The 2021 Gartner Magic Quadrant for IT VRM Tools is now available! Get your complimentary copy here!

Modern Slavery Risk Assessments in the Extended Enterprise: A Quick Guide

New legislation aims to improve enforcement over modern slavery violations. How much visibility do you have into your supply chain’s practices?
By:
Michael Rasmussen
,
GRC Analyst & Pundit, GRC 20/20 Research
May 25, 2021
Share:
Blog modern slavery 0521

In my first post, A Quick Guide to ESG and Risk Management in the Extended Enterprise, I outlined what ESG (environmental, social and governance) is and how it impacts third-party risk management. Next, we looked deeper into a specific aspect of Governance in ESG: anti-bribery and corruption (ABAC). This post discusses a social aspect: how modern slavery can impact your extended enterprise.

Modern slavery risk assessments can enable your organization to determine whether vendors in your supply chain adhere to corporate policies and government regulations regarding forced labor and human trafficking.

What Is Modern Slavery and How Does It Apply to Modern Supply Chains?

Modern slavery exists when people are subjugated by companies and controlled by threats of harm or debts they cannot repay. Human trafficking is a related term used to describe when people are moved between countries (e.g., the slave trade). Slavery is found in the supply chains of corporations producing materials and products, as well as in the forced compulsion of children to make products in factories. In fact, 40 million people are estimated to be enslaved around the world today, resulting in $150 billion in ill-gained profits every year.

The good news is the world has been taking action. Governments in several countries have passed legislation requiring organizations to report on modern slavery in their supply chains. A few examples of legislation include:

Recent Modern Slavery Legislation

  • Conflict Minerals in the Dodd Frank Act (2010): Organizations have to track 3TG (tin, tantalum, tungsten, and gold) down to the source smelter and mine to determine if they come from the Democratic Republic of the Congo or nine surrounding countries known for crimes against humanity. Companies have to report this to the US Securities & Exchange Commission (SEC) annually.
  • California Transparency in Supply Chains Act (2012): Organizations have to report on what they are doing to eradicate human trafficking and slavery by publishing what the company is doing to address these issues in their supply chains.
  • United Kingdom’s Modern Slavery Act (2015): This Act requires companies to define and publish their efforts to eliminate human trafficking and slavery from their organization and its extended enterprise relationships.
  • Australia Slavery Act (2018): This Act requires organizations headquartered or operating in Australia to report annually on the risks of modern slavery in their operations and supply chains, and what actions they are taking to address those risks.

Conducting Modern Slavery Risk Assessments of Supply Chain Partners

Modern slavery laws have largely only required reporting and lacked the teeth of significant fines and enforcement actions. But this is about to change with the world’s focus on ESG (environmental, social and governance). The “S” in ESG has a dominant focus on human trafficking and modern slavery.

Organizations need to start by clearly defining what they are doing to address modern slavery across their extended enterprise of third-party relationships due to pending directives and legislation with an expansive, global scope, including the EU Directive on Mandatory Human Rights, Environmental, and Good Governance Due Diligence and Germany’s corresponding Corporate Due Diligence Act.

Consider that the governing EU directive, which is to become country law in each EU member country, is projected to impact any organization with operations in Europe with more than 250 employees and/or more than €50 million in annual revenue. So, if an organization has any presence in Europe – regardless of where it is headquartered – then it will have to address the requirements coming from this directive. Germany’s legislation is the first EU country legislation to support this directive and is expected to become law in the same timeframe that the EU directive gets finalized.

These new laws are NOT like the UK Modern Slavery Act and California’s Transparency in Supply Chains Act, which are mere reporting requirements. Instead, they are expected to have significant enforcement penalties, sanctions and large administrative fines (similar to anti-trust or GDPR fines). Compliance with these laws will require thorough and continuous due diligence of third-party relationships in the context of environmental practices, social and human rights, and governance to address corruption.

Apply Due Diligence Practices to Modern Slavery Issues

This new legislation provides some directives on what vendor due diligence should be conducted. For the purposes of the upcoming EU Directive, due diligence should be understood as the obligation of an undertaking to take all proportionate and commensurate measures and make efforts within their means to prevent adverse impacts on human rights, the environment, or good governance from occurring in their supply chains, and to address such impacts when they occur.

In practice, due diligence is meant to identify, assess, prevent, mitigate, cease, monitor, communicate, account for, address, and remedy the potential and/or actual adverse impacts on human rights. Due diligence examines social, trade union and labor policies; environmental impacts such as pollution and greenhouse gas emissions; and governance practices over a company’s operations and its business relationships in the supply chain.

Due diligence should not be a “box-ticking” exercise. Instead, it should consist of an ongoing process and assessment of risks and impacts, which are dynamic and may change on account of new business relationships or contextual developments.

Procurement Risk Playbook: How to Win the Third-Party Game

As in many sports, third-party risk management requires a team effort. Our strategy paper, "The Procurement Risk Playbook: How to Win the Third-Party Game," lays out 5 critical plays for your team.

Read Now
Feature procurement risk playbook 0221

Modern Slavery Risk Assessments Are Not Optional

New modern slavery laws are going to fundamentally change and restructure third-party risk management programs. Much as GDPR changed the world’s understanding of and approach to privacy, the EU directive and Germany’s law will change how organizations manage and monitor modern slavery risk in the extended enterprise. I expect to see a further increase in international attention to modern slavery, as well as reputational and financial damage to companies that fail to take action.

Organizations would be wise to expand the scope of their modern slavery third-party risk assessments with this due diligence advice. Third-Party Risk Management is becoming essential for organizations across industries. Risks such as modern slavery, information security, and supply chain disruption continue to grow as organizations rely more heavily on third parties. Companies must start defining an integrated strategy for third-party risk management to address these forthcoming requirements with a unified and consistent approach.

Tags:
Michael rasmussen
Michael Rasmussen
GRC Analyst & Pundit, GRC 20/20 Research
Michael Rasmussen is an internationally recognized pundit on governance, risk management, and compliance (GRC) – with specific expertise on the topics of enterprise GRC, GRC technology, corporate compliance, and policy management. With 28+ years of experience, Michael helps organizations improve GRC processes, design and implement GRC architecture, and select technologies that are effective, efficient, and agile.
  • Ready to get started?
  • Schedule a personalized solution demonstration to see if Prevalent is a fit for you.
  • Request a Demo