[author: Alexandre Bougherara]

The human element in your supply chain

There is little risk in claiming that ESG (Environment, Social, Governance) has been one of the most used acronyms over the last few years.

Some salient examples that changed how businesses think about ESG include the COVID outbreak and its consequences, the surge of concerns around sustainability, the wake-up call about diversity equity and inclusion, the increasing cases of whistleblowing around various forms of misconduct and non-compliance, and the rise in attention to third-party risk. With this increased focus, we’re seeing elevated pressure for businesses to improve their practices with regard to environmental impact, supply chain integrity, sustainability and resiliency, recruitment and representation for diverse workforces, transparent reporting, etc.

One part of the “S” is gaining traction with public and regulatory attention: human rights. Stories of human rights abuses and modern slavery rightfully outrage the public, pose significant business risks and now have the attention of regulators that are passing stringent supply chain laws to root out human rights abuses.

So, let’s talk about human rights and supply chain due diligence. This article will cover information discussed in recent webinars hosted by NAVEX.

Why are human rights so crucial for business?

Besides the readily apparent ethical reasons, ensuring employee and partner well-being and rightful treatment is paramount from a legal perspective. If a violation of human rights is found in the company or even the supply chain, the financial and reputational damage can be devastating. Companies must comply with expanding regulations that include a range of enforceable local and international laws if human rights issues are uncovered. Here are the main legislations developed over the last 15 years.

EU Corporate Sustainability Reporting Directive

Status: Adopted on January 5, 2023. The CSRD is set to be transposed by member states by July 6, 2024

Objectives: Reinforce the rules concerning the environmental and social information companies have to report in accordance with the ESRS (European Sustainability Reporting Standards).

Applicability: Progressive from 2025 onwards for the 2024 financial year. Applicable to all companies with more than 250 employees, a balance sheet total exceeding €20 million and a net turnover exceeding €40 million. Each member state will nominate a national monitoring body and decide the sanctions applicable in case of non-compliance.

Highlights:

• Reporting obligations based on harmonized European standards known as ESRS
• Double materiality: companies will have to communicate both ESG risks that impact the organization’s situation and their activities’ impact on people and the planet
• Increase the reporting requirements on how companies address human rights (mandatory for all companies)
• Draft EFRAG guidelines on materiality and value chain will soon be published for public consultation

European Corporate Sustainability Due Diligence Directive (CSDDD)

Status: Latest draft endorsed by the EU council in March 2024. The EU Parliament shall approve the text by May 2024. The EU Commission is expected to sign off the directive after.

Objectives: To uncover and address issues including environmental risks, the human rights and labor abuses. It makes organizations liable for violations in their supply chains.

Applicability: Would apply to EU companies with more than 1,000 employees and worldwide net sales of over €450 million and foreign companies with sales of at least €450 million in the EU over the past two years.[LM1] [AB2]

Highlights:

• Will create a new supervisory authority on a state level. Allows for civil lawsuits in situations, “but for” proper due diligence, the harm wouldn’t happen
• Reporting obligations based on harmonized European standards known as ESRS
• Creates a new corporate duty to perform due diligence on human rights and environmental outcomes
• Creates individual director-level duty of care
• Gives a detailed description of due diligence activities that must be undertaken, including the requirement to communicate about due diligence publicly – this is known as the double materiality
• UK Modern Slavery Act

Status: In force since 2015. In May 2022, an announcement was made that the act would be updated with a new bill. It is currently going through the legislative process.

Objectives: Fight modern slavery in the UK, protect victims and punish perpetrators.

Applicability: Companies doing business in the UK with an annual turnover of €36 million.

Highlights:

• Strengthen the requirements on businesses to set out the steps they have taken to prevent modern slavery in their operations and supply chains
• Provide mandatory content requirements for statements
• Introduce civil penalties for failing to comply
• Mandate that modern slavery statements be published on the UK Government-run reporting service and an organization’s website
• Draft EFRAG guidelines on materiality and value chain will soon be published for public consultation

The California Transparency in Supply Chains Act

Status: Effective January 1, 2012, in California, USA.

Objectives: Ensure manufacturers and retailers based in California provide information to address the issue of human trafficking and slavery from their supply chains.

Applicability: Retail sellers or manufacturers doing business in California with an annual worldwide gross receipt of over $100 million.

Highlights:

Companies must disclose the extent of their efforts in five specific areas:

1. Verification. If they engage in verifying the product supply chains to evaluate and address the risks of human trafficking and slavery
2. Audits. If they conduct audits of suppliers to evaluate their compliance with company standards for trafficking and slavery in supply chains
3. Certification. If they require their suppliers to certify compliance with the anti-slavery laws of the countries they are doing business
4. Internal accountability. If they maintain standards and procedures for contractors and employees who fail to meet company legislation regarding trafficking and slavery
5. Training. If they provide training on slavery and trafficking to staff involved in the supply chain process

German Supply Chain Due Diligence Act

Status: Effective January 1, 2023, in Germany.

Objectives: Establish internal and external risk management systems to identify and prevent the risks of human rights violations and damage to the environment within their supply chain.

