Given that the new requirements mark a conceptual shift from soft law to hard law and thus new concepts and terminologies should be embedded into Enterprise Risk Frameworks and Compliance Programs, we advise that companies should start preparing already now. In doing so, they should take the wider international context and possible further developments in important foreign markets into consideration as the new ESG reporting and due diligence requirements only mark the first step on a longer journey. This is particularly true for Swiss companies with operations in the EU where we expect broader requirements to receive the force of law in the coming years. Important measures will include the enhancement of the existing Compliance Program to address increasing expectations by stakeholders - and legal requirements - with respect to the management of ESG risks related to all business activities, including due diligence measures, with a specific focus on the supplychain.
What will the requirements under the new ESG legislation be and what companies will they apply to?
The ESG reporting obligation will apply to companies of public interest (i.e. listed companies, banks, insurance companies and other supervised financial institutions) domiciled in Switzerland that, together with controlled companies in Switzerland and abroad, (i) have at least 500 FTEs on annual average, and (ii) exceed assets of CHF 20 million or revenues of CHF 40 million in two consecutive years. Companies that are controlled by a company to which the new reporting requirements apply, or that are subject to equivalent reporting under foreign law, are not required to prepare an additional report.
The ESG report must include information necessary to understand the company's business and the impact of its activities on the environment (including CO2 targets) as well as societal concerns related to employees, respect for human rights and the fight against corruption across their value chains.
As indicated at the outset, the ESG reporting requirement is modeled after the EU Non-Financial Reporting Directive (Directive 2014/95), and the non-exhaustive list of topics that the report must cover tracks its model closely. Specifically, the report has to cover the following topics:
- the company's business model (Business Model);
- the main ESG risks resulting from the company's own operations and, where relevant and proportionate, its business relationships, products or services (Risk Assessment);
- the policies pursued to address these ESG risks, including due diligence applied (Policies and Due Diligence);
- the outcome of those policies (Outcome) and
- non-financial key performance indicators applied regarding the company's response to ESG risks (KPIs).
If a company does not have policies addressing certain ESG risk areas, the report must include an explanation of the reasons for such gap ('comply or explain'). The only defensible explanation that one could see is an assessment that a company's activities do not raise concerns in a certain area.
The report may be based on national, European or international reporting standards, such as for example the OECD Guidelines for Multinational Enterprises or the standards of the Global Reporting Initiative (GRI). Further, companies may want to draw from guidelines the EU has issued on the methodology for reporting non-financial information. Under the above headings, these guidelines list out in detail the aspects that the ESG report should cover.
The report may be established in one of the Swiss national languages, or in English. It must be approved by the board of directors and the shareholders' meeting and made electronically accessible to the public during a period of 10 years. However, unlike the company's financial statements, the ESG report must not be audited.
Due diligence in connection with conflict minerals and child labour and Compliance reporting
Companies with their registered office, central administration or principal place of business in Switzerland that (i) import or process minerals or metals containing tin, tantalum, tungsten or gold from conflict or high- risk areas or (ii) offer products or services for which there are reasonable grounds to suspect that child labour was involved, must comply with due diligence and annual reporting requirements relating to their supply chain. While in principle these requirements apply irrespective of the size of a company, the Swiss government has the authority to define exceptions with respect to the import of small volumes of potentially conflicted minerals, on the one hand, and small and medium sized entities as well as entities with limited risk of exposure to child labour in their supply chain, on the other hand. Further exceptions are possible, for instance if a company complies with internationally recognized rules such as the OECD Guidelines for Multinational Enterprises and related sectoral guidance.
To comply with the due diligence obligations, at a high level, companies caught by the requirement must make sure that their Compliance Program includes policies and processes, including effective due diligence and tracing processes, addressing risks across their supply chain related to the sourcing of so- conflict minerals and metals and/or products and services containing inputs from child labour. The implementation of due diligence measures in the area of conflict minerals has to be audited by an independent expert.
Further details will only be set out in an implementing ordinance, which the Swiss Federal Council will issue. However, we should expect the Federal Council to closely follow standards developed by the EU and multinational standard setters, such as the UN, the OECD, and others. With respect to the new due diligence requirements on conflict minerals, which are again based on an EU Regulation, here 2017/821, we would refer to sectoral guidance issued by the OECD, such as the Due Diligence Guidance for Responsible Supply Chains of Minerals from Conflict-Affected and High-Risk Areas; this guidance provides helpful information on how to address and meet the due diligence requirements with regard to conflict minerals. With respect to child labour related due diligence requirements, which are based on the Dutch Child Labour Due Diligence Act, guidance can be found, for instance, in the ILO-IOE Child Labour Guidance Tool For Business, which is based on the UN Guiding Principles on Business and Human Rights and, again, OECD guidance.
In addition to implementing due diligence measures, the board of directors also has to issue a report on the company's compliance with these measures. Unlike the ESG report, however, this compliance report does not have to be submitted for approval to the shareholders' meeting. Again, the report may be established in one of the Swiss national languages or in English, and it must be made electronically accessible to the public during a period of 10 years.
Requirement for commodity extracting firms to report on government payments
For completeness, we add that as part of the Swiss corporate law reform new reporting requirements are going to enter into force from 1 January 2021 for companies that are subject to an ordinary audit and directly or indirectly through controlled entities extract minerals, oil, natural gas or woods from primary forests. These companies have to publish a report on cash and in-kind payments to government authorities of an aggregate amount of at least CHF 100'000. Companies trading in these commodities are not subject to the new reporting requirement. However, the Federal Council has the authority to declare the requirements applicable also to these companies. As is the case for the due diligence compliance report related to conflict minerals and child labour, the report must be approved by the board of directors and made accessible to the public for at least 10 years.
