In April 2014, the European Parliament adopted an amendment to Directive 2013/34/EU as it relates to disclosure of non-financial and diversity information by certain large undertakings and groups. While companies previously have been required to report non-finance matters under European Union (EU) law, a recent amending directive will clarify the scope of environmental, social and employee-related reporting.
With the adoption of the revised annual corporate social responsibility (CSR) reporting requirements on the horizon, there are four critical questions companies need to answer as they begin to create procedures to ensure compliance when EU member states implement the amending directive. They need to determine whether they will be required to report, what CSR information they will have to provide, what aspects of their supply they will need to analyze and disclose and whether they will have to have any CSR information assured by a third party.
Do I Have To Report?
Under the amendment, companies exceeding an average of 500 employees on their balance sheet will be subject to mandatory non-financial reporting. Reference to the balance sheet makes it clear that this requirement will apply to companies listed in an EU member-state stock exchange, as well as banks and insurance companies. It is within the member states’ discretion to extend this obligation to other companies. As a result of the upcoming change, it is estimated that approximately 6,000 companies will be subject to CSR reporting in Europe.
Mandatory CSR reporting is not a new concept. Several countries worldwide, including European countries, already have made it compulsory. Member states have used different criteria to determine which companies are subject to CSR reporting, such as:
- Listing on a stock exchange.
- State ownership.
- Size.
- Turnover.
For example, listed companies and companies with annual turnover or a balance sheet above € 100 million that employ at least 500 employees in France already are required to report non-financial information to their shareholders. Similarly, CSR reporting in Denmark is compulsory for the 1,100 biggest companies, including listed companies, state-owned companies and institutional investors. In South Africa under King III, companies listed on the Johannesburg Stock Exchange must report on sustainability issues. As of 2011, Malaysia also requires companies that are listed on the Malaysian Stock Exchange to report annually on CSR activities and practices.
What Do I Have To Report?
According to the amended directive, large European enterprises will need to prepare a non-financial statement containing information relating to environmental matters, social and employee-related matters; respect for human rights; and anti-corruption and bribery.
Such statements will include a description of the policies, outcomes and risks related to those matters and will have to be included in the management report of the enterprise concerned. The non-financial statement also will include information on the due-diligence processes implemented by the company or organizations. In addition, where relevant and proportionate, the organization will have to provide information about its supply and subcontracting chains, in order to identify, prevent and mitigate existing and potential adverse impacts. In addition, the amendment will require disclosure of diversity information about board members, including age, gender and educational and professional backgrounds.
Under California's Transparency in Supply Chains Act, businesses must disclose the efforts they're making to eradicate human trafficking from their supply chain.
Member states will have to subject these large companies to mandatory CSR reporting. When implementing this requirement, they might refer to internationally recognized frameworks such as the OECD Guidelines for Multinational Enterprises, ISO 26000 or the Global Reporting Initiative (GRI), or adopt their own reporting standards.
The scope of the existing CSR reporting requirements varies by country. France has one of the most far-reaching systems, where companies must include sustainability information in their annual reports. This must be done for all countries where the company operates, not just in France. The sustainability report must include the company’s general environmental policy, waste management measures, policy for sustainable use of resources, its contribution and measures it has taken against climate change and for biodiversity protection. Additionally, companies must report on their social performance, corruption prevention, measures in favor of consumer protection and actions for human rights. In general, the French system closely resembles the amendment to Directive 2013/34/EU.
In Denmark, management review must contain a report on social responsibility, including human rights, social issues, environmental management and climate conditions, as well as measures for combating corruption.
Under South Africa’s King III report, companies listed on the Johannesburg stock exchange must produce an annual integrated report on governance, strategy and sustainability. Companies are encouraged to prepare their sustainability report along with the Global Reporting Initiative’s sustainability reporting guidelines (GRI).
CSR practices in Malaysia focus on the environment, the workplace, the community and the marketplace. Bursa Malaysia (the Malaysian Stock Exchange) sets guidelines and gives ideas on how to implement CSR, but every company is free to decide CSR practices best suited to them.
In the United States, sustainability reporting is not required as such. However, publicly traded companies are required to disclose material risks to their businesses in certain U.S. Securities and Exchange Commission (SEC) filings to inform the public of a company’s financial condition. Companies are required to disclose material changes to a business, material legal proceedings and analysis of known trends, uncertainties and financial conditions that materially could affect operations.
In order to clarify when climate change would trigger disclosure requirements, the SEC issued a guidance document in 2010. In the guidance document, the SEC provided the following examples where climate change may trigger reporting requirements:
Impact of legislation or regulation – A company should consider whether the impact of certain existing laws and regulations regarding climate change is material.
Impact of international accords – A company should consider and disclose international accords and treaties relating to climate change that materially affect its business.
Indirect consequences of regulation or business trends – A company should consider, for disclosure purposes, the actual or potential indirect consequences it may face due to climate change-related regulatory or business trends.
Physical impacts of climate change – A company should evaluate – for disclosure purposes – the actual and potential material impacts of environmental matters on their business.
What Supply Chain Information Might I Have To Provide?
Over the years, more and more companies have begun to analyze the supply chain related to their products. There are a variety of reasons to explain why efforts to track a product’s supply chain have increased, including identifying areas of production inefficiency, better understanding the impact of suppliers on the manufacture of a product or readiness in case of disruptions in the supply chain.
Under the amended directive, non-financial disclosure provided by companies must include supply chains. Non-financial statements, where relevant and proportionate, will have to provide companies’ supply and subcontracting chains, in order to identify, prevent and mitigate existing and potential adverse impacts.
