international regulatory enforcement
Integrating Human Rights and ESG into International Regulatory Compliance: Governance Considerations
As we wrote toward the end of 2020, the risks associated with business and human rights, and ESG more generally, have led a growing number of companies to create human rights/ESG management systems or to integrate human rights/ESG into existing compliance programs. Relying on the UN Guiding Principles on Business and Human Rights (“UNGPs”), we listed six core elements of human rights/ESG compliance programs – which are generally part of effective international regulatory compliance programs. We promised to provide detailed posts regarding each individual element where we will discuss the key components of that element and how its presence in anti-corruption and other compliance programs can be leveraged for human rights/ESG. This first post discusses an element of paramount importance but subject to less scrutiny, at least so far: Governance.
Governance, in this context, reflects the structural management and oversight of a compliance program. It includes the role of the board, the responsibilities and accountabilities of management, metrics, and key performance indicators to help track a program’s robustness and effectiveness. Each of these issues is discussed below.
Board Oversight. With increasing frequency, governments and stakeholders expect that boards of directors will oversee human rights/ESG issues, as they do anti-corruption, sanctions, and AML. As a general proposition, board responsibility for key compliance areas is generally considered a hallmark of an effective program. For instance, the U.S. Department of Justice (“DOJ”) and the Securities and Exchange Commission both consider board oversight of anti-corruption programs to be critical to its effectiveness. DOJ has made the same proclamation for anti-trust programs, as has the UK Serious Fraud Office in the context of the UK Bribery Act. Vesting authority with the board is a clear demonstration of a company’s commitment to human rights/ESG issues, and creates accountability for management in designing and implementing a program that is comprehensive and effective.
Board oversight is now a regular feature of proposed human rights and ESG legislation, and domestic litigation. The U.K. and Australian Modern Slavery Acts, mandating disclosure of steps taken by the organization to address modern slavery in operations and supply chains, require that company reports are approved at the board level. Canada’s proposed Modern Slavery Act, Bill S-216, also references potential board attestation regarding relevant reports. Early drafts of the widely anticipated EU legislative directive on mandatory diligence creates distinct and detailed board-level responsibilities. A new Swiss law, to be adopted in the wake of the vote on the contentious Responsible Business Initiative, requires board of director approval of reports regarding non-financial matters, including human rights, anti-corruption, environmental, and other social issues. In the United States, companies can expect heightened human rights/ESG attention by regulators as the incoming Biden Administration placed ESG issues front and center during their campaign, most notably in climate change and diversity. There also is a growing line of U.S. cases looking more critically at whether a company’s board of directors fulfilled its fiduciary duty to the corporation under the Caremark standard in its oversight of the company’s legal, regulatory, and operational risks. With that in mind, corporations can expect to see an increase in shareholder derivative lawsuits, alleging that company boards have breached their duty of oversight. In short, company human rights/ESG issues are becoming engrained as board-level responsibilities.
To formalize that approach, human rights/ESG programs are taking a page from anti-corruption programs, where audit committee charters commonly reflect anti-corruption responsibilities, memorializing human rights/ESG responsibilities in relevant board committee charters. That may include a general reference to human rights/ESG, as exists for some companies, or more granular and detailed references to key areas of responsibilities and policies over which the committee is expected to govern. To fulfill its mandate, boards are regularly receiving reports from management on key human rights/ESG risks – including how salient risks are determined, how they are managed, the effectiveness of those management approaches, and specific issues or dilemmas that arise. Increasingly, boards expect management to include in their reports human rights/ESG metrics and key performance indicators (mentioned below), measuring and reflecting management’s view of the program’s robustness and effectiveness. Further, good practice, as in anti-corruption and other compliance programs, is to appoint to the board at least one individual with sufficient human rights/ESG expertise to enable the board to exercise its fiduciary responsibilities, and to provide the board with education and learning sessions around relevant human rights/ESG risk areas. In fact, certain organizations now offer courses specifically tailored for board members to understand significant human rights/ESG areas.
Management. As with anti-corruption and other regulatory compliance programs, the Office of the High Commissioner of Human Rights (“OHCHR”), in its Interpretive Guide to the UNGPs (at 30), explains that it is important for effective implementation of a human rights/ESG program to have one or more individuals are assigned day-to-day oversight, that they have seniority or status in the organization that engenders respect for their function and gives them authority within the company’s management structure, and that they are given sufficient resources to fulfill their mandate. Of course, as in other compliance areas, it is critical that the individuals involved in driving human rights/ESG have relevant expertise – in the substantive areas of the program, but also in program implementation and project management more generally. It also is important that the function has sufficient headcount and budget to operationalize human rights/ESG throughout the organization.
