Supply chain risks and ESG compliance

The introduction of a compliance-related approach to financial crime enforcement, where liability may be triggered by actions far down a supply chain, will likely be applied to ESG concerns too

In the past decade, financial crime enforcement has been transformed by the introduction of compliance-based offences that hold companies liable for actions that occur throughout the supply chain. Crucially, however, companies that can demonstrate they have established procedures and controls to mitigate such risks may avoid prosecution.

In the UK, this was crystallised by the 2010 Bribery Act, which introduced the ‘failure to prevent’ offence and has been influential in encouraging a culture of compliance across all industries. The Act applies globally, provided the company has some business in the UK, and covers bribery committed throughout a supply chain, by anyone, provided they were acting for, or on behalf of, the company. 

The UK’s money laundering and tax evasion legislative frameworks also apply this model of enforcement, and a similar approach may soon be adopted for environmental, social and governance (ESG) concerns. Companies are coming under growing pressure to ensure that, throughout their supply chains, they observe human rights and take steps to mitigate the risk of environmental harms or biodiversity loss or damage. 

While in ESG the legal imperative might be less obvious, the commercial imperative is much clearer. Witness Aviva Investors CEO Mark Versey’s letter in late January to the 1,500 companies the asset manager invests in, which outlined its expectations for 2022. These include holding companies accountable for their performance on human rights, climate and biodiversity throughout their supply chains, as well as executive pay. 

Voluntary standards

While financial crime is measured against straightforward compliance frameworks, the same is not true for ESG factors – including, perhaps surprisingly, international human rights frameworks. Though a small number of international documents have begun to effectively set the standard in this area – led by the UN Guiding Principles on Business and Human Rights – organisations are largely able to choose which standards they impose and which values they prioritise. 

However, as regulators begin to mandate climate disclosures and responsibilities across supply chains, it seems unlikely that human rights-related measures will remain voluntary indefinitely. In the UK, the 2021 Environment Act has introduced obligations to address deforestation harms, whereby companies dealing in ‘forest risk commodities’ must undertake due diligence to ensure such products are produced in compliance with local laws. 

France and Germany have already introduced legislation designed to require due diligence by larger companies, to ensure supply chains are free of human rights abuses. The EU Commission is also currently considering a draft directive, Corporate Due Diligence and Corporate Accountability, which would build on the UN Guiding Principles and provide for mandatory due diligence on a range of ESG-related issues.  

Necessary steps

For companies and their advisers, the practical impact of viewing ESG-related concerns through the lens of due diligence is an increased compliance burden. But the fundamental mitigation steps necessary in the context of supply chains are broadly the same for both financial crime risks and ESG risks.  

For example, the key mitigating principles identified by UK government guidance on bribery and tax evasion will typically equally relate to concerns about ESG issues in supply chains. These include proportionate procedures, due diligence and risk assessment; while no organisation may reasonably be expected to eradicate the risk of issues arising, the systems and controls it establishes should reflect such risk. 

The risks posed by supply chains are only becoming more complex for business, whether from a financial crime enforcement perspective – with the potentially imminent expansion of a compliance model of corporate criminal liability for all economic crime – or in the context of increasingly thorough ESG concerns.

Therefore, in the months and years ahead, those businesses best placed to succeed will be the ones that ensure they have robust and reliable compliance systems, together with a prompt and thorough investigation of wrongdoing. 

Christopher Gribbin (pictured) and Matthew Ewens are associate and partner, respectively, in the white collar crime and investigations department at Mishcon de Reya