ConnectedGRC

Drive a Connected GRC Program for Improved Agility, Performance, and Resilience

Explore the right questions to ask before buying a Cyber Governance, Risk & Compliance solution.

Explore the right questions to ask before buying a Cyber Governance, Risk & Compliance solution.

Learn More

Discover ConnectedGRC Solutions for Enterprise and Operational Resilience

Learn about the EU’s Digital Operational Resilience Act (DORA) and how you can prepare for it.

Learn about the EU’s Digital Operational Resilience Act (DORA) and how you can prepare for it.

Learn More

Explore What Makes MetricStream the Right Choice for Our Customers

Robert Taylor from LSEG shares his experience on implementing an integrated GRC program with MetricStream

Robert Taylor from LSEG shares his experience on implementing an integrated GRC program with MetricStream

Learn More

Discover How Our Collaborative Partnerships Drive Innovation and Success

Watch Lucia Roncakova from Deloitte Central Europe, speak on how the partnership with MetricStream provides collaborative GRC solutions

Watch Lucia Roncakova from Deloitte Central Europe, speak on how the partnership with MetricStream provides collaborative GRC solutions

Learn More

Find Everything You Need to Build Your GRC Journey and Thrive on Risk

Download this report to explore why cyber risk is rising in significance as a business risk.

Download this report to explore why cyber risk is rising in significance as a business risk.

Learn More

Learn about our mission, vision, and core values

Gurjeev Sanghera from Shell explains why they chose MetricStream to advance on the GRC journey

Gurjeev Sanghera from Shell explains why they chose MetricStream to advance on the GRC journey

Learn More
+1-650-620-2955
+1-650-620-2955 Contact Us Request Demo
×
Hit enter to search or ESC to close
Blogs

Germany’s New Supply Chain Due Diligence Act (LkSG): How to Prepare

Due Diligence Act (LkSG) Blog
5 min read

Introduction

With Environment, Social, and Governance (ESG) increasingly becoming a critical area of focus, key stakeholders, including customers and investors, are demanding greater accountability from organizations, extending to the larger supply chain and outsourced ecosystem. Lawmakers and regulators are also working to ensure that ethics, safety, governance, and sustainability standards are maintained not just within the organization but across the supply chain. Germany’s recent Supply Chain Due Diligence Act (Lieferkettengesetz) is a groundbreaking law that holds German companies accountable for the entire spectrum of their supply chain, placing a strong emphasis on ethics, human rights, and environmental sustainability. 

In this blog, we explore the key aspects and implications of the Act to help equip your business with the knowledge and strategies to proactively embrace responsible supply chain practices.    

What is the Lieferkettengesetz Act (LkSG)

The LkSG, or German Supply Chain Due Diligence Act, aims to ensure better human rights across an organization’s supply chain. It also covers environmental risks that pose a threat to human health and safety. German companies sell products manufactured in other parts of the world where human rights and environmental laws may be violated. This new regulation makes them responsible for ensuring that human rights are respected, and environmental standards and laws adhered to at every stage of their supply chains. Here is a detailed look into the LkSG and its requirements:

  • Which organizations are covered by the German Supply Chain Due Diligence Act?
    • Companies that have their central administration, principal place of business, administrative headquarters, statutory seat, or branch office in Germany with a workforce of at least 3000 people will have to comply with the LkSG from 1st January 2023 
    • From next year (2024), companies with a workforce of at least 1000 people will also be included under the provisions of the Act
  • What are the main stipulations according to LkSG?
    • Due diligence practices will apply to the organization’s business area, to the actions of contractual partners and indirect suppliers
    • The Federal Office for Economic Affairs and Export Control (Bundesamt für Wirtschaft und Ausfuhrkontrolle) is responsible for monitoring an organization’s compliance with the LkSG 
    • The Act is based on 11 international human rights conventions. The legal rights framed in these conventions have been used to derive diligence requirements for corporates 
    • Human Rights
      • Organizations must ensure strict compliance with human rights laws and standards across their supply chains
      • Organizations must establish a risk management system to recognize, prevent and minimize risks of human rights violations
      • The Act mandates the establishment of a grievance redressal system, establishes required preventive and corrective measures, and mandates regular reports
      • The areas covered include:
        • Prohibition of child labor, slavery, and forced labor
        • Non-compliance with occupational safety and health obligations
        • Denial of adequate wages
        • Denial of the right to form trade unions or employee representation bodies
        • Denial of food and water
        • Illegal possession of land and livelihoods
    • Environmental Risks
      • LkSG covers environmental risks that can negatively impact the human rights of the people working at various levels of an organization’s supply chain
      • Environmental risks include:
        • Illegal logging
        • Contamination of water sources
        • Air pollution
        • Incorrect use of pesticides
      • The environmental requirements covered in the LkSG are based on two key international conventions that aim to prevent health and environment hazards:
        • The Minimata Convention on Mercury
        • The Stockholm Convention on Persistent Organic Pollutants

Why is LkSG Important?

