The last few years have seen a proliferation of new supply chain-focused regulations and other compliance obligations, a trend which isn’t likely to abate any time soon. In this Alert, we provide an overview of selected supply chain compliance items that should be on the radar screen of healthcare industry legal and compliance professionals in 2017.
Anti-human trafficking compliance is a newer area of focus for many healthcare companies as a result of recently adopted disclosure and compliance requirements and increasing stakeholder scrutiny.
The UK Modern Slavery Act (MSA). Starting this year, the MSA will require a significant number of healthcare companies to annually publish on their websites a statement describing the steps that they have taken during the preceding fiscal year to ensure that slavery and human trafficking are not taking place in any of their supply chains or in any part of their own businesses. This requirement applies to “commercial organisations” doing business in the United Kingdom, irrespective of home country, that provide goods or services and have worldwide turnover of at least £36 million.
Each company will need to tailor its statement to its particular risk assessment and compliance program. There are no mandatory topics that must be covered in the statement, although the MSA recommends that the following disclosure topics be addressed: (1) organizational structure, business model and supply chain relationships; (2) policies in relation to slavery and human trafficking; (3) slavery and human trafficking due diligence processes; (4) the parts of the business and supply chains where there is a risk of slavery and human trafficking taking place and the steps taken to assess and manage that risk; (5) the effectiveness in ensuring that slavery and human trafficking are not taking place in the business or supply chains, measured against appropriate key performance indicators; and (6) the training available to staff.
For additional Ropes & Gray resources describing the MSA in substantially more detail, including the statement requirement and action items for establishing a compliance program, see here.
The UK Labour Standards Assurance System (LSAS). LSAS was commissioned by the UK Department of Health and NHS Supply Chain, which procures products for the National Health Service. LSAS is the foundation of NHS Supply Chain’s ethical procurement strategy. Initially introduced in 2012 in connection with its Framework Agreement for Surgical Instruments, NHS Supply Chain is introducing LSAS compliance into other contracts.
LSAS has 15 action points, including the following supply chain facing items: (1) adopting a labor policy for the supply chain that among other things addresses the use of child and forced labor; (2) assessing the extent to which labor standards are at risk of being abused within the supply chain; (3) communicating the policy and other relevant information to identified suppliers, collecting and verifying information relating to labor standards performance and responding to the information and evidence collected to drive continual improvement of labor standards throughout the supply chain.
There are four audit levels under LSAS, each of which requires a specified level of compliance with the LSAS action points: (1) Foundation - the vendor has begun to consider how labor standards relate to its business and there is some documentation in place for an auditor to review; (2) Implementation - the vendor has started to implement processes and procedures to manage labor standards, including processes to identify risk in the supply chain; (3) Established - the vendor has in place a robust system for managing labor standards and risk is being effectively mitigated where uncovered; and (4) Progressive - the vendor demonstrates leadership level management of labor standards, going beyond audit to tackle the root cause of issues and risks uncovered and is engaging with key stakeholders, partnerships and projects to do so.
Suppliers must at a minimum be audited to Level 1/Foundation within six months of contract launch for NHS Trusts to purchase supplies through NHS Supply Chain, with later deadlines to achieve compliance with higher LSAS levels.
The US Federal Acquisition Regulation (FAR) Anti-Human Trafficking Provisions. The FAR governs the US Federal government’s procurement process and applies to not only prime contractors, but in many cases subcontractors and agents as well. The anti-human trafficking provisions of the FAR were significantly expanded in March 2015. Because the amendments apply only to contracts and new task orders under existing indefinite delivery/indefinite quantity contracts entered into after that time, the FAR anti-human trafficking compliance requirements are only now starting to impact the compliance programs at many companies.
There are two principal compliance obligations under the FAR anti-human trafficking provisions. First, there are nine prohibited activities applicable to contractors and subcontractors (which also includes indirect subcontractors) and their employees and agents. This portion of the rule applies to all contracts.
Second, the FAR anti-human trafficking provisions require a compliance plan and periodic certifications if the contract is for goods or services acquired or to be performed outside the United States with an estimated value that exceeds $500,000. For purposes of calculating the dollar threshold, commercially available off-the-shelf items are excluded.
Companies must design the compliance plan to fit their particular facts and circumstances. The compliance plan must be appropriate to the size and complexity of the contract and the nature and scope of its activities, including the number of non-US citizens expected to be employed and the risk that the contract will involve services or supplies susceptible to trafficking in persons. In addition, the compliance plan must at a minimum include the following elements: (1) an awareness program; (2) a grievance process; (3) a recruitment and wage plan that meets specified requirements; (4) a housing plan, if the contractor or subcontractor intends to provide or arrange housing; and (5) procedures to prevent violations and to monitor, detect and terminate agents, subcontractors or subcontractor employees that have engaged in prohibited activities.
If required, certifications must be provided in connection with the contract award and annually. The contractor must certify that: (1) a compliance plan and procedures to prevent prohibited activities and to monitor, detect and terminate a contract with a subcontractor or agent engaging in prohibited activities have been implemented; and (2) after having conducted due diligence, either, to the best of the contractor’s knowledge and belief, there have been no occurrences of prohibited activities or, if they have occurred, appropriate remedial and referral actions have been taken.
For more information on the FAR anti-human trafficking rule, see our Alert here.
Trade Facilitation and Trade Enforcement Act. This Act, which was adopted in early 2016, repealed the “consumptive demand” exception to the US Tariff Act. The Tariff Act bans the importation of foreign goods and merchandise produced or manufactured in whole or in part by convict, forced or indentured labor. However, under the consumptive demand exception, the prohibition did not apply to the extent that US demand exceeded domestic supply.
