The links between business, human rights, and compliance are often nonobvious. Firstly, these are disciplines and discourses that have evolved separately. Secondly, in the few incidental contexts where human rights and compliance have been mentioned together, it has often been in the context of voluntary initiatives that fall at the less compelling end of the compliance spectrum. In reality, however, the two disciplines can complement each other in a multitude of ways. It is arguable that, to the extent that business and human rights on the one hand and compliance on the other share similar ambitions, they should be integrated or at least be used in ways that reinforce each other.
This Essay will explore the key elements of business and human rights that suggest the relevance of the compliance function, while at the same time analyzing the challenges that have prevented the realization of business and human rights through corporate compliance. There are some recent developments that suggest that the discipline of business and human rights and certain aspects of compliance are increasingly evolving together. I hope to be able to draw some conclusions from the discussions.
I. Business and Human Rights
The responsibility of corporations—as with all persons (human and juridical)—to respect the rights of others is well established in law, especially at the national level. At the international level, the subject has become complicated by the fact that the individual has not, until recently, been recognized as an active participant in or a subject of international law. Nevertheless, the issue of corporate adverse human rights impacts has been part of the international discussions for a while and most certainly since the 1970s. This is the context in which the Organization for Economic Cooperation and Development (OECD) adopted its Guidelines for Multinational Enterprises (OECD Guidelines) in 1976 and so too the International Labour Organisation’s (ILO) Tripartite Declaration on Multinational Enterprises and Social Policy (ILO MNE Declaration).
In contrast, the early efforts of the United Nations to adopt similar normative standards in the form of a Code of Conduct did not yield much fruit. Understandably, there was no consensus or common understanding concerning the applicability of international human rights standards to the activities of corporations. In the absence of a clear normative standard or credible narrative on the subject, disparate conversations that referenced human rights concerns took place in different contexts including corporate social responsibility, corporate citizenship, and corporate ethics. The emerging imprecision and uncertainty was the subject of critical comment, most famously by Milton Friedman in his 1970 article in the New York Times Magazine.
However, the business and human rights label crystalized in the late 1990s and 2000s with the advent of three important turning points: (i) the adoption of the United Nations Global Compact (2000); (ii) the presentation and rejection of the Draft United Nations Norms on the Responsibilities of Transnational Corporations and Other Business Enterprises with Regard to Human Rights (UN Norms) (2003); and (iii) the endorsement by the United Nations Human Rights Council of the Guiding Principles on Business and Human Rights (UNGPs).
II. The United Nations Guiding Principles on Business and Human Rights
Among the emerging standards on business and human rights, the UN Guiding Principles on Business and Human Rights (Guiding Principles, UNGPs) command the support of most stakeholders including governments, business enterprises, and civil society groups. In seeking to define ways for governments and business enterprises to prevent, mitigate, and ultimately eliminate corporate adverse human rights impacts, the Guiding Principles seek to draw upon common understandings of existing standards between stakeholders. They do not create new normative standards but rather elaborate “the implications of existing standards and practices that are integrated within a single, logically coherent and comprehensive normative representation. Set out under three broad headings (pillars)–protect, respect, remedy–they define the duties and responsibilities of governments and business enterprises in protecting and respecting human rights.
The first pillar of the state duty to protect against human rights abuses by third parties under the Guiding Principles emphasizes the importance of states taking steps to create effective policies, legislation, and regulations to prevent, investigate, punish, and redress human rights abuses. The UNGPs’ second principle provides an excellent opportunity for states to set out their expectations to all business enterprises within their jurisdiction to respect human rights in their operations. Other important operational indicators of the state duty to protect human rights include the need for both horizontal and vertical policy coherence (Principle 8) and for extra vigilance in the regulation of business in conflict-affected areas (Principle 7) or when there is a state-business nexus (Principle 4).
Under Pillar II, the corporate responsibility to respect human rights, the Guiding Principles not only emphasize the need to avoid infringing on the human rights of others (Principle 11), but also prompt business enterprises to track their infringements and to demonstrate how to avoid them. This “knowing and showing” principle is operationalized through the conduct of a human rights due diligence by businesses (Principles 15–20) and the communication of outcomes of those due diligence policies (Principle 21). The corporate responsibility to respect human rights covers both direct and indirect impacts—in other words, impacts that are linked to the enterprise’s operations, products, services, or through their business relationships, “even if they have not contributed to those impacts” (Principle 13).
