Skip to content
Self-development: paths to personal growth.EsgEuropean unionEuCsdddRegulatoryDisclosuresCfoSustainabilityCsrdCompliance

It's Not Yet Too Early to Take Action

Companies are making significant efforts to reveal their sustainability strategies. The challenging part now is translating these disclosures into tangible actions to enhance these practices. Enter the CSDDD, focused solely on implementation.

 and  Administrator
5 min read
It's not yet time to delay starting your actions.
It's not yet time to delay starting your actions.

It's Not Yet Too Early to Take Action

More firms globally have been putting in considerable effort - whether mandated or voluntarily - to reveal their sustainability/ESG strategies and related risks to their clients and stakeholders. Now comes the challenging part: implementing decisive, tangible actions to strengthen these strategies and lessen these risks, given the diverse regulatory frameworks in various regions, nations, and states where the organization operates.

Let's consider the newly implemented Corporate Sustainability Due Diligence Directive (CSDDD) in the European Union (EU). The EU's Corporate Sustainability Reporting Directive (CSRD), which became enforceable in January 2023, primarily focuses on disclosure. However, the EU's CSDDD is all about taking action.

CSDDD demands that companies conduct due diligence on human rights and environmental risks within their operations and supply chains. 'Due diligence' encompasses identifying, preventing, mitigating, and accounting for these risks. Companies based in the EU and other regional markets must adhere to the new CSDDD regulations by July 2027.

This early implementation brings up an intriguing question: Why should organizations begin complying with these requirements well in advance of the enactment date, more than two years away? The explanation lies in the weighty nature of these requirements, which might take an organization more than two years to implement effectively. Specifically:

  • The range of CSDDD compliance considerations is extensive, covering operations, subsidiaries, and supply chains;
  • Supplier contracts and Service Level Agreements (SLAs), crucial areas of focus, may need revised contracts, and these agreements often span multiple years;
  • The directive necessitates companies to identify, prevent, and mitigate existing operating risks to allow for proper accounting, activities that take time to complete;
  • Certain CSRD and CSDDD activities can and should be integrated to improve compliance efficiency, instead of treating them as separate programs.

It's essential to note that CSDDD compliance involves the CFO's participation and expertise just as much, if not more than, CSRD compliance.

In contrast to CSRD, which emphasizes transparency in ESG practices through reports, CSDDD requires remediation and risk mitigation, along with potential fines (up to 5% of global revenue) and civil liabilities if violations remain unaddressed. Under CSDDD, businesses operating in the EU must consider both their upstream chain (e.g., raw material extraction and production) and the downstream chain (e.g., channel partners and transportation to the end-customer) more attentively.

Widespread alterations impacting numerous businesses

While assessing CSDDD's requirements, CFOs should keep in mind the following crucial points.

  • Non-EU companies are also subject to these regulations. In addition to EU companies with at least 1,000 employees and annual revenue of at least €450 million, non-EU companies earning more than €450 million in EU annual revenue will have to comply starting in 2027, 2028, or 2029, depending on their EU revenues (the largest companies will begin complying on July 26, 2027). Furthermore, out-of-scope companies that are suppliers to or channel partners of organizations with CSDDD compliance obligations should expect to participate in due diligence activities as a prerequisite for continuous business operations.
  • Extensive cross-functional collaboration is essential. Most CSDDD compliance initiatives necessitate the involvement of finance, risk management, supply chain, operations, human resources, IT, internal audit, legal, and compliance departments, among others. The tasks will be multifaceted and wide-ranging. Among many critical activities, supplier codes of conduct need to be revised or rewritten. Whistleblower hotlines should be reviewed. Media reports of human rights violations in certain industries and regions require monitoring. Strategic sourcing capabilities need to be upgraded, as do third-party risk management governance processes and questionnaires. Training needs to be deployed. Data collection and reporting activities need to undergo the same rigor applied to financial reporting. The likelihood and potential impacts of environmental and human rights risks must be quantified. CSRD and CSDDD activities must be integrated into the enterprise risk management (ERM) framework. (Keep in mind that this summary represents a sampling, not an exhaustive list.)
  • CSDDD regulations will continue to evolve. EU member states have until July 2026 to incorporate the directive into national law, which means that enacted compliance requirements may ultimately vary by country, exacerbating the effort. Moreover, CSDDD implementation efforts may overlap with existing national due diligence regulations (e.g., the French Duty of Vigilance Law, the Dutch Child Labor Due Diligence Law, the UK Modern Slavery Act, the Norwegian Transparency Act, and others). Companies already complying with these laws may have an edge in meeting their CSDDD obligations; however, both sets of rules must be addressed in any given country.