The amended directive does not state specifically what supply chain information a company will have to analyze or report. This will be left up to member states to determine the degree to which companies analyze their supply chains. Options include subjecting companies to mandatory comprehensive due diligence, reporting and product labeling requirements, or to mandatory requirements to provide its sustainability policy for the supply chain.
Supply chain disclosure may be challenging for companies. One of the best examples would be the “conflict mineral” reporting recently implemented in the United States, requiring certain companies to comply with due diligence and reporting requirements related to the use of specified minerals in their products.
Under the Conflict Minerals Rule, a company for which conflict minerals are necessary to the functionality or production of a manufactured product is required to determine and annually disclose to the SEC whether conflict minerals have originated in the Democratic Republic of Congo or any adjoining country. Compliance with the Conflict Minerals Rule requires companies to analyze the entire supply chain of their products, including the location where minerals were mined and whether a contract smelter used conflict minerals.
Companies in the United States have been struggling with a number of issues related to compliance with the Conflict Minerals Rule. First of all, the scope of the rule was not clear and many companies were not sure if the rule applied to their operations. Second, companies had to create a reporting structure with their suppliers, contract manufacturers and other supply-chain partners. Considering the fact that minerals covered by the rule are found in numerous consumer goods, and that the largest companies work with thousands of suppliers, tracing product content all the way back to the mine can be overwhelming.
It should be noted that the European Commission also has proposed addressing the use of conflict minerals in the EU. The draft regulation, however, is different from the U.S. rule. The main difference between these two instruments is that the draft EU regulation would make disclosure voluntary and it would focus only on importers of tantalum, tin, tungsten and gold, instead of manufacturers and producers of a product.
Despite challenges related to supply-chain analysis resulting from the Conflict Minerals Rule, there are signs that requiring company to analyze and disclose their supply chain will continue to increase. Under the French CSR regulations, companies already are required to provide subcontractor and supplier information, including the company’s sustainability policy in the supply chain. In addition, the GRI board of directors has identified disclosure on supply chain sustainability issues as a priority revision. As a result, in May 2013, the G4 Sustainability Reporting Guidelines contained information clarifying supply-chain disclosures.
In addition to the Conflict Minerals Rule, there are other regulations in the United States requiring companies to analyze and disclose their supply chains. For example, under California’s Transparency in Supply Chains Act, certain businesses are required to disclose the efforts they are making, if any, to eradicate human trafficking from their supply chain. A company is required to comply with the California law if it is a retailer seller or manufacturer; has annual worldwide gross receipts that exceed $100 million; and does business in California.
On the federal level, the Business Supply Chain Transparency on Trafficking and Slavery Act of 2014 (H.R. 4842) recently was proposed in the U.S. House of Representatives. H.R. 4842 would require companies to annually disclose to the SEC measures they’ve taken to identify and address instances of human trafficking, slavery and child labor in their supply chains. The bill also would require the U.S. secretary of labor to work with the secretary of state and other federal and international agencies to develop an annual list of the top 100 companies complying with supply-chain labor standards.
Does the Report Have To Be Certified by a Third Party?
Verification of CSR information often is a challenge for companies complying with the reporting requirements. The amendment to Directive 2013/34/EU states that auditors and audit firms only should check that the company has provided non-financial information. The amendment does not require that the non-financial information is verified by an independent assurance service.
While the use of third-party, independent verification of CSR information increases, it is unclear what members states will do. Each member state will be able to determine the degree, if any, of required CSR information to be verified by a third party.
Third-party assurance can add credibility and completeness to reported information. However, there are some concerns about the quality of third-party assurance and many advocate a standardized approach. Organizations available to assure CSR information include accounting firms, specialists, certification bodies and non-governmental organizations (NGOs). Despite these concerns, standards have been developed in order to standardize the CSR assurance processes, including the International Standard on Assurance Engagements (ISAE) 3000, Assurance Engagements Other Than Audits or Reviews of Historical Financial Information, GRI-GE Guidelines and AccountAbility Assurance Standard (AA1000AS).
Some countries have made independent verification of CSR information provided by companies a mandatory requirement. Under the CSR regulation in France, integrated sustainability reports provided by a company must be verified by an independent third party. The verification must be performed by an independent third party, which can be the company’s financial auditor (certified public accountant) and must be accredited by the French Committee of Accreditation, COFRAC. In South Africa, under Principle 9.3 of King III, a company listed on the Johannesburg Stock Exchange is required to comply with integrated sustainability reporting and third-party assurance requirements.
Conversely, in some countries there is no mandatory assurance requirement for sustainability information provided by companies. For example, while the Danish Financial Statements Act of 2008 encourages companies to use GRI G3 Guidelines, which encourages the use of a third party to verify information, the act does not make the use of such parties mandatory.
The scope of changes that the transposition of the amendment to Directive 2013/34/EU will introduce in EU member states will vary by country. As discussed, some countries, such as France, already have mandatory CSR reporting in place, but in some states, in particular Eastern European EU members, non-financial reporting largely is unregulated.
Certain requirements will be common in all EU countries. For example, large companies with 500 employees and a balance sheet definitely will be subject to the non-financial reporting. It also is certain that these companies will have to provide specified environmental, social and employee-related information.
There are, however, some aspects of non-financial reporting that will be regulated differently in each country and may pose a significant burden on companies operating in Europe. In particular, it is advisable that companies in the EU are ready to disclose information about their supply chains and potentially have their CSR information verified by a third party when preparing themselves for mandatory CSR reporting.
