The German Supply Chain Act – Can you avoid organisational overkill?

Many companies that have to comply with the Supply Chain Act face massive challenges in doing so. Is it even practical? Yes! And we’ll tell you how

Do you really need to spend hundreds of work days on the Supply Chain Act?

The Supply Chain Act comes into force in 2023. In the first step it only applies to large companies. But because they will automatically hold their suppliers accountable, there is also a need for action for smaller businesses. The crux of the matter is that – at least without the right partner – it takes a lot of effort to comply with the Supply Chain Act.

We have just spoken about this with one of our clients. This specific case clearly shows how enormous the challenges and how complex the tasks are that the Supply Chain Act entails. It also shows that it is by no means a matter of course for companies to be able to implement the law securely at all.

Why does our client think they will have to spend hundreds of working days?

To understand this, you should know: Our client is a big player in the retail sector. They have has about 800 suppliers – and that’s where things get complex with the implementation of the Supply Chain Act. Very complex, in fact. Because:

1. Our client has to register their 800 suppliers in connection with the Supply Chain Act by 2023. They need their own process for this. Or they must expand existing processes. That alone is time-consuming and requires a lot of staff.
2. They need to know which documents and information they have to request from the suppliers. This information must comply with the Supply Chain Act and stand up to scrutiny.
3. There are usually no ready-made checklists for this. This means that the client would have to create the lists themself and be responsible for their content. This involves not only days, but weeks of work. Not to mention the know-how required for this.
4. The client must process the information requested from their suppliers efficiently and securely. Only then can they handle the process in an economically sensible way.
5. Last but not least, in order to minimise the risk of violating the law, the client should also carry out a risk assessment. In other words, they must check to what extent their suppliers really fulfil the due diligence obligations of the Supply Chain Act in detail. If this is done manually, it takes a lot of time.

It is precisely this complexity that was meant when we talked about organisational overkill above. And our client said: “First of all, we don’t know how we are supposed to manage the content and secondly, we don’t know how this is supposed to work in terms of personnel within a reasonable framework.”

So is everything up in the air? Let’s look a little closer:

How do you ask suppliers the right questions? And how do you request the right data?

The Supply Chain Act puts companies under an obligation to exercise due diligence. More specifically, according to the BMAS, it requires:

• Establish a risk management system and conduct a risk analysis.
• Adopt a policy statement of corporate human rights strategy
• Anchoring preventive measures in its own business operations and vis-à-vis direct suppliers
• Immediately taking remedial action in the event of identified violations of the law
• Implementation of a complaints procedure in the event of legal violations
• Documentation and reporting obligations for the fulfilment of due diligence obligations.
  Source

At first glance, this sounds logical. But if you take a closer look, it is not at all clear how a company can comply with this duty of care in terms of content. For example, what should this declaration of principles look like? And above all: how do you find out from your suppliers whether they really act in accordance with the criteria of the Supply Chain Act?

From our point of view, it is a bad idea to develop your own concept in tedious work on your own. It is much better to make use of the necessary expertise of experts. This gives you security and you no longer have to worry about whether you will pass any audits.

You can send and collect data by e-mail. But that means a real flood of messages

Let’s go back to our customer conversation. And let’s assume that our customer has the a fixed criteria catalogue or questionnaire that he can send to his suppliers. Does that work by e-mail?

Actually, that would work. But if we were to assume that 2-4 e-mails would have to be exchanged with a supplier in the course of the communication process (sending, possible follow-up questions, sending back) then that would be 1,600 to 3,200 e-mails for sending the questionnaires alone.

On top of that, the data provided by the supplier would have to be archived and checked in a targeted and clear manner. That, too, would require a massive amount of human resources.

In addition, it has the disadvantage that you do not have a finished documentation or a complete report on the fulfilment of your own due diligence obligations in your hand. Which means: These two tasks are still to come for the company… You see: The organisational overkill is becoming increasingly clear.

And now also the risk assessment. How is that supposed to work?

800 suppliers, and you have to evaluate the risk of a violation of environmental, human and children’s rights along the supply chain for every single supplier. If you were to take 1-2 hours per supplier to do that, that would be another 800 to 1600 hours to comply with this part of the Supply Chain Act.

Is that feasible? Of course! But does it make sense? No. And this is not to say that we question the Supply Chain Act as such. On the contrary. We welcome it because it is an important step in the right direction.

You can’t avoid using automation

When you consider all the requirements up to this point, it must be clear: If you want to implement the Supply Chain Act efficiently, you need a smart solution. In other words, one that reliably automates processes and stands up to scrutiny in terms of both form and content.

This is exactly where RADIX Tree comes into play. Because it solves your problems for 9 good reasons:

1. RADIX Tree is a secure and reliable plug in & play solution.
2. Its content is beyond reproach, because we at GTS have proven experts in supply chain law on board.
3. These experts have integrated the requirements of the Act into pre-defined questionnaires.
4. You can share these with your suppliers in an automated, collaborative and real time way. All your suppliers have to do is connect to RADIX Tree.
5. You save hundreds of man-hours already in the data collection process.
6. You can even automate risk assessment with RADIX Tree.
7. Because suppliers are automatically subjected to a risk assessment. The status of a supplier is visible at all times via a traffic light system.
8. This also saves you a lot of time in risk management.
9. And don’t forget: RADIX Tree offers you the possibility to comply with documentation and reporting obligations almost with one click.

Conclusion: How to manage compliance with the Supply Chain Act

Our clear recommendation: Don’t use a solution that you have to work out yourself. Instead, get professional support – in consulting, for the process and for secure risk analyses and reports. Because then compliance with the Supply Chain Act will not only be possible, it will be significantly cheaper.

By the way, with our RADIX Tree solution, you work in a legally secure manner and in such a way that your data also stands up to scrutiny. You use a lean and automated workflow. All in all, this saves you a lot of working hours and therefore also money.

RADIX Tree can also do something that other tools are obviously still far away from: It also automates risk assessment.

Learn more about RADIX Tree >>

Need more info? Our complete guide to the Lieferkettengesetz >>