Finally, the Guiding Principles under Pillar III—access to remedy—emphasize the need for an integrated application of different redress mechanisms including formal judicial, administrative, and non-judicial processes (Principles 25–27) alongside corporate grievance mechanisms (Principles 28–30). The Guiding Principles set out important criteria by which to determine the effectiveness of non-judicial grievance mechanisms. These include legitimacy, accessibility, predictability, transparency, and human rights compatibility (Principle 31). In addition, for operational-level grievance mechanisms, the Guiding Principles recommend the engagement and dialogue with stakeholder groups as especially necessary.
III. Corporate Responsibility to Respect Human Rights
To the extent that prevention, mitigation, and redress of adverse human rights impacts are important objectives under the UNGPs, they share some elements of the compliance function. As recently argued by one participant of this online symposium, the compliance process involves the four stages—prevention, detection, investigation, and remediation—elements that look quite similar to the requirements under the UNGPs. The main platform under the UNGPs for business enterprises to achieve prevention and mitigation of adverse human rights impacts is through the principle and practice of due diligence (Principles 17–21) which is not dissimilar to the compliance practice. A sustainable human rights due diligence assessment will entail a rigorous mapping of a number of procedural and substantive indicators, including the relevant legal and normative standards, the actual or potential human rights impact, consultation with potentially affected groups, and review and communication of outcomes. This has led some scholars to draw parallels with current human rights impact assessment regimes, that, while tracking adverse impacts, tend to be driven by the requirements of specific statutory and regulatory standards (such as labor law) and are therefore narrow in their focus. Due diligence accommodates wider self-driven ambitions including prevention. Importantly, the rise of human rights due diligence within corporations has affirmed the point laid clearly in the UNGPs that a company’s established risk management strategies for its environmental and social impact assessment, its health and safety strategy, and its anti-corruption policy may reveal significant information related to human rights concerns.
This review of internal strategies may be complemented by a clear appreciation of industry benchmarks that form part of the particular sector’s business culture or as may be set out in industry guidelines such as the Voluntary Principles on Security and Human Rights. Similarly, setting out the enterprises’ response to intergovernmental business and human rights initiatives such as the OECD Guidelines or the Global Compact will help determine the starting point for an effective human rights due diligence assessment. All of these potential corporate human rights opportunities may respond to some, but not all, of the expectations of corporate responsibility to respect human rights. Therefore, the gaps revealed by this review may contribute to the determination of a more focused way forward.
Even with the potential overlaps between the UNGPs’ idea of due diligence on the one hand and the existing impact assessment strategies on the other, the two concepts may be distinguished primarily because of the former’s specific focus on internationally recognized human rights as its point of reference, which is not always or necessarily the same as the traditional impact assessment strategies. One scholar has insightfully argued:
One of the key strengths of utilizing human rights as an analytical basis is that [human rights assessment impacts (HRIA)s]measure impacts in terms of codified human rights standards . . . and the obligations to which they give rise[ ] have been elaborated in case law, or at the very least in expert commentary by academic scholars.
The UNGPs also firmly establish that in any human rights due diligence exercise, it is always useful to map out the company’s human rights exposure in the sector in which the business is undertaken, the country in which the operations take place, and with respect to the enterprise’s associations within the value and supply chain (Principle 17). Different sectors have different sorts of human rights exposure and most of these may already have been documented and shared within the industry. Any human rights due diligence exercise needs to be aware of these well-known risks. The enterprise must also understand the human rights situation of the country in which its operations take place to ensure that any risks posed by its presence or activities can be avoided, mitigated, or redressed. The instances where the human rights exposure is a consequence of the actions of third-party business operations are also important and ought to be documented as part of any effective human rights due diligence strategy (Principle 18).
Most enterprises already have a distinct human rights footprint as part of their activities. Knowing the contours of this footprint and appreciating the steps taken to curtail its adverse impacts forms a crucial part of crafting an effective due diligence strategy. It is this response to the known human rights footprint that will determine the level of awareness of the matter and how senior management and the different departments of the company respond to human rights in the business.
Knowing and showing that an enterprise respects human rights starts with a rigorous and comprehensive mapping of the human rights landscape showing gaps and weaknesses that may define the direction that due diligence should take. This mapping exercise will inform whether the human rights due diligence strategy should be a standalone policy or one that may be incorporated into existing mechanisms—like a firm’s broader compliance program—within the company.
The substantive evidence for crafting the strategy must, however, be applied in a structured process that takes account of all stakeholders. Within the company itself, the strategy will need to ensure that all departments within the company are aware and have a role in the development of the due diligence strategy. After all, the implementation of the strategy is more likely to succeed if it is based on a sense of shared ownership, rather than if it is restricted to a specialized department. Along the same lines, a more sustainable human rights due diligence strategy must make room for contributions from external stakeholders, including industry peers and affected communities (Principle 18).
