Millions of people are being exploited in supply chains globally to make the goods we all consume. To help end this wide scale human rights abuse, companies need to conduct due diligence of their supply chains. In this guide, we explain how to implement human rights due diligence.
Human rights due diligence is a way for companies to manage the potential and actual adverse human rights impacts in which they are involved. It focuses on risk to people, but in practice we find that it often helps manage risk to your company as well.
Human rights due diligence is a process defined in the internationally endorsed United Nations Guiding Principles (UNGPs). This guide is based on the UNGPs and our experience conducting due diligence on behalf of a diverse range of clients. It’s intended to help you put the UNGPs into practice. In this guide we focus on risk to workers in business supply chains.
Millions of people are being exploited in supply chains globally and companies are increasingly held to account for human rights abuses that occur in their supply chains. Helping end this abuse is not just a moral imperative, it also makes good business sense. Companies that fail to engage in human rights due diligence expose themselves to reputational, legal and operational risk. Claiming ignorance is no longer acceptable.
Ever more countries are passing laws that require companies to tackle human rights risk in their supply chains. The requirements vary by country, but human rights due diligence is either explicitly mandated, or will facilitate compliance, with all of them. Tens of thousands of companies are subject to these laws. Below we provide an overview of some of the key ones.
Requires companies to report annually on the steps taken to prevent and mitigate modern slavery in their operations and supply chains. For more information see our guide here.
Subject companies are required to report annually on the modern slavery due diligence undertaken on their operations and supply chains. See our guide for more information.
Prohibits the import of goods made, mined or farmed -or containing materials made, mined or farmed- by forced labourers. Suspect imports may be destroyed and non-compliant companies fined.
Requires US Customs to treat all goods made, mined or farmed in the Xinjiang region of China as the product of forced labour. The ban extends to goods containing materials from Xinjiang and to goods made outside of the region by Uyghur forced labourers. Suspect imports may be destroyed and non-compliant companies fined. See our guide for more information.
Government suppliers must conduct due diligence to prevent forced labour and unethical recruitment practices. Penalties for non-compliance include termination of contract and fines.
Subject companies are require to conduct human rights and environmental due diligence of their supply chains. Non-compliant companies can be fined 2% of revenue. See our guide for more information.
8,800 companies doing business in Norway are required to perform, and report on, human rights due diligence of their supply chains. Non-compliant companies can be fined. See our guide for more information.
Requires subject companies to implement and report on human rights due diligence. Non-compliant companies can be fined.
Human rights due diligence is a four-stage cycle. The first step is to identify and assess actual and potential impacts, the second step is to integrate and act on the findings, the third step is to track and monitor progress. The fourth step is to communicate with key stakeholders. Below we guide you through each step.
Firstly, companies need to identify and assess actual or potential adverse human rights impacts that they may cause or contribute to. These include direct impacts through your company’s own business operations as well as impacts they you may contribute to through your supply chain.
Some companies may only be willing or able to assess a small part of their supply chain, to begin with. If that’s the case in your company, its important to ‘set the scope’ based on an initial assessment of potential human rights risk.
When internal support for a comprehensive due diligence process is limited, work with the parts of the business that are most supportive. This will allow you to demonstrate the value of due diligence to senior leadership and, in turn, expand the scope to other parts of the business.
It can be surprisingly hard to determine which companies are suppliers. We suggest identifying and documenting criteria to help with this. For example, you may decide to only include companies that that your company has purchased from in the last 24 months. Likewise, it may not be justified to include a supplier from which your company only made a one-off purchase.
Once the scope has been set, you need to gather the contact details of the suppliers. You will likely need to work with your procurement and/ or finance teams to do this. The information can typically be found in your company’s accounts system.
In this guide we focus on workers in your supply chain. Be aware, however that some companies can adversely impact on other groups of people. The UNGPs mandate that you assess and address impact to them as well.
Next, identify and gather data on, relevant risk indicators. This will vary according to your company and supply chain. As an example, RightsDDact, our modern slavery due diligence technology, uses the following risk indicators:
• Geographic
• Product and service
• Nature of work
• Employment modes
• Industry
• Bad actors
• Governance
Gather data on these risk indicators from your own organisation, suppliers and other credible third party sources. Ideally you should engage with suppliers and workers in your supply chain as part of this exercise.
