Human rights assessments are an increasingly closely watched area of due diligence for the supply chain of organizations across numerous industries. Even smaller operators are subject to the reality of today’s global supply chains, and everyone from customers to regulators are watching to see how organizations treat people and the planet. Visibility into the ethics and practices of vendors – and for that matter, the operations of any organization – are more important than ever before.
On April 18th, NAVEX Chief Risk and Compliance Officer Carrie Penman moderated a discussion on this issue with Kristy Grant-Hart, CEO, Spark Compliance Consulting; and Robert Smith, Director, Business Compliance and Ethics, Serco Group. This highly attended webinar inspired a deluge of questions and comments, and Grant-Hart and Smith have returned to address some of those highest-profile points in this two-part series for NAVEX Risk & Compliance Matters.
What standards or indicators do you recommend following to report on human rights?
At Serco, we use international human rights standards such as the International Bill of Human Rights, the International Labour Organization’s Declaration on Fundamental Principles and Rights at Work, the United Nations Global Compact and the United Nations Guiding Principles on Business and Human Rights to guide decision making, constructive engagement and the assessment and management of adverse human rights impacts. These are the main recognized standards. We have reviewed these and consolidated them into an internal guidance document that pulls out those rights relevant to our business to create a simple reference document that can be used by the business. We then focus our reporting (in our annual report and accounts and ESG reports) around those areas that have potential human rights impacts and how we manage them. So, the focus of reporting is on what we do to manage the impacts we might have, which will reflect the principles in the above standards.
With human rights you need to consider the perception of others regarding the actions you are taking. This places importance on understanding the potential impacts through impact assessments.
How different is HRIM from anti-bribery/anti-corruption obligations?
Human resource information management (HRIM) is less “tangible.” The perception of a breach of human rights can be subjective. For example, a detained immigrant may believe their human rights have been breached when the environment they are in is following approved procedures. It is therefore important when dealing with human rights to have good relationships with relevant NGOs to have a broad stakeholder view of activities to support your position and actions.
Also, anti-bribery/anti-corruption (ABC) breaches generally are down to a specific act that breaks the law i.e., a bribe, excessive gift designed to influence etc. Breaches in human rights are generally less clear and can be viewed differently by different parties. This requires specific legal action to determine in individual cases what is acceptable. From a corporate perspective, it is easy to be clear and state a zero-tolerance position on ABC and set out procedures and controls to address this. With human rights you need to consider the perception of others regarding the actions you are taking. This places importance on understanding the potential impacts through impact assessments.
Are there practical guidelines outlining how companies should incorporate EU due diligence into existing programs if/when the Corporate Sustainability Due Diligence Directive (CS3D) comes into force?
The draft directive is new and still being negotiated, and so the only guidance is in the proposed legislation itself. Depending on the final text adopted by the EU, corporate due diligence duties are likely to apply to a companies’ own operations and the operations of their subsidiaries and their entire value chains.
All companies falling under the scope of the Directive must address actual and potential adverse impacts on human rights and the environment resulting from violations of international conventions.
The current drafts will require companies to fulfil the following due diligence obligations with respect to human rights and environment:
- Integrate due diligence into companies’ policies
- Identify potential adverse impacts on human rights and environmental impacts
- Prevent and mitigate potential adverse impacts
- End and minimize actual adverse impacts
- Establish and maintain a complaints procedure
- Monitor the effectiveness of due diligence policy and measures
- Publicly communicate on due diligence.
It is wise for companies to consider how they would fulfil these obligations and begin planning to do so now.
Inside an organization, where should the function of human rights oversight be allocated? In Compliance? In Legal? Human Resources? Cross-functional, headed by compliance?
Like many aspects of regulatory and integrity business principles, human rights touches many different aspects of an organization. This includes:
- Executive leadership, who set policy and the principles and standards the company wishes to be known for – this is often driven by the General Counsel or Legal
- The human rights of employees is generally the responsibility of HR as it relates to contract conditions, pay, hours, conditions of work, etc.