Human rights due diligence is simultaneously empowering and challenging. The principle empowers a business with the appropriate knowledge with which to adjust its strategy so as to be compliant with its responsibility to respect human rights. In other words, to the extent that the responsibility to respect human rights entails the management of risk, the conduct of due diligence enables the company to take control of how the entire business value and supply chain responds to its human rights responsibilities and thus avoid the risk of being named and shamed when adverse effects occur.
Human rights due diligence is also a challenge because there is, as yet, no prescribed manner for undertaking this task, primarily because it is an emerging scheme but also because its very nature depends on context and the knowledge available at a certain time. Furthermore, human rights due diligence is not an event or a one-off undertaking. It is, instead, a process that continues throughout the business undertaking and thus imposes an ongoing responsibility for which the enterprise must be at the cutting edge of the due diligence process and the identification of risks.
Human rights due diligence therefore raises the compelling question of whether, if undertaken in good faith, it may serve as a defense to subsequent revelations of previously unidentified adverse impacts. It must be argued strongly that this cannot be a sustainable argument in defense of adverse risks and impacts. It is incumbent upon the business as part of its continuing review of the risks to appreciate and avoid or mitigate new risks or adverse impacts. Effective due diligence is therefore a long-term undertaking based on a shared understanding of its contents developed over time through a process of shared learning by the community of human rights impact assessment practitioners, scholars, corporate executives, and civil society representatives.
The significance of the combination of preventive and remedial measures under the Guiding Principles as a credible governance regime is the opportunity that it offers to stakeholders (governments and business enterprises) to take appropriate steps as determined on their own, within the individual circumstances of their situation, to prevent adverse human rights impacts. In the context of the Guiding Principles, although prevention and remediation are meant to complement each other, it is important that primacy is given to the prevention of adverse human rights impacts. If stakeholders take effective preventive measures, the likelihood of adverse impacts and therefore the need for remedial action is reduced. Business can relate well to the emphasis on prevention as it allows them to be proactive in their human rights strategy rather than reactive to allegations of adverse impacts over which they have little or no control.
IV. Corporate Practice
The mechanism by which the UNGPs perceive business enterprises to respect human rights coheres with the processes of corporate compliance, in terms of seeking to prevent human rights violations and upholding important values that help to secure the integrity of the enterprise. The ideal representation of the human rights due diligence framework assumes that companies will rise to their responsibilities in this regard with rigor and good faith. The evidence from corporate practice concerning human rights tends to represent human rights as a moral rather than a legal standard. Therefore, it is perceived as part of the company’s discretionary responsibility. Such voluntary and self-regulatory initiatives have tended to be applied strategically at best and often with cynicism that leads to an excessively elastic interpretation of the scope and impact of corporate human rights responsibility. This, according to some scholars, has created a sense of skepticism about corporate self-regulatory initiatives that will in turn generate intense scrutiny of the application of human rights due diligence regime under the UNGPs. For James Harrison: “Stakeholders will want to be re-assured that the HRIA represents a robust and meaningful process that will identify the most significant human rights and concerns, even where the identification of such issues might be seen as causing problems for the companies concerned.”
Furthermore, when human rights have been acknowledged in the current business practice, it is generally categorized as part of corporate social responsibility (CSR). While CSR has been the subject of critical comment by scholars and business executives alike, it has found a place in the drive for some corporate compliance strategies, even if only at the weak and loose end of the compliance spectrum. Although CSR is traditionally grounded in corporate philanthropy and the importance of giving back to society and thus at the discretion of managers, it is not difficult to appreciate the practical (if not necessarily the conceptual) overlaps between CSR and business and human rights. Florian Wettstein presents three stages of interfaces between CSR and business and human rights, claiming the first wave to represent sporadic events such as corporate CSR positions in South Africa during the Apartheid era. He identifies a second wave in the 1990s when the focus of CSR was fixed on the adverse impacts in corporate supply chains and sweatshops. The final wave of interface is the recent coming together of CSR and human rights under the global compact and the UN Guiding Principles on Business and Human Rights.
CSR and business and human rights (especially the UNGPs) are by no means entirely aligned because CSR continues to be grounded in managerial discretion and strategic value to the enterprise while business and human rights emphasizes responsibilities of enterprises, human rights entitlements, and the dignity of stakeholders. The two conceptual foundations are not mutually exclusive or incompatible either. It is possible to recognize the common objective of both the moral and legal imperatives in seeking to humanize business. This is especially true as the international standards of business and human rights take root in national policy and legislation requiring business enterprises to adjust their focus, expectations, and understanding of the scope of CSR. It is therefore arguable within the context of human rights that CSR is moving along a developmental continuum from its laisse faire roots of managerial discretion to a state-guided understanding that relies on the language of responsibilities and stakeholder entitlement, which may make the field of compliance a natural complement to and powerful tool for human rights efforts. The Modern Slavery Act (2015) in the UK, similar legislation in Australia (2018), and the French Diligence Law (2017) are examples of how this transformation is gradually taking place.
