ESG: The CSDDD for financial companies

The Corporate Sustainability Due Diligence Directive (“CSDDD”) imposes obligations on large companies to conduct due diligence within the company, its subsidiaries, and with suppliers (upstream) and customers (downstream). The aim of the CSDDD is to combat negative impacts on human rights and the environment. The CSDDD entered into force on July 25, 2024, giving EU Member States two years to transpose it into national legislation and regulations. Certain large financial companies also fall within the scope of the CSDDD. In this Legal Update, we discuss the implications of the CSDDD for these financial companies.

Application to Certain Large Financial Companies

The CSDDD applies to certain financial companies with an average of more than 1,000 employees, which generate a net turnover of €450 million or more worldwide. If an individual financial undertaking does not meet these thresholds, but the ultimate parent undertaking of the group to which the financial undertaking belongs does (on a consolidated basis), the CSDDD applies in principle to this ultimate parent undertaking. Certain financial companies such as pension funds and investment institutions (both AIFs and UCITS) are exempt from the CSDDD.

The CSDDD's implementation will occur in phases. 

• From 2027, the CSDDD will apply to the largest financial undertakings.
• From 2029, the CSDDD will extend to all financial undertakings with more than 1,000 employees and a net turnover of €450 million or more.

CSDDD Obligations: Transition Plan and Upstream Due Diligence

Financial companies subject to the CSDDD must fulfill two key obligations: 

1. Transition Plan

Financial companies are required to draw up a transition plan for limiting climate change. The transition plan must ensure that the financial company's business model and strategy are compatible with the transition to a sustainable economy and the limitation of global warming in line with the Paris Agreement. Financial companies required to report under the Corporate Sustainability Reporting Directive (“CSRD”), are deemed to have fulfilled their transition plan obligation under the CSDDD, provided the plan is effectively implemented by the financial company.

2. Upstream Due Diligence

The CSDDD requires financial companies to perform due diligence on their own company, subsidiaries, and suppliers (known as “upstream”). With regard to suppliers, due diligence must be performed on both direct and indirect suppliers that contribute to the financial services. This follows from the definitions of “business partner” and “activity chain” in the CSDDD. When performing due diligence, a risk-based approach applies, similar to anti-money laundering regulations. In the event of a potentially serious negative impact, the financial company will be obliged to terminate the business relationship with a supplier. In this case, it must be considered whether there are measures in place to prevent or mitigate the negative impact.

Exception to Downstream: No Basis for an “Exit”

Financial companies are exempt from the obligation to perform due diligence on the customer side (downstream). For example: 

• Banks are not required to perform due diligence on borrowers.
• Insurers are not required to assess policyholders. 

As a result, the CSDDD does not provide a basis for a bank to be obliged to discontinue services to customers due to, for example, serious sustainability or human rights violations. However, this may change in the future if financial companies are also required to perform due diligence on the customer side.

Even though the CSDDD does not contain an obligation to perform due diligence on the customer side, there are other obligations relating to the management of ESG risks on customers. These obligations stem from: 

• Expectations of regulators;
• Obligations under legislation and regulations; and
• The financial companies' own commitment to minimize ESG risk exposures.

Therefore, legal risks associated with the customer base of financial companies may go beyond the limited scope of the CSDDD. Consider, for example, the mortgage credit risks associated with climate change for borrowers in areas at risk of flooding and foundation problems, and the management of ESG risks as part of risk management.

We previously wrote about the ESG obligations that may arise in bank-customer relationships in the Legal Update ‘Managing ESG risks in bank-customer relationships’.

Enforcement

Compliance with the CSDDD can be enforced under civil or administrative law. From an administrative law perspective, Member States are required to establish a supervisory body to monitor compliance with CSDDD. This supervisory body will have the power to conduct investigations and impose fines of up to 5% of the global turnover of the financial undertaking concerned. It is expected that the ACM will be appointed as the supervisory body in the Netherlands.

Under civil law, it is possible for injured parties to hold a financial company liable and claim damages for intentional or negligent failure to comply with the obligations of CSDDD. These injured parties can be represented by trade unions, for example.

Questions?

Want to learn more about this topic? Please contact one of our specialists.