Six Things to Know About Emerging HRDD Regulations

Millions of companies around the world have been impacted by regulations which mandate them to carry out ESG and human rights due diligence (HRDD in the last few years–or they soon will be. These regulations bring new legal, financial, strategic and reputational risks for firms. However, navigating this regulatory landscape is further complicated by disparate requirements across jurisdictions and the nuanced interpretations of the overarching term 'ESG'. To assist firms in achieving or maintaining compliance, we have compiled the crucial information they need to understand.

1. HRDD brings significant new requirements for companies

It is not new for companies to be required by law to carry out due diligence on third parties, and most large companies are likely to have a well-established compliance process in place. However, HRDD is likely to require companies to overhaul the way they carry out due diligence. That’s because most compliance units are set up to assess third parties and customers for their legal record and risk, rather than their social and environmental impacts. Today’s companies need a due diligence process which covers all of these factors.

2. Much of the legislation is extraterritorial

 A common and important feature of many new HRDD laws is that they apply extraterritorially. That often means any company doing business with a third party must also comply with the HRDD requirements in that third party’s jurisdiction or face enforcement action. For any company operating globally, this multiplies the number of regulations with which they must comply. For example:

• The Child Labour Due Diligence Act in the Netherlands imposes due diligence obligations on any company which is supplying or selling to Dutch consumers–regardless of where that company is based.
• The EU’s proposed Corporate Sustainability Due Diligence Directive will not only be implemented in every EU member state but also extraterritorially. This has prompted officials outside the EU to raise concerns about the impact of the regulation on companies in their jurisdictions. For example, the US Treasury Secretary Janet Yellen has warned of “negative, unintended consequences” of the Directive for US firms.

The global and interconnected nature of modern business, with long supply chains spanning across continents, makes it essential that companies follow compliance best practices in order to meet the expectations and standards of global regulations.

3. It’s already changing the way companies do business

HRDD laws like Germany’s 2023 Supply Chain Due Diligence Act may be a relatively recent development, but the evidence suggests they are already having an impact. The Institute of the German Economy polled German companies in 2023 and found that:

• 18% were going to change their sourcing practices to only use third parties in countries with high standards on human rights and the environment.
• 12% planned to withdraw from relationships with suppliers in jurisdictions with a high risk of environmental or human rights abuses.

This makes it more difficult for companies to succeed if they cannot demonstrate that they have in place an effective, risk-based due diligence process.

4. HRDD is already being actively enforced

There is often a lag between laws being enacted and then being actively enforced through regulatory investigations and prosecutions. But there is mounting evidence that companies are already being prosecuted for alleged violations of HRDD laws. For example, only six months after Germany’s Supply Chain Due Diligence Act came into force, a case was brought against some of the country’s largest car manufacturers over allegations around forced labour in their supply chains in China.

5. It demands a nuanced understanding of ESG

It is not straightforward to assess the ESG record of a third party. Claims to promote environmental and social goods by a company’s CEO or PR team might not be backed up by an investigation into the activities of its employees or third parties. This challenge was shown in late 2023 when a German asset management firm was fined $19 million by US regulators over allegations of “greenwashing” by making misleading statements about its ESG products and investments, in addition to reported AML violations.

Moreover, ESG is such a broad term that a firm could have a positive record around (for example) equality and inclusion, yet the products it delivers might pollute the environment. How should a compliance officer or CEO weigh these competing factors to decide whether or not to do business with a third party?

6. HRDD requires companies to leverage a wide range of data with technology

The best way for companies to overcome the challenges of mandatory HRDD regulations is to assess third parties for social and environmental risks by bringing in a broad range of trustworthy datasets that shed light on the full picture of third party risk. This should include:

• ESG data, which indicates a company’s impact on the environment, its reputation for social issues, and any failures in governance.
• Legal data including court cases involving a company, and any mention of them on sanctions lists, PEP lists and other watch lists.
• News data, which can flag perceived and alleged risks involving a company or individual–especially if the data comes with an archive of historic news.

Gaining this fuller picture of risk is extremely labour-intensive if done manually by employees searching through records for mentions of third parties. But technology platforms can automate this process, and even develop risk scores for entities and produce reports which present risks to the C-suite, and/or regulators.

LexisNexis: bringing together technology and data to meet the challenge of HRDD regulations

LexisNexis sets companies up for success in surviving and thriving in an era of HRDD regulations. A compliance officer can simply upload a spreadsheet of its third parties’ names to the platform. Each entity will then be screened against comprehensive and trustworthy data sources, including:

• Reputational, legal and financial content, including sanctions, blacklists, Interpol watch lists, and more.
• A global news archive that draws from more than 50,000 sources, some dating back 40 years.
• A trove of legal documents, including cases, dockets, verdicts and more.
• ESG ratings and news so you can determine who is (and isn’t) living up to their commitments.

Our sophisticated technology then works to provide a risk score of each third party, which can be tailored to the specific risks you are seeking to manage–such as ESG. This will support your company to implement a risk management process which is able to assess the human rights and environmental records of third parties more effectively and efficiently than ever before.

Looking for more tips on how to implement an effective due diligence operation to identify and manage third party risks? Our new E-Book identifies the ten main trends companies need to understand and respond to. Download it for free today.