possible risks and then rating the suppliers according to the likelihood of the risk occurring and the severity of the event.

This department is required to:

• subject direct suppliers and their own business areas to a regular risk analysis (§5 of the LKSG)
• examine indirect suppliers for risks on a case-by-case basis

Determination of internal responsibility

This means that specific people or departments within the company are given responsibility for complying with and monitoring due diligence requirements. This can e.g. the appointment of a sustainability or human rights officer.

Regular risk analysis

First of all, the company's own business area and its immediate suppliers must be analyzed regularly (Section §5 of the law). Indirect suppliers are to be analyzed on a case-by-case basis. In the event of changes in business activity, all areas must be analyzed.

Cause-related means: Just the fact that a supplier is in a country that, for example. according to the assessment of the World Bank, has a high risk profile in the area of human rights, must lead to the supplier being examined more closely. To do this, you need to understand your own supply chain.

Submission of a policy statement

It is imperative to make your company's stance clear and visible when it comes to ensuring that it is visible to stakeholders, showing that you are taking action toward a sustainable supply chain.

This statement needs to be public and visible on your annual report.

Anchoring preventive measures

Measures are to be defined and their execution controlled to reduce the risks for the suppliers. Measures can e.g. be: Supplier training, contractual self-commitments on sustainability issues or documented controls of the sustainability and human rights situation by independent bodies.

In addition, suppliers must ensure that they query, document and ensure the required standards in their own supply chains.

Taking remedial actions

Measures should also be agreed and implemented if specific problems are identified at suppliers through their own activities or if the company becomes aware of them in some other way (e.g. press or Internet monitoring). The law does not require you to stop doing business with such suppliers immediately.

Establishment of a complaints procedure

The company must ensure that those affected or organizations about violations of the law can complain to the company. Contact persons and procedures must be set up for this. A direct right of action for those affected is not initially planned, but will probably be introduced in the next few years via EU supply chain laws. The idea is that similar to whistleblower systems, breaches of sustainability can be reported to the company.

Implementation of due diligence obligations towards indirect suppliers

The law speaks here of establishing “due diligence processes” in relation to risks at indirect suppliers (with whom they have no direct contractual relationship) when they receive “substantive knowledge” that human rights are being violated or environmental damage is being caused. This means that if such information is made known directly, e.g. via complaints procedures, but also reported via the press or neutral organizations, the company must take care of it.

Documentation and reporting

The companies affected by the supply chain law must submit an annual report to the Federal Office for Export Control (BAFA), www.bafa.de, which documents the activities in relation to the law.

How should I implement the Supply Chain Act in practice?

Step 1:

First, look at your direct suppliers, i.e. all the companies that invoice you. Make a list. This is the so-called Tier-1 (= the first layer of your company's supply chain

Use suppliers from all areas, i.e. regardless of whether they are production-critical or C-parts suppliers.

Prioritize:
Sort the suppliers according to their annual turnover. Start from the top down.
Find out whether you already have sustainability information for suppliers in-house.
Environmental certifications like EMAS or ISO 14001, sustainability programs like SEDEX, ecoVadis, GlobalGap etc are a good start.

Suppliers with certifications pose a lower risk from a risk management perspective than those without.

Step 2:

Now look at the suppliers from whom you have no certifications or evidence of sustainability. How important are these suppliers? Can they be exchanged at all? Talk to key suppliers to see if they are willing to make (verifiable) commitments. There may also be ongoing preparations.
Record the information you receive in the risk column of your list.

Step 3:

You can first subject suppliers without sustainability information to a rough risk assessment in a simple step by noting the country in which the supplier is located in your list. Now put the country risk next to it. The World Bank provides risk figures for this.

You have now created a rough risk assessment for all your direct suppliers (Tier 1).

Step 4:

Next, for key, non-interchangeable suppliers, supplement the information you have with email or online forms or documentation.

Check your supplier self-assessment for completeness. Do questions need to be added? Is it worth asking about sustainability separately?

Step 5:

Determine the upstream suppliers of your Tier 1 suppliers and carry out steps 1-4 again. Here you should group according to material groups in order to avoid duplicate data management.

