Following in the footsteps of the German Supply Chain Act 2023 and the decennial update of the OECD Guidelines for Multinational Enterprises on Responsible Business Conduct (2023), the EU Corporate Sustainability Due Diligence Directive (CS3D) will require obliged entities to identify, prevent, mitigate, and end negative impacts on human rights and the environment in their value chain, or face the financial consequences.
While CS3D will take some time to be transposed into national law, companies will be required to overhaul their policies, processes and particularly their IT systems in order to achieve compliance.
Who does CS3D concern?
After extensive negotiations between the EU Commission, Council and parliament, obliged entities will now be defined as EU-based companies with more than 250 employees and a net annual revenue worldwide of at least €40 million; parent companies with more than 500 employees and a net annual revenue worldwide of at least €150 million; or non-EU companies with $150 million net annual revenue if at least €40 million were generated in the EU.
Currently, the banking sector also falls within the scope of CS3D, something the European Banking Federation has welcomed, albeit with a few caveats.
The rules of the directive will apply to a company’s ‘chain of activities’, which covers a company’s upstream activities (e.g. suppliers) and in a limited manner also downstream business partners like distributors (it excludes the phase of the use of the company’s products or the provision of services).
There are a few echoes of financial crime compliance regulation here, with organisations now the de facto first line of defence in terms of sustainability rectitude. The text also includes the familiar term ‘risk-based approach’, i.e. adopting an approach which is proportional to the likelihood and severity of potential adverse impacts.
What is the background of CS3D?
CS3D aims to promote sustainable business practices, protect human rights and the environment, and contribute to the achievement of the United Nations’ Sustainable Development Goals. In addition, certain large companies need to have a plan to ensure that their business strategy is compatible with limiting global warming to 1.5°C in line with the Paris Agreement. Together with existing regulations and other regulatory initiatives such as the Corporate Sustainability Reporting Directive (CSRD) or the EU Taxonomy Regulation, CS3D represents a further step towards sustainable business under uniform European conditions.
While some companies will see this as another administrative burden, it is not as if companies have been playing fast and loose with third party risk up until this point. The difference now is that third-party declarations and disclosures will not be enough and that companies will need to screen their third-parties more rigorously and do so on a continuing basis.
What will good due diligence look like?
In their Annex to the proposal on the CS3D, the EU provides example violations of rights and prohibitions. They include slavery, workplace and living conditions, worker rights, social displacement and environmental damage. While helpful, they don’t articulate in a detailed way the offences a company will wish to screen against.
At smartKYC, our ESG framework extends to over 100 concepts and while governance does not fall within the scope of the directive, the environmental and social misdemeanours we identify are sufficiently fine-grained that companies can know what ‘bad’ looks like in their screening due diligence.
And the word ‘screening’ is important here. Lessons can be learned from the financial crime compliance arena where early KYC efforts were limited in the extent and frequency of checks whereas now we see holistic and perpetual KYC as the norm.
Challenges of implementing CS3D for multinational corporates
Given the scale and distribution of third parties that support a company’s value chain, adding a risk screening layer to their due diligence presents many challenges. Using a human-led approach to achieve that is often not feasible, let alone affordable. This is where an AI-led approach has distinct advantages in being able to:
- Automate much of the due diligence heavy lifting
- Deliver confident risk screening in all the languages relevant to your operations, not just English
- Maximise result precision and minimise noise
- Support batch processes such as for large scale review projects
- Provide 24/7 risk vigilance and generate alerts on emerging threats
The latter is likely to be crucial in demonstrating to regulators that a company has a sufficiently robust and sophisticated programme to identify failings immediately and take remediative action straight away.
Not only does the idea of 24/7 risk vigilance play well in the eyes of regulators but it could prove invaluable in protecting the reputation of a business. Dealing with an emerging issue straight away could prevent it from escalating into a full blown crisis as a consequence of adverse social media coverage. We would add that the negative impact of a crisis on sales, stock price and brand value could be far more costly than any fine.
How smartKYC can help
smartEYE is our perpetual, global, ESG and adverse media monitoring solution. The smartEYE software watches the world’s news, in many languages including Arabic, Russian, and Chinese, for breaking reporting of adverse events about your supplier or other third party. These adverse events can include ESG misdemeanours, reputational matters or suggestions of financial crime criminality (money laundering, tax evasion, bribery and corruption, etc.), whatever it is that is important to know.
Alerts are precise, material and not repeats of previously seen information and are routed to whichever team or system needs to receive them.
Our flagship onboarding due diligence tool software automates onboarding due diligence either on a singular or batch basis.
To find out more about smartEYE, please contact our team.