The German Supply Chain Act

Can you avoid organisational overkill?

Many companies that comply with the Supply Chain Act are facing major challenges. Is that even practicable?

Yes! And we’ll tell you how.

Is it really necessary to spend hundreds of man-days on the Supply Chain Act?

The Supply Chain Act comes into force in 2023. In a first step, it only applies to large companies. However, as they will automatically hold their suppliers accountable, there is also a need for action for smaller companies. The crux of the matter is that – at least without the right partner – it requires great effort to comply with the Supply Chain Act.

We have just spoken to one of our customers about this. This specific case clearly shows how enormous the challenges and how complex the tasks are that the Supply Chain Act entails. It also proves that it is by no means a matter of course for companies to be able to implement the law without any problems.

Why does our customer think he has to spend hundreds of working days?

To understand this, you need to know: Our customer is a major player in the retail sector. He has around 800 suppliers – and that’s where things get complex with the implementation of the Supply Chain Act. Very complex, in fact. Because:

  • Our customer has the task of recording its 800 suppliers in the context of the Supply Chain Act by 2023. They need their process for this. Or he needs to expand existing processes. That in itself is costly in terms of personnel and time.
  • They have to know which documents and information they should request from suppliers. This information must comply with the Supply Chain Act and stand up to scrutiny.
  • There are generally no ready-made checklists for this. This means that the customer would have to create the lists themselves and be responsible for their content. This involves not just days, but weeks of work. Not to mention the expertise required.
  • He must process the information requested from his suppliers efficiently and securely. Only then can he handle the process in an economically viable manner.
  • Finally: in order to minimize the risk of a breach of the law, they should also carry out a risk assessment. In other words, they must check the extent to which their 800 suppliers actually fulfill the due diligence obligations of the Supply Chain Act in detail. If this is done manually, it takes a lot of time.

It is precisely this complexity that is meant when we talk about organizational overkill above. And our customer said:“Firstly, we don’t know how we’re going to manage the content and secondly, we don’t know how it will work within a reasonable framework in terms of personnel.”

So, is everything in disarray? Let’s take a closer look:

How do you ask suppliers the right questions? And how do you request the correct data?

The Supply Chain Act requires companies to exercise due diligence. More precisely, according to the BMAS, it requires the:

  • Establishment of risk management and implementation of a risk analysis
  • Adoption of a declaration of principles of the corporate human rights strategy
  • Anchoring prevention measures in the company’s own business area and in relation to direct suppliers
  • Immediately taking remedial action in the event of identified violations of the law
  • Implementation of a complaints procedure in the event of legal violations
  • Documentation and reporting obligations for the fulfilment of due diligence obligations

At first glance, this sounds logical. However, if you have a closer look, it is not at all clear how a company can fulfill this duty of care in terms of content. For example, what should this policy statement look like? And above all: How do you find out from your suppliers whether they are really acting in accordance with the criteria of the Supply Chain Act?

In our view, it is a bad idea to laboriously develop your own concept. It is much better to make use of the necessary expertise of experts. This gives you peace of mind and you no longer have to worry about whether you will pass any checks.

Secure: You can send and collect data by e-mail. But that means a veritable flood of news.

Let’s return to our conversation with the customer. And let’s assume that our customer has a fixed catalogue of criteria or questionnaire that he can send to his suppliers. Can this also be done by e-mail?

That would actually work. But if one were to assume (just as an assumption) that 2 to 4 e-mails would have to be exchanged with a supplier in the course of the communication process (sending, possible follow-up questions, sending back), then that would be 1600 to 3,200 e-mails for sending the questionnaires alone …

In addition, the data provided by the supplier would have to be archived and checked accurately and clearly. This also means a massive number of personnel.

It also has the disadvantage that you do not have ready-made documentation or a complete report on the fulfilment of your due diligence obligations. This means that the company still has to deal with these two tasks… As you can see: The organizational overkill is becoming increasingly clear.

And now also the risk assessment. How is that supposed to work?

800 suppliers, and you must assess the risk of a violation of environmental, human and children’s rights along the supply chain for each individual supplier. If you were to spend 1 to 2 hours per supplier, that would be another 800 to 1,600 hours to fulfil this part of the Supply Chain Act.

Is that feasible? Of course! But does it make sense? No. And this does not mean that we are questioning the Supply Chain Act as such. On the contrary. We welcome it because it is an important step in the right direction.

You can’t avoid using automation

If you think about all the requirements up to this point, it should be clear: If you want to implement the Supply Chain Act efficiently, you need a smart solution. In other words, one that reliably automates processes and stands up to scrutiny in terms of both form and content.

This is accurately where Radix Tree comes into play. Because it solves your problems for 9 good reasons:

  1. RADIX Tree is a secure and reliable plug-in & play solution.
  2. In terms of content, it is beyond reproach because we at GTS have proven experts in supply chain law on board.
  3. These experts have integrated the requirements of the law into predefined questionnaires.
  4. They can share these automatically, collaboratively and in real time with their suppliers. All your suppliers have to do is connect to RADIX Tree.
  5. This saves you hundreds of working hours during the data collection process.
  6. You can even automate the risk assessment with RADIX Tree.
  7. This is because suppliers are automatically subjected to a risk assessment. The status of a supplier is visible at all times via a traffic light system.
  8. This also saves you a lot of time in risk management.
  9. And not to forget: RADIX Tree offers you the opportunity to fulfill documentation and reporting obligations with almost one click.

Conclusion: How to manage compliance with the Supply Chain Act

Our clear recommendation: Don’t rely on a solution that you have to work out yourself. Instead, get professional support – in consulting, for the process and for secure risk analyses and reports. Because then, compliance with the Supply Chain Act is not only possible, but also significantly cheaper.

By the way, with our RADIX Tree solution, your work is legally compliant, and your data will stand up to scrutiny. You use a lean and automated workflow. All in all, it saves you many working hours and therefore money.

However, RADIX Tree can also do something that other tools are obviously still a long way off: It also automates the risk assessment.