What is the exposure of your business in case of non-compliance with the requirements under the new ESG legislation?
Non-compliance with the new ESG reporting regime is subject to criminal liability. Non-compliance includes the inclusion of false statements in any of the newly required reports, the generic ESG Report and the report on compliance with due diligence measures in the area of conflict minerals and child labour, or the failure to issue any of these reports, or the failure to keep records of, or publish, these reports. If any of these acts is committed intentionally, the fine is up to CHF 100'000, if committed negligently, the fine is up to CHF 50'000.
In addition, deficient ESG due diligence or reporting may trigger civil liability under existing concepts, namely the liability of board members and management under article 754 of the Swiss Code of Obligations. Although the hurdles for successful derivative claims are notoriously high, it is conceivable that the increased specificity of risk management requirements may motivate activist shareholders to bring claims. For instance, in case instances of unmitigated child labour in the supply chain become public and bad press results in loss of business, the argument may be made that weaknesses in the compliance program caused damages to the company, for which management and the board should be made responsible.
Likewise, one cannot discount completely the possibility that the existing principal's liability of article 55 of the Swiss Code of Obligations or other liability concepts will be used with more confidence to hold Swiss parent companies accountable for activities by their subsidiaries in high risk jurisdictions, given that the law itself states that due diligence requirements extend across the extended enterprise.
International developments that matter for Swiss businesses
The new ESG legislation in Switzerland follows numerous legislative efforts elsewhere to increase the accountability of businesses for violations of human rights or negative environmental impact related to their activities. Several countries have recently introduced due diligence requirements, some of which relate to specific sectors, products or regions. For example, the US Dodd-Frank Act (Section 1502) contains due diligence and reporting requirements with regard to conflict minerals. France passed a law in 2017 ("Loi de Vigilance") that provides for due diligence obligations with regard to human rights and the environment across the supply chain, introduces related self-reporting obligations and complements a new liability regime with increased enforcement powers of competent authorities. In the Netherlands, a new law adopted in May 2019 requires Dutch companies and foreign companies supplying goods or services to Dutch customers to scan their supply chains for child labour, publish their findings and develop a plan to address potential issues. These are only a few examples; there are more.
Importantly, the Swiss Federal Council has stated consistently, including in its National Actions Plans implementing the UN Guiding Principles and the Agenda 2030, that it will closely monitor the legislative activity at the EU level and elsewhere. In this regard, we note that the EU Commission is already looking beyond today's state of law, which Switzerland is typically copying. In fact, following its announcement in April this year, in October 2020, the EU Commission has launched a broad public consultation on the contemplated introduction of cross-sectoral mandatory due diligence in relation to human rights and environmental impacts paired with enforcement mechanisms, on the back of a detailed study on due diligence requirements through the supply chain, which was published earlier. What is more, the Legal Affairs Committee of the European Parliament, on its part, has published a draft Directive on corporate due diligence and corporate accountability. The scope of the Directive is far-reaching in that it would apply to all companies operating in the EU, irrespective of incorporation. Further, the draft Directive imposes cross- sectoral due diligence requirements and both civil and public enforcement mechanisms, including fines. These developments follow an increasingly broad recognition that reporting only, even where false or misleading reporting may attract liability, is not enough. The EU Commission has also published a study on directors' duties and sustainable corporate governance, which suggests future EU action in the area of corporate governance contributing to more accountability for companies' sustainable value creation. Solid legislative proposals can be expected in the first half of 2021, and in view of the general dynamics in the ESG space it appears reasonable to assume that additional due diligence requirements will be introduced in the EU eventually, which the Swiss Federal Council may again suggest Switzerland to tag along with.
What should you do today in order to be prepared tomorrow in view of the broader context?
While it is true that discussions about the role of business in relation to human rights and environmental concerns are still evolving, not necessarily everywhere at the same pace, the direction of travel is clear. As indicated above, we have seen and will continue to see a hardening of soft law in the areas of human rights and the broader societal and environmental impact of businesses. For this reason, the focus of relevant resources should move from the analysis of legal nuances to the development of substantive answers to the question what a given company should do in order to address effectively ESG concerns in the extended enterprise.
In addition to our standing recommendation to develop and maintain a well-documented and effective general Compliance Program, we suggest that in response to the developments laid out in this note, you lend particular attention to the following points in the near future:
- Review and where required adjust governance to ensure appropriate leadership at the Board level in relation to ESG risks, including adverse impact the company's activities may cause and legal risks the company may face.
- Designate responsible function(s) to monitor and provide ongoing advice in relation to the increasing body of laws and regulations in the area of ESG risk management requirements both in Switzerland and in your markets abroad. In this regard, consider moving to shared responsibilities, including the Legal and/or Compliance function.
- Review and where required adjust your Enterprise Risk Framework to address ESG risks within your risk taxonomy, including associated measures to address these risks.
- Review and where required adjust ESG risk management policies and processes across your supply chain and distribution network, including affiliates and third parties, on the basis of a solid risk assessment. In this regard, broaden and deepen your third party intermediary due diligence framework to address ESG risk factors and do so into tiers 2 and 3 of your chain. Place particular focus on conflict minerals and child labour, considering third party assurance.
- Review and where required adjust your reporting on ESG risk factors and measures you take to address these risks. Introduce internal assurance processes in relation to your reporting.
- Given ongoing disruption by COVID-19, review and where required adjust the design of your Compliance Program to allow for increased remote execution while still ensuring required effectiveness and documentation standards. This may require an increased level of central data collection along pre-defined risk factors instead of onsite reviews.