Challenges of a supply chain due diligence obligation (Supply Chain Act)

Supply chains play a crucial role in our globalised world. Companies face many challenges, particularly with regard to the verification of data due to the Supply Chain Act.

Review, risks and solutions

In today’s globalised economy, supply chains play a crucial role. However, companies are increasingly confronted with the challenges of supply chain due diligence (Supply Chain Act), especially when it comes to verifying data. The facts surrounding the Supply Chain Act audit shed light on various problems that companies have to overcome.

Transparent data sources as the key to integrity

The sources from which data for Supply Chain Act audits originate are often opaque. This uncertainty harbours the risk that the authenticity of the data cannot be clearly established. Companies are faced with the task of identifying reliable and transparent data sources in order to ensure the integrity of their supply chain.

Adapt questionnaires to the legal requirements

Data is often collected using questionnaires in various formats. These often do not exactly reflect the legal requirements, which makes compliance checks more difficult. There is an urgent need to develop standardised and legally compliant questionnaires to ensure that the data collected complies with legal requirements.

Manual verification of data from the social sector

The data to be collected mainly comes from the social sector, such as human rights or child labour. Manual verification of this sensitive data is often time-consuming and error-prone. Companies need to find solutions to automate the process while ensuring the accuracy and correctness of the information.

Complex interactions between companies and suppliers

Companies that are subject to the Supply Chain Act often have several suppliers to be audited, while one supplier in turn supplies several companies subject to the Supply Chain Act. The challenge is that different questionnaires are sent to the supplier, which increases the risk of inconsistent responses to the same legal requirements. Standardised communication and questionnaire design are crucial to minimise these inconsistencies.

Lack of context-sensitive testing

Companies often record data without carrying out a context-sensitive check. This increases the risk of “greenwashing” and violations of the Supply Chain Act, where companies pretend to act sustainably while in reality their compliance with legal requirements is questionable. A context-sensitive review of data is crucial to ensure that sustainability efforts are not just superficial.

Risks of fraud and greenwashing

One prominent example was provided by a well-known car brand based in the south of the country. Despite a successful Supply Chain Act audit of a supplier, it subsequently emerged through third-party research that the supplier was massively violating human rights. The consequences were serious. The risk of reputational damage is very high in the event of a violation. There is also the threat of legal consequences. Non-compliance with the Supply Chain Act can lead to legal consequences, including fines and trade restrictions, particularly in regions where strict regulations apply.

Possible solution

Overall, companies must proactively develop solutions to meet these challenges. The implementation of automated processes, the standardisation of questionnaires and the use of modern technologies are decisive steps on the way to effective supply chain due diligence. The use of AI-supported data analysis and risk assessment solutions are further preventative measures. This is the only way for companies to ensure that their supply chains comply with legal requirements while promoting sustainable and ethical practices.

Content:

Regulatory IT for the Digital Asset & Custody Industry

A rapidly growing digital asset & custody industry presents IT with many regulatory challenges, which are characterised in particular by Dora, MaRisk, BAIT and BaFin.

Between Necessity, Challenges and Future Prospects

The rapidly growing Digital Asset & Custody industry is facing increasing regulation, specifically characterised by Dora, MaRisk, BAIT and BaFin. In this article, we take a comprehensive look at the necessity, the complex challenges and the promising prospects of regulatory IT in this evolving sector.

Need for regulatory IT

The need for a strong regulatory IT architecture in the digital asset & custody industry is based on the complexity and sensitivity of digital assets. Dora creates the framework for digitalisation, MaRisk sets minimum standards in risk management, BAIT specifies the IT requirements and BaFin monitors compliance with these requirements. A solid IT infrastructure is therefore crucial for effectively managing digital risks and meeting regulatory compliance requirements.

Challenges in construction and operation

Setting up and operating such an architecture is not without its obstacles. The adaptation of existing systems, the integration of blockchain technology, the continuous compliance with changing regulations and the consideration of regulatory dependencies when outsourcing banking transactions require expertise and resources. Roles such as compliance managers, IT security experts and outsourcing management experts are becoming indispensable.

Required skills and roles

The skills and roles required are wide-ranging. Compliance managers must keep an eye on regulatory requirements, IT security experts must ensure a secure infrastructure and outsourcing management experts must take regulatory dependencies into account. In addition, blockchain developers are needed to successfully integrate this technology.

