European Banking Federation (EBF)

While the entity welcomes EU regulation, most of the position paper is a pushback against its structure, scope and implications, questioning feasibility and calling for clarifications, simplification, exclusions and replacement of key provisions.

The entity indicates: 'The financial industry has already progressed significantly on alignment with established international soft law standards ... The current proposal differs substantially from these ... which would have significant adverse impact on banks that have already committed and established processes based on these international standards. We welcome EU regulation regarding due diligence on environmental and social impacts, but we see a rather large room for MS States in the transposition of directive. Thus, it entails a risk of gold plating which leads to a need for close monitoring'. It points out that the proposal lacks on several aspects, including clarity on obligations and definitions, legal framework, directors' duties and civil liability.

It welcomes the advance in the respect for human rights, but it calls for further clarification.

The entity indicates: ‘while the objectives to advance the respect for human rights and environmental protection on a harmonized basis is welcome, we hope that the European Parliament and the European Council will use their power to further clarify the requirements of the Directive so European companies can implement a due diligence framework that is operational and holds European companies responsible for aspects within their control in a manner proportionate to the desired objectives of the Directive’.

The entity generally supports the Omnibus Directive

It states that 'The EBF supports the Commission’s proposed amendments to the CSDDD'

The entity considers an EU-level legal framework preferable to national legislation, although it argues that it adds nothing new to the sector. It advocates for a principles-based approach and does not support the development of new definitions regarding due diligence, encouraging the Commission to rely on the OECD definition.

The entity agrees with the need of a legal framework (question 2). It adds: 'There are plenty of international guidelines and norms, as well as sector specific self-regulation, to which companies already adhere to. We do not believe that a legal due diligence definition would bring anything new to the substance for the banking sector, ... We believe that a balanced, well designed and implemented EU legal framework is preferred over national legislation'. As an answer to question 14, it notes: ‘We do not support the development of new definitions, as this will create inconsistencies and double work for companies that already apply the OECD Guidelines'. Finally, it advocates for a horizontal, principles-based approach (question 15) and it adds: ‘If any duties are introduced, they should be principle-based so that there is flexibility for different sectors and different legal status or sized companies to apply the rules according to what works best in their situation’.

The entity calls for full harmonisation.

The entity states that: 'The most important element of the proposal should be full harmonisation. This is necessary to avoid fragmentation of the EU single market and ensure a level playing field. This can be achieved by using, for instance, an “internal market clause”. If the EU wishes its model to be used as a reference elsewhere in the world, it cannot rely on the limited harmonisation provided by the directive that would potentially lead to 27 different frameworks'.

By endorsing this joint statement, the entity demonstrates support for the Omnibus Simplification Package designed to lower the level of ambition and delay the implementation of the Corporate Sustainability Due Diligence Directive.

The document states that: 'The Corporate Sustainability Due Diligence Directive (“CS3D”), undoubtedly the flagship legislation adopted under the Green Deal, is particularly ambitious in terms of its scope thereby creating challenging and impactful new obligations for businesses with global value chains and in some instances rife unintended repercussions for the real economy in the EU and in third countries. ... We, the undersigned European associations representing companies and sectors impacted by the CS3D, welcome the European Commission’s intention to put administrative burden relief and simplification at the heart of its agenda'. It also calls for extending the implementation phase: 'Guidelines and implementing legislation should be adopted at least two years before compliance with legislation becomes mandatory or the transition period should be extended'.

Regarding the scope, it advocates for the exemption of subsidiaries that don't meet the threshold and it calls for a risk-based approach.

The entity indicates: 'The extent of the due diligence obligation is very wide, not limited to actual and potential human rights severe adverse impacts and to actual and potential environmental severe adverse impacts .... Therefore, we would make use of the risk-based approach and the established definitions, such as severity/salience etc. UNGP ...'. It states that ‘We want the obligations to apply at the consolidated group level. Consequently, subsidiaries should be expressly exempted .... The obligations should apply at the consolidated group level as that is where due diligence policies and processes are set up. It would be a disproportionately high administrative burden for each entity of a banking group to comply with the obligations laid down by the Directive. Therefore, subsidiaries should be expressly exempted’. It adds that: 'we find it unclear, if this means that, de facto, all subsidiaries (and their value chains as the case may be) would be under the scope of the Directive even though they might not be subject to it according to relevant thresholds'.

Although the entity is in favour of a horizontal approach covering all sectors, it advocates for the exclusion of small and micro-enterprises.

