Analyst Insight: The Gartner® Market Guide for IT Vendor Risk Management Solutions

What Canada’s Forced Labour Reporting Law (S-211) Means for Supply Chain Risk Management

Consider these eight best practices to prepare for the Fighting Against Forced Labour and Child Labour in Supply Chains Act.
Scott Lang
VP, Product Marketing
April 03, 2023
Blog canada forced labour 0423

The Canadian Parliament is on the verge of passing new modern slavery legislation, the Fighting Against Forced Labour and Child Labour in Supply Chains Act (Bill S-211). The Act requires Canadian government institutions and select private-sector entities to, “report on the measures taken to prevent and reduce the risk that forced labour or child labour is used by them or in their supply chains.” The Act also provides for an inspection regime to enforce its provisions. As with the UK Modern Slavery Act, Australia Slavery Act, and other similar legislation, Bill S-211 contributes to the global fight against forced labour, child labour, and other forms of modern slavery.

This article explains who must comply with the Act, summarizes its requirements and penalties, and shares eight best practices for assessing forced labour risks in your supply chain.

Which Organizations Must Comply with the Fighting Against Forced Labour and Child Labour in Supply Chains Act?

All Canadian government organizations that produce, purchase or distribute goods in Canada must comply with the Act. In addition, commercial entities must comply if they are either a) listed on a stock exchange in Canada, or b) do business in and have assets in Canada that are at least $20 million, generate at least $40 million in revenue, and employ an average of at least 250 employees.

What Are the Requirements of S-211?

Note: Please review the Act in detail for a complete list of obligations. All best practice recommendations provided in this post should not be taken as legal advice.

Before May 31 of each year, Canadian government institutions and other in-scope entities must report on the steps they took to prevent and reduce the risk of forced labour or child labour in their supply chains during the previous fiscal year. This includes all stages of production for goods produced, purchased or distributed.

The report should include a summary of the following information about the organization:

  • Its structure, activities and supply chains;
  • Its policies and due diligence processes in relation to forced labour and child labour;
  • The parts of its activities and supply chains that carry a risk of forced labour or child labour being used and the steps it has taken to assess and manage that risk;
  • Any measures taken to remediate any forced labour or child labour;
  • Any measures taken to remediate the loss of income to the most vulnerable families resulting from any activities meant to eliminate the use of forced labour or child labour;
  • The training provided to employees on forced labour and child labour; and
  • How the organization assesses its effectiveness in ensuring that forced labour and child labour are not being used in its activities and supply chains.

The Act also requires organizations to issue a public report and publish it in a prominent place on their website.

What Are the Penalties of the Fighting Against Forced Labour and Child Labour in Supply Chains Act?

If an organization fails to comply with the Act’s provisions, it could be liable for a fine of not more than $250,000.

Managing ESG Risks Across the Extended Enterprise

This analyst report from GRC 20/20 uncovers best practices for including ESG in your third-party risk management program.

Read Now
Blog managing esg 1021

Eight Best Practices for Assessing the Risk of Forced Labour in Your Supply Chain

The Act will come into effect on January 1 in the year following its royal assent, so now is the time to prepare to report on your supply chain practices. Consider these eight best practice recommendations to make the process easier:

1. Pre-Screen New Suppliers Against ESG Measures

Evaluate new suppliers on their environmental, social and governance (ESG) positions – including labour practices – by reviewing recent business and reputational insights, legal filings, ESG scores, sanctions and other related intelligence. Consolidate all insights into a single supplier profile that can be accessed by all teams in the organization, versus juggling multiple different sources of information. Also, align intelligence gathering with broader RFx management processes for more holistic supplier reviews.

2. Build Forced Labour Provisions into Supplier Contracts

Ensure enforcement of forced labour and child labour restrictions by building provisions into supplier contracts and tracking the supplier’s reporting progress over time. Instead of treating the contracting process separately, integrate it into your supplier risk assessment process. Do this by centralizing all contract distribution, discussion, retention and review processes and leveraging workflow throughout the supplier contract lifecycle.

