international regulatory enforcement

The Integration of Business and Human Rights Into International Regulatory Compliance: Transparency & External Reporting

December 15, 2021

By Jonathan C. Drimmer, Tara K. Giunta, Nicola Bonucci, & Renata Parras

Around this time last year, we started a series of posts that have focused on leveraging anti-corruption compliance programs to include business and human rights risks and ESG risks more generally - by creating human rights/ESG management systems, or by integrating human rights/ESG into existing compliance programs.  In our inaugural post, we identified six central components of human rights/ESG compliance programs, which also are present in effective international regulatory compliance programs, and can drive implementation of the UN Guiding Principles on Business and Human Rights (“UNGPs”).  We promised to provide posts dedicated to each individual element and how its presence in anti-corruption and other compliance programs could be leveraged to address human rights/ESG.

This is the sixth such post in our series, focusing on Transparency (posts on Due Diligence, Governance, Policies and Procedures, Training, and Reporting and Remediation are here).  A fundamental underpinning of the UNGPs, as made clear in Principle 15, is that “Business enterprises need to know and show that they respect human rights.”  While the other components we have discussed relate to “knowing,” this post relates to “showing.”  There are several ways that companies can meet those responsibilities, learning from and leveraging pathways from other international regulatory and compliance programs.

Anti-Corruption Transparency

It is well-accepted that the concept of transparency is critical to mitigating risks of corruption.  Indeed, the Extractive Industries Transparency Initiative, Canada’s Extractive Sector Transparency Measures Act, and the EU’s Accounting Directive all are premised on the theory that public disclosure of government payments will reduce corruption risks.  A number of civil society organizations also are dedicated to fighting corruption through transparency, including Publish What You Pay and Transparency International.  The UN Convention Against Corruption (“UNCAC”) repeatedly talks about transparency as a tool to fight corruption: Article 10 focuses on Public Reporting; Article 12(c) focuses on promoting transparency among private entities; and Article 13 references the participation of civil society in the fight against corruption and “enhancing the transparency of and promoting the contribution of the public to decision-making processes.”  Companies further use transparency strategically, such as with contract and bidding requirement disclosures, to mitigate the risk that government officials will try to take advantage of their positions for personal enrichment.

However, transparency is rarely referenced by enforcement authorities in the context of effective anti-corruption programs.  The Department of Justice’s Evaluation of Corporate Compliance Programs (“ECCP”) does not mention transparency or public disclosures.  While it talks about making policies known to third parties, and providing information to employees about a range of activities, it does not reference the publication of information.  The U.S. Department of Treasury’s OFAC compliance guidance is the same.  The FCPA Resource Guide (at 14) only mentions transparency in the context of giving gifts to government officials.  International resources are only slightly more fulsome.  The UK’s Bribery Act Guidance (“Bribery Act Guidance”) (at 22, 34, 40) quickly mentions that procedures that can help prevent bribery include: “Transparency of transactions and disclosure of information,” policies that commit the company to transparency, and transparent relationships with charitable organizations.  Similarly, Agence Francaise Anticorruption’s Guidelines (“French Guidelines”) (at 63) mentions the importance of transparent bidding procedures.  The OECD also has a new anti-bribery recommendation, stating that countries should encourage “company management to make statements in their annual reports or otherwise publicly disclose their internal controls, ethics and compliance programmes or measures, including those which contribute to preventing and detecting bribery.” 

Consistent with these resources, companies – while mindful of disclosing potential risks or challenges they may face given the obvious legal exposure - often publish their anti-corruption policies and strategies, bidding procedures and information, and relevant metrics about their program.  In fact, guidance from leading public-disclosure authorities, such as the Sustainability Accounting Standards Board (“SASB”), specifically reference this kind of transparency.  These may appear on company websites or in larger sustainability reports.   

Human Rights/ESG Reporting

In the human rights/ESG context, there is increasing demand for companies to be more transparent about their commitments and performance against those commitments.  Disclosure features prominently in the OECD Guidelines for Multinational Enterprises, as an entire chapter is dedicated to it.  Regulators, customers, investors, and civil society organizations are seeking clear and detailed information from businesses about their impacts on third parties and the environment, and how they are identifying and mitigating risks.  Legislation also increasingly presses companies to make public their human rights/ESG risks and impacts.  As with anti-corruption, it is generally perceived that enhanced transparency will help drive positive change.

            The UNGPs

Consistent with that, the UNGPs place primacy on human rights/ESG reporting, repeatedly discussing the importance of “knowing and showing” a company’s human rights processes and how risks are addressed.  For instance, UNGP 16(d) focuses on a company’s human rights commitment.  Much as with good practice in the anti-corruption space, where key processes are made public, it references the importance of making the human rights commitment publicly available. 

