Due Diligence: What are NGOs’ minimum requirements for companies?
RULES OF THE GAME - Finance, CSR, Ethics

Due Diligence: What are NGOs’ minimum requirements for companies?

[part 3/4]


NGOs have made the following observation: companies often see their due diligence plan as a communication plan rather than a strategic development tool designed to map and prevent risks and to implement a strategy tailored to CSR issues.

NGOs want companies to change their attitude and genuinely comply with the obligation of monitoring the entire value chain, which implies:

  • mobilising all the stakeholders,
  • disseminating information transparently,
  • introducing precise indicators and
  • significantly changing the corporate culture.

This article is the 3rd of a series of 4, presenting the results of an NGO consultation as part of a global report on corporate due diligence.

Read part 1: Due Diligence: What do NGOs Think of France’s 2017 Duty of Vigilance Act? Is it adequate? Is it effective? 

Read part 2: Due Diligence: What Scope of Application ?

Read part 4: Due Diligence: Actions to Enable NGOs and Companies to Work Together for the Common Good

The next phase of the project will focus on the views of large companies on the impact of the law on their governance.

What are NGOs’ minimum requirements for companies to be considered “on the right road”?

The 2017 act requires the companies targeted by the text to provide proof that they have drawn up a vigilance plan naming all the risks and that they have warned their subsidiaries, subcontractors and suppliers of their obligation to comply with a whole series of social, environmental and societal regulations.

The NGOs have made the following observation: Companies merely submit to the vigilance plan rather than use it as a strategic development tool. This document is more often used for show and communication purposes than as a real management tool designed to map and prevent risks and to implement a strategy tailored to CSR issues. It is seen as a constraint. Often totally unreadable, it is unsuitable as a means a means by which to guide a company.

When it is considered an obligation, companies try to minimise its impact by isolating it, to avoid the risk of being held liable. In many companies, for example, the vigilance plan is treated as a separate document, thereby reducing the risk of legal action against the company.

We can cite the example of a famous oil company which introduces scope 3 in the non-financial declaration section of its universal registration document, but only integrates scopes 1 and 2 in the vigilance plan.1 This implies that its legal liability, if it were incurred on the basis of the 2017 act, would be limited to the first two scopes. Because of the uncertainty surrounding the legal nature of the vigilance plan, which has yet to be clarified by the courts, this approach shows a tendency to make much more cautious commitments as regards the vigilance plan than in other parts of the registration document.

The NGOs want companies to change their attitude and genuinely comply with the obligation of monitoring the entire value chain, which implies mobilising all the stakeholders, disseminating information transparently, introducing precise indicators and significantly changing the corporate culture.


To be considered on the right road, a company’s first step is to demonstrate transparency, in particular by making public, via the vigilance plan, information that is still not accessible today.

It is noteworthy that a number of plans do not meet the act’s requirements, i.e. they have not drawn up and integrated real risk mapping based on rigorous methodologies. Risks are often defined in fairly generic terms and, with most companies, the information provided in the document is not precise.

The act provides for companies to come together in a sector-based initiative to produce a document of this kind. This is the case with the major French banks which, in their very first vigilance plan, indicated that they had joined forces to draw it up in view of the common risks inherent to their sector of activity. However, according to the NGOs, this allows them to remain very general, which is not satisfactory.  This is because the vigilance plan as defined by the 2017 act is not that of a particular business sector (e.g. banking or the extractive sector). It must be that of the company concerned, highlighting information on its concrete activities (countries, activities and projects at risk), which is far from always being the case.

Likewise, as regards the description of actions rolled out to deal with risks and the implementation of monitoring procedures, there should be a certain number of indicators and results linked to them, which again is often lacking.

The first significant step forward would thus be greater transparency in compliance with the act’s stipulations, i.e. a risk map included in the vigilance plan, containing precise information on the company producing it, a description of the actions taken to counter the risks identified and, finally, the quantified production of monitoring measures.  Transparency means, of course, that the information must be genuine.

Precise, regularly updated indicators

Companies should include a precise definition of the indicators in their document, rather than simply confirming that they exist, so that NGOs can judge their relevance and be able to measure the results in terms of achieving the objectives set.  Today, according to the NGO “Les Amis de la Terre”, the information provided is woefully inadequate, and the vigilance plan – one of whose aims, as expressed during the parliamentary debates, was to counterbalance the lack of reversal of the burden of proof by providing stakeholders with a certain amount of information (in view of litigation, among other things) – is not playing its role. 

