Agentforce, the GenAI Agent by Salesforce
Sia Partners' Compliance team presents the first edition of our benchmark of Vigilance Plans.
This benchmark has been published following the application of the French law on duty of vigilance, by major companies in the following sectors:
22 plans were studied, with more than 60 points of analysis across categories. This study was carried out by our compliance and duty of care experts, thanks to our AI tool, SiaGPT, developed by Heka.ai, our ecosystem of ready-to-use artificial intelligence solutions.
The risk map only appears to be completely compliant for 9% of the Plans studied. In fact, most stakeholders limit themselves to listing the identified risks, without ensuring prioritization.
Although procedures for evaluating subsidiaries and third parties appear to be carried out by all players, their scope and frequency are too restrictive.
Most Plans do not detail the implementation schedule for each measure identified regarding the risk map. Moreover, these measures are not systematically identified.
Concerning the alert mechanism, some Plans do not specify the possibility for foreign subsidiaries to locally report the existence of a risk linked to the Duty of Vigilance.
The risk monitoring system remains incomplete, in that certain Plans fail to provide performance indicators to evaluate the effectiveness of the measures implemented.
Although the organization of governance is not prescribed by law, it nevertheless represents a major element of the system. However, this, like comitology, is sometimes not explained within the Plans.
The French Law on Duty of Vigilance of March 27, 2017, mandates the integration of the Plan into the entity’s Annual Report. However, the information should not be included there as this affects readability. In addition, we observe that this provision is not systematically respected and that certain Plans are only published in isolation.
Finally, awareness and training systems on the Duty of Vigilance do not always seem to be deployed within the analyzed organizations.
In a cross-functional manner, the involvement of stakeholders, whether internal or external, is a key element in the implementation of Duty of Vigilance measures. These can help the responsible Departments considerably, for example during the risk identification stage. The use of benchmarks, particularly international, such as International Labour Organization Conventions or OECD Guidelines for Multinational Enterprises, also prove useful.
To be able to cross-reference as much data as possible, certain organizations are increasing the methods of evaluating their subsidiaries and third parties, the latter also being subject to a strict process when entering into a business relationship.
Regarding risk mitigation and the prevention of serious harm, it is deemed appropriate for companies subject to the law to include clauses in their contracts with third parties relating to compliance with the Duty of Vigilance, which is the case for almost half of the Plans studied.
Half of all entities have set up several alert channels to collect reports from employees and third parties. Having multiple channels is strongly encouraged as it ensures the availability of the mechanism, particularly for players using external platforms, which may be subject to maintenance.
The monitoring system must not be global but specific to each previously identified risk. KPIs must be attached to each measure implemented, which has been generally well assimilated by the various stakeholders.
Given the issues linked to the Duty of Vigilance, 64% of entities have put in place a comitology specific to the subject.
Finally, the Vigilance Plan must include an exhaustive report of its implementation, making it possible to understand the effectiveness and efficiency of the measures. This has been correctly implemented for a minority of actors.
Although the law on the Duty of Vigilance has been in force for 6 years, we still notice numerous disparities in the methods and quality of the Vigilance Plans analyzed. It is essential for players to analyze market best practices and compare their methodologies. Looking specifically at companies within the same sector and at the current Duty of Vigilance development, with the Corporate Sustainability Due Diligence Directive project (known as the CSDD directive), expected for 2024.
Sia Partners can support you in the development and improvement of your Plan and your Duty of Vigilance compliance program.