Big role for risk managers with new EC sustainability rules but more clarity needed, says Ferma
Managing growing number of regulations could cause headaches
Risk managers will have a big role to play in helping their companies meet proposed new EC corporate sustainability due diligence rules, Ferma has told Commercial Risk Europe, but the European risk management federation has called for more clarity on the planned directive to help its members step up to the plate.
It also warned that interaction between the aforementioned Corporate Sustainability Due Diligence Directive (CSDD) and separate Corporate Sustainability Reporting Directive (CSRD), which has been in the pipeline for some time, may cause headaches for business because the two sets of rules have different scopes and won’t come into effect at the same time. This is despite the EC wanting them to work hand in hand, with the due diligence directive enforcing accountability and the reporting directive focused on transparency.
However, Ferma added that the EU’s growing focus on sustainability issues is elevating the role of risk managers and will require more of their involvement in setting business strategy and delivering a more holistic corporate response.
The EC laid out its proposals for the CSDD in late February. The directive aims to foster sustainable and responsible corporate behaviour throughout global value chains. Companies will be required to identify and, where necessary, prevent, end or mitigate adverse impacts of their activities on human rights and the environment. The directive could come into force as early as 2025 but may well take longer.
It aims to make sure that big European companies and those in high-risk industries take a leading role in mitigating human rights and environmental risks across their value chains, while supporting small companies to do the same.
MORE CLARITY NEEDED
Ferma told CRE that the directive puts forward “ambitious and far-reaching proposals” but said there is a “real need for more clarity in certain areas”, and particularly around its definition of value chains.
“Most notably, the CSDD introduces the concept of a value chain, which is broader than ‘supply chain’, and from our preliminary readings we see a real need for more precision in how value chain is, first, defined; and second, what that would then mean operationally for companies and risk managers,” said Valentina Paduano, chair of Ferma’s sustainability committee.
But it is clear that risk managers’ day-to-day activity will be “heavily” impacted by the CSDD, Paduano continued.
“The proposed directive requires companies to identify actual or potential adverse impacts on human rights and the environment, which is clearly something that is part of an enterprise risk manager’s DNA. There is also quite an important set of implications for civil liability of companies in the proposal. So there is a lot in there for risk managers,” she said.
Several EU member states have already introduced sustainability due diligence rules but the EC’s CSDD proposals aim to harmonise rules across the bloc.
If approved, they will apply to the biggest EU firms and those in high-impact sectors. Just short of 13,000 EU companies would fall under the rules.
The first group consists of EU firms with more than 500 employees and net worldwide turnover in excess of Ä150m. That is about 9,400 companies. The second group is EU businesses with more than 250 employees and net turnover in excess of Ä40m in high-impact sectors such as textiles, agriculture and mineral extraction. This captures a further 3,400 companies. The rules will apply to the second group two years later than the first.
In addition, a further 4,000 companies from non-EU countries but active in its single market would need to comply.
Micro companies and SMEs are not directly affected by the proposed rules. The idea is they would be indirectly impacted as bigger companies are forced to manage human rights and environmental risks within their global value chains.
The proposals apply to companies’ own operations, their subsidiaries and their value chains. The latter is described by the EU as direct and indirect business relationships, but observers, such as Ferma, have said the definition remains unclear.
COMPLIANCE
In order to comply with the proposed corporate due diligence duty rules, companies would need to:
◆ Integrate due diligence into policies
◆ Identify actual or potential adverse human rights and environmental impacts
◆ Prevent or mitigate potential impacts
◆ Bring to an end or minimise actual impacts
◆ Establish and maintain a complaints procedure
◆ Monitor the effectiveness of the due diligence policy and measures
◆ Publicly communicate on due diligence.
In addition, the big firms would need to have a plan in place to ensure that their business strategy is compatible with limiting global warming to 1.5°C, in line with the Paris Agreement.
The directive establishes a corporate due diligence duty. The proposals would also introduce directors’ duties to set up and oversee the implementation of due diligence and integrate this into corporate strategy.
The rules on corporate sustainability due diligence would be enforced through national administrative authorities appointed by EU member states. They can impose fines in case of non-compliance. The EC will set up a European Network of Supervisory Authorities that will bring together national body representatives to ensure a coordinated approach.
The proposals also introduce civil liability, so that victims have the opportunity to take legal action for damages that could have been avoided with appropriate due diligence measures.