Far beyond the anti-corruption context, however, in the human rights/ESG space, businesses are expected to report on their salient risks and impacts, and on how they address them.  UNGP 21 addresses company transparency, and states, “In order to account for how they address their human rights impacts, business enterprises should be prepared to communicate this externally, particularly when concerns are raised by or on behalf of affected stakeholders.  Business enterprises whose operations or operating contexts pose risks of severe human rights impacts should report formally on how they address them.”  UNGP 21 also calls for reporting in “a form and frequency” accessible to intended audiences, by providing “information that is sufficient to evaluate the adequacy of an enterprise’s response to the particular human rights impact,” or to “legitimate requirements of commercial confidentiality.”  The Commentary further references “topics and indicators” regarding identifying and addressing adverse impacts.  Many of these same concepts are addressed at length by the UN Office of the High Commissioner for Human Rights, in The Corporate Responsibility to Respect Human Rights, An Interpretive Guide (57-62).   

Likewise, UNGP 31(e), as part of discussing effectiveness criteria for operational grievance mechanisms, stresses the importance of transparency, including “providing sufficient information about the mechanism’s performance to build confidence in its effectiveness and meet any public interest at stake.”  As the relevant Commentary notes, as with the metrics associated with SASB-compliant reporting, “[p]roviding transparency about the mechanism’s performance to wider stakeholders, through statistics, case studies or more detailed information about the handling of certain cases, can be important to demonstrate its legitimacy and retain broad trust.” 

            Regulation and Investor Demands

In addition to the soft law principles enunciated by the UNGPs, governments increasingly are demanding that companies formally report on human rights and ESG risks and processes.  These may be through supply chain-related disclosures, such as under the UK or Australian modern slavery acts or the California Transparency in Supply Chain Act.  They also may be through mandatory due diligence laws, such as in France, Germany and Norway, which typically require companies to identify potential risks, institute mitigating measures, evaluate the effectiveness of those measures, and report publicly on these steps.  The anticipated draft EU Directive on Corporate Due Diligence and Accountability also operates from this type of a disclosure framework.  The EU Non-Financial Reporting Directive requires the publication of a variety of human rights/ESG-related risks.  In the ESG space specifically, mandatory climate change reporting is now common and expected to grow.

Investors also are seeking public information related to human rights/ESG.  These may be through pressures to conduct and make public impact assessments, investment and engagement frameworks that consider human rights and ESG disclosures, and through other means.  For instance, the Investor Alliance for Human Rights, a group of institutional investors with a collective $5.8 trillion in assets are pressing companies for greater human rights disclosure, and the Principles for Responsible Investment is working to add human rights to its reporting framework by 2025.  Similarly, BlackRock, the world’s largest asset manager, stated earlier this year, “[W]e are asking the companies that we invest in on behalf of our clients to … publish a disclosure in line with industry-specific SASB guidelines by year-end, if you have not already done so, or disclose a similar set of data in a way that is relevant to your particular business.”

            Human Rights/ESG Reporting

That said, even when it is not required or demanded, companies increasingly are reporting on their human rights/ESG risks and strategies to help build stakeholder credibility and shareholder accountability.  At present, there are a few common practices.  Similar to anti-corruption and other international regulatory compliance regimes, companies often include human rights in their public facing Codes of Conduct and may also have distinct publicly-disclosed human rights policies consistent with UNGP 16.  Beyond that, however, some have lengthy standalone human rights or sustainability reports, while others place discrete information in differing places on their websites.  The content can vary widely, from highly granular reporting supported by a variety of metrics, to more general disclosures. 

Several key resources, such as the Corporate Human Rights Benchmark and Shift’s Human Rights Reporting and Assurance Frameworks Initiative, provide detailed insights into the substance and content of reporting coverage, and are gaining resonance.  SASB’s standards, covering a wide variety of industries, also impose tailored policy and risk-management metrics to enable objective assessment of corporate responsibility.  The Global Reporting Initiative (“GRI”), also a prominent ESG reporting framework, was recently amended to include human rights due diligence in line with the UNGPs.