Focus on security

The security of digital assets is at the centre of any regulatory IT architecture. Modern security protocols, encryption and continuous monitoring are essential to minimise potential security risks and strengthen the trust of all stakeholders.

Challenges in setting up a blockchain architecture

The integration of a blockchain architecture poses a particular challenge. Decentralisation, smart contracts and the management of private keys require an in-depth examination of technical, legal and operational aspects. The DLT Pilot Regime provides guidance on how blockchain can be integrated into regulated environments.

Blockchain integration into regulatory IT

The seamless integration of blockchain into the existing regulatory IT landscape is crucial. Frameworks such as the DLT Pilot Regime provide a clear guideline on how blockchain can be embedded in a regulated environment. Collaboration with regulators is becoming increasingly important.

Prospects

Despite the challenges, regulatory requirements present an opportunity to improve security and efficiency. By utilising skilled staff wisely, applying security best practices and integrating blockchain technology, companies can not only meet regulatory requirements but also strengthen their position as pioneers in the digital asset & custody industry.

Conclusion

Regulatory IT for digital assets is not just a regulation, but a strategic investment. Organisations that proactively address these challenges will not only ensure compliance, but also create a foundation for sustainable growth and innovation. By integrating blockchain technology and regulatory compliance, the digital asset & custody industry will become a more secure and efficient financial sector for the future.

Content:

Information Security Manager (m/w/d)

Informationssicherheit ist deine Leidenschaft und du hast bereits 2-3 Erfahrung im Bereich ISMS sowie im IT-Security Umfeld? Dann suchen wir dich für die Gestaltung unseres “think tanks” in München.

Deine Aufgaben:

  • Beratung und Begleitung unserer Kunden bei der Implementierung und dem Betrieb von ISMS (ISO 2700x, TISAX, BSI IT-Grundschutz, sicherer IT-Betrieb), BCM und Datenschutz
  • Kompetente Unterstützung und Beratung der Informationssicherheits- Datenschutz- und Notfall-Beauftragten unserer Kunden sowie deren Fachbereiche bei Fragen zu IT-Compliance-Anforderungen
  • Konzeptionierung und Durchführung von bedarfsgerechten Awarenessmaßnahmen für Informationssicherheit, Datenschutz und BCM bei unseren Kunden
  • Aufbau positiver Kundenbeziehungen und Gewinnung neuer Projekte
  • Unterstützungsleistung im internen ISMS-Team um interne Prozesse zu verbessern und Rezertifizierungen für ISO 2700x und TISAX erfolgreich umzusetzen

Das wünschen wir uns:

  • Abgeschlossenes Studium der (Wirtschafts-) Informatik oder vergleichbare Ausbildung
  • Mindestens 2-3 Jahre Erfahrung im Bereich ISMS sowie im IT-Security Umfeld
  • Praktische Kenntnisse der Normen und Standards: ISO 2700x, BSI IT-Grundschutz, BCM, DSGVO
  • Kenntnisse der gängigen Projektmanagementstandards (GPM/IPMA, Prince2 oder PMI) bzw. Kenntnisse im agilen Umfeld wünschenswert
  • Analytisches und lösungsorientiertes Denken
  • Fähigkeit, komplexe Sachverhalte schriftlich und mündlich verständlich darzustellen
  • Kundenorientierung, Teamfähigkeit
  • Sichere Deutsch- und sehr gute Englischkenntnisse in Wort und Schrift

Du findest bei uns::

… ein interkulturelles, innovatives Team, das in einem internationalen Umfeld an vielen spannenden Projekten mit interessanten Kunden arbeitet. Werte wie Respekt, gegenseitige Wertschätzung, Vertrauen, Offenheit und Transparenz sind nicht nur Teil unserer Vision, sie werden auch im täglichen Miteinander gelebt. Außerdem erwarten dich kurze Entscheidungswege, ein großer eigener Spielraum und viele gemeinsame Aktivitäten mit dem Team sowie ein zeitlich und örtlich flexibles Arbeitsmodell.

Interessiert den „think tank“ mitzugestalten und weiterzuentwickeln?

Dann zögere nicht und sende deine vollständigen Bewerbungsunterlagen unter Angabe der Verfügbarkeit und Gehaltsvorstellung per E-Mail an: jobs@thinktank.de

Für Fragen steht André Jakubiak telefonisch unter 0172 4680494 gerne zur Verfügung.

think tank Business Solutions AG . André Jakubiak . Messerschmittstraße 7 . 80992 München