Due diligence and ethical sourcing in supply chain management has been the subject of increasing regulatory attention. This reflects the growing impetus for companies to ensure that their supply chains are socially responsible. Similar to “Know Your Client” or “KYC” standards in the financial services sector, which protect both clients and financial intermediaries, the concept of “Know Your Supply Chain” reflects the requirements to protect workers, the environment, and the integrity of company purchasing arrangements. Laws and regulations require companies to create and maintain publically available accountability standards and reports. In particular, these requirements apply to companies where the workers and locations potentially at risk are not part of their own jurisdiction. This reporting allows consumers to distinguish companies based on their efforts to ensure that all stages of their supply chains are free of forced labour, human trafficking, and/or environmental risk. Due diligence analysis and reporting of this nature is becoming an essential part of the long-term business strategy of companies worldwide.
Whether or not the laws expressly set out recordkeeping requirements and retention periods, there is a clear need to maintain certain records as part of the due diligence required to ensure corporate compliance. Companies that address supply chain management in their records retention programs are well-positioned to ensure compliance with these laws and regulations. Records concerning supply chain management typically fall under purchasing and procurement categories in a records retention schedule. These records cover vendor/supplier relationship management, raw material inventory management, and materials purchasing. Regulatory compliance and due diligence reporting in this area can be addressed from a record-keeping perspective under legal and compliance categories. A comprehensive records retention program is essential to demonstrating compliance with supply chain due diligence requirements and providing evidence in response to potential claims and litigation.
The following representative laws, proposed laws, and related guidance demonstrate the heightened regulatory attention being given to “Know Your Supply Chain” due diligence globally, with a short summary of associated recordkeeping and reporting obligations:
Under the California Transparency in Supply Chains Act 2010, companies with annual worldwide gross receipts in excess of $100 million doing business in the State of California must disclose their efforts to eradicate slavery and human trafficking from their direct product supply chains for the goods that they offer for sale. The intent is to ensure that large retailers and manufacturers provide consumers with information regarding their efforts to eliminate slavery and human trafficking from their supply chains. Retail sellers and manufacturers must maintain internal accountability standards and procedures for employees or contractors failing to meet company standards regarding slavery and trafficking.
On 30 March 2021, An Act to enact the Modern Slavery Act and to amend the Customs Tariff (Bill S-216) received Second Reading in the Senate and was referred for further study to the Senate Standing Committee on Banking, Trade and Commerce. This proposed enactment would impose obligations on certain entities to report on measures taken to prevent and reduce the risk of forced labour being used at any stage in the production of goods in Canada or elsewhere by the entity or in the production of goods imported into Canada. The Act would also amend the Customs Tariff to prohibit the importation of goods manufactured or produced, in whole or in part, by forced labour.
Under the Modern Slavery Act 2015, companies providing goods and services with sales of more than £36 million must publish an annual Slavery and Human Trafficking Statement setting out the steps they have taken to ensure slavery and human trafficking is absent in their business and supply chain. On 15 June 2021, the Modern Slavery (Amendment) Bill was introduced. The proposed amendments would significantly increase accountability for abuses occurring in the supply chains of multinational corporations in the UK, including additional disclosure and compliance program requirements. Under the proposed amendments, commercial entities would be required to verify and publish information about the country of origin of sourcing inputs in their supply chain; arrange for external inspections, external audits, and unannounced external spot-checks; and report on the use of employment agents acting on behalf of an overseas government.
Passed in 2017, France’s Corporate Duty of Vigilance Law is applicable to large companies established in France and requires them to create and implement publically available vigilance plans in order to identify and prevent risks to human rights and the environment that may occur as a result of their business activities.
On 11 June 2021, the German parliament officially adopted the Act on Corporate Due Diligence in Supply Chains. This Act will apply to companies with at least 3,000 employees from 1 January 2023 and to companies with at least 1,000 employees from 1 January 2024. It requires companies to establish, implement, and update due diligence procedures in relation to human rights and environmental protection in supply chains, and to prepare an annual report on their compliance with these due diligence obligations. Companies are obliged to retain their documentation regarding compliance with these due diligence requirements for 7 years.
The European Union is moving towards mandatory supply chain due diligence. On 10 March 2021, the European Parliament passed a legislative initiative for an EU Directive on Mandatory Human Rights, Environmental and Good Governance Due Diligence (“MHRDD”) for companies operating in the EU. The impetus for this directive followed a study on due diligence requirements through the supply chain. The two main goals are to provide obligations for companies to conduct due diligence along with rights for individuals and stakeholders to hold companies liable for non-compliance. The MHRDD could be adopted as early as this year and potentially come into force by the end of 2023.
The Modern Slavery Act 2018 requires entities based or operating in Australia, having an annual consolidated revenue of more than $100 million, to report on the risks of modern slavery in their operations and supply chains, and actions taken to address those risks. The modern slavery statement must include a description of (i) the structure, operations and supply chains of the reporting entity; (ii) the risks of modern slavery practices in the operations and supply chains of the reporting entity, and any entities that the reporting entity owns or controls; (iii) the actions taken by the reporting entity and any entity that the reporting entity owns or controls, to assess and address those risks, including due diligence and remediation processes; (iv) how the reporting entity assesses the effectiveness of such actions; and (v) the process of consultation with any entities the reporting entity owns or controls.
The focus of the OECD guidance is to encourage companies to respect human rights and avoid contributing to conflict through their mineral sourcing practices. This guidance sets out a minimum retention period of 5 years for relevant records of downstream companies. Relevant records concern purchasing, procurement, business partners and suppliers, and supply chain due diligence (methods for identifying all suppliers down to mine of origin and the methods for sharing information about due diligence throughout the supply chain). Additionally, all downstream companies are advised to set out in their annual reports their supply chain due diligence policy; the management structure responsible for the company’s due diligence and those directly responsible; company control systems over the supply chain, explaining how it operates and how it has strengthened the company’s due diligence efforts; and the company’s database and record-keeping system. The OECD guidance also states that companies should consult ISO International Standard 19011: 2002 (“ISO 19011”) for detailed requirements on audit programs (including program responsibilities, procedures, record-keeping, monitoring and reviewing) and a step-by-step overview of audit activities.