The rules on directors’ duties will be enforced through existing member states’ laws. The directive does not include an additional enforcement regime in this area.
When it comes to potential fines and enforcement, legal firm Travers Smith explained that under the proposed due diligence directive, supervisory bodies will be able to impose sanctions based on a company’s turnover. The percentage or amount is not specified in the proposal, however, and it will be left to member states to set the size of fines and other punishment to ensure the rules are enforced, the law firm said.
GAME-CHANGER
Didier Reynders, the EC commissioner for Justice said the CSDD proposal is a “real game-changer” in the way companies operate their business activities throughout their global supply chains.
Thierry Breton, commissioner for the internal market, added: ”While some European companies are already leaders in sustainable corporate practices, many still face challenges in understanding and improving their environmental footprint and human rights track record. Complex global value chains make it particularly difficult for companies to get reliable information on their suppliers’ operations.
“The fragmentation of national rules further slows down progress in the take-up of good practices. Our proposal will make sure that big market players take a leading role in mitigating the risks across their value chains, while supporting small companies in adapting to changes.”
The CSDD proposals will now be negotiated with the European Parliament and Council. Once adopted, member states will have two years to transpose the directive into national law.
Travers Smith expects changes to the planned rules during this consultation period. It noted that the EC has an ambitious implementation timetable and the draft CSDD could be approved this year. But the rules are unlikely to come in any sooner that early 2025.
“Depending on how quickly the text progresses through the legislative process, we expect that the due diligence obligations will only begin to apply from 2025 or quite possibly later,” Travers Smith said.
SHAPING THE LAWS
Consultation with business organisations, and of course risk managers through their national associations and European federation Ferma, will help shape the final directive.
As well calling for more clarity on key issues such as the definition of global value chains, it seems likely that Ferma will also focus on how the due diligence directive will interact with the sustainability reporting directive.
The latter takes over from what was the Non-Financial Reporting Directive. So what was once called non-financial reporting is now called sustainability reporting. The due diligence directive, meanwhile, aims to push businesses to mitigate human rights and environmental impacts in their value chains, as well as integrate sustainability into corporate governance, explained Ferma.
The EC wants the two directives to work hand in hand to boost sustainability. As chair of Ferma’s sustainability committee Paduano explained: “When looking forward as to how the two will interact, it is important to have in mind two key aims of the European Commission: transparency and accountability. Starting with transparency, one of the aims with the CSRD is to bring about more transparent reporting on sustainability matters. This transparency requirement under CSRD is complemented by the CSDD’s requirement for companies to better manage the risks they pose in terms of human rights and the environment. Or, put another way, the CSDD is aiming at making companies more accountable to their stakeholders when it comes to human rights and environmental risks.”
But Ferma fears the fact that the CSDD and CSRD do not have the same scope may cause a “headache” for businesses and their risk managers.
“The CSDD broadly speaking has in its scope around 18,000 companies that have essentially more than 250 employees and more than €40m in turnover. The scope for the CSRD is wider since it will cover all listed companies and will directly capture certain SMEs. The CSDD will do that only indirectly through the value chain, which is still significant,” said Paduano.
“Another point is that the CSRD reporting obligations may come into play as soon as 2024 (covering 2023 activities), whereas with CSDD the political discussions at EU level might take longer, so the two sets of requirements may not impact companies at the same time. And then there is the point about how the CSDD will interact with various pieces of national legislation across the EU. In short, there is a lot still to be discussed and considered,” added the risk manager.
OPPORTUNITY KNOCKS
But despite issues that clearly need to be ironed out, the EC’s mounting focus on sustainability risk management offers Ferma members and other European risk managers a real opportunity, she continued.
“You could say that CSRD and CSDD elevate sustainability risk management to a higher profile, but it’s also true that regulations in other sectors, notably for financial services firms, mean there is a lot of focus on sustainability from a risk perspective. At this stage, and from our own analysis, it certainly seems that there is a key role to be played by risk managers in contributing to shaping their organisations’ sustainability strategy more holistically, as well as for compliance with these various pieces of legislation,” said Paduano.
◆ To help shed light on some of these issues, Ferma is hosting a MasterClass on the CSRD on 31 March, and will work with its members throughout the coming months and years to transmit more practical information about how risk managers fit into the sustainability picture. Sign up for the webinar here: https://register.gotowebinar.com/register/4831891131291938060