- The importance of due diligence is generally down to the compliance department (new country, business, partner due diligence) or procurement (supply chain due diligence with support from Compliance when red flags are raised)
- The importance to understand the salient human rights impacts that you face could be led by Risk, but would need involvement of Ethics, Compliance, Procurement, and HR
- The review of salient rights where an ‘ethical’ position is sought regarding the more serious human rights impacts is likely to be reviewed by Ethics
There therefore is no obvious specific owner. This will depend on how your organization is structured. What is important is that there is an executive sponsor at the board/executive committee level who leads on behalf of the company on human rights. That they are supported by a specific department lead who will drive the human rights program and ensure that processes and controls deliver the standards set. And that the specific department lead engages with relevant other department leads who input into the management of human rights.
Are there any reliable (regularly updated) watchlist(s) of supply chain vendors who are known violators of the previously stated acts/regulations?
Most adverse media searches look for words relating to bribery and corruption. Be sure to request words associated with modern slavery, human trafficking and human rights abuses in your settings. That way, the adverse media filter will find articles about modern slavery if they relate to your suppliers.
There is not any specific list of violators similar to say, the Specially Designated Nationals list updated by the Office of Foreign Asset Control (OFAC). However, there are ways to find violators.
The United States implemented the Uyghur Forced Labor Prevention Act; this act creates the presumption by the U.S. government that any product made with goods even partially sourced from the Xinjiang region of China has been made with forced labor. Therefore, if you see that any part of your supply chain has goods from this region, you will want to think twice or perform more investigation/onsite audits, even if you aren’t selling into the U.S.
Many third-party screening programs offer adverse media reviews. Be sure to ask your vendor about the trigger words in the screening software. Most adverse media searches look for words relating to bribery and corruption. Be sure to request words associated with modern slavery, human trafficking and human rights abuses in your settings. That way, the adverse media filter will find articles about modern slavery if they relate to your suppliers.
Due diligence in complex supply chains tends to focus on Tier 1 suppliers; how do companies with supply chains 6 or 7 tiers deep practically address this risk, especially when such organizations have thousands of suppliers?
This is a question that challenges us all and you need to be careful you don’t try and ‘boil the ocean’.
Requirements around due diligence are generally risk based. This is the case, for example, with modern slavery due diligence. It is therefore appropriate to consider the types of supply chain that are at a higher risk of modern slavery and carry more in-depth diligence on the subject with them. For Serco, the supplier sectors or categories that we carry out our modern slavery due diligence checks on are:
- Landscape and ground maintenance
- Environment H&S – only for uniforms
- Linen and laundry
- Waste (excluding specialty waste disposal like chemicals requiring specific licenses)
- Catering – only for food, prepping and serving food
- Recruitment agency (blue collar)
- Manning guards
- Transport (for vehicle cleaning services, etc.)
- Hotels for cleaning staff
- Office – for removals services
It is therefore important that you consider the human rights risks that are most relevant to your business and then consider your supply categories and recognize those elements where you believe there the risk is heightened.
You should use the same consideration regarding the depth of review. For example, if you are a uniform supplier, then for core elements of the materials you use it is appropriate to go several layers down the supply chain to where the cotton comes from that makes the thread that is woven into the shirt you sell. However, if you are a security company that buys uniforms, then understanding the depth of diligence completed by your uniform supplier is probably sufficient.
CS3D may require due diligence on a company's full value chain. How do you go about discovering who the actors are upstream? And how do you leverage mitigation/remediation actions when the mine/quarry might be 5-6 steps away with no commercial link to your business?
As discussed in the previous question, it is a question of risk. If a supplier or partner is a critical element in your supply chain and potentially has high risk regarding human rights, then you need to be assured that the mine (as in the question) is not breaching human rights which you could be linked with.
Although you don’t have a direct commercial relationship with them, you could be viewed as complicit in a breach. It is therefore important you have contractual flow-down of expectations and get assurance from those you do have the contractual relationship with that they are managing their supply chain and getting assurance from a human rights perspective. You can do high-level screening of companies down your supply chain to give you comfort and to set up monitoring so that should something arise, you can challenge the company you have the relationship with to provide comment on any red flags. There are industry groupings that work together to share best practice to try to drive improvements in human rights through the supply chain. Retail, food retail, and construction are areas where this happens. You might want to think establishing something for mining!
For more guidance on how to address modern slavery in the supply chain, check out this blog post also by Kristy Grant-Hart.
Click below to watch a recording of our webinar, “Human Rights Impact Assessments: A How-To Guide,” and follow Risk & Compliance Matters for part two of this series.