Corporate Governance

Case Study | Terra incognita?

Companies are entering new compliance territory with the LkSG and HinSchG

The Supply Chain Due Diligence Act (Lieferkettensorgfaltspflichtengesetz – LkSG) and the Whistleblower Protection Act (Hinweisgeberschutzgesetz – HinSchG) are now in force, after a lengthy legislative process. They aim to prevent breaches of human rights and environmental protection legislation in supply chains, and to protect whistleblowers who report abuses. Both laws seek to achieve a more sustainable world by imposing a wide range of demands on compliance departments, management teams and companies as a whole. When the new regulations come to the attention of our clients for the first time, the practical question as to how to implement them is a typical response. The legislation stipulates objectives and (minimum) requirements, but how can they best be incorporated into existing structures? What changes are needed in order to comply with the rules? 

Against this backdrop, our client initially wanted us to explain the exact implications of these laws. The goal was to be in a position to integrate tailored solutions into the company’s day-to-day operations either alone, or with our aid where necessary.

Legal master plan vs reality

The aim of our advice was not to draw up a theoretical master plan that defines the “how” in categorical terms, but rather to be guided by the reality of the company’s situation, to respond to the client’s most urgent needs and to arrange the timeline of measures accordingly. 

One of the first questions facing our client was: Does the LkSG actually apply to us? Answering this question is more difficult than it seems when you look at the details. The LkSG applies to companies above a certain number of employees, but how are they counted in practice? What does the LkSG mean by a “parent company with determinative influence”? Employees of the subsidiaries must be added to the headcount of such companies. Our case did not involve such a parent company, so subsidiaries were not regarded as falling within the sphere of responsibility of the company’s own business activities but are treated instead as suppliers. 

Welcome to the classroom!

The initial assessment was followed by an internal training course, which we conducted as an in-person event for around 15 employees. This was based on the belief that the more informed employees are about the content and requirements of the law, the easier it will be for the company to implement it. The course was also able to serve as a prototype for further training to be offered to the company’s suppliers. A second training session is planned at a later date to deal with the various questions that arise in the meantime.

Appointing a Human Rights Officer

The LkSG provides for a clear allocation of responsibilities and suggests that a Human Rights Officer be appointed. The client’s Compliance team and our lawyers put their heads together to formulate the duties of this position with the necessary clarity and precision and to structure them appropriately. The role is now filled by an internal employee who acts independently and benefits from useful previous experience. Drawing on existing expertise is generally preferable as a compliance method, and in a best-case scenario also leads to synergies by connecting different areas of the company.

At the core: risk analysis

An integral component of LkSG compliance is carrying out an (annual) risk analysis. Risks and any need for action can only be revealed by carefully observing the status quo. A thorough risk analysis requires time and human resources, but is the starting point for many company-internal measures required under the LkSG. With our support, the client developed a process description that sets out the “roadmap” for the LkSG analysis and will be implemented shortly. Here again, it was possible to draw on existing experience within the organisation. It would be difficult for company management to develop the policy statement required by the LkSG without first carrying out this risk analysis. Model statements that make a vague and general commitment to human rights and environmental protection are not fit for purpose and do little to really embed these values in the corporate culture. Accordingly, we assisted our client with drafting the policy statement based on the identified risks that the company and its industry face.

Now is the time…

With a good grounding in the LkSG and a focus on potential risks, the client felt well equipped to ensure compliance with the LkSG by adapting and improving existing compliance tools, such as a business partner checklist. This questionnaire is sent to customers and suppliers, and is part of a balanced LkSG risk management system. A complaints system is also under development to handle reports of LkSG violations. The Compliance and HR departments are now working on raising awareness of LkSG compliance among new employees during the onboarding process. The Code of Conduct for Suppliers is also being adapted with our assistance. CMS acted as advisor in the context of this instruction, responding flexibly to the company’s specific circumstances and needs. We were also able to make several suggestions concerning organisational aspects and wording, as well as reviewing the company’s ideas to ensure they were legally sound. This resulted in a rewarding long-term collaboration that combines legal expertise with practical business aspects. 

A law rarely comes alone

Alongside gearing up for LkSG compliance, our client was faced with the HinSchG, which guarantees whistleblower protection and requires an internal reporting office to be set up. In this case, CMS took on the role of ombudsman/reporting office. As an independent organisation external to the company and with a professional obligation to maintain confidentiality, it is ideally suited to this role. In addition, our client is deploying a digital reporting tool that makes it easier to receive and structure tip-offs. We used a flow chart to summarise the processes in a clear and easy-to-understand way. 

There are an increasing number of (EU) regulations covering the wide field of sustainability compliance. The associated legal environment is also subject to dynamic change (an amendment to the current LkSG, for example, will be triggered at the latest by the EU’s proposed supply chain legislation – the Corporate Sustainability Due Diligence Directive), which will make it necessary to translate (new) legal text into corporate reality on an ongoing basis. This calls for creative solutions from businesses and the law firms that advise them. 

Robust compliance structures are impossible without proper corporate governance.

Are you asking yourself the following questions?

• Where are the main compliance risks and am I prioritising them correctly?
• What are the minimum structures I need to create, what (minimum) resources do I have to commit here? And what is best practice in this regard?
• Are responsibilities (and interfaces) clearly defined and documented?
• Are internal regulations adequate and clearly understandable?
• Are my managers committed and well enough trained? 
• Do my employees apply compliance standards in their daily work and are they aware of the relevant regulations?
• How do I ensure that regulatory changes at national and international level are adequately monitored, and have I properly implemented the relevant special legislation (LkSG, Whistleblower Protection Act, in future CSRD, CS3D)?
• How do I implement ESG compliance within the organisation and what options do I have for structuring the compliance management system?

Then you’ve come to the right place!

CMS Germany is your expert for all corporate compliance issues. We provide support both as an outsourced legal department and to complement your own in-house lawyers.

We advise companies across all industries, sectors and legal forms, developing customised solutions. Our service portfolio:

• Planning, advising on and/or conducting risk analysis 
• Advice on setting up and improving compliance structures, and on assigning resources appropriately and reasonably
• Establishing and enhancing the compliance management system, along with developing and implementing the required implementation measures 
• Preparing responsibility matrices and the associated documentation
• Developing and revising internal regulations
• Developing and implementing training programmes for managers and staff
• Monitoring regulatory changes at national and international level, and advice on implementing the relevant special legislation (LkSG, Whistleblower Protection Act, in future CSRD, CS3D)
• Advice on all aspects of ESG compliance and on the relevant structuring options, especially with regard to the compliance management system