CS3D for Finance & Insurance

What is CS3D?

The Corporate Sustainability Due Diligence Directive (CS3D) is a landmark piece of European Union legislation that requires large companies to identify, prevent, mitigate, and account for adverse human rights and environmental impacts throughout their value chains. Adopted in 2024, the directive establishes a legal obligation for in-scope companies to conduct ongoing due diligence rather than relying on voluntary commitments. CS3D builds on existing frameworks such as the UN Guiding Principles on Business and Human Rights and the OECD Guidelines for Multinational Enterprises, turning soft-law expectations into enforceable legal requirements with significant penalties for non-compliance.

CS3D and the Finance & Insurance Industry

The finance and insurance sector occupies a unique position under CS3D. While financial institutions do not typically operate factories or extract raw materials, they enable and facilitate economic activities across virtually every industry through lending, investment, and underwriting decisions. This intermediary role means that banks, asset managers, insurers, and other financial service providers are directly connected to environmental degradation and human rights abuses carried out by their clients and portfolio companies.

Under CS3D, financial institutions must apply due diligence to their downstream business relationships. In practice, this means a commercial bank extending a project finance loan to a mining company must assess whether that project involves forced labor, deforestation, or pollution of water sources. An insurance company providing coverage for a large infrastructure project must evaluate the human rights and environmental risks associated with that development. Asset managers selecting companies for investment portfolios must integrate due diligence findings into their decision-making processes.

The directive is particularly consequential for the finance and insurance industry because of the scale of influence these institutions wield. A single lending decision by a major European bank can unlock hundreds of millions of euros for a project with significant environmental footprints. Similarly, an insurer's decision to underwrite or refuse coverage for a high-risk operation sends a powerful market signal. CS3D effectively transforms financial institutions from passive capital providers into active gatekeepers of sustainability standards across the European economy and beyond.

Consider a practical scenario: a European insurer provides liability coverage to a textile manufacturer sourcing cotton from regions known for forced labor practices. Under CS3D, that insurer cannot simply claim ignorance. It must have processes in place to identify such risks, engage with the client to address them, and — if remediation fails — potentially terminate the business relationship. This represents a fundamental shift in how financial services firms approach client onboarding and ongoing relationship management.

Key Requirements

Finance and insurance companies falling within the scope of CS3D must comply with several core obligations:

• Integration of due diligence into corporate policy: Financial institutions must embed human rights and environmental due diligence into their governance structures, risk management frameworks, and compliance policies. This includes board-level oversight and the designation of responsible personnel or committees.
• Identification and assessment of adverse impacts: Companies must map their business relationships — including clients, investee companies, and insured parties — to identify actual and potential adverse impacts on human rights and the environment. For banks, this means assessing lending portfolios; for insurers, this means evaluating underwriting exposure; for asset managers, this means screening investment holdings.
• Prevention and mitigation measures: Where potential adverse impacts are identified, financial institutions must take appropriate action to prevent or mitigate them. This may include adjusting loan covenants, adding sustainability clauses to insurance contracts, engaging with portfolio companies on corrective action plans, or excluding certain sectors or activities from product offerings.
• Termination of relationships as a last resort: If prevention and mitigation efforts prove insufficient, companies must consider ending business relationships that cause or contribute to severe adverse impacts. For a bank, this could mean declining to refinance a loan; for an insurer, refusing to renew a policy.
• Establishment of a complaints mechanism: Financial institutions must provide a channel through which affected stakeholders — including workers, communities, and civil society organizations — can raise concerns about adverse impacts linked to the company's activities or business relationships.
• Public reporting and communication: Companies must publish an annual statement on their due diligence activities, findings, and outcomes. This reporting must be substantive and specific, going beyond generic policy statements to describe actual measures taken and their effectiveness.
• Climate transition planning: In-scope companies must adopt and implement a transition plan aligned with the Paris Agreement goal of limiting global warming to 1.5 degrees Celsius. For financial institutions, this extends to the emissions profile of their lending, investment, and underwriting portfolios — commonly referred to as financed emissions.
• Stakeholder engagement: Due diligence processes must include meaningful consultation with affected stakeholders, including trade unions, worker representatives, indigenous communities, and non-governmental organizations relevant to the identified risks.

