During the past ten years, the responsibility of companies to identify and manage their potential or actual adverse impacts through a risk-based due diligence process has become firmly entrenched through a series of hard and soft law instruments, accompanied by implementation guidance.
Still, what exactly is required by companies when it comes to risk-based due diligence is work in progress. In a research article, I show how statements from National Contact Points (NCPs) established as remedy institutions for the OECD Guidelines for Multinational Enterprises, are contributing important insights of use for companies, civil society, other remedy institutions, and of course scholars, and why there is room for additional activities in this regard.
Identifying and managing impacts on society
Risk-based due diligence is a risk-management process that aims to identify and manage adverse impacts on society. Importantly, the ‘direction’ of this due diligence process therefore targets impacts caused by the company to society, unlike the legal or financial liability due diligence that many companies, corporate lawyers and accountants are already familiar with.
Such ‘conventional’ due diligence aims at identifying risk to the company. Obviously, a risk-based due diligence process performed well can also contribute to protecting a company against reputational damage, loss of social license to operate, and similar effects of critique of its adverse societal impacts.
While the recent emergence of a coherent adoption of risk-based due diligence in a range of national and international hard and soft law instruments results in a relative uniformity of requirements or expectations on companies, it also highlights the need for understanding what exactly ‘due diligence’ is in specific contexts. Guidelines and guidance are important in this regard, but just like statutory law is no guarantee that the law is not violated, normative directives on risk-based due diligence is no guarantee that the norms are understood or adequately applied.
Like judicial case law contributes to filling out gaps of understanding for compliance with statutory law, jurisprudence from institutions charged with monitoring and handling complaints in regard to risk-based due diligence may contribute important insights to fill gaps in regard to adequate implementation.
Informing national laws
Originating within the field of business and human rights, the risk-based due diligence approach has informed national statutes requiring companies to have processes in place to identify, prevent and remedy particular practices (notably the Modern Slavery Acts of the United Kingdom and Australia, and the Dutch Child Labour Due Diligence Law) or exercise care in business practices in general (the French ‘Loi Vigilance’).
Risk-based due diligence is also what the EU’s Non-Financial Reporting Directive has in mind when it asks companies to include information on due diligence processes.
Adopted by the OECD in 2011
In 2011, risk-based due diligence was adopted by the OECD’s Guidelines for Multinational Enterprises, which apply this requirement across sustainability-related issue areas like labour, environment and anti-corruption as well as of course human rights.
The Guidelines are recommendations from adhering states to companies operating in or out of those states. Moreover, the ISO 26000 Guidance Standard on Social Responsibility has adopted risk-based due diligence for social issues, and guidelines for Chinese companies investing or operating in the minerals and mining sector include detailed guidance for the process of risk-based due diligence, particularly in regard to human rights-related issues.
The risk-based due diligence approach originated in UN guidance for states and companies in regard to business impacts on human rights. This guidance emerged in response to concerns regarding the capacity of businesses to adversely impact human rights.
The UN Secretary General appointed in 2005 a special representative on business and human rights. This resulted in two reports: the ‘Protect, Respect and Remedy Framework’ (‘UN Framework’), adopted by the UN Human Rights Council in 2008, and the UN Guiding Principles (‘UNGP’), adopted in 2011.
Developed through multi-stakeholder processes, the two reports set out guidance for states and companies with a view to preventing and managing adverse business impacts on human rights, and to provide remedy when business-related human rights abuse is perceived to have occurred.
Both reports are structured around three ‘pillars’: the State Duty to Protect, the Corporate Responsibility to Respect, and Access to Remedy. The first pillar elaborates states’ existing human rights obligations from the perspective of the duty to protect against human rights harm caused by third parties, including through the provision of adequate guidance for home-state based companies.
The second pillar explains steps companies should take to ensure they respect human rights. Companies’ adoption of a process of ‘human rights due diligence’ is set out by the UN Framework as a key element.
The third pillar is based on recognition of the importance of access to remedy as a human right in its own right, acknowledging that the need for remedy may arise even when companies exercise due diligence.
The reports note that remedy for business-related human rights abuse may be provided by various institutions, which they group into state-based judicial and non-judicial as well as non-state operational level procedures. OECD NCPs are non-judicial remedy institutions that for practical purposes also serve as remedy institutions for the UNGP.
States adhering to the OECD Guidelines are required to set up NCPs to promote the Guidelines and handle complaints. NCPs are empowered to handle complaints of abuse in countries that do not have their own NCPs, provided there is a connection to the country of the handling NCP. This provides NCPs with a degree of extraterritorial power that national courts usually do not enjoy.
Moreover, while NCPs do not issue judicial sanctions, they do enjoy the power to issue statements. Final statements issued after the examination of a case offer NCPs the possibility to both criticize specific business conduct that gave rise to a complaint, and to provide recommendations and directions for actions for similar situations that may arise in the future.
Studying NCP statements therefore offers a potential method to gain insights into risk-based due diligence through the ongoing elaboration, explanation and construction of what that concept entails.
It is against this backdrop that my article, published in a special issue of the Nordic Journal of Human Rights, examines statements issued by NCPs. The article first explains how such an analysis can be designed in order to identify relevant NCP statements drawing on available databases, and next performs an exemplary identification and analysis of statements related to risk-based due diligence on human rights issues.
Important sources of normative guidance
On this empirical basis, it tests and confirms the assumption that such statements are important sources of normative guidance and deducts contributions to detailed guidance in relation to several sub-issues set out by the UNGP and the OECD Guidelines with respect to human rights.
It identifies and analyses specific instances that have addressed due diligence in regard to state guidance for companies operating in conflict areas, and the identification of a business relationship as ‘directly linked’ in the terms of the UNGPs and the Guidelines.
It also considers steps that form part of due diligence, particularly stakeholder engagement, the exercise of influence through leverage, and integrating and acting upon findings on impact. Based on the analysis of NCP statements the article also observes a pattern of specific NCPs (especially those in Northern Europe) using their power to provide guidance through final statements.
In this regard it finds that as final statements issued by NCPs can serve as sources of norms for risk-based due diligence, there is considerable scope for NCPs to step up their contributions in this regard and include recommendations. An increased body of detailed NCP statements would have considerable value as sources of norms for risk-based due diligence.
This blog post is written by Karin Buhmann, Professor (Business and Human Rights) at Copenhagen Business School, and a member of the SMART project.