3. Calculate Inherent Risk Exposure

Assess suppliers for threats to your organization by capturing, tracking and quantifying inherent risks. Calculate inherent risk based on criteria including:

  • Criticality to business performance and operations
  • Location(s) and related legal or regulatory considerations
  • Level of reliance on fourth parties
  • Exposure to operational or client-facing processes
  • Reputation

From this inherent risk assessment, your team can automatically tier and profile suppliers; set appropriate levels of further diligence; and determine the scope of ongoing assessments.

4. Inventory All Suppliers to Build Comprehensive Profiles and Maps

Building and maintaining a centralized supplier database is essential to ensuring an effective supplier risk management (SRM) program and meeting the Act’s reporting requirements. The database should include comprehensive supplier profiles and provide role-based access to company contacts, demographics, 4th-party and Nth-party connections, and risk intelligence. This starts with any profiled risk data and external risk information captured during the RFx stage. This will also enable you to identify relationships between your organization and third, fourth and Nth parties to discover dependencies and assess any related exposure.

5. Conduct Targeted Due Diligence Assessments

Instead of emailing suppliers with spreadsheet-based questionnaires asking for labour practice attestations, automate the process with a centralized and targeted web-based assessment. This enables you to centrally review and approve all assessment responses. It also enables you automatically register risks or reject responses and request additional input or evidence. Consider conducting assessments using a supplier risk management solution that it is backed by workflow, task management, and built-in remediation recommendations and reporting – all of which make it easier to meet reporting requirements and deadlines.

6. Remediate Findings

The Act requires organizations to report on measures taken to remediate any forced labour or child labour in their supply chains. Using the results of supplier assessments from step 5, you can make recommendations to the supplier, ask for policy clarifications, and be prepared to report any labour violations to authorities. Supplier risk management solutions will include built-in remediation suggestions for suppliers. It’s important to follow through on this step, since it is essential for mandated reporting.

7. Continuously Monitor Suppliers

Assessments are critical to gaining an insider’s view into a company’s labour practices. However, a lot can happen between annual report submissions. That’s why it is important to validate annual due diligence assessment results with continuous insights into reputational information, adverse media and negative news, regulatory and legal actions, sanctions and more. You can then correlate intelligence from continuous monitoring with periodic assessment results for more unified risk reporting. As noted in step 1, consolidating all intelligence into a “single pane of glass” will optimize your risk analysis efforts.

8. Report

Store and distribute supplier labour policy documents, assessment results, monitoring findings, and remediations for dialog and attestation at the time of reporting. Supplier risk management solutions provide role-based access, enabling you to extend visibility to external auditors who may be examining your due diligence processes and consulting on annual reporting requirements.

Next Steps: Preparing for the Fighting Against Forced Labour and Child Labour in Supply Chains Act

The Prevalent Third-Party Risk Management Platform enables you to address forced labour, child labour and modern slavery risks by automating survey-based assessments of supplier labour controls and validating the results with continuous external monitoring of their real-world practices. With Prevalent, you can:

  • Integrate RFx, contracting and due diligence processes into a single solution to address risks across the supplier lifecycle
  • Build a central supplier inventory and calculate the inherent risks that suppliers introduce to your environment
  • Assess and continuously monitor suppliers for forced labour, child labour and other types of supply chain risks in a single solution
  • Deliver automated remediation recommendations to suppliers to reduce residual risk exposure
  • Measure suppliers against contractual key performance indicators (KPIs) and key risk indicators (KRIs)
  • Leverage templates to simplify regulatory audit reporting to multiple internal and external stakeholders

For more on how Prevalent's S-211 compliance solution can help mitigate forced labour and modern slavery risks in your supply chain, schedule a personalized demonstration today.

Leadership scott lang
Scott Lang
VP, Product Marketing

Scott Lang has 25 years of experience in security, currently guiding the product marketing strategy for Prevalent’s third-party risk management solutions where he is responsible for product content, launches, messaging and enablement. Prior to joining Prevalent, Scott was senior director of product marketing at privileged access management leader BeyondTrust, and before that director of security solution marketing at Dell, formerly Quest Software.

  • Ready for a demo?
  • Schedule a free personalized solution demonstration to see if Prevalent is a fit for you.
  • Request a Demo