In my first post, A Quick Guide to ESG and Risk Management in the Extended Enterprise, I outlined what ESG (environmental, social and governance) is and how it impacts third-party risk management. Next, we looked deeper into a specific aspect of Governance in ESG: anti-bribery and corruption (ABAC). This post discusses a social aspect: how modern slavery can impact your extended enterprise.
Modern slavery risk assessments can enable your organization to determine whether vendors in your supply chain adhere to corporate policies and government regulations regarding forced labor and human trafficking.
Modern slavery exists when people are subjugated by companies and controlled by threats of harm or debts they cannot repay. Human trafficking is a related term used to describe when people are moved between countries (e.g., the slave trade). Slavery is found in the supply chains of corporations producing materials and products, as well as in the forced compulsion of children to make products in factories. In fact, 40 million people are estimated to be enslaved around the world today, resulting in $150 billion in ill-gained profits every year.
The good news is the world has been taking action. Governments in several countries have passed legislation requiring organizations to report on modern slavery in their supply chains. A few examples of legislation include:
Modern slavery laws have largely only required reporting and lacked the teeth of significant fines and enforcement actions. But this is about to change with the world’s focus on ESG (environmental, social and governance). The “S” in ESG has a dominant focus on human trafficking and modern slavery.
Organizations need to start by clearly defining what they are doing to address modern slavery across their extended enterprise of third-party relationships due to pending directives and legislation with an expansive, global scope, including the EU Directive on Mandatory Human Rights, Environmental, and Good Governance Due Diligence and Germany’s corresponding Corporate Due Diligence Act.
Consider that the governing EU directive, which is to become country law in each EU member country, is projected to impact any organization with operations in Europe with more than 250 employees and/or more than €50 million in annual revenue. So, if an organization has any presence in Europe – regardless of where it is headquartered – then it will have to address the requirements coming from this directive. Germany’s legislation is the first EU country legislation to support this directive and is expected to become law in the same timeframe that the EU directive gets finalized.
These new laws are NOT like the UK Modern Slavery Act and California’s Transparency in Supply Chains Act, which are mere reporting requirements. Instead, they are expected to have significant enforcement penalties, sanctions and large administrative fines (similar to anti-trust or GDPR fines). Compliance with these laws will require thorough and continuous due diligence of third-party relationships in the context of environmental practices, social and human rights, and governance to address corruption.
This new legislation provides some directives on what vendor due diligence should be conducted. For the purposes of the upcoming EU Directive, due diligence should be understood as the obligation of an undertaking to take all proportionate and commensurate measures and make efforts within their means to prevent adverse impacts on human rights, the environment, or good governance from occurring in their supply chains, and to address such impacts when they occur.
In practice, due diligence is meant to identify, assess, prevent, mitigate, cease, monitor, communicate, account for, address, and remedy the potential and/or actual adverse impacts on human rights. Due diligence examines social, trade union and labor policies; environmental impacts such as pollution and greenhouse gas emissions; and governance practices over a company’s operations and its business relationships in the supply chain.
Due diligence should not be a “box-ticking” exercise. Instead, it should consist of an ongoing process and assessment of risks and impacts, which are dynamic and may change on account of new business relationships or contextual developments.
Managing ESG Risks Across the Extended Enterprise
This analyst report from GRC 20/20 uncovers best practices for including ESG in your third-party risk management program.
New modern slavery laws are going to fundamentally change and restructure third-party risk management programs. Much as GDPR changed the world’s understanding of and approach to privacy, the EU directive and Germany’s law will change how organizations manage and monitor modern slavery risk in the extended enterprise. I expect to see a further increase in international attention to modern slavery, as well as reputational and financial damage to companies that fail to take action.
Organizations would be wise to expand the scope of their modern slavery third-party risk assessments with this due diligence advice. Third-Party Risk Management is becoming essential for organizations across industries. Risks such as modern slavery, information security, and supply chain disruption continue to grow as organizations rely more heavily on third parties. Companies must start defining an integrated strategy for third-party risk management to address these forthcoming requirements with a unified and consistent approach.