Step 6:

Take a look at which recommended measures for which areas of the supply chain law are suitable for suppliers who cannot provide certification:

• Help with certification
• Contracts/contract adjustments
• Knowledge building/ training
• Commitments
• on-site audits
• deeper cooperation
• phasing out of the collaboration

Document these preventive measures and monitor their implementation.

Why is the supply chain law more than just a “compliance issue”?

If you compare the topic "Implementation of the Supply Chain Act" with other so-called compliance topics such as the Money Laundering Act or the implementation of the General Data Protection Regulation, the Supply Chain Act has a practical benefit for you and your company:

In our experience, 95% of all companies in Germany are not sufficiently digitized in the areas of purchasing, quality management and supplier management. Data is not available or is being processed manually/on demand.

There has been little investment in these areas of business over the past few decades. The implementation of the supply chain law therefore offers an opportunity to make the work of these departments more efficient.

The supply chain act and digitization of data in purchasing

Cooperation, both internally and within the team, as well as with the suppliers, mostly takes place via email. Important data is not accessible (cannot be found), not up-to-date and incomplete. Even today, many industries still work with paper, folders on the shelf and fax. At relatico, we take the supply chain law as an opportunity to get companies in shape when digitizing their documentation and purchasing processes.

What distinguishes the relatico approach from that of other providers?

Some software providers have dealt with the implementation of the supply chain law. In principle, the implementation of the German supply chain law with the steps described above can of course be implemented in a number of software platforms and tools.

The key points are:

• Setting up a risk management system or carrying out a risk analysis on the extended supply chains of your own company (including upstream suppliers)
• the implementation of measures
• the documentation of what was found out about the risks at each supplier.

The challenge with every approach is to collect a large number of documents and information so that there is a basis for the risk assessment at all.

• Tier 1 suppliers can be found in merchandise management, but no sustainability information. Merchandise management cannot even determine the pre-suppliers. For the systematic compilation of sustainability information (documents, online questionnaires, notes, e-mails) as a basis for the risk analysis, merchandise management systems are only suitable after extensive. lengthy and expensive adjustments. Compared to specialized software, user-friendliness will always lag behind.
  
  
• Office tools such as Excel and Sharepoint can basically be used for any purpose, but are no longer efficient and very error-prone with larger amounts of data. From the experience of our customers who initially tried this, we know that analyzing 100 Tier 1 suppliers in one area of ​​the company quickly turned into 700-1,000 participants in the supply chain and office tools stopped working.
  
  
• Software/databases for risk analysis and risk assessment are exactly suitable for this, but they need data as a basis - and this is exactly where the problem lies: These bases have to be laboriously determined and fed outside of the databases. This is where the real effort is. Carrying out the risk analyzes on the basis of clean data is then relatively easy. This point is usually underestimated when purchasing such software and afterwards it is often found that one should have bought it a few years too early or not at all.
  
  
• Supply chain risk software provides quick results in the form of scores, reports and graphs. There are two problems here: 1. Which suppliers are part of my supply chains and need to be analyzed must be determined externally. 2. These tools mostly don't provide a way to access the underlying data on which the ratings are based. However, the supply chain law wants to make precisely these basics visible. So the users quickly get to the point that additional tools have to be used in addition to the software.
  
  
• Some QM software contains modules or parts for risk assessment. QM software is usually only used by a few users in the company and is not designed for information procurement and systematization. Since this is where most of the work lies, QM software is not suitable for covering the supply chain law.

In summary:

• The basic data from the suppliers for the risk analysis must be compiled for each approach.
• This homework must always be done. This is where the real workload lies. Here, the data of each supplier must be collected.
• The use of risk management software without doing your homework will not meet the requirements of the supply chain law in the long term.

relatico also has offers for:

• companies not directly affected (less than 1,000 employees) a toolbox for determining sustainability information with optimal support for procurement and evaluation, so that customer inquiries can be answered quickly and easily,
• directly affected companies (over 1,000/ 3,000 employees) additionally the profiling of all companies in their own supply chains as well as the visual depiction with various evaluation options and the risk analysis based on this plus a depiction of the preventive and remedial measures, reporting and documentation obligations and complaint management, an easy-to-use, sustainable solution for supply chain law coverage in one platform at affordable prices.
  
  In addition, relatico can be used for many other tasks in supplier management and documentation.