The entity responded to question 16 that ‘Micro and small sized enterprises (less than 50 people employed) should be excluded'; 'SMEs should be subject to lighter requirements'. It elaborates: ‘Any new due diligence requirements should be aimed at larger companies, which can be expected to have the organizational capacity to work with these relatively complex requirements’. In response to question 15, it chooses the option, “Principles-based approach”, indicating that, 'so that there is flexibility for different sectors and different legal status or sized companies to apply the rules according to what works best in their situation'.

The entity notes that supervisory authorities would have an effective enforcement mechanism but does not clearly support this aspect of the Directive. The statement is part of a broader critique of the legal uncertainty and complexity introduced by enforcement and liability provisions. No clear endorsement of enforcement mechanisms is made.

The entity indicates: ‘The powers granted to supervisory authorities would constitute an effective enforcement mechanism. The directive does not provide a clear definition of damage, which would lead to difficult and costly disputes, neither does it provide a clear definition of value chain and other concepts which will furthermore complicate the dispute process. Another legal issue relates to the obligation to terminate a contract when a potential adverse impact could not be prevented, which is contrary to basic principles, i.e., pacta sunt servanda’.

Although the entity does not oppose enforcement as such, it opposes the enforcement model proposed, particularly with regard to proportionality.

The entity states that: 'We disagree with the fact that the supervisory authorities have the power to impose penalties based on the company's turnover and defined by the Member States, which could lead to differing national regulations. The calculation of the maximum amount of the penalty should be clearly defined in the Directive'. In addition: 'We disagree that pecuniary sanctions are based on the company’s turnover. Furthermore, it should be clearly stated how the sanctions for companies that are subject to the Directive but registered in third countries would be managed'.

The entity does not take a position on the proposed options, arguing that due diligence is primarily a matter of responsible business conduct and is therefore in conflict with an enforcement-based legal approach.

In response to question 19a the entity does not pick one of the predefined options. Instead, it indicates that: ‘Due diligence is essentially a Responsible Business Conduct (RBC) process. RBC is voluntary, co-operative, future oriented. If you introduce enforcement, you enter a more legal approach. Legal processes are mandatory, antagonistic, oriented towards establishing responsibility for past mistakes. ... The lines between a non-judicial and a judicial process should not be blurred. .... A legal attitude should be avoided in a RBC process. As such we suggest to clearly split the two processes .... A national authority could help in interpreting obligations.... The role of such authority should be tailored in the way RBC processes should be monitored, namely forward looking. It should be possible to designate an independent third party explicitly accredited for verifying due diligence information published by undertakings’.

The entity opposes EU-level harmonisation of directors’ duties and warn about uncertainty, liability risks, and contradictions with national frameworks.

The entity indicates that: '‘The Directive intends that directors should take into account human rights, … when taking decisions in the best interests of the company. Given that consequences of any kind of “sustainability matters” are very broad, with regard to the responsibility for directors, it is important to provide legal certainty particularly in light of the liabilities of directors. Moreover, the notion of “directors” should be clarified. … The proposal seems somehow vague on the notion of stakeholders. As the national Corporate Governance rules will apply and Member States are responsible … it should be clarified that a duty to consider sustainability matters can only apply within the scope of responsibilities allocated to directors by the applicable national corporate governance rules …’. It adds: ‘Sustainable matters should be considered in the directors making decisions but avoiding any reference to Director duties and especially to the “duty of care” as it has not been harmonized at EU level and Member States have different legal frameworks’.

Although the entity agrees to some extent to question 7 on boards responsibility, it clarifies that responsibility circumscribes only to oversight, not management.

In its response to question 7, i agrees 'to some extent' and points out that: ‘Given that some of these factors could affect the long-term sustainability of the company, the Board should have proper oversight over them. However, it should not result in a legal obligation on processes’. It adds that: 'it should be left to companies to identify relevant stakeholders and contextualize their ESG risk management practices .... In fact, introducing such a legal obligation would be very perilous'. In addition, in response to question 6, it shows strong opposition to a legal requirement for directors to manage the risks for the company in relation to stakeholders and their interests.

The entity does not consider necessary to regulate directors' duties.

The entity states that 'Regulating directors’ duties is unnecessary to reach the objectives of the proposal and does not belong in a due diligence framework. It will have negative side-effects, e.g. interfering with national company law systems and creating legal uncertainty, without added value to the ability of companies to apply effective due diligence'.

The entity acknowledges remedy where it has caused or contributed to impact, but rejects remedy linked to its operations if it has not caused nor contributed to it.

The entity indicates: ‘the provisions for civil liability seem to go beyond what is currently required by the UNGPs. A company should not be required to remediate for adverse impacts that the company has not caused or contributed to, even if they are directly linked to its operations. It should also be noted that financial compensation should not be the only form of remedy when neutralizing adverse impacts'.

