Integrating human rights assessments into your company’s sales compliance protocols
November 2019 | EXPERT BRIEFING | RISK MANAGEMENT
According to the ‘UN Guiding Principles on Business and Human Rights’: “Business enterprises should respect human rights. This means that they should avoid infringing on the human rights of others and should address adverse human rights impacts with which they are involved.”
As a conceptual person, a corporation enjoys certain freedoms and rights, but with protections and liberties come the expectations of civil society that corporations will respect the human rights of natural persons. These expectations are reflected in different levels of action by state and non-state actors. Some are ‘hard law’, that is, law enacted and enforced by the state. There are also aspirational statements that are not ‘enforced’ on parties in the traditional sense of the word. Those are often referred to as ‘soft law’.
While not enforceable in a traditional sense, soft law is still relevant because it establishes norms for different industries and provides a benchmark for understanding the behaviour expected of corporations. Failure to adhere to these codes and principles may cause a company to suffer a reputational harm, but there generally is no ‘hard’ penalty or judicial process attached to violating ‘soft’ law. To be sure, the reputational impact can still be severe, affecting consumer behaviour, market value and the reputations of individual executives and investors.
Examples of hard and soft law addressing the impacts of corporate activity on human rights abound. Supranational organisations such as the United Nations (UN), the Organisation for Economic Cooperation and Development (OECD), and the International Labour Organization (ILO) have focused on the intersection of business and human rights issues. These are mainly soft law, but the content may be incorporated into contractual commitments.
Nations and subordinate governments such as provinces, states and cities have enacted laws addressing human rights by, for example, mandating consideration of human rights in the supply chain, requiring reporting of efforts to eliminate ‘conflict minerals’ from the supply chain or assessment and mitigation of the risks of modern slavery and human trafficking. Nations have also introduced human rights considerations into the approvals of export licences, either expressly, or by tacitly encouraging businesses to implement human rights considerations into their own screening.
Private corporate watch groups, such as CorpWatch, Common Dreams, Corporate Accountability, and others, continue to assess the behaviour of the corporate community. Investors and government regulators are also expressing more interest in how a business’s products and services might be misused.
The public, customers and institutional investors can be vocal about the impacts of corporations on society. Allegations of corporate malfeasance and abuse of, or complicity with, state actions impinging on fundamental human rights can spread around the globe in a matter of minutes, harming a corporation’s reputation and market value. News of employee concerns and actions, such as employee walkouts at companies in reaction to government contracts, organisational calls for boycotts or withdrawals, and actions to protest connections to allegedly bad corporate actors, make the company’s image increasingly susceptible to damage. Even where the challenged conduct is not illegal, the impact of companies on the community is under scrutiny, perhaps as never before.
Human rights as a matter of corporate concern
In such a tense social climate, it is important for corporations to be mindful of their impact on human rights, not only by assessing their own operations and supply chain, but by assessing the impact of their products and services on customers and downstream users of their customers’ products and services.
One way to protect the business from negative publicity related to the company’s downstream customers and their customers is to implement a human rights impact assessment of possible risks, followed by development and implementation of a mitigation plan to minimise or remediate problematic transactions, with a particular emphasis on trade compliance and greater awareness of the company’s customers’ activities.
A human rights impact assessment (HRIA) is a tailored evaluation of a company’s business operations or sales practices and markets. An HRIA can be performed by knowledgeable internal resources or external consultants. The evaluation will be different for each business sector and should be further tailored to the specific company within a sector. Assessing the nature of the industry sector involves not only understanding the uses of the products and services but employing creativity and forward thinking to envision possible misuse of the products and services to the harm of natural persons.
Assessing the impact of a company’s activities requires an honest self-assessment to determine the risk profile of different projects, geographies and industries. Once potential harms have been identified, an assessment of the company’s position on the sales that create such risks can be developed. For example, a company selling networking services or products might consider the risks of state actors unlawfully tapping into networks. For another example, a company could exercise care to not sell dual-use equipment or software to governments known for unethical military actions. The record of known intermediaries, such as resellers and agents, is often a topic of concern for anti-corruption purposes. Adding consideration of the intermediary’s actions in jurisdictions known to have weak human rights records would be a logical extension to such a process.
Likewise, it would be advantageous to ‘know your customers’ by assessing the legal and social circumstances within that country. Another area of interest might be applying such a process to potential acquisitions.
Once the basic concerns are identified, a company can develop policies and processes to implement the desired end state. Possible transactions need to be identified and described and the specific processes to do so should be developed. Like the HRIA, these are best customised to fit each company. One strategy to make this work in a large-scale business would be to identify the levels of acceptable risk in different transactions and assess those sales accordingly.
For example, higher risk factors can be presumed to be against the best interests of the company, and the policy and procedure can subject transactions that create such risks to higher management level scrutiny and approval. Conceptually less risky transactions might be handled at a lower level of approval authority. Another structure would be to have a multiple-level approach, the first of which is an initial assessment, with successive levels of review and escalation protocol to resolve any remaining objections.
The makeup of a review team should reflect the structure and needs of the company. Those conducting the first level review might be composed of managers with experience and responsibility for corporate social responsibility (CSR), investor relations, marketing or public relations, with input from legal and compliance organisations. Escalations should end with a decision by a senior level manager with a broader view of the company’s interests. It would also be wise to consider not placing the decision in the hands of a business leader with the profit and loss function for the product or service in the transaction under review, which can suggest compromised judgment if the decision allowing a reviewed transaction to proceed is ever challenged.
Once a policy has been implemented and evaluated, it should be reviewed periodically to account for lessons learned and to reassess the programme against changes in the business. Additionally, a company should consider crafting in-house reports on cases to share across business units to ensure the company is collaborating and learning. Several companies now share external, usually anonymised reports, describing decisions in these areas in the interest of corporate transparency.
We do not mean to suggest such programmes are easy to develop and run or that they will eliminate all risk of controversy, and it might be easier to avoid the cost of implementing such a programme. However, the ramifications of blindly conducting business without considering the impact of company actions on the larger community can be detrimental to corporate values and public perception, leading to unfavourable results. Although the result of conducting an assessment through implementing transaction review processes may be the unpleasant realisation that the proposed transaction or acquisition should not be consummated, it will ultimately save the company embarrassment and negative publicity.
Arthur H. Saiewitz is in-house legal counsel and Alcides Mauricio is an intern at Nokia Corporation.
Arthur H. Saiewitz and Alcides Mauricio