One more—and perhaps the most compelling—argument for blending business and human rights and the compliance function is the substantive similarity of the grounds covered by both business and human rights and corporate compliance. In other words, it is possible to compile the commonality of subjects, topics and issues that are already the subject of corporate compliance on the one hand and business and human rights on the other. However, differences have often tended to lie in the labels and titles attributed to many fields covered by the two disciplines. In simple terms, compliance—under criminal laws, tort laws, labor laws, environmental protection laws, health and safety laws, civil rights laws (including antidiscrimination), privacy laws, and human trafficking laws, to mention a selection—is, in terms of substantive content, no different from the human rights protections foreseen under business and human rights. There may, admittedly, be some fundamental structural differences between these two regimes, including the differences in terminology, processes, place and role of stakeholders, and the embedded biases of each legal regime. In this respect, the differences between the primary beneficiaries of corporate compliance when compared with business and human rights is illustrative. Many view corporate compliance as aimed at securing the integrity of the organization from litigation and regulatory penalties while business and human rights seeks to protect more than the company, including its internal and external stakeholders. Nevertheless, careful scrutiny of these differences suggests more synergies than real tensions and therefore should not prevent collaboration. These important synergies are unfortunately often overlooked because of deep-rooted traditional understandings and approaches to the two disciplines that have contributed to clouding the full appreciation of their interrelationships. The challenges posed by the separation of the disciplines will be explored next.
V. The Challenges
The compliance function covers a wide spectrum of undertakings ranging from the compelling and legally binding rules underwritten by statute and regulatory agencies on one end to the weak and not infrequently vague moral standards underwritten by ethics on the other. Between these extremes, there are many other compliance standards with varying degrees of rigor. To date, one challenge concerning the placement of human rights in the traditional compliance discourse is that human rights is often viewed, at best, as a moral standard that must not frustrate business standards such as the freedom of the market. This rather unfortunate representation is sadly an entrenched one even in the face of evidence that human rights standards are, in many instances, legally compelling. The discussions tend to revolve around the formality of the label of “human rights” rather than about the substantive content of human rights. Careful interrogation of this subject reveals that most of the human rights standards that are so casually dismissed as peripheral to the conduct of business and corporate compliance already exist under various headings of legal compliance. The laws concerning labor rights, anti-discrimination, and privacy, for example, have strong roots in and connections with human rights law. Similarly, corporate compliance standards concerning antitrust, environmental sustainability, bribery and corruption, money laundering, taxation, food safety, and financial services raise indirect human rights compliance expectations.
The evolving identity of human rights has understandably been a source of confusion in this respect. In its original representation, human rights placed restraints on the activities of public actors. Human rights were originally calibrated in a vertical relationship between governments, public authorities, and the individual, but this has since been challenged with the recognition of equally harmful inter-individual violations of human rights. This is the context in which corporate adverse human rights impacts exist in the field of business and human rights. This evolving identity of human rights has generated a tension of equally compelling values concerning the concept of freedom: the freedom of the market and the freedom of the individual. The issue is therefore less about the applicability of human rights in the conduct of business and more about the reconciliation of the tensions generated by competing values. It is in this respect of seeking reconciliatory mechanisms that the UNGPs are especially valuable.
There are other challenges of similar character that have constrained the appreciation of business and human rights founded on the dichotomy between international law and national law. This is especially true for jurisdictions such as the United Kingdom and to some extent the United States that adopt the dualist approach to international law in national practice. In these jurisdictions, international standards are foreign law and may only form a part of national law after a process of formal incorporation. This has contributed to the separation between business and human rights on the one hand and the corporate compliance function on the other because the former is seen as foreign law. This may be understandable but, in view of the globalization of modern business, the growing importance of international standards should not be overlooked. In fact, one would expect that such standards would be welcome and embraced within traditional compliance frameworks.
