Companies have long been awaiting some more clarity on their reporting obligations vis à vis the German Supply Chain Due Diligence Act (SCDDA). The BAFA has now shed some light on what is expected of the reporting entities by publishing 38 detailed questions (in addition to some general information on the reporting entity) covering the whole spectrum of due diligence obligations under the SCDDA.
The first reports will be due no later than four months after the end of the financial year of the reporting entity that ends during the calendar year 2023 (for enterprises with 3,000 or more employees) or 2024 (for enterprises with 1,000 or more employees). The questionnaire will be made available in spring 2023 as an online tool, where companies must submit their responses in German.
The questions include mandatory as well as voluntary questions. BAFA assures the reporting entities that not answering the voluntary questions will not result in disadvantages for the reporting company. However, responding to the voluntary questions may lead to a shorter audit within the scope of a possible risk-based control without any further requests for evidence.
Overall, the questions include a mix of multiple-choice questions as well as free text fields to provide more detailed information. The complete questionnaire is structured in different sections:
- Strategy and anchoring (A): The first section requires a description of responsibilities overseeing risk management, information on the reporting entities’ policy statements on human rights strategy, and information on how the human rights strategy is anchored within the organization.
- Risk analysis and preventive measures (B): Section B requests detailed information on risk analysis (implementation, procedure and results), and description of prevention measures implemented in (i) the company's own business area, (ii) at direct suppliers, as well as (iii) at indirect suppliers. This section of the questionnaire also requires information on how the results of the risk analysis are communicated internally to key decision makers, and information on any amendments or review of the risks analysis effectiveness.
- Findings of injury and remedial action (C): This section requires information on findings of violations and corrective actions taken on the reporting entities’ (i) own business area, (ii) at its direct suppliers, and (iii) at its indirect suppliers.
- Complaints procedure (D): Further, the reporting entities must provide a detailed description of the complaints procedure that is mandatory under the SCDDA.
- Risk management assessment and conclusions (E): In the questionnaire's final section, the reporting entities must elaborate on their process to review risk management across the board for its appropriateness, effectiveness and adequate consideration of the interests of (potentially) affected parties.
As the questionnaire comprehensively covers the SCDDA’s obligations, it requires quite detailed information from the reporting entities. However, as the questions are quite clear and structured according to law, the questionnaire does support the reporting entities in complying with their reporting obligations, making the process quite streamlined and manageable.