The entity considers that complaint mechanism as part of due diligence would be a best practice and strongly disagrees with a requirement to establish mechanisms for stakeholder consultation as part of due diligence duty.

The entity considers that complaint mechanism as part of due diligence would be a best practice, as a response to question 20c. It strongly disagrees with a requirement (for directors) to establish mechanisms for stakeholder consultation as part of due diligence duty, as asked in question 20a. It explains its answer: ‘It should be up to each company, however, to define the scope of its stakeholders and decide the best way to organize the dialogue. ...’.

The entity does not consider the inclusion of civil liability a suitable option.

The entity indicates: ‘One of the central concepts of the Directive is the inclusion of civil liability which goes against the established principles of national civil law and creates an unaccountable and uncertain legal risk for companies’.

It strongly opposes the inclusion of the proposed provisions on civil liability and the payment of damages to affected groups.

The entity indicates: ‘We strongly oppose the inclusion of the proposed provisions on civil liability (article 22) and the payment of damages to affected groups (article 8) in the Directive. They go against the established principles of national civil law and create an unaccountable and uncertain legal risk for companies, which might go against the objectives of the Directive. ... We believe that the powers granted to the supervisory authorities without civil liability would be sufficient for the effective enforcement of the Directive. ... Impacts cannot be prevented or mitigated before they have been identified. Therefore, it is unreasonable to require prevention or mitigation measures to impacts that should have been identified, and especially to base any civil liability based on this hypothetical concept’.

The entity does not consider this a suitable option as an enforcement mechanism.

Question 19a asks about enforcement mechanisms through a multiple-choice format, one of which is, 'judicial enforcement with liability and compensation in case of harm caused by not fulfilling the due diligence obligations'. The company did not select this as one of its preferred measures. Instead, it indicates that: ‘Due diligence is essentially a Responsible Business Conduct (RBC) process. RBC is voluntary, co-operative, future oriented. If you introduce enforcement, you enter a more legal approach. Legal processes are mandatory, antagonistic, oriented towards establishing responsibility for past mistakes. ... The lines between a non-judicial and a judicial process should not be blurred. .... A legal attitude should be avoided in a RBC process. As such we suggest to clearly split the two processes; making a clear division between voluntary RBC processes (forward looking) and regular court proceedings if and when there is jurisdiction and a violation of a clear enough rule’.

Although the entity does not oppose to legal liability, it calls for a more balanced approach.

The entity states that: 'Legal liability provisions need to be balanced and truly incorporate the widely accepted principle that due diligence is first and foremost an obligation of means and that companies cannot be made liable for damages they have not caused or directly contributed to (intentionally or negligently)'

It suggests limiting the due diligence framework to specific types of contracts and the development of a set of principles as the basis for compliance applicable to everyone.

The entity indicates: ‘The due diligence framework should take these existing realities into account and recognise that it makes sense to include clients’ subsidiaries within the value chain only in the event that they are signing the relevant contract. ... To avoid multiple obligations on clients, instead of requiring banks to impose a code of conduct on clients, the EC should develop a set of principles which could serve as a basis for compliance applicable to everyone’.

The entity advocates for narrowing the scope on its sector. It calls for exclusion of SMEs when providing any regulated financial services, and calls for clarification of the definition of, 'value chain', for credit institutions and the financial sector in general, and, 'established business relationships'.

The entity states that: 'The exclusion of SMEs from the value chain of credit institutions is foreseen for financing and insurance services, however it is unclear whether they would be subject if they are provided other financial services. We are of the view that SMEs should be excluded when providing any regulated financial services, be it loan or credit or for example a payment service or an investment service'.

The entity agrees that a new legal framework is needed and advocates for a principles-based approach. However, it does not support introducing due diligence duty definitions in the context of the Directive, and encourages the adoption of the OECD definitions. It does not refer to the downstream value chain, remedy or improvement.

The entity agrees that a legal framework is needed (question 2) and advocates for a principles based approach (question 15). It explains (in 15b): ‘If any duties are introduced, they should be principle-based so that there is flexibility for different sectors and different legal status or sized companies to apply the rules according to what works best in their situation’. In question 14, it comments of the definition of supply chain ‘ it is too broad, unless the consequences are limited to cases where a company has ‘caused’ or ‘contributed to’ an impact. Problems will arise when working with different terms. It is therefore important that the scope is clearly defined and consequences are limited to cases where a company has ‘caused’ or ‘contributed to’ an impact, and also limited to the relationships specifically included in the contract between the signing parties’. It does not refer to downstream value chain, nor remedy, nor improvement over time.

The entity considers that covering the whole value chain is neither manageable nor realistic. It also calls for a reduction of obligations.