This situation, however, is not helped by the fact that there currently exist no legally compelling business and human rights standards that are directly binding on business enterprises. All the current business and human rights standards, such as the OECD Guidelines for Multinational Enterprises, do not come with a compelling enforcement mechanism and so most corporate executives tend not to prioritize them. Indeed, a legally compelling regime of business and human rights will not only help to focus minds of managers and executives but will also bring more certainty in the expectations of actors. However, it is important not to exaggerate the significance of the soft law nature of the UNGPs and other business and human rights standards. To do so is to create an unnecessary excuse for actors who fail to appreciate the importance of the issues proposed by the international standards. Rather, it is valuable to look beyond the formality of the character of the business and human rights standards to the significance of the values that they represent.
As a regime, business and human rights is important, necessary, and valuable, but it comes with resource implications in terms of personnel expertise, training, and financial requirements. That some corporations have compliance departments as large as the entire personnel of other companies is an indication of the challenges that compliance requirements pose for small and medium-sized corporations (SMEs). In such circumstances, priority is often given to compliance standards founded in law and regulation. When business and human rights standards are not represented as legally binding, they are bound to be less of a priority for some corporations and especially SMEs. In most economies, SMEs constitute between ninety-five and ninety-nine percent of the economic base. So if business and human rights are to have a sufficiently transformative impact, a credible approach has to be designed to reach out to SMEs. The compliance function would be ideal for the implementation of business and human rights standards in this respect if the legally compelling character were appreciated and communicated to these enterprises. For the moment, getting SMEs to embed business and human rights standards into their activities remains a challenge.
The challenge to the application of the compliance function to business and human rights is not always from the perspective of the corporate executive. Human rights activists have not represented the compliance function as a credible avenue by which to implement business and human rights standards. Some of them argue against the compliance route because of the manner in which compliance tends to reduce corporate legal and other responsibilities to specific matrixes, often seen as tick-box exercises driven primarily by the interests of the enterprise. Allegedly, this is not particularly suitable for the dynamic nature of human rights responsibilities that aim to secure the rights of a wider stakeholder community. This inflexible representation of corporate compliance is indefensible because, in the implementation of the UNGPs, for example, it is fairly well understood that there is no silver bullet and one size does not fit all. In certain circumstances, the so-called tick-box approach to compliance with the UNGPs may prove valuable. It may, where necessary, raise frontline managers’ awareness about human rights in the conduct of their activities. This is a good initial step to further improvement of the human rights situation of the corporations involved. In any case, it is not entirely correct to claim that corporate compliance seeks to secure the integrity of the enterprise alone. Many corporate compliance regimes such as those concerning food safety, financial services, human trafficking, and modern slavery seek to protect third parties often beyond national boundaries. This is precisely the ambition of business and human rights, which makes the corporate compliance function a useful tool for implementation of business and human rights standards.
Business and human rights have come a long way since the tense discussions at the United Nations about the proposed Code of Conduct for transnational corporations. It is now fairly accepted, thanks to the initiatives such as the UN Guiding Principles on Business and Human Rights and the 2011 revisions to the OECD Guidelines for Multinational Enterprises, that corporations have a responsibility to respect human rights. These normative standards, while drawing inspiration from legally binding international human rights standards, are nevertheless soft law instruments without strong enforcement mechanisms and so leave it to individual stakeholders to determine how best to implement their duties and responsibilities. For private corporations, the compliance function could be a valuable process for ensuring the respect of human rights.
In seeking to help corporations navigate ways of preventing, mitigating, and redressing adverse human rights harms, the recommendations of the UNGPs are not dissimilar to the compliance process for similar responsibilities of corporations. The conduct of human rights due diligence as proposed by the UNGPs is an excellent illustration of the congruence of business and human rights processes and those of the compliance function. Indeed, it is important to note that some of the standards such as workplace health and safety, antidiscrimination, anti-human trafficking, and labor laws that already apply the compliance function within corporations are in substance human rights protections. This should make for a smooth transition for the implementation of business and human rights standards using the compliance function. Admittedly, this will require more than the mere transposition of human rights responsibilities into existing compliance processes. There will, no doubt, be the need to adjust existing processes to suit the specific requirements of human rights.
The task of implementing business and human rights responsibilities using the compliance form is not expected to be without challenges. Some of these challenges are reviewed in this paper. While they may not be ignored, this paper has demonstrated that the challenges are not insurmountable. This is especially true of those challenges that are based on traditional representations of human rights in business that are, upon critical inspection, out of date. With globalization, it is necessary to seek global and international solutions and, therefore, long-established local traditions may have to take account of emerging international initiatives. International standards, including those set out in soft law instruments deserve as much attention as laws and standards passed by national legislatures. It is this sort of flexibility in the management of corporate processes that will make it possible to take advantage of the compliance form in the implementation of business and human rights standards.
Michael K. Addo is the Director of the Notre Dame London Law Program, Notre Dame Law School.