Consistent with these sources and the UNGPs, in order to be effective, human rights/ESG reporting should be specific and detailed, and not shallow corporate marketing.  Some of the features connected to good reporting are:

  • Human rights/ESG vision.  Good reports often will talk about the company’s strategy or vision for human rights/ESG, including where the company is on its journey, future planned activities in implementing processes, and ways that the company can contribute to the realization of human rights/ESG consistent with the Sustainable Development Goals.  Companies also often talk about their partnerships with civil society, academic institutions, and others in the context of discussing their human rights/ESG strategy. 
  • Program structure.  Good reports often explain the company’s programmatic approach to addressing human rights/ESG risks and impacts, including (a) the governance structure for a human rights/ESG program (or to support addressing human rights/ESG risks), (b) policies and procedures implementing the company’s human rights/ESG approach and addressing the pathways through which salient human rights/ESG risks may arise, (c) how the company trains and educates on the program, (d) the company’s due diligence approach, and (e) grievance mechanisms and how it considers remediation.  The due diligence approach ideally should include how risks and impacts are assessed, mitigating measures taken to address the risks and impacts identified, the effectiveness of those mitigating measures and the methodology used by the company in making that determination. 
  • Salient risks.  Good human rights/ESG reporting will include a discussion of the company’s “salient risks,” discussed at length by Shift’s human rights reporting framework.  Salient human rights/ESG issues reflect the most substantial potential negative impacts of the company’s activities or business relationships on rightsholders and stakeholders, regardless of the impact on the business.  Salience is premised on four factors: (i) severity (how grave and widespread the impact might be), (ii) remediability (how hard it would be to correct), (ii) prevalence (how widespread the impact would be), and (iv) likelihood (how likely it would be that the harm would occur).  Good reporting will include a statement of the company’s salient issues, the methodology through which those issues were determined, and how they are being addressed.
  • Collective action.  Human rights/ESG reports often discuss steps the company is taking in conjunction with industry groups or trade associations to address larger human rights/ESG issues, including public policy matters. 
  • Dilemmas.  Good reports often reflect on human rights/ESG challenges the company may have faced or be facing, what it has learned from addressing those challenges to date, and how it intends to approach addressing the dilemmas in the future.
  • Stakeholder engagement.  Effective disclosures also talk about the company’s approach to understanding the perspectives of stakeholders who may be negatively affected by the company or its value chain, and how those perspectives are incorporated into the company’s business strategy, policies, and procedures.
  • Data and metrics.  Human rights/ESG disclosures often effectively include data, key performance indicators or other metrics that demonstrate the robustness and effectiveness of program elements.  These can include metrics regarding training, diligence exercises, policy reviews, formal communications efforts, stakeholder engagement, the number and results of audits and assessments, and other criteria.  Regarding grievance mechanisms in particular, companies commonly report demographics associated with grievances, including where they are lodged, the nature of the concerns raised, and the ways through which grievances are resolved.
  • Reporting frameworks.  Good human rights/ESG reports seek to adhere to leading reporting frameworks, such as SASB, the Global Reporting Initiative, and other leading industry and sector-specific standards.  Companies increasingly are moving toward an integrated reporting model, which uses common content published in a range of different formats, to create efficiencies and consistency.

We urge caution, however.  While transparency is a critical underpinning of human rights/ESG programs, companies are wise to review their disclosures carefully.  As with anti-corruption, care should be taken to avoid disclosing risks and information that can support litigation against the company.  Indeed, pressures on enhanced transparency have caused companies to make statements that they may not be in a position to sustain with sufficient data, and which therefore have been cited in support of or as a basis for corporate litigation.  Corporate disclosures may unwittingly provide substantive support to litigation, including the disclosure of potential legal risks that can help form a basis of liability.  There also are a rash of corporate cases premised on alleged false statements in human rights/ESG non-financial disclosures, which have led to securities fraud lawsuits, derivative shareholder actions, deceptive marketing or trade practices litigation, and even regulatory investigations.  The SEC’s climate and ESG task force is premised on this notion.  Human rights/ESG disclosures can also provide procedural support to litigants; company sustainability and human rights-related reports increasingly are used against companies to establish parent liability, establish jurisdiction, and for other means.  Companies should respond by addressing their non-financial disclosures with the same degree of care as their financial disclosures, subjecting them to substantive and legal scrubbing, in light of these risks.  Truly effective disclosure, thus, offers transparency and provides specific insights, while avoiding legalistic caveating and creating undue legal risk.


Perhaps more than any other area of international regulatory and compliance programs, which focus on mitigating risks to the company, transparency is a hallmark of human rights/ESG programs.  There are some practices in anti-corruption, such as the publication of policies and processes that roughly correlate to the transparency expectations in human rights/ESG.  But the “know and show” philosophy that animates the UNGPs creates a substantial distinction from other programs, and has led to a burgeoning field of human rights/ESG reporting supported by regulation, investor demand, and good practice.  It is a field that is growing rapidly.

Practice Areas

For More Information

Image: Jonathan C. Drimmer
Jonathan C. Drimmer
Partner, Litigation Department
Image: Tara K. Giunta
Tara K. Giunta
Partner, Litigation Department
Image: Nicola Bonucci
Nicola Bonucci
Partner, Litigation Department

Get In Touch With Us

Contact Us