Bureau Veritas’ Solution To Address the German Supply Chain Act
In order to help companies within the scope of the law to face their obligations, Bureau Veritas has developed a set of solutions to:
1. Analyze value chains from direct to indirect suppliers and sort their suppliers by risk level.
2. Continuously improve the onboarding of their suppliers in a sustainability due diligence process.
3. Collect evidence and comply with regulatory requirements.
FOCUS ON THE GERMAN SUPPLY CHAIN ACT
| SCOPE | HUMAN RIGHTS | ENVIRONMENT |
| • Headquarter in Germany • Domestic branches (art. 13 of Commercial Code) • At least 3,000 employees (2023) • At least 1,000 employees (starting Jan. 1st 2024) |
• Child Labour • Forced Labour / Anti-slavery • Occupational Safety • Freedom of Association • Equal Treatment • Adequate Living Wage • Use of Security Forces |
• Soil, Water, Air, Noise Pollution • Mercury • Hazardous Waste • Land Preservation |
REGULATORY REQUIREMENTS
The GSCA States:
“Enterprises are under an obligation to exercise due regard for the human rights and environment-related due diligence obligations set out in this Division in their supply chains with the aim of preventing or minimizing any risks to human rights or environment-related risks or of ending the violation of human rights-related or environment-related obligations. The due diligence obligations include:
• Establishing a risk management system,
• Designating a responsible person or persons within the enterprise ,
• Performing regular risk analyses (nota bene: minimum yearly),
• Issuing a policy statement,
• Laying down preventive measures in its own area of business and vis-à-vis direct suppliers,
• Taking remedial actions,
• Establishing a complaints procedure,
• Implementing due diligence obligations with regard to risks at indirect suppliers
• Documenting and reporting
OUR CLARITY SOLUTION
a 4-step approach to analyze the supply chain following the GSCA requirements
1. RISK PROFILING TO FOCUS ON HIGH-RISK SUPPLIERS
Combining a sector-specific (NACE Codes*) and country-specific method as per BAFA’s recommendations, your suppliers are sorted by Low risk/Low-Medium risk/Medium-High risk and High risk profiles
2. SELF-ASSESSMENTS TO ONBOARD YOUR SUPPLIERS & COLLECT EVIDENCE
Deploying a 34-question compliance checklist following the requirement of the GSCA across your supply chain through BV platform via a simple URL
3. DIGITAL DASHBOARD TO GET THE GLOBAL PICTURE & GAIN IN EFFICIENCY
Visualizing your suppliers risk profile and/or self-assessed compliance score and accessing the evidence they shared, you are able to monitor your supply chain in a click
4. ONSITE AUDITS TO FOLLOW-UP ON REMEDIAL ACTIONS
Wherever it’s needed, send BV auditors on the ground to carry out analysis and verifications to ensure your suppliers are managing their nonconformities
With the support of your BV Project Manager along the way
A FULLY DIGITALIZED PROCESS TO ASSESS YOUR SUPPLY CHAIN
1. GET YOUR LIST SORTED ONLINE
• With a heatmap and an aggregated view of your risk exposure
RISK ASSESSMENT IN PRACTICE
Abstract Risk Assessment
• Companies should crosscheck information and sources on human rights and environment related risks within the meaning of Section 2(2) and (3) with data on the sourcing countries and/or purchasing categories. Initial abstract assessment of risks.
• A risk assessment based solely on this abstract basis is not sufficient. Companies must conduct a plausibility check of these risks in their own specific context in the next step.
Concrete Risk Assessment
• Plausibility check of the findings from the preceding abstract risk assessment. Identification, weighting and prioritization of existing human rights and environment-related risks in a specific context, e.g., in terms of certain countries, facilities and/or suppliers among the high-risk suppliers
• Identification, weighting and prioritization of risks in a transparent and traceable way using a systematic, consistent approach. It is important to assess the likelihood and the severity of each violation individually, e.g., using a ranking system or a “heatmap”. Where data is lacking, the company must document and justify any gaps in the information and provide evidence of its efforts to obtain this data.
• Systematic documentation of the risks identified in the concrete risk assessment