Compliance DD as a contribution to the ESG audit

published on 16 May 2024 | reading time approx. 4 minutes

The topic of ESG (Environmental, Social and Governance) has long become a part of corporate practice and is now present in business decisions. The reason for this is not only the growing general interest in sustainability issues, but also the rapid increase in national and European regulation in recent and coming years.

The enactment of the Corporate Sustainability Reporting Directive (CSRD) is certainly of particular relevance in this context. The CSRD ensures that existing regulations on (previously) non-financial reporting are significantly expanded to include sustainability and that reporting is made more comparable. This ensures a steady increase in the transparency of corporate activities and the resulting opportunity for shareholders and stakeholders to be able to compare companies. This in turn represents added value, particularly for investors, as recent studies suggest that sustainability accounts for around 30% of a company's value.

That being said, the topic of ESG is becoming increasingly important in due diligence reviews (DDs). Even if no uniformity or "one standard" has yet emerged in the context of DDs with regard to ESG aspects, an increasing relevance in legal and corporate practice is clearly recognizable.

This applies in particular to compliance DDs: ESG is also a defining factor here, which is likely to increase further in the future - not least due to the ever-expanding areas of application of corresponding laws.

But what is important in the context of "ESG compliance DD"?

And what are the differences in relation to "ordinary" compliance due diligence?

Ordinary compliance due diligence

The risk of sanctions and possible corporate liability due to compliance violations prompts potential buyers to take preventive measures in the context of company acquisitions through comprehensive DDs.

If compliance violations are only discovered after the closing – because they were not detected during due diligence or were not even checked in the first place – this can have significant negative consequences for the buyer. In addition to reputational damage, fines and penalties may also be imposed.

When carrying out a DD, case-specific risks are usually first identified in the form of a red flag check. The identified critical areas are then analyzed and subsequently – if necessary and appropriate – tailor-made measures are taken (e.g. liability and indemnification clauses are agreed) to enable the closing.

ESG aspects of compliance due diligence

This "classic" approach also applies within the framework of "ESG compliance DD". While there are no innovations on a structural level, the content of the classic compliance DD is expanded. In terms of content, there are likely to be three main aspects that need to be considered:

Review with regard to reporting obligations
Review of relevant ESG certifications
Review with regard to compliance with ESG-relevant legal areas

As a result, there is essentially an extension of compliance DD.

The first step with regard to ESG compliance DD will therefore be to check whether the notified company fulfils its (partly new) reporting obligations under CSRD, the European Sustainability Reporting Standards (ESRS) and the Supply Chain Due Diligence Act (LkSG) in conjunction with the German Commercial Code (§§ 289b et seq. HGB). Finally, non-compliance with these obligations may result in sanctions, such as fines. Just to provide an overview, the topics that require reporting are aspects of the three ESG pillars, i.e. reporting on environmental, social and corporate governance issues. This may also include employee matters, the fight against corruption and respect for human rights. These topics will be expended to include reporting within the meaning of the LkSG, provided that the LkSG applies in individual cases, which means that reporting on the fulfilment of supply chain-specific due diligence obligations is also required.

As already stated, sustainability is having an ever-increasing influence on the value of a company, which is placing the question of the verifiability of sustainability more and more in the focus of corporate measures. In addition to a few key performance indicators (KPIs) that have not yet been finally standardized or generally accepted, proof of sustainability through the provision of ISO certifications is likely to become increasingly prevalent in practice. Due to their (partial) thematic identity, these certifications are likely to be particularly well suited to demonstrate specific ESRS standards and sustainability aspects. At the same time, they have the advantage that they are generally recognized and their significance is valued in the business world. This in turn should induce the beneficial side effect that presenting appropriate certifications in the DD process leads to a quick and generally positive result with regard to the aspects that the certification is intended to prove.

In addition to the two aforementioned points, the ESG compliance DD must of course address particularly ESG - relevant laws and compliance measures. Specific laws to be mentioned here - if applicable in individual cases - are the LkSG, the Whistleblower Protection Act and data protection law (certainly with a focus on employee data protection). It is also important to ensure that the measures required for compliance have been implemented correctly within the company and that the necessary and appropriate documents are available. From an ESG compliance perspective, it is certainly of particular relevance that guidelines (e.g. anti-corruption and digital ethics guidelines) as well as implemented codes (e.g. for the supply chain and with regard to employees) are "green-coloured". If this is the case, the audit result in this regard should also be positive.

Conclusion

In summary, it can be said quite quickly that ESG compliance DD does not differ significantly from the "ordinary compliance DD"; rather, existing practices simply need to be viewed from a different perspective and expanded to include the new regulatory requirements.

Looking to the future, it should be noted that ESG is (also) a compliance issue that needs to be given greater attention. This focus is likely to become even stricter, as corporate ESG obligations are also expected to increase further and the topic of "sustainability" will continue to become more relevant for shareholders and stakeholders. In the context of DDs, this means, that these areas should be scrutinized more closely and – if risks are identified – appropriate measures (e.g. exemption clauses) should be chosen.

In order to be prepared as a self-audited company in the future and to emerge from potential DDs with a positive (value-adding) result, it is advisable to expand the compliance management by adding the "ESG" component to it now as well as to act in an overly obligatory manner in appropriate places (e.g. through ESG-relevant certification). Ultimately, in addition to compliance with legal obligations and the avoidance of sanctions, this should lead to a higher value of the company.