Can You Be Sure? Identifying and Mitigating Risks in the Harder-to-Reach Parts of Your Supply Chain

An Objective Examination of Due Diligence Beyond Tier 1

The Illusion of Visibility

For decades, most corporations have focused their regulatory efforts and compliance teams on establishing robust due diligence protocols for their direct, Tier 1 suppliers. This immediate level of control, however, often fosters an illusion of control that fundamentally misrepresents a company's true risk exposure. The reality is that the majority of environmental and social liabilities, particularly in resource-intensive sectors, rarely originate at the point of final assembly or direct contract. Instead, they reside in the structural depths of the ecosystem: among Tier 2 and Tier 3 suppliers, the raw material extractors, primary processors, and specialised component manufacturers.

The shift in the geography of risk is stark and undeniable. According to recent analyses, supply chain emissions (Scope 3) are, on average, 11.4 times greater than a company's operational emissions (Scope 1 and 2). Furthermore, for many sectors like retail and electronics, Scope 3 accounts for around 98% of total emissions. Despite this overwhelming evidence that impact resides in the deeper tiers, the McKinsey Global Supply Chain Leader Survey 2024 indicates a concerning trend: while visibility into Tier 1 suppliers is improving, visibility into deeper supply chain tiers declined for the second consecutive year. For financial institutions and large corporations operating under escalating scrutiny, the stakes are rising: how can a firm be truly certain about the absence of risk when the greatest liabilities are structurally obscured?

The Regulatory Mandate for Depth

The central question of whether a firm can look beyond Tier 1 has effectively been replaced by the question of whether it is legally required to do so. A wave of mandatory legislation and stringent disclosure rules has now created a global imperative for deep-tier diligence.

The EU Corporate Sustainability Due Diligence Directive (CSDDD), which was adopted in 2024, provides a definitive legal answer to the Tier 1 challenge. Though the final version was narrowed in scope, it did not eliminate the deep-tier obligation; rather, it formalized it. This Directive explicitly requires large companies to identify, prevent, mitigate, and account for adverse human rights and environmental impacts in their "chain of activities," which includes direct and indirect business partners. This specific legal language mandates a systematic assessment of the upstream supply chain, covering production, extraction, and manufacturing.

The CSDDD emphasises a risk-based requirement, meaning compliance systems must prioritise focusing on the value chain links where risks are most severe and most likely to occur. Since the most severe impacts, such as forced labour or land appropriation, rarely occur at a Tier 1 assembler, compliance is only legally defensible if monitoring systems focus on those high-risk areas, which are often Tiers 2 and 3. For instance, a company that fails to investigate a known, high-risk commodity (e.g., cobalt or palm oil) at its source simply because it is Tier 3 is failing its mandated due diligence. Furthermore, this legal obligation is backed by the threat of civil liability under national law for damages caused by a company’s failure to properly implement due diligence. A foreseeable failure to identify and prevent severe human rights abuse at Tier 3, therefore, directly exposes the company to legal action.

The CSDDD does not operate in a vacuum, but functions alongside other powerful tracing laws that confirm this deep-tier imperative. Firstly, Germany’s Supply Chain Due Diligence Act (LkSG) is fully effective and compels German companies to establish due diligence processes that explicitly extend to their indirect suppliers when "substantiated knowledge" of a violation exists. The framework thus forces the creation of monitoring systems that actively pursue this deeper knowledge. Secondly, the US Uyghur Forced Labour Prevention Act (UFLPA) is arguably the most forceful tracing measure globally. It creates a rebuttable presumption that goods sourced from high-risk regions are tainted by forced labour. To overcome this presumption, importers must provide clear and convincing evidence of clean sourcing, a requirement that effectively mandates forensic, raw material-level tracing that bypasses standard Tier 1 reporting.

Rewarding the Storyteller: The Financial Disclosure Imperative

Beyond the necessity of avoiding fines, the modern market demands deep due diligence for credible transparency. The EU's Sustainable Finance Disclosure Regulation (SFDR) and the UK's upcoming Sustainability Disclosure Requirements (SDR) require financial market participants to disclose how they consider Principal Adverse Impacts (PAIs). Since many mandatory PAI indicators relate directly to human rights (like modern slavery) and biodiversity loss - chronic issues rooted in Tier 2 and Tier 3 - financial firms simply cannot make credible disclosures without validated deep-tier data, leaving them vulnerable to market criticism and greenwashing sanctions.

Analysing the "harder-to-reach" parts of the supply chain requires a shift in focus to specialised risk vectors often neglected in conventional analysis. Risk assessments typically focus on carbon emissions or waste volume. Yet, the impact of extraction or agricultural practices at Tier 3 is often most severe in terms of biodiversity loss and ecosystem degradation. Research from 2021 noted that the global food system is the primary driver of biodiversity loss, with agriculture identified as the threat to 86% of the species at risk of extinction, a vast impact that occurs deep within commodity supply chains. This challenge necessitates specialised analysis to map sourcing practices against global biodiversity hotspots and protected areas, a complex task that generalised auditors are not equipped to handle.

While Tier 1 labour practices are routinely audited, the deeper tiers present systemic social and labour factors that are notoriously complex to uncover. Global estimates from the ILO and Walk Free Foundation indicate that 27.6 million people were in forced labour globally as of 2021, with the vast majority exploited in low-tier, extractive, or manufacturing sectors supplying goods to international markets. Effective due diligence must therefore move past relying on basic supplier questionnaires and employ advanced techniques, such as geospatial intelligence and non-conventional data sources, to identify hidden facilities or high-risk regions linked to these fundamental human rights violations.

Why Due Diligence Fails to Go Deep

Despite the clear regulatory push, the effective implementation of deep supply chain due diligence is hindered by several structural and practical issues. The fundamental inhibitor is structural opacity, rooted in the lack of direct contractual relationships. A large buyer has no immediate legal leverage over a small, Tier 3 component producer on the other side of the globe. This creates a critical data asymmetry, where the buyer lacks the authority to demand key information. Compounding this is complexity and volume: the sheer scale of deep supply chains makes manual diligence impossible. Mapping a chain to Tier 3 can involve tens of thousands of entities across dozens of jurisdictions, creating an immense, costly data management challenge. Finally, there is the challenge of enforcement and jurisdiction, as many high-risk activities occur in jurisdictions where local governance is weak or regulatory oversight is minimal. Companies face the difficulty of enforcing their standards in regions where their legal influence is negligible.

The CSDDD, LkSG, and UFLPA have established a clear and legally binding imperative to address risks beyond Tier 1. The core challenge remains that the structural inhibitors - opacity and complexity - prevent traditional methods from meeting this imperative. Ultimately, certainty about supply chain risk is only achieved through comprehensive coverage. It demands specialised capabilities that go deep into the value chain and broad into the scope of risks assessed, specifically targeting those unique vulnerabilities that standardised tools fail to address. For firms operating in an environment of escalating accountability, this level of focused, deep-tier diligence is becoming less a competitive advantage and more a regulatory necessity.