In terms of how human rights/ESG functions are organized, some companies treat human rights/ESG as standalone functions. They may fall underneath legal, compliance, or another unit on a corporate organizational chart, or they may report directly to a member of senior management (such as corporate affairs). At other companies, human rights/ESG is more fully integrated into legal, compliance, or another function, with employees assigned responsibilities for these and other areas. While there is no “right” way to organize a human rights/ESG function, if human rights/ESG is separate from anti-corruption and international regulatory compliance, frequent communication and close coordination among the groups is critical to avoid silos. Indeed, human rights/ESG problems are often red flags for corruption and other areas, and corruption and other compliance failings are often red flags for human rights/ESG concerns. Close communication and sharing information can create efficiencies and enhanced performance, and avoid approaches that are uncoordinated or not in sync.
By the same token, for programs where human rights/ESG is integrated into another function, it is important that individuals assigned with the day-to-day implementation of human rights/ESG responsibilities have a sufficient substantive understanding of the field. As with any discipline, human rights/ESG is a discrete subject area, with distinct risks, norms, requirements, and frameworks. Depending on the salient human rights/ESG risks facing the company, that expertise may differ. For instance, a food and beverage company may seek particular expertise on modern slavery and food safety, while an extractive company may prioritize environmental, health and safety, and security-related human rights/ESG issues. Indeed, as business and human rights and ESG operate from the primary premise of avoiding harm to stakeholders, and secondarily of avoiding harm to the business – though the business risks are tangible, real and often deeply impactful – even the relevant starting point is different from other international regulatory areas. While an efficient and integrated approach is thus more likely where human rights/ESG is integrated into another compliance function, there is a risk that the distinct aspects of human rights/ESG will be ignored or diluted. That can most effectively be overcome where individuals assigned human rights/ESG have a strong basis of knowledge, or receive external expert support to assist them.
Once the determination is made of where the human rights/ESG program is housed, as with anti-corruption and other compliance areas, programs can then be centralized or decentralized, and for effective operationalization, responsibilities often are “shared” with relevant functional units. For instance, in anti-corruption programs, human resources may have primary accountability for screening potential employees for potential political exposure, with performance monitored or tracked by legal or compliance. In human rights/ESG programs, human resources may have accountability for diversity, anti-discrimination, and modern slavery issues, with performance monitored or tracked by the function in which human rights/ESG has been vested. However it is ultimately structured, close and continued communication across a cross-section of functions is an important facet of success.
Metrics. To measure the program’s performance and assess implementation, as with any program, human rights/ESG increasingly rely on metrics and key performance indicators. The OHCHR, in its Interpretive Guide (at 53 & 56), supports that approach. Metrics and KPIs are important to different stakeholders, for different reasons. They are important to boards and the C-Suite in creating confidence that the program is in place and functioning as intended. They are important management tools, allowing an assessment into whether the program is working to achieve its desired goals, which aspects are performing as they should, and which may need strengthening. Metrics and KPIs also can assist discrete functional units or employees who may contribute to elements of a program, promoting ownership and buy-in. Companies also are using compliance KPIs as performance measurement and compensation tools for individual officers and employees. KPIs and metrics are also clearly important to external stakeholders, who seek evidence of a program’s robustness and effectiveness. They also are frequently referenced and used in the overabundance of benchmarking tools and services. Finally, as disclosure and reporting obligations increase, metrics will be critical to a company’s ability to substantiate those disclosures, thereby mitigating risks of litigation, and companies can expect that regulators, particularly securities regulators, will require disclosure that is standards- or metrics-based. As of today there is a variety of ESG ratings and ESG-related tools and services available in the market. Although the subject of selecting and presenting organizationally appropriate human rights/ESG metrics deserves an entirely separate post, we note for now that many companies start modestly, and gradually enhance their approach over time.
ConclusionThe governance of any compliance program, including human rights/ESG, is vital to its effectiveness. As with all other areas of human rights/ESG compliance programs, much can be learned and leveraged from anti-corruption and other international regulatory compliance programs. Further posts will consider human rights/ESG-related litigation, training, policies and procedures, due diligence, risk assessments and program testing, grievance mechanisms and investigations, and reporting.
 This will be treated as part of a subsequent posting on litigation trends.