The entity states that: 'Focusing on all aspects within the whole value chain is neither manageable nor realistic. Supply chains alone can comprise multiple tiers with hundreds or thousands of locations, product lines and entities. Companies should be able to prioritise the most salient risks and have the freedom to take appropriate actions to cease, prevent or mitigate identified adverse impacts in accordance with a risk based approach. Without this ability to prioritise, companies cannot realistically implement due diligence requirements in an efficient way'. It also points out that ' The list of norms/conventions in the Annex is too far reaching and generates legal uncertainty. Most of the norms in the annex are only applicable to states and not legal private entities like companies. To be workable, this list should be reviewed and shortened, clearly indicating what are the requirements directly applicable to companies'.

It views the implementation of a Code of Conduct problematic, and it suggests the removal of the proposed obligation to terminate a contract when potential adverse impacts could not be prevented or mitigated or when actual adverse impacts could not be ended.

Regarding the implementation of Code of Conduct, it notes: ‘We are concerned about the ability to impose these codes of conduct on clients (including from a contractual point of view). This could mean for the customer a multitude of codes of conduct to respect (depending on number of the bank it deals with). At the same time, it means that we will also have to apply those of our partners as part of the value chain (e.g. the credit institution could be seen as a supplier for certain services such as consulting). ... The need to get adherence to a code of conduct, or a prevention plan, in circumstances where contractual terms have already been agreed is simply not realistic’. As for the obligation to terminated contracts it indicates: ‘The proposed obligation to terminate a contract when potential adverse impacts could not be prevented or mitigated or when actual adverse impacts could not be ended should be removed. ... It would disproportionately disrupt the existing business of companies, undermining the overall market stability’.

The signatories call for avoid the extension of the scope of CS3D during implementation and introduction of guidance on model contract clauses.

The statement indicates that, 'competitiveness assessment that leads to the new simplification should ensure that upcoming implementing legislation and guidance … are co-developed to address gaps or excessively burdensome provisions, rather than introduce additional layers of complexity or de facto extend the scope of the CS3D'.

It defends that the decision on who their stakeholders are and how to respond to their inputs should remain at company level.

The entity indicates: ‘It should be clear that it is up to the company to define who its relevant stakeholders are and it is for the company to decide how to respond to their input. The definition and prioritisation of the potential stakeholders shall remain firmly among the Director (CEO) direct duties’.

The entity strongly disagrees with a legal requirement of stakeholder identification.

The entity strongly disagrees with question 6 about a requirement (for directors) to identify stakeholders and their interests. It states that: ‘Considering the large variety of possible stakeholders, we should avoid a “one size fits all approach”, there is no need for a legislative obligation and certainly not at board level.... Furthermore, EBF members in their capacity as investors, confirm that it is important for companies to know who their stakeholders are and, therefore, to “identify” them (without prioritizing one above the other), while also identifying related risks and opportunities, as well as conflicting issues among the different stakeholder categories.’ It considers the interest of employees, customers, and shareholders relevant. As for the other categories asked in question 5, it indicates I do not know/I do not take position arguing ‘some of the proposed interests are too vague’.

It advocates that it is up to the companies to decide who their key stakeholders are and how to handle their needs. Also, the Directive should take into consideration existing channels and the legal standing to submit a complaint may encourage complaints.

The entity indicates: ‘The Directive should allow for the use of existing complaints procedures, such as those established under Directive 2019/1937 and the National Contact Points for Responsible Business Conduct under the OECD Guidelines for Multinational Enterprises’. It adds: ‘It should be clear that it is up to the company to define who its relevant stakeholders are and it is for the company to decide how to respond to their input. The definition and prioritisation of the potential stakeholders shall remain firmly among the Director (CEO) direct duties’.

The entity strongly disagrees with a mandatory legal framework on this matter.

It strongly disagrees with a requirement (for directors) to establish mechanisms for stakeholder consultation as part of due diligence duty. It states that: ‘It should be up to each company, however, to define the scope of its stakeholders and decide the best way to organize the dialogue. ... we believe that any legal consequences attached to this notion stakeholder would be highly problematic and dangerous for companies. ... Finally, it is impossible to prescribe or prioritise in a legislation the interests of all the stakeholders, especially in sectors where companies have thousands of stakeholders.’

The entity strongly disagrees with a legal requirement for directors to manage the risks of the company in relation to stakeholders and their interests.

The entity strongly disagrees with question 6 about a requirement (for directors) of management of the risks for the company in relation to stakeholders and their interests. It states that: ‘the role of the board is mainly to provide oversight on duties and should not be prescribed by law how to perform them. Considering the large variety of possible stakeholders, we should avoid a “one size fits all approach”, there is no need for a legislative obligation and certainly not at board level. Flexibility should be allowed as to the means used to achieve general duties’.