German financial institutions may need to consider a risk framework for monitoring their customers' compliance with social and environmental standards.
The German Federal Government recently proposed a draft act on corporate due diligence to prevent human rights violations in supply chains ("CDDA"). While most provisions of the CDDA are tailored to scenarios in which a company procures goods or services from suppliers, it is supposed to apply to service providers, such as banks and financial institutions, as well. A bank's customer is deemed to be its "direct supplier." As drafted, the CDDA will only apply to banks headquartered in Germany with more than 3,000 employees (worldwide). Given the associated compliance burden, branches and subsidiaries of foreign banks will operate at a significant advantage vis-à-vis their German peers.
If adopted as proposed, German banks will—by January 1, 2023—have to:
- If "protected social and environmental standards" are breached in its "supply chain," take immediate reasonable remedial action or develop a concept to minimize it (which may include the temporary termination of the business relationship);
- Establish preventive measures in their own business area and vis-à-vis their direct customers;
- Introduce a special risk management framework;
- Define the internal responsibility for the supervision of the special risk management framework;
- Perform regular risk analyses;
- Issue a policy statement;
- Establish a complaints procedure;
- Comply with due diligence obligations vis-à-vis indirect customers; and
- Document measures undertaken and to inform the public accordingly.
German trade unions and NGOs will have standing to bring representative legal actions regarding the violation of protected social and environmental standards. Violations of the CDDA will be subject to administrative fines. Further, the risk that violations of the CDDA will lead to damage claims cannot be excluded.
The obligations and requirements stipulated by the CDDA create an entirely new category of ESG-related obligations, exceeding those under the EU's Disclosure Regulation (EU 2019/2088), the Taxonomy Regulation (EU 2020/852) and the national laws implementing the CSR Directive (2014/95/EU amending 2013/34/EU). These obligations will require the establishment of a new, issues specific compliance framework and a review as well as an adjustment of currently used standard agreements by January 1, 2023.