Managing third-party and even  fourth-party risk is a top-of-mind concern for most organizations across the world today. And there is a growing focus on third-party ESG risk management. Most modern organizations work with partners and suppliers across the world. Unfortunately, violations of human rights by way of child labor, discrimination, exploitation, and unsafe working conditions are still rampant in many parts of the world. Any company that profits from selling products manufactured in other parts of the world is ethically and morally obligated to ensure there are no human rights violations or environmental damage across its supply chain. Germany has taken the step towards making this a legal requirement for the first time in its history. The legislation establishes some concrete steps for organizations to protect not just the employees within their offices but all workers across its extended ecosystem. 

Failure to comply will result in fines of up to € 8 million or 2 percent of annual global turnover (only for companies with more than € 400 million in annual revenue). Non-compliance with the LkSG may also result in significant damage to the brand image and even profitability. Modern customers no longer hesitate to stop engaging with organizations that do not meet ethical and environmental standards or profit from products manufactured unethically or by flouting environmental norms.        

Stay Prepared with MetricStream

MetricStream can help organizations gain better visibility into their global supply chains along with ensuring comprehensive risk management processes to identify, prevent, and minimize risks pertaining to human rights and environmental protection. Organizations are empowered to establish a proactive approach to managing ESG and third-party risk management across the supply chain by ensuring:

  • Regular executive risk analyses
  • Implementation of corrective measures for violations that have already taken place or are imminent
  • Establishment and documentation of due diligence procedures pertaining to risks associated with direct and indirect suppliers

With MetricStream’s Third-Party Risk Management, organizations can:

  • Gain visibility into supply chain risks by conducting periodic risk assessments and automating data-capturing mechanisms for a wide range of environmental, social, and governance metrics
  • View third-party supplier metrics and manage supplier profiles systematically through a supplier portal
  • Access relevant, credible intelligence from external sources for improved risk assessment of direct and indirect suppliers
  • Leverage reports, analytics, and business intelligence capabilities to enable informed decisions
  • Manage supply chain information and documentation in a centralized supplier portal
  • Streamline and automate the due diligence onboarding process for suppliers, both new and existing 
  • Define and track performance metrics based on contracts and policies 
  • Seamlessly manage supply chain audits 
  • Ensure supply chain resilience with business continuity management

Organizations can also establish a proactive approach to managing ESG and third-party risk management across the supply chain. This will help reduce the risk of non-compliance and its severe financial consequences, as well as build trust with the board, and regulators.

The world is now more connected than ever before. This means that risks at any point in a global supply chain can pose a serious threat to the parent organization. As awareness of environmental damage, social injustice, and inequities continues to grow, so does the demand for accountability and responsibility. It is not enough to focus on just the four walls of the organization; enterprise ESG risk now includes third parties across the entire supply chain. More legislations like the LkSG are expected to emerge over the next few years, and organizations must ensure seamless compliance with all emerging standards and regulations. A Connected GRC platform providing robust third-party risk and compliance management is the only way for organizations to effectively manage connected ESG risks and third-party compliance.

Interested to learn more about how MetricStream can help with your LkSEG requirements? Request a personalized demo now! 

Check out our latest eBooks to learn more. 

Why Aligning ESG, ERM, and Third-Party Risk Management is Key to Creating Value 

Top 5 Compliance Priorities for CCOs in 2023 

BusinessGRC Buyer’s Guide 

Ensuring Compliance with GERMANY'S REVISED IDW PS 340 n.F. WITH METRICSTREAM

Sumith-Sagar

Sumith Sagar Associate Director, Product Marketing

Sumith Sagar is a proven product marketing professional, specializing in software product positioning, product-led growth marketing, presales and sales enablement. With over 12 years of risk management solutioning experience ranging from Governance, Risk and Compliance (GRC), Commodity Trading & Risk Management (CTRM) and cybersecurity, she has been instrumental in driving BusinessGRC product marketing at MetricStream.

 

Related Resources

Blog
Blog
4 mins
Aanya Sharan
GRC Summit 2024, Baltimore: Get to Know Our Speakers