Taking Your First Steps to Develop Human Rights Due Diligence Processes
Since the beginning of January 2023, Swiss and German legislation on human rights due diligence have applied to certain companies in these countries. These regulations reflect the worldwide trend of countries adopting increasingly binding due diligence expectations.
Several other countries have implemented regulations similar in aim (such as France, Germany, Norway, and Switzerland), and others are doing so (for example, Belgium, Spain, New Zealand, Mexico, and Canada). In 2022, the EU Commission proposed the Directive on Corporate Sustainability Due Diligence, which will establish minimum due diligence obligations throughout the EU. All these regulations are founded on international guidelines such as the UN Guiding Principles on Business and Human Rights and the OECD Guidelines for Multinational Enterprises.
Figure 1. A timeline highlighting selected due diligence developments in European countries.
From the ground up
Many companies face immediate or imminent due diligence expectations. Some may already have due diligence processes in place; others may face the intimidating task of building appropriate processes and collecting new data from the ground up. Either way, here are some things to keep in mind as you take the next step on your company’s due diligence journey.
General remarks
When developing due diligence for human rights, a company should ensure their processes satisfy the following criteria:
- Processes should capture any adverse impacts on human rights that the company may cause or contribute to through its own activities as well as impacts that may be directly linked to its operations, products, or services through its business relationships; and
- Due diligence should begin when a new activity or relationship is undertaken because human-rights risks could be amplified or mitigated when entering into a new contract or agreement, and these risks may also be inherited through mergers or acquisitions.
Preliminary considerations
Companies should:
- Consider whether they want to implement processes at group level or entity level;
- Define clear responsibilities for implementing due diligence processes and identify the departments and teams most likely to be involved in the processes;
- Involve senior management in process creation and implementation; and
- Adequately train staff responsible for the processes.
First steps in developing due diligence processes to protect human rights
- Define a policy
Companies should define and agree on a policy that specifically addresses human rights due diligence. The policy should be made publicly available and be implemented within relevant departments.
Figure 2. Human rights due diligence policies should capture a company’s supply chain and value chain.
- Map the risks
Usually, one of the first steps in human rights due diligence is to identify actual and potential adverse impacts. Companies should assess all areas of their business and operations, including their subsidiaries, their supply chains, and their value chains, looking for actual and potential impacts as well as sector-specific, geographic, and enterprise-specific risks.
Identifying, assessing, and prioritizing risks will help the company allocate appropriate resources for risk management. The areas of the business most significantly affected should be given precedence.
Human rights impact assessments are also important risk mapping exercises. These are applied, on an ongoing basis, to various stages of a business’s operations:
- before a new activity or business relationship commences;
- before making major decisions or operational changes (e.g. market entry, product launch, policy change);
- in response to or in anticipation of changes in the operating environment; and
- periodically throughout the life of an activity or relationship.
- Mitigate the risks
After mapping the risks, companies should cease, prevent, and/or mitigate the risks identified. To do so, they should develop strategies that are fit-for-purpose and based on the company’s risk priorities.
Here are several things companies should do to mitigate risk:
- build leverage into new and existing business relationships to prevent potential adverse impacts and address actual impacts;
- take all the necessary steps to stop or prevent contributions to adverse impacts caused by another entity; and
- consider disengaging from suppliers or business partners when attempts to prevent or mitigate severe impacts have failed or the entity causing the impact does not take immediate action to prevent or mitigate the identified adverse impacts.