To compensate for companies’ shortcomings, a number of NGOs that take an interest in climate issues (including “Notre Affaire à Tous”) have set up measurement tools to benchmark climate vigilance. 

Companies are given a score from 0 to 100. A company with a score of 100, for example, would be fully compliant with the rules on climate issues, subject to a future interpretation by the courts. In this way, the NGO has succeeded in making climate issues not included in the vigilance plans – because the act did not explicitly provide for them – an essential part of these plans. Although all companies now include climate issues in some detail, the implementation of vigilance plans remains deeply unsatisfactory. This is prompting organisations to issue more and more formal notices and take legal action to combat the feeling that companies are acting with impunity. It is thus very important for the courts to take a stand and make binding decisions, so that companies stop focusing solely on profit and adopt socially responsible behaviour.

“Mighty Earth” considers that going through legal channels, i.e. a lawsuit, makes it possible to have a real impact on the various stakeholders. For the NGO, this is an essential phase if companies are to become truly aware of their responsibilities and the financial fallout and risk to their image that a conviction would inevitably entail.

Writs and formal notices not only frighten companies, which fear reputational damage in particular, but also have a genuinely positive aspect.

This is because today, if a company is challenged in this way, it endeavours to provide an extremely detailed response to the points in dispute. For “Notre Affaire à Tous”, this demonstrates an awareness of the risk and the issues at stake; the fact that the companies being sued are responding on the merits without evading the issue, even though they could do so as regards the climate issue (not included in the 2017 act), is a truly significant step forward.

Lastly, it seems that at present, vigilance plans and the indicators incorporated into them are only published once a year alongside the non-financial performance declaration in the management report. But the NGOs believe that, logically, as the indicators are supposed to evolve with the processes and risks identified by the company, it would be preferrable for the plan to evolve and be amended accordingly each time a company pinpoints a new risk, as part of a continuous improvement process.  It has to be said that this is not the case.

Stakeholder participation

The NGO “Terre Solidaire” observes that, in most cases, vigilance plans are not drawn up in consultation with the people potentially affected, the stakeholders and the trade unions, because this is not a legal obligation. If stakeholders were to be consulted when the vigilance plan was drawn up, this would be a significant improvement to the Act. This would enable more relevant, better-constructed plans to be drawn up in line with the various parties’ expectations. For example, there are very few vigilance plans that detail a company’s established relationship with its subcontractors, country by country, whereas normally this should be the case. Likewise, consultation with local civil society organisations, associations, indigenous peoples’ organisations and local communities would be a legitimate way of building an effective and consistent plan.

Furthermore, again as part of this approach including stakeholders, it would be logical for the vigilance plan to be published in all languages of the countries where the company operates. For this plan is primarily intended to protect people in territories where legislation is not necessarily up to date on CSR issues. This is a major issue as regards accessibility for indigenous populations and local associations working to protect their rights, notably being able to check that the company has correctly mapped its value chain and identified all the risks in the area concerned.

Changing corporate culture

The NGOs point out that, all too often, the way in which CSR issues are addressed in major groups is not equal to the challenges. The teams working on these issues are generally very small and the financial resources dedicated to projects in the field are often derisory compared to the revenues of these companies.

Furthermore, as the NGO “FIDH” points out, one of the difficulties in drawing up a truly serious vigilance plan is that the teams who design them often have a particular status in the company. In general, they are not part of the management bodies, have no power to set the board’s priorities and have limited means to convince people internally. In addition, they are often subject to contradictory injunctions. 

The fundamental question then is how to change the corporate culture. The 2017 act and the directive currently under discussion aim to change the way companies behave in the social, societal and environmental spheres. To achieve this, a number of NGOs are advocating the adoption of measures that would make management truly accountable if a company failed to implement a vigilance plan. They believe that fundamental work on governance will only be initiated if stringent measures are introduced. Accountability must exist throughout the company’s internal chain.

  1. Scope 1 corresponds to the company’s direct emissions, scope 2 to emissions linked to energy consumption and scope 3 to indirect emissions, emanating from the entire supply chain, upstream and downstream. ↩︎