Two years on from the introduction of the UN Guiding Principles on Human Rights, how are companies managing the landmark framework?
Business potentially infringes almost all aspects of human rights. How and to what extent remains a debate, and varies from company to company. But the truth of that potential now stands beyond doubt. That much is spelt out in the UN Guiding Principles on Human Rights, which the UN Human Rights Council fully endorsed in June 2011.
Drawn up by John Ruggie, the guiding principles set out broad norms for companies to follow with respect to their own immediate operations as well as their business relationships. Binding these norms together are the three governing themes of the Protect, Respect, Remedy framework.
But what are the management approaches that companies use to implement the UN framework? And how are these integrated into existing systems and strategies?
Setting out your stall
If you don’t have a human rights policy, get one. That’s the first piece of advice of any guidance document on the subject (see box). Setting out your stall helps provide clarity – clarity for employees on how they should act, and clarity for stakeholders on what they should expect.
Policy statements need sign-off. Boards don’t put their name to just anything. If a company’s leaders publicly commit to respect all internationally recognised human rights, you can bet they will take it seriously. Well, more seriously than if it’s just a throwaway line in a corporate responsibility report.
Some companies may choose to integrate such policies into existing codes of ethics. Others (increasingly) are opting for standalone human rights statements, which do away with any potential ambiguity. Either way, businesses need to make sure their suite of other corporate policies line up with the language and intent of any new or revised human rights position.
With regard to content, the best policies strike a balance between the general (namely, the mandatory tenet to abide by all international norms) and the specific (ie the issues arising from what your business does, and where in the world it does it). The most credible policies spell out upfront the measures and means by which they will be monitored and enforced.
Consultation: four syllables that echo throughout the UN’s guiding framework. It’s imperative that business recognises that human rights are about people first, and business second. From the get-go, companies need to be engaging with those inside and particularly outside their gates. Only then can decision-makers draw a true picture of how their activities may affect other people’s rights.
The complexity of human rights issues presents another reason for companies to look outside their own four walls. “It’s very unusual that companies have the human rights expertise that they need,” says Peter McAllister, executive director at the Ethical Trading Initiative (ETI). Even for those companies with a good grasp of the issues, having an outside expert look through your business intelligence “through a different lens” can be invaluable, he adds.
Raising awareness represents a second critical element that needs to be addressed at the outset. You can’t assume all employees will have the same understanding of human rights. Cultural context matters. So a widespread internal communications campaign is vital.
So too is training. And good training at that. Knowing the UN charter inside out is no good if managers and staff don’t know how to apply such norms in practice. E-learning courses are an increasingly pervasive tool for educating employees (especially new recruits) and, in some cases, business partners too. Nothing beats face-to-face training, however, especially on specific issues that are germane to specific functions. Think child trafficking for flight attendants, for example, or race equality for human resource professionals.
ETI’s McAllister is no fan of “classroom-based, recite-after-me” forms of training when it comes to human rights. Training primarily needs to address individuals’ attitudes towards human rights. That can only really be done through dialogue, he says. McAllister has no time for “hours spent” as a performance indicator for training either. Indicators should focus on training outputs, not inputs, he insists. He says: “How would you go back in six months’ time and see if your training of a supervisor, for example, has translated into behaviour change or attitudinal change that you can measure?” Another issue to think about from the off.
Another consideration that requires clarity from day 1 centres on governance. Evidently the board should have general oversight for human rights, but the nuts-and-bolts task of implementation needs closer handling. Often, responsibility sits within corporate or legal affairs functions or, when such things exist, within corporate responsibility departments.
That makes sense as professionals in these fields are usually most informed on the subject, but the danger is that human rights become their issue rather than everyone’s. Better, then, is to design some kind of cooperative, cross-functional (and, if possible, pan-regional) approach.
Margaret Wachenfeld is director of legal affairs at the Institute for Human Rights and Business. She’s frank about the perils of silo thinking in corporations, saying: “If you don’t bring your colleagues along in this discussion, when the crisis hits they won’t have the understanding to respond in an appropriate way.”