Consider the gap—and hidden costs

As I've pointed out, CFOs and finance teams are leading the organization's response to sustainability/ESG regulatory requirements, and this should apply to CSDDD compliance as well. As finance leaders draft a compliance blueprint, they should follow these steps.

  • Begin with an evaluation of impacts. CEOs and their team should initially evaluate how their organization is affected by the CSDDD guidelines, determine which pre-existing due diligence procedures and methods are already implemented, assign responsibilities for each aspect of due diligence, and create a strategy to bridge the gap between the current state and the CSDDD-compliant due diligence state. This evaluation will concentrate on supplier agreements and SLAs. In many situations, this examination will also uncover potential efficiencies (such as unearthing overlapping duties and tasks during supplier onboarding). This initial analysis will further reveal any necessary resources and technology requirements.
  • Consider the overall expenses of rectification. CEOs should factor in the expenses related to addressing an environmental or human rights concern—expenses that arise when the company discloses the issue, even when disclosure does not result in a regulatory penalty. They also need to account for ongoing expenses related to achieving and maintaining compliance. Additionally, the costs of non-compliance should be taken into account. Violations of CSDDD guidelines will lead to regulatory fines and civil liabilities, and there are reputational and brand image damage issues associated with high-profile, continuous developments in this field.
  • Explore opportunities to combine CSDDD compliance with CSRD, ERM, and TPRM. Information and data gathered through CSDDD due diligence for supply chain practices can be disclosed in accordance with CSRD requirements. Another point of intersection: Transition plans required for climate change reporting under CSRD offer organizations an early advantage to satisfy the mandatory climate transition plan required by CSDDD. Given their involvement in ERM capabilities and third-party risk management (TPRM) activities, CEOs can aid in integrating CSDDD requirements into existing processes while minimizing redundant tasks.

Financial leaders will also wish to utilize their skills in regulatory reporting, control frameworks, data governance, and audit trails (tasks that align well with the designated ESG controller's role) to ensure that CSDDD mitigation and accounting actions are grounded in reliable data-driven evidence. They will need to do the same when providing updates to investors and other interested parties on their progress toward CSDDD compliance as effective dates draw near.

By initiating the substantial CSDDD coordination effort today, CEOs will assist their organizations in avoiding the demanding labor and last-minute scrambles prevalent in more than a few recent CSRD compliance attempts.

  1. The European Union's Corporate Sustainability Reporting Directive (CSRD) primarily focuses on disclosures, while the Corporate Sustainability Due Diligence Directive (CSDDD) is more about action, requiring companies to conduct due diligence on environmental and human rights risks.
  2. Non-EU companies with annual revenue exceeding €450 million in EU operations will also need to comply with the CSDDD regulations by 2027, 2028, or 2029, depending on their EU revenues.
  3. CFOs should collaborate extensively with various departments, including finance, risk management, supply chain, operations, human resources, IT, internal audit, legal, and compliance, to address the comprehensive CSDDD requirements.
  4. Financial leaders should assess how their organization is affected by the CSDDD guidelines, estimate the costs associated with rectification, and explore opportunities to combine CSDDD compliance with existing processes, such as CSRD and ERM.
  5. To effectively manage CSDDD mitigation and accounting actions, CFOs can leverage their skills in regulatory reporting, control frameworks, data governance, and audit trails, providing accurate updates to stakeholders as CSDDD compliance dates approach.

Read also:

    Related

    Latest