Together with Clifford Chance, Roschier recently held a webinar on what companies should know about ESG. The topics covered in the webinar included upcoming EU legislation relating to sustainability and challenges companies face when conducting due diligence on suppliers. The webinar also touched upon what companies can do to prepare for mandatory due diligence requirements if and when such requirements enter into force. The speakers concluded that a good starting point is to consider (i) prioritization; (ii) information collection; and (iii) documentation.

The speakers included partners Michelle Williams, Dr. Thomas Voland and Steve Nickelsburg from Clifford Chance; Counsel Mia Mokkila from Roschier; and a guest speaker from the Finnish Chamber of Commerce, Sustainability Advisor Antti Turunen. The webinar was moderated by Roschier Principal Associate Laila Sivonen.

Relevant upcoming EU sustainability legislation applicable to companies

Currently, we are seeing a flow of legislation from the EU as new regulations have entered into force aimed at directing capital flows into sustainable investments and other ESG-related legislative initiatives are pending.

The Taxonomy Regulation is a classification system that recognizes green, environmentally sustainable activities. Under the Taxonomy regulation, certain large companies and investors are required to disclose their share of taxonomy-related activities in their non-financial reporting in 2022.

The Sustainable Finance Disclosure Regulation (SFDR) aims to prevent greenwashing and to ensure comparability of investments and imposes new transparency and disclosure requirements on financial market participants and financial advisors.

The Corporate Sustainability Reporting Directive (CSRD), which is expected to be adopted in late 2022, is an update to the Non-Financial Reporting Directive. If adopted as proposed, the CSRD would usher in new requirements in terms of sustainability reporting, including new reporting standards and audit of sustainability information, and would extend the scope of mandatory reporting to all large companies and all listed companies (except micro-enterprises).

The Sustainable Corporate Governance Initiative, on which (according to recent rumours) a legislative proposal could be expected in March 2022, is composed of two elements: one concerning directors’ duties and the other to the mandatory supply chain due diligence (MDD) obligation.

The discussion on directors’ duties includes topics such as taking stakeholders’ long-term interests into account in the directors’ decision-making, strengthening stakeholders’ enforcement mechanisms, including sustainability in the company’s strategy and remuneration, and enhancing directors’ competence in sustainability. It remains to be seen what kind of legislative proposal the Commission will make in respect of the matters discussed.

The key features of MDD in the Commission’s upcoming legislative proposal are expected to include elements of the following:

  • An obligation for companies to identify, prevent and mitigate risks related to human rights, as well as possibly governance (anti-corruption) and environmental impacts, in their supply chain.
  • An obligation for companies to publish a due diligence strategy and open it up for public scrutiny.
  • Supervision, administrative penalties and liability regime for breaches of the MDD.

Key open items in the upcoming legislation:

  • Do companies need to consider risks related to the whole supply chain or will the MDD be limited to e.g. direct contractual parties?
  • What will be the material scope of the due diligence in addition to human rights?
  • Which companies will fall within the scope of the legislation? According to the European Parliament’s proposal, the scope would include all large companies and listed small and medium-sized companies.

Challenges in carrying out the due diligence process on the supply chain

Although the scope and timetable of mandatory due diligence requirements at EU level are still very uncertain, it is relatively safe to say that at some point the EU will adopt mandatory human rights due diligence legislation.

The speakers identified three main challenges that relate to carrying out human rights due diligence processes. First, it is not realistic or feasible to review both group companies and suppliers at the same time. Therefore, companies should consider heat mapping initially. Companies may want to start with their own subsidiaries, because that is where they exercise the greatest influence. In addition, some regions naturally pose higher risks than others. High-risk areas should be prioritized over low-risk areas.

Second, information can be gathered in many ways. For example, relevant supply contracts and other contracts may include disclosure requirements and/or audit rights. In addition, information and reports on risks are available via public sources. However, in order to be able to collect and review relevant materials, companies must have sufficient resources in place.

Third, companies will need to record the steps they have taken to collect and assess information and they will need to act on any findings. Proper documentation is required to enable the companies to establish that they meet the mandatory requirements and to report accordingly.

Possible liabilities, sanctions and failure to follow mission statements

The following supervision and liability-related elements of the upcoming MDD legislation were discussed by the speakers:

  • The potential introduction of a company specific grievance mechanism, which is a reporting line where all of the company’s stakeholders can report concerns they have about ESG issues.
  • The complicated issue of civil liability. There is political pressure to make it possible for victims of human rights’ breaches to claim compensation from any company whose supply chain has committed a relevant breach, which involves various challenges.
  • Administrative sanctions by the supervisory authorities, which might be left to EU member states to impose as they wish. However, this may lead to fragmentation, and it is not clear which authority would in each case be best suited to supervise compliance with the MDD duty.

The speakers noted that there are liability considerations even without any mandatory rules. It is important to monitor these risks from a reputational and business risk perspective. In the US, third-party liability is the main source of human rights liability or a human rights related risk for companies. Even though a company might ultimately not be found liable, from a reputational perspective even being sued can be highly onerous.

Finally, it was discussed that companies should be aware of the importance of complying with policy statements – even aspirational policy statements. Many companies are putting out statements on policy, where they state their commitment to protecting human rights, a clean and healthy environment and combating climate change. It is important for a company to make these commitments, both to demonstrate responsibility and to promote their reputation. However, companies should be careful about making overbroad, sweeping commitments that provide too much of an avenue for someone to hold them to account for something they really didn’t intend to commit to.