Forced labor in the supply chain is not quite a new corporate compliance challenge; the United Kingdom and Australia, for example, have required corporations to police against such abuses in their supply chains since the 2010s.
In 2023, however, a new crop of forced-labor laws are coming into force – and the more your corporate compliance function can grapple with these risks in a global, uniform manner, the better.
We can begin with a quick world tour of these new laws:
- In Germany, a new law (known as “LsGK” for its abbreviation in German) requires companies to address human rights in their supply chain. The German Supply Chain Act, LsGK, directs companies to establish a legitimate risk management program for forced labor risks, complete with supplier due diligence, policies and procedures, a system to report complaints, and the like.
- In Canada, lawmakers are poised to pass a law that will require companies to report how they try to keep forced-labor items out of their supply chains. The legislation would require companies to disclose the steps they take to assess and reduce the risk of forced labor in their supply chain, but not require companies to take any specific steps against forced labor.
- In the United States, the Uighur Forced Labor Prevention Act of 2021 is now putting real pressure on global corporations. For example, the Senate Finance Committee recently subpoenaed all the major car manufacturers, asking them to explain how they assure that their supply chains don’t include goods made from forced labor in the Xinjiang region of China.
- Plus, as mentioned, Australia and the United Kingdom both have Modern Slavery Acts, requiring companies to describe what steps they take to assess (and, ideally, to reduce) the risks of forced labor in their supply chains. The state of California also has its own anti-slavery statute, too.
These laws differ in their exact requirements, but they all aim toward the same goal: to eradicate forced labor from the supply chain. Moreover, even though the laws are a compliance risk, forced labor is also very much a reputational and operational risk. After all, what company wants to appear in the headlines of a forced-labor exposé in the media? How much turmoil would then follow as that company drops problematic suppliers immediately and scours the globe for replacements?
Simply put, forced labor is now an issue where a company’s ethical values (“no forced labor, it’s just wrong”) align with its compliance, operational and reputation risks. That is a powerful imperative to get your third-party risk management capabilities right.
The supply chain capabilities you need
The good news for compliance teams is they already have a strong foundation in third-party risk management thanks to the Foreign Corrupt Practices Act and the anti-corruption due diligence you’ve performed on third parties for years. Forced-labor due diligence expands that effort, but the fundamentals are the same.
You need to understand how your company sources goods. For example, does the company have a dedicated procurement function, or can each geographic or operating unit find necessary suppliers by itself? This question is important because the answer dictates who within the enterprise will be your partners as you develop due diligence policies and procedures.
You need to know which suppliers are mission-critical to the business. This is important so that the company won’t suffer operational disruptions if it decides to cut ties with problematic suppliers. Ideally, the company should identify its Tier 1 suppliers, and be able to game out scenarios of what would happen if those suppliers were suddenly unavailable.
We should pause here to note that the above two points are about how the compliance team relates to other parts of the enterprise. That is, they are about relationships, and whether the compliance team truly is a valued “part of the team.”
Compliance officers also need to have effective due diligence procedures, to find the right answers about forced-labor risks. For example, do your contracts include clauses that allow you to ask about forced labor, or to require your suppliers to assess the forced-labor risks from their suppliers? Can you perform the right background checks and due diligence procedures to uncover forced labor allegations? Do your questionnaires include the right questions?
You also need other forced-labor compliance policies and procedures, such as internal reporting channels, training and documentation. For example, your best sources of intelligence about forced labor in your supply chain might come from workers at those supplier companies. Do they know how to reach your ethics hotline? Do they know they’re encouraged to call your hotline? Have your own managers (especially in operating units that work with suppliers) been trained to look for evidence of forced labor?
Lastly, you need strong reporting capabilities – to publish required reports (such as the annual statements required in the U.K. and Australian Modern Slavery Acts), to answer subpoenas from lawmakers and regulators, to demonstrate your risk management skill to business partners, or just to show the public that your company does take forced labor seriously. Compliance officers will need systems that can marshal all the third-party data you collect, provide a holistic view of forced-labor risk across your enterprise and down your supply chain, and then put those insights in writing.
In many ways, the compliance capabilities an organization needs for forced-labor issues overlap with those you need for anti-corruption programs; then again, that’s the point. The capabilities needed for regulatory compliance are converging with those necessary for risk management. That same expertise can boost your organization’s ethical rigor and its strategic advantages in the marketplace.
Call it the compliance function moving from the supply chain to the value chain.
To learn more about how NAVEX can help your organization address third-party due diligence and ensure compliance across your supply chain