Knowledge of Human Rights Risks - Company Friend or Enemy?
Commentary, 03 March 2010
By John Sherman, Senior Fellow, Harvard Kennedy School of Government
Is knowledge of human rights risks a company’s friend or its enemy? No one likes bad news, and messengers who deliver it may choose to do so gingerly. But it’s critically important for a company to investigate, understand, and act on facts - however unpleasant - that might pose real risks to it and its stakeholders in order to ensure that it addresses those risks.
If we have learned nothing else from the financial crisis, it is this - the failure by companies to understand and respond to the true nature and depth of their risks can devastate them and society. This principle is as true for human rights risks as it is for other company risks.
In order to reduce the risk of business-related human rights abuse, companies should conduct "human rights due diligence". This is the conclusion of Harvard Kennedy School Professor John Ruggie, who is the Special Representative of the UN Secretary-General for Business and Human Rights (SRSG).
Conducting due diligence is how companies demonstrate that they meet their responsibility to respect human rights; i.e., not infringe on them. This is a core component of the Protect, Respect, Remedy framework developed by the SRSG, which has enjoyed widespread global uptake by governments, business, and civil society following his first report to the UN Human Rights Council in 2008.
The four components of human rights due diligence are establishing a human rights policy, conducting a human rights risk assessment, integrating that policy into the company’s operations and culture, and monitoring and tracking performance.
Human Rights due diligence is the most recent in a series of internal controls that companies have implemented since the mid 1990s to manage the risks of adverse impacts that companies can have on stakeholders in such areas as occupational, safety and environmental management, product safety, discrimination, legal compliance, and fraud prevention, among others.
In all of these areas, as in human rights, a company cannot know whether its operations cause problems without first investigating the facts. That requires asking tough questions, the answers to which a company’s managers might not like, and which may require them to take actions they did not anticipate, and to disclose those risks to investors and external stakeholders.
One understandable, but ultimately self-defeating, gut-level reaction might be to take a 'don’t ask, don’t tell' approach, on the theory that knowledge of human rights can itself be a dangerous and risky thing. That is, awkward and uncomfortable facts might be disclosed and used against the company in litigation or in a “naming and shaming” campaign by NGO’s. But treating knowledge as a company’s enemy prevents it from addressing its risks of contributing in human rights abuse. Those risks can generate material costs - financial, constructional, operational, reputational, and otherwise - which a company’s investors and external stakeholders should know about and which the company should address.
There is nothing unique about human rights risks that makes learning about problems more problematic than in other areas of risk. Criminal compliance programs provide corporate boards with strong protection against mismanagement claims by shareholders based on crimes committed by company employees. The same should be true for mismanagement claims based on alleged human rights violations to which the company contributed. Moreover, in defending against claims by victims that a company contributed to a human rights violation, evidence that the company tried in good faith to understand and prevent human rights abuse ought to help the company, not harm it.
As to disclosure, human rights due diligence does require a measure of transparency, since a core purpose is to enable the company to demonstrate to its stakeholders that it is taking effective steps not to infringe on human rights. But this does not eviscerate the ability or the need for companies to seek confidential legal advice from counsel or for lawyers to investigate underlying facts under legal privilege, given the potential risks of legal liability for failing to engage in human rights due diligence. The responsibility to respect is not a legal duty imposed by international law, but it does not exist in a law-free zone either, and elements of it may be reflected in domestic law. Although not all human rights risks may pose immediate legal risks, the likelihood that they will intersect if unaddressed is all the more reason for companies to fully understand them.
In the end, a company is far better off learning about its risks, including human rights risks, than ignoring them. It can’t reduce risks it doesn’t know about in the first place, and it can’t stick its head in the sand to avoid knowing. To quote a Russian proverb, “There is no shame in not knowing; the shame lies in not finding out.”
If you want to know more about this subject, I invite you to read an article that Amy Lehr and I wrote on this subject: Is Human Rights Due Diligence Too Risky?, which was published in the January 2010 issue of the American Bar Association’s CSR Journal. Professor Larry Backer of Penn State Law School also discusses the subject in the February 5, 2010 edition of his well-regarded Law at the End of the Day blog.