Getting real about risks
Some human rights abuses come at companies from out of the blue. Most don’t. Or, at least, they shouldn’t. A good due diligence system can pick up so-called “red flag” issues. Hydroelectric companies should be awake to the implications of human rights impacts arising from forced community resettlement, for instance. Likewise, data management firms should be alert to the risk of privacy invasion.
Many human rights risks are less obvious. They change according to context. Indigenous rights aren’t a big issue if you’re operating in Uruguay (whose indigenous ethnic minorities were wiped out more than a century ago), but could well emerge as a critical flashpoint in neighbouring Brazil.
Issues change with time, also. A case in point is security, which can yo-yo from negligible to extreme in a flash. A human rights assessment isn’t something you do once and then never revisit. Cultural, political and social conditions need to be assessed on a recurrent basis.
Annemarie Muntz, director of public affairs at employment services provider Randstad Holdings, says: “You can never sit down and relax if you look at implementing the Ruggie principles. The world is changing; the world is moving so you have to move with it. Anticipate.”
An anticipatory approach requires access to good information. For large organisations, that often means developing advanced data-gathering systems or, preferably, tapping existing ones. Structured cross-functional collaboration, clear internal reporting requirements, and regular interactions with external experts are all valuable tools in the data collection. Similarly, data on socio-political developments, labour practices and other trends that influence respect for human rights (or lack thereof) are essential. Once more, stakeholders themselves hold vital clues.
Obtaining the necessary information is only half the battle. The other half – the really important half – is what to do with that information once you have it. Risk assessment will always be something of a guessing game. You’re juggling probabilities, not certainties. Still, having an exacting, comprehensive matrix in place enables you to look at all potential risks from every possible angle. That can give you a good idea of each risk’s potential severity and likelihood. That in turn significantly ups your chances of making the right call as to the critical “what”, “whose”, “how” and “when” questions relating to human rights.
Anna Turrell is a senior consultant at specialist advisory firm DNV Two Tomorrows. Her advice to companies is to home in on the most material risks. “Before getting too bogged down in the documentation, the guidance and the standards that exist … first you need to start with a really comprehensive understanding of what these issues mean to your business.”
Doing no harm
First, do no harm. The phrase dates back to ancient times (“primum non nocere” is how the Romans phrased it) and is traditionally associated with the medical profession. The business and human rights field could do well to adopt it.
Don’t mistake the “do no harm” motto as a mandate to be passive, warns IHRB’s Wachenfeld. “Sometimes there’s some confusion that companies think that because it says ‘do no’, then as long as they do nothing it’s fine,” she says. Not so. Once companies have mapped their risks, they need to take action.
The necessary course of action is obvious when the abuse is actual and irrefutable. If you are the perpetrator, stop the abuse. Immediately and for good. For most large corporations, the reality is less clear cut. The offending party could be a business partner or another firm further down the supply chain. In such cases, companies must firstly ensure they are not playing any contributing role. That done, they need to pressure the guilty firm to refrain from abusive activities – what in the terminology of the guiding principles is defined as “leverage” (see box).
The recent decision by brands such as Primark, Marks & Spencer and Calvin Klein to sign the ILO’s Accord on Fire and Building Safety in Bangladesh is illustrative. All these brands have commercial relations with factories in Bangladesh, but typically do not own them. A collaborative initiative of this nature uses the brands’ purchasing power to pressurise factory owners to reduce the risk of the recurrence of tragedies like April’s Rana Plaza collapse.
Of course, taking action implies trade-offs. A lucrative business relationship might be jeopardised, or a profitable supply line cut off. Whoever it is that oversees human rights management needs to have the decision-making clout to make those calls. They also need to be well resourced. Engagement, for instance, is a labour-intensive task. If your human rights team is well meaning yet mid-ranking and under-staffed, there’s little hope of headway.
