In March 2021, the European Parliament published a draft directive that introduced mandatory corporate due diligence requirements in areas such as human rights and environmental practices in an organization's supply chain.
As part of the directive, any organization in the European Union (EU) - whether private, state-owned or publicly-listed - would be required to, "identify and assess potential or actual impacts on human rights, the environment or good governance caused by, contributing to or linked to their operations or business relationships, using a risk-based monitoring methodology that takes into account the impact, nature and context of the undertaking’s operations," and, "review business relationships for the same risks."
Although the directive is not yet law, it is important that any organization that does business in the EU begin assessing their supply chain partners' human rights and environmental practices and develop remediations to mitigate any potential financial, legal or reputational risks before they arise.
Conduct due diligence according to the likelihood and severity of adverse impacts
Publish a statement, including the risk assessment, data and methodology, concluding that the company does not cause, contribute to and is not directly linked to adverse human rights or environmental impacts
Establish and implement a due diligence strategy, reviewed annually
Verify that subcontractors and suppliers comply with obligations
Navigate the TPRM Compliance Landscape
The Third-Party Risk Management Compliance Handbook reveals TPRM requirements in key regulations and industry frameworks, so you can achieve compliance while mitigating vendor risk.
Rapidly pre-screen vendors using a library of continuously updated risk profiles based on inherent/residual risk, completed assessment results and real-time reputational monitoring.
Tap into 550,000+ sources of vendor intelligence to build a comprehensive supplier profile that includes industry and business insights and maps 4th-party dependencies.
Use a simple assessment with clear scoring to track and quantify inherent risks and determine the right assessment approach.
Leverage Prevalent's built-in Modern Slavery and environmental assessments to determine adherence to policies. Review and approve assessment responses to automatically register risks or reject responses and request additional input.
Store and manage policy documents, evidence and more for dialog and attestation.
Access qualitative insights from over 550,000 public and private sources of reputational information, including negative news, regulatory and legal actions, adverse media, conflicts of interest and more.
Simultaneously screen against the world’s most important sanctions lists (including OFAC, EU, UN, BOE, FBI, BIS, etc.), over 1,000 global enforcement lists, and court filings (such as the FDA, US HHS, UK FSA, SEC and more) to proactively identify prohibited business relationships.
Identify relationships between your organization and third, fourth and Nth parties to discover dependencies and risks in your extended vendor ecosystem.
Normalize, correlate and analyze assessment results and continuous monitoring intelligence for unified reporting and remediation.
Take actionable steps to reduce vendor risk with built-in remediation recommendations and guidance.
Visualize and address compliance requirements by automatically mapping assessment results to any regulation or framework.
Managing ESG Risks Across the Extended Enterprise
This analyst report from GRC 20/20 uncovers best practices for including ESG in your third-party risk management program.
This regulation will require organizations to report on their suppliers' human rights and environmental practices. Here’s...