For multinational companies, the management of business integrity risk is a complex, rapidly evolving and increasingly multifaceted exercise. New types of integrity risks recently have emerged, especially in relation to human rights.
These risks can have reputational, financial and political consequences—but they are also increasingly legal in nature. An emerging web of human rights regulations, mandatory disclosure requirements, soft law instruments (most notably, the UN Guiding Principles on Business and Human Rights (the “UNGPs”)) and industry standards exposes businesses to potential government sanctions, lawsuits under domestic tort and securities laws, contract claims and investor pressure.
A systemic approach to integrity risk can help prevent potential adverse human rights impacts, demonstrate compliance with applicable regulatory requirements, mitigate litigation risk and help meet stakeholder expectations.
The Debevoise Business Integrity Screen provides in-house counsel, sustainability leaders and compliance departments with a tool aimed at navigating this increasingly complex area and its many legal dimensions. The Screen includes a series of questions and practice points designed to guide business enterprises in addressing the UNGP’s three pillars for demonstrating respect for human rights. Such organizations should have in place:
A policy commitment to meet their responsibility;
A due diligence process to identify, prevent and mitigate potential adverse human rights impacts; and
A process to enable remediation of human rights impacts they cause or to which they contribute.
Each company ultimately will require a bespoke, context-specific and commercially reasonable solution to mitigate the particular integrity risks that it faces. A comprehensive and integrated approach to business risk may be the most efficient and effective option. This includes possibly capitalizing on existing compliance systems, such as leveraging and supplementing established anti-corruption and anti-money-laundering policies and procedures to cover emerging human rights risks.
It is likewise imperative that related policies, processes and public statements do not inadvertently create litigation risk. When tending to these risk areas, it is important to consult appropriately with in-house lawyers and external counsel, including in developing policies, drafting disclosure materials, conducting due diligence and designing remediation programs. In doing so, companies should make sure to take proper steps to safeguard attorney-client privilege and related protections that properly shield certain materials from external disclosure.
Developing Appropriate Business Integrity Policies
Public policies and internal codes of conduct should set out the company’s commitment to assessing, mitigating and remediating adverse human rights impacts.
Does the company have an appropriate process in place for developing internal and external business integrity policies?
Consult internal and external stakeholders and outside counsel with particular expertise in human rights law to identify risks.
Avoid system fatigue by leveraging existing policies, such as anti-corruption policies.
Review internal policies and codes of conduct and external documents (e.g., supply chain contracts, vendor codes of conduct, periodic reports) for potential gaps and consistency.
Maintain a dynamic process by periodically updating policies to reflect risk assessment and due diligence findings.
Is the content of the relevant policies appropriate?
Express the company’s commitment to assess, mitigate and remediate adverse human rights impacts.
Tailor policies to the relevant risks faced by the business.
Address adverse human rights impacts that the business may cause or to which it may contribute through its own activities, or which may be directly linked to its operations, products or services.
Stipulate the company’s expectations of personnel, business partners and other relevant parties.
Include accountability systems and appropriate training for employees on identifying, addressing and reporting adverse human rights impacts.
Is the scope of application of the relevant policies appropriate?
Consider how internal and external policies and codes of conduct will be developed and implemented (i) for subsidiary companies and (ii) throughout the value chain.
Have the relevant policies been appropriately disseminated?
Consider how to publicize the company’s human rights commitment.
Ensure that internal and external policies and codes of conduct are actively communicated to personnel, business partners and other relevant parties.
Is there visible high-level management support for the business integrity policy?
Set the “tone from the top” by demonstrating that relevant Board and senior management members understand key concepts and exercise reasonable oversight.
Developing An Appropriate Due Diligence Process
Due diligence processes should be implemented to identify, prevent and mitigate the company’s potential adverse human rights impacts.
Does the company engage in appropriate human rights due diligence before entering into new activities, investments, mergers and acquisitions, partnerships or other business relationships or contracting with other entities in its value chain?
Initiate human rights due diligence as early as possible.
Consult with internal and external experts and relevant stakeholders, including potentially affected rights holders, to identify actual or potential adverse human rights impacts.
Align the due diligence process with the requirements of the company’s policies.
Calibrate the due diligence process to the size of the business enterprise, the risk of human rights impacts and the nature and context of the company’s operations.
If necessary, prioritize human rights impacts that are most severe or that may become irremediable if the response is delayed.
Assessments of human rights impacts should take place periodically throughout the life of an activity or relationship and in anticipation of major operational and policy decisions and changes in the operative environment.
Does the company have appropriate processes in place to identify actual adverse human rights impacts?
Consider how best to deploy confidential reporting systems, incentives, disciplinary actions and internal investigations.
Developing An Appropriate Remediation Program
Remediation programs are required where the company has caused, contributed to or is directly linked to adverse human rights impacts.
Does the company have an appropriate process in place for ceasing, preventing and mitigating actual and potential human rights impacts?
Assign responsibility for addressing human rights impacts to the appropriate personnel within the company.
Ensure that internal decision-making, budget allocations and processes enable effective responses to human rights impacts.
Consider whether and how best to consult with internal and external experts.
Base priorities for response on severity of the human rights impact and strength of existing governance.
Is the company causing an adverse human rights impact?
Take the necessary steps to cease or prevent the impact.
Provide for or cooperate in remediation through legitimate processes.
Is the company contributing to an adverse human rights impact?
Take the necessary steps to cease or prevent the company’s contribution to the impact.
Use leverage to mitigate any remaining impact to the greatest extent possible.
Provide for or cooperate in remediation through legitimate processes.
Is the company directly linked to an adverse human rights impact through its business relationships with other entities?
Develop a remediation program that takes into account the company’s leverage over the other entity, the importance of the business relationship and the severity of the abuse.
Consider ending the relationship if the company does not have leverage to prevent or mitigate adverse impacts and cannot increase its leverage.
Consider whether terminating the relationship with the entity itself would have adverse human rights consequences.
Does the company have an appropriate process in place for evaluating, communicating and tracking the effectiveness of its responses to actual and potential human rights impacts?
Consider formal and informal reporting mechanisms tailored to the company’s intended audiences, such as potentially affected rights holders and investors.
Employ appropriate qualitative and quantitative indicators.
Seek feedback from internal and external sources, including affected stakeholders, and ensure that their confidentiality is protected.
Consider how to leverage existing processes such as performance reviews, surveys, risk assessments and audits.
If the company decides to implement an operational-level grievance mechanism…
Consult with internal and external experts and relevant stakeholders, including potentially affected rights-holders, to develop an appropriate process and to monitor performance.
Focus on dialogue as the means to address and resolve grievances.
Ensure that any grievance mechanism is:
A source of continuous learning
Avoid undermining access to judicial or other nonjudicial grievance mechanisms.
Our Business Integrity Group Team
919 Third Avenue
New York, NY 10022
+1 212 909 6000
Business Center Mokhovaya
Ulitsa Vozdvizhenka, 4/7
+7 495 956 3858
801 Pennsylvania Avenue N.W.
Washington, D.C. 20004
+1 202 383 8000
21/F AIA Central
1 Connaught Road Central
+852 2160 9800
65 Gresham Street
+44 20 7786 9000
13/F, Tower 1
Jing’an Kerry Centre
1515 Nanjing Road West
+86 21 5047 1800
4 place de l’Opéra
+33 1 40 73 12 12
Shin Marunouchi Bldg. 11F
1-5-1 Marunouchi, Chiyoda-ku
+81 3 4570 6680
Taunustor 1 (TaunusTurm)
60310 Frankfurt am Main
+49 69 2097 5000