Applicability: Organizations with a registered brand or office in Germany with 1,000 or more employees.

Highlights:

• This applies to all an organization’s direct and indirect suppliers starting from the extraction of raw materials and ending with delivery to the customer

Duty of care: influence and controversies

Launched in France in 2017, this law continues to cause a stir among legal experts. Following the Rana Plaza tragedy in Bangladesh, where more than 1,100 workers were killed in the collapse of a garment factory, the French deputies initiated discussions about human rights at work.

The disaster turned out to be the result of multiple malversations such as bribes, lack of safety policies, usage of low-quality materials and hazardous equipment, and the employment of low-wage labor from foreign companies. For four years, conversations were heated on the benches of the French National Assembly, but the law was eventually adopted.

So, what is this regulation about, and why is it causing trouble despite the original rightful intention behind it? The Duty of Care law applies to companies with over 5,000 employees if the headquarters are in France, and 10,000 employees for those outside the country. It obliges businesses to identify and prevent negative impacts on human rights, health and safety and the environment. They also have the responsibility to publish the content and outcome of the program, to accept administrative fines in case of non-compliance and claim damages in case of harm caused by non-compliance.

The law’s text was subject to many arguments, both political and legal. One of the main invoked reasons for opposition is the lack of clarity, highlighted by the number of ambiguous and vague terms, but also the shortage of examples and specifications. Some choices were also questioned, like the number of employees as a criterion. Others argued that disclosing information would go against business privacy, data protection and freedom to trade. Some pointed out that the Duty of Care would create an incidental liability between parties based on contracts (company with supplier, for instance).

Unfortunately, the decree that was supposed to provide further information was never published. After seven years of application, only one ruling has happened, which was against the complaining party (NGOs vs. Total). Most companies have complied with their publication obligations but there is debate on the quality of their programs. The law indicates companies should associate stakeholders when elaborating their programs, but few have done so.

However, despite all the turmoil and the weak outcomes, the French Duty of Care law inspired many other countries to adopt similar legislation.

Human rights strategies and best practices

The Duty of Care case and the shift from assessment-based to audit-based laws prove two things: there is a real need to place human rights protections at the center of business strategies, but that intention also comes with struggles.

Firstly, how do we define human rights? How do we establish human rights protections in supply chains? What does enforcement look like for violations? What is the impact on organizations apart from the transparency effort in protecting human rights in the supply chain?

This analysis shows 86% of the stock exchanges mention human rights and the United Nations in their ESG disclosure guidance. However, the rates of references to Human Right Policies and Human Rights due diligence fell to 41% and 12.5%, respectively. These figures highlight the discrepancy between the will to have a social approach and the concrete description of the actions.

Given the complexity of such a matter, it appears essential to have strong foundations that define legal and strategic areas.

Before setting up a human rights compliance strategy, it is paramount to ask:

• What are we trying to achieve? Legal compliance? Reputation protection? Market advantage?
• Who is going to pilot this project? Who gets invited to the table? Who decides?
• Do the people who will decide on the path forward need up-skilling for this specialty area of concern?
• What do we already have in place and how can we build on this (CSR, anti-corruption, data privacy, diversity and inclusion, health and safety, HR, etc.)
• What don’t we know?

A good way to respond to these questions is to set best practices for assessments and ongoing monitoring:

• Ensure stakeholder engagement
• Conduct adverse media searches that include human rights terms, not just bribery, fraud, etc.
• Partner with NGOs for resources and best practices
• Contract terms should allow auditing on a risk-based approach cadence
• Develop policies and procedures that are universal and consistent
• Assess each issue separately

In a nutshell, this is what a human rights compliance strategy should feature:

• A policy commitment approved at the highest level of leadership stipulating the company’s expectations of staff, business partners and other parties directly linked to its operations
• Human rights due diligence to identify possible impacts on people, caused directly or indirectly by the company
• Integration in company policies and systems, assigning responsibility for each human rights concern and integration in decision-making mechanisms and budget allocation supported by communication and training
• Tracking and reporting based on appropriate KPIs and tracking tools to ensure sufficient and accurate information is available to respond to mandatory reporting obligations, business partner and stakeholder requirements

Conduct risk mapping to avoid common mistakes such as:

• Not involving appropriate subject matter experts or not creating a cross-functional oversight group
• Skipping the theoretical risk analysis (if no issues or complaints to date have been made)
• Taking a narrow view of human rights (e.g., concentrating only on labor issues within the supply chain)
• Taking into account philanthropy initiatives

Final words

Embracing and championing for human rights is unquestionably the right thing to do, but creating a process by which your organization governs human rights across your supply chain is no easy feat. Defining due diligence in such a complex environment that involves many parties like the supply chain is a strong commitment that takes time, effort, investment and compliance. While this won’t happen overnight and may necessitate some unexpected changes in policies, processes or suppliers, prioritizing human rights across the supply chain will position your organization for resilience and demonstrate a commitment to ethics and compliance.

Find our more here.

View original article at Risk & Compliance Matters