Third-Party Risk

The German Supply Chain Act: Navigating third-party risks through effective due diligence

Samah Nour Eddine

Director, Customer & Third-Party Risk Intelligence, LSEG

The German Supply Chain Act is part of a growing trend around the world to hold companies accountable for sustainable and ethical business practices within their global supply chains. Passed by the German government in March 2021, the German Supply Chain Act, also known as the Lieferkettengesetz in German, requires German-based corporations to address human rights and environmental violations within their global supply chains.

  1. The purpose of the Supply Chain Act is to help companies to improve their supply chain sustainability, but it also presents challenges to adhere to due diligence obligations.
  2. Challenges include the breadth of the law that requires companies to probe deep into their supply chains and the difficulties of gathering accurate data.
  3. To overcome these challenges, companies should introduce a third-party risk management programme, including due diligence platforms, risk assessment tools and supplier data management systems.

Starting 1 January 2023, the law applies to companies with over 3,000 employees in Germany but will expand to cover companies with 1,000 or more employees by early 2024.

Failure to comply with the law may result in fines of up to 2 percent of annual global turnover, as well as any likely reputational damage.

Risk Revealed: Join our complimentary Risk Revealed event series taking place in 25 locations across the world

Challenges posed by the Act

The German Supply Chain Act surely presents an opportunity for affected corporations to improve their supply chain sustainability and enhance their reputation. However, these companies may also struggle to meet their due diligence obligations under this law. Specific challenges likely include:

  1. Expansiveness: One unique challenge is that the law focuses on third-party risks beyond just a company’s immediate first-tier suppliers and requires companies to look deeper into their supply chains. This is a difficult if not sometimes impossible task due to the size of a global supply chain network, lack of visibility beyond first tier suppliers, and supplier locations in jurisdictions with weaker labour and environmental standards. Such a lack of transparency would challenge companies to obtain information about their suppliers’ practices and may have limited control over their activities especially those deeper in a supply chain.
  2. Data accuracy and availability: Some suppliers may not have the necessary processes or controls to collect and provide the data that corporates need to comply with the law. For example, they may not have the ability to track and report on their environmental impacts, labour practices, or human rights compliance. So, even when corporations are able to obtain data from their suppliers, it may be limited, incomplete or inaccurate. This can make it difficult to assess risks, conduct effective due diligence and take appropriate preventive or remediation measures. The challenge doesn’t stop here but extends to information gathering as well. Corporate organisations face the challenge of complexities when it comes to data gathering and analysis, especially when creating and managing questionnaires, to be assessed at different phases of their suppliers’ lifecycle.
  3. Resource constraints: Implementing a due diligence process requires significant resources, including personnel, operational and financial investments, which may be a challenge for small to mid-tier corporate companies.
  4. Data integration challenges: Companies may also face challenges in integrating data from multiple sources and systems to provide a comprehensive view of their supply chain risks and performance. An exercise that can prove to be complex, expensive and time-consuming.

The route to effective due diligence

Companies need to adopt a risk-based due diligence towards their third-party risks when complying with the German Supply Chain Act and achieve this by implementing a comprehensive third-party risk management programme and investing in systems and tools. This includes:

  1. Due diligence platforms: These platforms provide a centralised location for companies to manage their due diligence processes and track compliance with the German Supply Chain Act. They can include workflows, risk assessment, checklists, remediation and reporting tools that enable them to manage their end-to-end due diligence activities more efficiently.
  2. Risk assessment tools: These tools use data analytics and machine learning algorithms to identify, assess and monitor a supply chain’s potential risks in various areas like environmental, social and governance (ESG), identity, integrity, operations, financial and cyber, among others.
  3. Supplier data management systems: These systems enable corporate companies to collect and manage data about their suppliers, apply a risk-based approach in gathering additional information for higher-risk entities and continuously monitor the business relationship from inception to renewal and beyond.

In summary, complying with the German Supply Chain Act brings forward opportunities to elevate responsible business practices. However, many companies will face challenges to comply due to the law’s expansive requirements, the complexity of their supply chains, limited resources and a lack of trusted data.

By leveraging data and technology, companies can improve their third-party risk programmes by adopting a comprehensive risk-based due diligence approach to their supply chain, demonstrating a commitment to responsible, ethical and sustainable business practices.

Stay updated

Subscribe to an email recap from:

Legal Disclaimer

Republication or redistribution of LSE Group content is prohibited without our prior written consent. 

The content of this publication is for informational purposes only and has no legal effect, does not form part of any contract, does not, and does not seek to constitute advice of any nature and no reliance should be placed upon statements contained herein. Whilst reasonable efforts have been taken to ensure that the contents of this publication are accurate and reliable, LSE Group does not guarantee that this document is free from errors or omissions; therefore, you may not rely upon the content of this document under any circumstances and you should seek your own independent legal, investment, tax and other advice. Neither We nor our affiliates shall be liable for any errors, inaccuracies or delays in the publication or any other content, or for any actions taken by you in reliance thereon.

Copyright © 2023 London Stock Exchange Group. All rights reserved.