Implementation Steps for Finance & Insurance Companies

Achieving compliance with CS3D requires a structured, phased approach. The following steps provide a practical roadmap for financial institutions:

1. Conduct a scoping assessment: Determine whether your organization falls within the scope of CS3D based on employee count, net turnover, and nature of operations. Identify which subsidiaries, branches, and business lines are covered. Engage legal counsel to clarify jurisdictional questions, particularly for groups operating across multiple EU member states.
2. Perform a gap analysis against current practices: Evaluate your existing ESG risk management, responsible lending or investment policies, and sustainability reporting against CS3D requirements. Many financial institutions already have elements of due diligence in place through voluntary frameworks such as the Equator Principles, Principles for Responsible Investment, or Principles for Sustainable Insurance. Identify where these fall short of the directive's mandatory standards.
3. Map your value chain and business relationships: Create a comprehensive inventory of your client base, investee companies, and insured parties, segmented by sector, geography, and risk profile. Prioritize high-risk segments — such as extractive industries, agriculture, textiles, and construction — for deeper assessment. For large portfolios, deploy risk-scoring methodologies that flag relationships requiring enhanced due diligence.
4. Develop and adopt a due diligence policy: Draft a formal policy that integrates human rights and environmental due diligence into your corporate governance framework. The policy should specify roles and responsibilities, escalation procedures, risk tolerance thresholds, and the criteria for engaging with or disengaging from high-risk clients. Secure board-level endorsement and allocate dedicated budget and personnel.
5. Integrate due diligence into business processes: Embed due diligence checks into existing workflows — credit approval processes for banks, underwriting guidelines for insurers, and investment screening for asset managers. Update client onboarding procedures, periodic review cycles, and product development frameworks to incorporate CS3D-aligned assessments. This is not a standalone compliance exercise; it must be woven into daily operations.
6. Establish a grievance mechanism: Set up an accessible, transparent, and effective complaints channel. This may be a dedicated hotline, an online portal, or a partnership with an independent ombudsman. Ensure that the mechanism is publicized to relevant stakeholders and that received complaints are tracked, investigated, and resolved within defined timelines.
7. Build internal capacity and training programs: Train relationship managers, credit analysts, underwriters, and investment professionals on CS3D requirements, human rights risks, and environmental due diligence methodologies. Equip front-line staff with practical tools — such as sector-specific risk checklists and red-flag indicators — to identify issues during routine client interactions.
8. Implement monitoring and reporting systems: Deploy technology solutions to continuously monitor your portfolio for emerging risks, adverse media, and regulatory changes. Establish key performance indicators for due diligence effectiveness, such as the percentage of high-risk clients with active mitigation plans. Prepare your annual due diligence statement in a format that meets both CS3D and CSRD (Corporate Sustainability Reporting Directive) requirements.
9. Engage with industry peers and standard-setters: Participate in industry working groups, share best practices, and contribute to the development of sector-specific guidance. Coordinated action across the financial sector strengthens due diligence outcomes and reduces the risk of competitive disadvantage for early movers.
10. Review and iterate annually: Treat CS3D compliance as a continuous improvement process. Conduct annual reviews of your due diligence framework, update risk assessments based on new information, and refine your approach based on lessons learned from grievance cases, stakeholder feedback, and regulatory guidance.

Frequently Asked Questions

Which financial institutions are covered by CS3D?
CS3D applies to EU-based companies with more than 1,000 employees and a net worldwide turnover exceeding 450 million euros, as well as non-EU companies generating equivalent turnover within the EU. For the finance and insurance sector, this captures most large banks, insurance groups, asset managers, and financial holding companies operating in Europe. Smaller institutions below these thresholds are not directly subject to the directive, but may face indirect pressure from in-scope clients and business partners requiring due diligence information from their counterparties.

How does CS3D interact with existing financial sector regulations?
CS3D complements the Sustainable Finance Disclosure Regulation (SFDR), the EU Taxonomy Regulation, and the Corporate Sustainability Reporting Directive (CSRD). While SFDR focuses on disclosure of sustainability risks in investment products and CSRD addresses corporate reporting, CS3D goes further by requiring active identification, prevention, and mitigation of adverse impacts. Financial institutions must ensure that their CS3D due diligence processes feed into their SFDR and CSRD reporting obligations, creating a coherent and integrated sustainability compliance architecture.

What are the penalties for non-compliance?
Member states are required to establish effective, proportionate, and dissuasive penalties. The directive provides for fines of up to 5% of a company's net worldwide turnover. Additionally, CS3D introduces civil liability provisions, meaning that companies can be held liable for damages resulting from their failure to conduct adequate due diligence. For financial institutions, reputational damage and loss of client trust may represent consequences equally significant as the financial penalties themselves.

Does CS3D require financial institutions to exit entire sectors?
No. The directive follows an engagement-first approach. Financial institutions are expected to use their leverage to encourage clients and portfolio companies to address adverse impacts. Termination of a business relationship is positioned as a measure of last resort, to be considered only when other prevention and mitigation efforts have failed and the adverse impacts are severe. The directive recognizes that blanket sector exclusions can be counterproductive, as they may push harmful activities toward less responsible financiers rather than driving meaningful improvement.

Summary

The Corporate Sustainability Due Diligence Directive marks a turning point for the finance and insurance industry in Europe. Financial institutions can no longer treat human rights and environmental risks as peripheral concerns — they are now legal obligations backed by substantial penalties and civil liability. The time to act is now: companies that begin building robust due diligence frameworks today will not only achieve compliance but will also strengthen client relationships, reduce portfolio risk, and position themselves as leaders in a rapidly evolving regulatory landscape.