Supply Chain Due Diligence Is Now Law — and JAGGAER Is Here to Help!

Georg Roesch, VP Product Management, JAGGAER

In my previous article, I wrote about the new German Supply Chain Due Diligence Act, similar legislation in other EU countries, and the current discussion around an EU Directive harmonizing the law for all EU countries. While Europe is taking the lead in this particular area of environmental, social and corporate governance (ESG), there is absolutely no doubt in my mind that it will very soon be taken up in other regions of the globe, in particular North America.

The proposed European law would apply to companies with more than 250 employees and annual revenues exceeding €50 million, or balance sheet assets exceeding €43 million, regardless of their place of registration. It will also apply even to small and medium-sized enterprises, which are publicly listed or otherwise considered “high risk” — although this has yet to be defined. Finally, all companies offering financial services will need to comply.

This means all JAGGAER customers already fall within the scope of the legislation. Moreover, procurement is not only a key stakeholder in this issue, it’s the department that is the guardian of data relating to suppliers.

As such, procurement needs to look at the information the organization already has about its suppliers to understand whether the information is complete in terms of their locations, the nature of their businesses, the nature of their workforce etc. This provides the basis for carrying out the nine steps I identified, which involves setting out a risk assessment based on where suppliers are located and the types of people they employ and policies and procedures to identify and mitigate risk.

Based on a review of the information held in JAGGAER systems and the software’s capabilities in relation to German law, I believe that we can already cover 85–90 percent of the obligations it imposes on our customers. What we cannot do as things currently stand is to offer multi-tier oversight of the entire supply chain. JAGGAER cannot — but nor can anyone else, as things stand. Nobody has that level of information.

The need to get proactive

There are a couple of ways we can address this. First, let’s remember, the legislation does not require companies, of any size, to actively monitor their Tier 2 suppliers and beyond. However, if a serious issue comes to your attention, with any supplier, anywhere in the world, you have an obligation to investigate whether that supplier is in your supply chain. Thus it could be that an automotive manufacturer sources its airbags from a 100 percent ethically clean supplier, the airbag manufacturer sources its propellants from perfectly ethical suppliers, but a fourth-tier supplier of sodium azide is reported to be not taking adequate precautions for the safe and environmentally responsible storage and transport of its product.

This is why enterprises must monitor risk proactively, not only doing this regularly for Tier 1 suppliers but also, in the case of a potential incident, for Tier 2 and beyond. JAGGAER can address this issue through its various partnerships, getting the relevant information into the system and monitoring actively. If you do identify a problem, you need to go into case management to address the issue the appropriate level.

Beyond Tier 1, it is impossible to monitor suppliers both regularly and proactively, because the number of potential suppliers runs into millions. Therefore a second approach we are considering is to request information from suppliers about their suppliers, which is then kept in a separate secure data mart, inaccessible to anyone other than authorized users. We can then use that information to identify any possible supply chain issues, while guaranteeing data security and privacy. Should we identify an issue, we would then notify the relevant organization(s).

You need to start now

In fact, something rather similar is currently in operation in the internationally recognized OECD Due Diligence Guidance for Responsible Supply Chains of Minerals from Conflict-Affected and High-Risk Areas, and the associated US 3TG (tungsten, tantalum, tin and gold) conflict minerals due diligence standards. Here too, getting full visibility is challenging, but companies from countries that have signed up to the OECD guidance must be in a position to demonstrate that they have made their best efforts to comply.

At any rate, the technology is already there to support responsible sourcing and supply chain due diligence. That said, to ensure compliance within the stated timeframe, you really need to start putting good practices (it is too early to call them best practices!) and processes in place now.