ESG – what are the new regulations?

How new rules in the EU, UK and US are changing the face of corporate reporting

Upcoming EU legislation: Scope, reach and what you should do now

On 10 March, 2021 the EU parliament formally requested that the EU Commission, the bloc’s executive arm, draw up legislation for a new directive aimed at harmonising ESG reporting.

The proposed new corporate due diligence and corporate accountability directive will cover companies that sell to the EU, not just those based there. Business will be required to identify, address and remedy their impact on human rights and the environment. Crucially, this is likely to go up and down the value chain, which means customers as well as suppliers. Businesses could be sued inside the EU for human rights violations or environmental damage committed by their customers or end users of their products in third countries. 

Just like supply chain due diligence can flow several degrees back, all the way to the raw material, so the value chain can flow forward to the ultimate end use of the product. The details of the directive are still to be approved, and it’s likely we won’t know more until the Commission presents its draft later in the year. But it is worth thinking now about how to apply due diligence to your supply chain. Most companies are likely already undertaking some form of supply chain due diligence, particularly modern slavery reporting or environmental and carbon footprinting.

Even if the business concludes that it does not cause or contribute to any actual or potential impact, it must publish a statement to that effect, along with its risk assessment, which must be reviewed if new risks emerge or the business enters new business relationships that can pose risks. If the business identifies actual or potential impacts, it must establish a detailed due diligence strategy.

In addition, businesses will likely be required to use contract clauses and codes of conduct to ensure that the human rights, environmental and governance policies of their business partners are aligned with their own due diligence strategy, and “regularly verify” that suppliers and subcontractors comply with their relevant obligations.

Expanded environmental regulations in the UK

In addition to the new ESG rules in the EU, the UK is also looking at expanded environmental regulations. The UK government recently launched a consultation on mandatory climate disclosures for large companies in line with recommendations from the Task Force on Climate Related Financial Disclosures. This is in addition to new requirements in the Environment Bill currently going through parliament which aims to clamp down on deforestation in supply chains. Businesses will be required to carry out due diligence on their supply chains and publish how they are making sure key commodities like rubber, soil and palm oil are being sourced responsibly.

From SFDR to ESG

Disclosures, reporting and due diligence on ESG related matters are not new. The Sustainable Finance Disclosure Regulation (SFDR) requires financial market participants and financial advisers within the bloc to integrate sustainability risks into their internal processes, including their portfolio management and product governance structures, and clarify how sustainability risks have been integrated into their policies.

ESG in the US and global ESG standards

More ESG regulations are on the horizon. The US Securities and Exchange Commission (SEC)’s investment committee is moving forward to create a framework for ESG disclosure. The International Financial Reporting Standards (IFRS) Trustees announced in February that they are moving forward with the idea of forming a new board that would establish global ESG reporting standards. The reason ESG is having such a big impact on the investment world is that it helps investors understand the resilience of firms to ESG risks. Those could be as widespread as climate change or environmental disasters, accusations of racism or harassment, as well as the impact of governance failures such as fines for bribery. 

VinciWorks’ supplier compliance solution with Omnitrack

Supplier onboarding form
Our supplier onboarding form is fully customisable and allows business to ensure compliance with the latest ESG measures

VinciWorks has evaluated the way businesses send out and collect supplier questionnaires and developed software that makes it easy to create and send out intelligent automated supplier questionnaires. The forms are fully customisable and include conditional logic so that suppliers are only presented with questions relevant to their services and products. Suppliers who don’t respond are sent email reminders and red flags are automatically escalated. The graphical dashboard aggregates the data and delivers instant analysis. Omnitrack‘s supplier tracker offers administrators new insights and breakthrough levels of ease and efficiency.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

“In a world older and more complete than ours they move finished and complete, gifted with extensions of the senses we have lost or never attained, living by voices we shall never hear.”

Picture of James

James

VinciWorks CEO, VInciWorks

Spending time looking for your parcel around the neighbourhood is a thing of the past. That’s a promise.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.