Human rights and environmental due diligence (HREDD) legislation is becoming more popular worldwide: South Korea, the UK, Mexico, and Canada proposed their first binding due diligence regulations; Norway, Germany, and France have mandatory HREDD requirements; and the EU is finalizing its legislation on HREDD.

Financial institutions (FIs) are interested in understanding HREDD requirements because it is difficult for them to implement these types of regulations. ECOFACT and the UN Environment Programme Finance Initiative held a joint webinar in September 2023, focusing on this very topic. ECOFACT also participated on a panel at the Swiss Forum on Business and Human Rights in October 2023, where discussions focused on the challenges FIs face when applying due diligence rules within their internal operations.

What is human rights and environmental due diligence?

The term refers to internal processes that companies, including FIs, use to identify, prevent, and reduce negative environmental and human rights impacts. It requires a systematic and thorough investigation or review of facts to reduce risk.

Due diligence requirements are included in various types of regulations, including:

• modern slavery acts;
• customs-requirements regulations;
• general due diligence regulations; and
• non-financial reporting regulations (even ones that only address FIs, i.e. the EU Sustainable Finance Disclosure Regulation).

Where do you find human rights and environmental due diligence regulations?

As you can see in Figure 1, quite a few countries are developing HREDD regulations: European countries have been active at the national level, while only a few countries in the Asia-Pacific region and Latin America have introduced these types of regulations.

Regulation creates new risks

If FIs are perceived as not meeting their obligations, they risk litigation and due diligence regulations provide the legal basis. For example, BNP Paribas was warned by several non-governmental organizations for financing a Brazilian agribusiness company. France’s duty of vigilance law provided legal grounds for the formal warning that was issued. (The company was accused of deforestation, illegal seizure of lands, and forced labor.) The NGOs asserted the bank risked not fulfilling France’s HREDD requirements. This formal notice was the first of its kind to be issued against a bank, and it is a required first step before a lawsuit can be filed.

What are the sources of financial institutions’ exposure to risk?

As corporate entities, FIs may be exposed to the risk of human rights or environmental violations within their own operations, supply chains, or value chains. However, FIs’ primary environmental and human rights risks come from their clients’ activities, not their suppliers’ activities — their business relationships are the biggest source of risk.

While FIs can contribute to adverse environmental and human rights impacts through their client’s activities, FIs’ products and services pose risks as well. For example, physical gold is acknowledged as a high-risk product because gold mining causes environmental damage and segments of the industry are known for human rights abuses.

What is considered a business relationship?

In June 2023, the OECD Guidelines for Multinational Enterprises on Responsible Business Conduct (OECD Guidelines) expanded the scope of “business relationship” to explicitly include “investee companies.” This is an important new development for FIs because it means that, according to the OECD Guidelines, holding securities such as stocks or bonds in a company, even a minority stake, creates a business relationship between the investor and the investee.

The OECD Guidelines make it clear that FIs should conduct risk-based due diligence on their investee companies’ activities, in line with the OECD’s recommendations for most companies. (For more information, see this ECOFACT blogpost.)

Should financial institutions be performing due diligence?

Considering that FIs are companies, and that the OECD Guidelines recommends companies conduct HREDD, FIs should establish robust risk management processes. At a minimum, these processes should cover high-risk products, such as physical gold, and high-risk clients that are likely to be linked to adverse human rights or environmental impacts.

This due diligence is not only recommended, but some laws also require it, such as Switzerland’s Code of Obligations. As an example, Swiss companies, including FIs, must comply with due diligence obligations when releasing or processing certain metals and minerals from conflict zones or high-risk areas for circulation in Switzerland.

Fragmented regulation, unaligned reporting requirements

Financial institutions operating in multiple countries must navigate different HREDD expectations. Developing group-level processes that satisfy diverse regulations is challenging. Each regulation has a unique scope and definition of “business relationship” that due diligence processes must cover. Companies find reporting expensive, and varied HREDD-related reporting obligations only add to the cost.

To illustrate the challenges that misaligned regulations present to FIs, look no further than the EU: The EU Council and EU Parliament reached a provisional agreement on the Corporate Sustainability Due Diligence Directive (CSDDD) in December 2023; this directive does not adopt the same definition of “business relationship” as the OECD Guidelines. The CSDDD excludes FIs from reporting on downstream activities (i.e. their clients’ activities), while the Corporate Sustainability Reporting Directive (CSRD) requires such reporting from some FIs. Although the CSDDD has a review clause that leaves room for adding FIs’ downstream activities in the future, the inconsistency means FIs face a gap between reporting obligations and the HREDD processes they need to implement.

Two for one?

The good news is that most due diligence regulations to date are based on the OECD Guidelines and the United Nations Guiding Principles on Business and Human Rights (UNGPs). These international standards are a good place to start when developing new or revising HREDD processes and reporting. Reporting is an integral part of the HREDD process. Similarly, non-financial reporting regulations usually have provisions on due diligence.

Entities in scope of the EU’s CSRD, including some FIs, must follow the European Sustainability Reporting Standards (ESRS) when reporting human rights-related information — the EU anchored these disclosures in the UNGPs and OECD Guidelines. Reporting entities that have already dedicated resources to HREDD that is aligned with these international standards may find they have a head start in preparing to meet their obligations under the ESRS. This may translate into more efficient management, less time spent, and lower costs.

Tips for FIs starting their due diligence journey

• Map the environmental and human rights risks from your own operations, supply chain, and value chain
• Prioritize the risks from highest to lowest risk
• Assign internal responsibilities for managing the risks identified
• Define realistic targets and credible policies for managing the risks
• Discuss the risks with stakeholders and investees as per your internal policies (i.e. engagement)
• Monitor the regulatory environment for developments
• Follow the OECD’s guidance documents on due diligence for institutional investors, corporate lending and securities underwriting, and project and asset finance transactions