Once you have identified the relevant risk indicators and gathered the data, you need to conduct the assessment itself. We typically build a risk assessment matrix, with each risk indicator appropriately weighted and prioritised, to facilitate this.
For further information on the risk assessment process, see our Guide to Human Rights Risk Assessments.
Your assessment may identify a long list of potential and actual adverse human rights impacts. You will need to prioritise the most severe for action. At the top of the list should be actual adverse impacts.
The UNGPs explains that companies should integrate and act on the findings of assessment. The term ‘integrate’ can be puzzling. In this context it means that your company should allocate the resources required to address identified impacts. This should include:
You will need to determine appropriate risk treatments. The UNGPs can be confusing on this matter. It instructs companies to determine whether they a. cause, b. contribute or c. are linked to a potential or actual impact. In other words, there are six potential categories of impact.
For most companies, the impacts they have via their supply chain will fall into the ‘contribute’ category. Examples of situations where companies contribute to an actual adverse impact include purchasing from suppliers which buy material harvested by child labourers. A company would contribute to a potential impact where the absence of appropriate policies and practices increases the risk that child labour is used.
Where an actual impact has occurred or is ongoing, you should use what leverage you have over the supplier to try to end the abuse. It may also be appropriate to provide remediation to the affected workers.
In cases of potential impact, you should adjust the policies or practices that have given rise to the risk. The changes should be integrated into your company’s operations. Where it is a supplier or another third party’s activities that are creating the potential impact, you may try to alter their policies and practices by engaging with them, implementing a supplier code of conduct, and/ or changing contractual terms to address the issue.
You should try to work with suppliers to address risks, as this is the best way to actually protect workers from abuse. This is not always an option however, in which case you will have to stop buying from them.
Your company’s supply chain will change all the time as new suppliers are onboarded and you stop buying from existing ones. You need to assess new suppliers either as part of the tendering process or once selection has occurred.
The risk profile of the suppliers you use and the goods and services you buy from them will change over time. For example, the US Government sanctioned the world’s fourth largest printer manufacturer in June 2023, for allegedly using forced labourers transported 3,000km from China’s Xinjiang region to the coast. The manufacturer, Ninestar, had not previously been linked to abuse and its factories are located in lower risk parts of the country.
Its therefore important that you monitor your supply chain. Do this by regularly reassessing suppliers and conducting adverse media screening, both of these will help protect brand value and ensure compliance with the law.
You should also monitor implementation of the risk treatments. This will help ensure that they are being properly implemented and that the intended beneficiaries are actually benefiting from them. It will also help you learn what does and does not work.
We recommend that you create an incident response plan to address potential human rights issues that may arise in the future. This need not cover all eventualities (doing so would be near impossible) but should cover the most likely. Your risk management department may be able to help with this, as they typically maintain response plans for a range of risks.
Engage with relevant stakeholders throughout the due diligence process. This will help you assess risk better and determine risk mitigation actions sooner.
Include an overview of the process in any sustainability report or modern slavery statements that you publish. Try to get your company to include an overview of your due diligence in your annual report as well. This will help third parties, including investors, understand what you are doing to reduce the risk within your organization. ESG ratings agencies and initiatives such as KnowTheChain reward such openness.
Your company will benefit from being transparent. Overstating the scope of due diligence and understating the potential adverse human rights impacts is to be avoided. Sincere and accurate statements about the scale of due diligence and the identified potential risks will better position the company should abuse be identified by the media later down the line.
Human rights due diligence will help protect people and your company. Implementing it is key to ensuring compliance with the ever increasing number of human rights reporting laws.
The UNGPs should be your north star, they are generally accessible but some parts are complex. Hopefully this guide will help you understand the process better. Don’t be intimidated by human rights due diligence. It’s better to start on one part of your supply chain than spend months trying to gain support to role it out company wide from the get-go. Feel free to contact RightsDD should you need support.