Since the adoption of the Act, several shipments of goods from China have been detained by US Customs and Border Protection for having been produced using forced labor. For purposes of assessing risk, commodities and products used in the healthcare industry appear on both the Department of Labor’s List of Goods Produced by Child Labor or Forced Labor and its List of Products Produced by Forced or Indentured Child Labor. Over time, third party tips alleging convict, forced or indentured labor in supply chains are likely to increase, which will put additional pressure on pre-emptive supply chain mapping for at-risk commodities and products.
Proposed French Human Rights Legislation. During November 2016, the French National Assembly adopted a bill that would require large French companies to adopt a vigilance plan to identify and prevent serious human rights violations, including at the subcontractor and supplier level. Requirements of the vigilance plan would include: (1) risk mapping; (2) procedures for assessing subsidiaries, subcontractors and suppliers; (3) risk mitigation; (4) a reporting and grievance mechanism drawn up in consultation with representative trade union organizations; and (5) a mechanism for monitoring the compliance measures implemented and evaluating their effectiveness. If adopted into law, this legislation will impact the supply chains of large French companies, including those in the healthcare industry, irrespective of where the supplier is located.
Conflict minerals regulation will continue to be dynamic in 2017.
US Conflict Minerals Rule. The Conflict Minerals Rule was adopted pursuant to the Dodd-Frank Act. The Rule requires US public companies that manufacture or contract to manufacture products that contain tin, tantalum, tungsten or gold (3TG) to, among other things: (1) make supply chain inquiries to determine the source of the 3TG in their in-scope products; (2) if the 3TG originated or there is reason to believe may have originated in the Democratic Republic of the Congo region, conduct due diligence in accordance with the Organisation for Economic Co-operation and Development’s Due Diligence Guidance for Responsible Supply Chains of Minerals from Conflict-Affected and High-Risk Areas; and (3) annually publicly report on their compliance.
President Trump and the Republican-majority Congress are expected to seek to roll back at least some aspects of Dodd-Frank. The repeal of the Conflict Minerals Rule is explicitly provided for in the Financial Choice Act, which was introduced in the House during the last term. However, at present, most of the Conflict Minerals Rule remains very much in effect and is likely to remain so for at least the current reporting period, which requires filings in respect of calendar 2016 to be made by May 31, 2017. In the meantime, the Securities and Exchange Commission’s April 2014 stay of the mandatory audit requirement under the Rule is expected to remain in effect for this year (see our Alert discussing the audit stay here).
The ultimate fate of the Conflict Minerals Rule is likely to turn on whether Congress decides to take a narrow or broad brush approach to Dodd-Frank repeal. However, even if the Rule is repealed, many large companies have indicated that they will continue to expect suppliers to trace the origin of the 3TG in their products, maintain compliance programs and responsibly source 3TG. These requirements will ripple through many supply chains in much the same way as if the Rule were to remain in effect.
Finally, NGOs continue to review and rank filings. This past year, one NGO survey ranked both medical device companies and drug manufacturers, the latter for the first time as a separate category. As is the case with other supply chain compliance and corporate social responsibility issues, larger consumer facing brands that are perceived as compliance laggards face the greatest risk of being targeted by NGOs and socially responsible investors.
EU Conflict Minerals Regulation. During November 2016, the EU Council, Commission and Parliament reached an informal final agreement on a conflict minerals regulation. The Regulation generally will require EU smelters and refiners and direct importers of 3TG into the European Union to conduct due diligence using the OECD Guidance framework if they are sourcing from conflict-affected and high-risk areas anywhere in the world. For more information on the pending Regulation, see our Alert here.
The text of the final Regulation is expected to be released soon, after which it will be submitted for approval to the Council and the Parliament. The Regulation will take effect on January 1, 2021.
The Regulation generally will not impose compliance obligations on manufacturers or sellers of components or finished products. However, many larger “downstream undertakings” will expect their suppliers to make supply chain inquiries and source 3TG from conflict-free smelters and refiners. This will result in compliance obligations, to meet commercial requirements, for a significant number of supply chain participants that are not subject to the Regulation. In addition, many larger downstream companies and the NGO community are expected to push for voluntary supply chain compliance prior to 2021.
EU RoHS and REACH
The continuing phase-in and expansion of RoHS (Restriction of Hazardous Substances) and REACH (Registration, Evaluation, Authorisation and Restriction of Chemicals) to new substances and product categories will require enhancements to supply chain compliance programs in 2017 and beyond.
RoHS. RoHS prohibits electrical and electronic equipment that contains enumerated toxic substances in specified concentrations from being placed on the EU market. RoHS also contains affirmative compliance requirements, such as requiring “CE” markings and declarations of conformity.
There currently are six restricted substances under RoHS, coupled with phase-ins for eleven product categories that run through July 2019 (many categories have already been fully or partially phased in). During mid-2015, four new substances – all phthalates – were added. Restrictions on the use of these substances generally will take effect during July 2019 and July 2021.
REACH. REACH is more broadly intended to protect human health and the environment from risks posed by chemicals. REACH contains procedures for collecting, assessing and reporting information to customers and the European Chemicals Agency on substances manufactured in or imported into the European Union. For some substances, REACH goes further, requiring authorization or restricting how the substances can be supplied or used.
There currently are approximately 170 substances of very high concern (SVHCs) on the REACH candidate list, and the list continues to grow. In addition, pursuant to a decision of the EU Court of Justice in September 2015, the .1% weight to weight REACH reporting threshold must be applied at the individual article or component level, rather than at the finished good or complex product level, which in many cases greatly expands the requirement to drill down and report on SVHC content in products.