Best practice encourages firms to have local-level grievance mechanisms in place. A vague “email us at …” approach will not suffice. To be effective, such mechanisms must have the confidence of stakeholders. That requires grievance mechanisms to be legitimate, accessible, predictable, equitable, transparent, “rights compatible” and a source of ongoing learning, the guiding principles advise (principle 31). Such mechanisms can act as an alternative to usual judicial process, but should by no means preclude it.
Done well, and the mix of due diligence plus mitigation should radically reduce the probability of human rights impacts occurring. It won’t rule them out entirely, though. Responsible companies therefore need a second level of processes in place to address and remediate abuses if and when they happen (principle 22). Human rights abuses cannot be “offset” like carbon emissions, Wachenfeld warns. Remediation needs to be fair, transparent and appropriate to the specific abuse suffered by an individual.
Going public on performance
Only with quantitative and qualitative data can a company have any real sense of its implementation efforts. Obtaining this information is similar to the challenge faced within the due diligence process. If systems are in place for the latter, then extending these for the purposes of monitoring should be relatively simple: a mix of internal and external sources, feedback loops and audits, and, yes, as much stakeholder engagement as you can stomach. Obviously, extra layers of monitoring are required for “red flag” areas of high risk.
Monitoring isn’t just about checking on progress. Close analysis of performance enables companies to see emerging or repeated trends that may help them reduce the risk of reoccurrence. Where specific interventions are shown to reduce risks of abuses, then the company has an insight worthy of adopting elsewhere – not only in its own operations, but also potentially further afield. In addition, a detailed understanding can inform companies’ action plans, moving from risk reduction to tackling the root causes behind the threat to human rights.
Without monitoring systems, you have no substantive, credible message. Perhaps that’s the greatest virtue of monitoring. Communicating progress – especially in response to specific stakeholder concerns – is fundamental to human rights management. Culturally, it is tricky for many companies to make themselves accountable, especially on such sensitive (and, in reputation terms, combustible) themes. Issues of commercial sensitivity or the privacy of individuals may also be a factor.
Proportionality and materiality provide helpful rules of thumb when it comes to determining how much to report and on what issues. Generally, stakeholders (especially government authorities, investors and a small but growing tranche of customers) want to know that a company has the processes and systems in place to take human rights risks seriously. If an issue flares up, however, businesses need to be ready – and willing – to provide the detailed answers that affected parties deserve.
The UN Protect, Respect, Remedy framework
Protect: the state’s duty to protect against human rights abuses by third parties, including businesses, through appropriate policies, regulation and adjudication.
Respect: the corporate responsibility to respect human rights, meaning that businesses need to avoid infringing the human rights of others and address adverse impacts with which they may be involved.
Remedy: the need for greater access to effective remedy for victims of business-related human rights abuses, through both judicial and non-judicial means.
The UN guiding principles: four key concepts
Internationally recognised human rights
Companies cannot cherry-pick norms. The guiding principles require the observance of all internationally recognised human rights. Guiding principle 12 also indicates that businesses may also have to take into account specific legislation covering vulnerable groups, such as indigenous peoples or ethnic minorities.
Companies are required to consider how severely their operations might impact the rights of individuals. Severity is determined by three factors: the seriousness of the impacts (scale), the extent of those impacts (scope) and the permanence of the impacts (irremediability).
Direct responsibility, plus complicity
Companies need to ensure that they are not responsible for human rights abuses through their own direct activities, or complicit in abuses arising from their business relationships with third parties. In the case of wrongful practices by their business partners, large companies are expected to exert “leverage” to persuade them to correct such practices.
The guiding principles give a central role to “meaningful” stakeholder engagement. Companies are expected to interact and consult with potentially affected stakeholders on an ongoing basis. Evidence of stakeholders’ concerns being integrated into management decisions is necessary, especially with regard to complaints and remediation efforts.Human rights Oliver Balch reputation supply chain UN Principles