Author: Paul Curwell
Introduction
This article is the second in a series on Australia’s Modern Slavery Act, this time with a focus on due diligence practices. Readers of my previous post may recall that one of the requirements of the MSA is to ‘Describe the actions taken by the reporting entity and any entities it owns or controls to assess and address these risks, including due diligence and remediation processes‘ (p29). The Guidance goes on to say that due diligence is a key term within the UN Guiding Principles (pp46-47), and directs readers to the OECD Due Diligence Guidance for Responsible Business Conduct as a source of ‘key international standards and guidance’ (p90).
In this second article, I aim to help readers understand the Australian Government’s expectations of a Reporting Entity’s human rights due diligence program so as to comply with the MSA in a clear and practical manner.
The UN Guiding Principles establish the concept of ‘human rights due diligence’
The United Nations Guiding Principles on Business and Human Rights (UNGPs) were endorsed by the United Nations Human Rights Council in June 2011. The UNGPs are intended to apply to both nation states and businesses regardless of factors such as size or jurisdiction, and set out the intended duties and responsibilities of both parties. Under the UNGPs, what constitutes ‘human rights’ are defined as those rights outlined in the International Bill of Human Rights and the International Labour Organisation Declaration on the Fundamental Principles and Rights at Work (UNGP 12).
Of the 31 Guiding Principles, three in particular establish responsibilities for business in relation to human rights due diligence, as follows:
- GP 13 – requires businesses to avoid causing human rights impacts through their operations or activities, and to seek to prevent or mitigate any adverse human rights impacts linked to them
- GP 15 – states that in order to meet their human rights responsibilities, businesses should have: (a) a human rights policy, (b) a human rights due diligence process, and (c) a process to enable remediation
- GP 17 – states that human rights due diligence is required by business to ‘identify, prevent, mitigate and account’ for adverse human rights impacts. This activity “should include assessing actual and potential human rights impacts, integrating and acting upon the findings, tracking responses, and communicating how impacts are assessed”
The Australian Government’s Modern Slavery Act Guidance for Reporting Entities is aligned to the UNGPs, hence an understanding of them is useful when designing a due diligence program in order to comply with the Modern Slavery Act.
The OECD’s Multinational Enterprise Guidelines compliments and expands upon the UNGPs
In May 2010, the governments of the 42 OECD and non-OECD countries which adhere to the OECD Declaration on International Investment and Multinational Enterprises and related Decision, of which Australia is a member, commenced work to update the original OECD Multinational Enterprise (MNE) Guidelines originally developed in 2000. In addition to providing concepts and principles, the Guidelines provide specific guidance in eight domains:
- Human Rights
- Employment and Industrial Relations
- Environment
- Combating Bribery, Bribe Solicitation and Extortion
- Consumer Interests
- Science and Technology
- Competition, and,
- Taxation
The revised version of the MNE Guidelines included a new chapter on Human Rights which is consistent with the UNGPs. The MNE Guidelines are intended to provide “non binding principles and standards for Responsible Business Conduct”, and are “the only multilaterally agreed and comprehensive code of responsible business conduct that governments have committed to promoting” (p3).
The MNE Guidelines contain a number of requirements pertaining to Human Rights Due Diligence (i.e. Modern Slavery Act due diligence practices), however this guidance aligns with that of the UNGPs and does not warrant repeating.
Why should the OECD’s MNE Guidelines matter to Australian businesses?
Australia is a signatory to the OECD Declaration on International Investment and Multinational Enterprises and Decisions. To effect this, the Australian Treasury manages Australia’s OECD MNE ‘National Contact Point’ to promote and implement the MNE Guidelines. The Government expects Australian businesses to comply with the MNE Guidelines and the OECD Due Diligence Guidance for Responsible Business Conduct and associated sector due diligence guidelines (see below) as they “represent standards of behaviour that supplement Australian law and therefore do not create conflicting requirements“. Non-judicial complaints can be brought against Australian businesses, and are investigated by an Independent Examiner (currently WA Barrister Mr John Southalan).
To assist business in interpreting and implementing the MNE Guidelines, the OECD has produced its Due Diligence Guidance for Responsible Business Conduct, supported by additional sector specific due diligence guidance for:
- Institutional Investors
- Responsible Corporate Lending and Securities Underwriting
- Garment and Footwear industry
- Extractives
- Agriculture
- Minerals
The OECD also introduces new sector-specific guidelines periodically.
The OECD has developed guidance for business on how to undertake ‘human rights due diligence’
As an Australian, I struggle with the way the ‘human rights due diligence’ concepts are presented in the UNGPs and OECD guidelines. We so frequently design our governance, risk and compliance frameworks along the lines of ISO31000 – Risk Management and ISO19600 – Compliance Management Systems that it is easy to forget these elements are not so ingrained overseas.
I raise this because the OECD Due Diligence Guidelines for Responsible Business Conduct (DDGs) introduce a six-step due diligence process which contains some functions we might ordinarily consider constituting part of a risk and compliance framework, as follows (Figure 1, p21):
- Embed Responsible Business Conduct into policies and management systems
- Identify and assess adverse impacts in operations, supply chains and business relationships
- Cease, prevent or mitigate adverse impacts
- Track implementation and results
- Communicate how impacts are addressed
- Provide for, or cooperate in, remediation where appropriate
Although the OECD states that businesses may not see these elements as being exclusive to a due diligence program per se, the DDG also states the focus of human rights due diligence processes should be external to the business itself (as opposed to risk management’s traditionally internal focus) and focused on its extended operations, products or services, and its ‘business relationships’ (what Australians might consider as Third Party Risk Management).
Human Rights Due Diligence can build off (although it is broader than) traditional transactional or ‘Know Your Counterparty’ (KYC) due diligence processes
The DDGs are not intended to replace those practices commonly referred to as ‘Know Your Customer‘ (KYC), ‘Know Your Supplier‘ (KYS), ‘Know Your Partner‘ (KYP) or ‘Enhanced Due Diligence‘ (under AML/CTF laws, legislated in Australia as ‘Enhanced Customer Due Diligence’) (p16). These due diligence activities are different to human rights due diligence, albeit there will likely be some overlap, and commonly focus on around some variation of the following nine key areas:
- Identification and Identity Verification
- Legal entity formation and directors
- Determination of Beneficial Ownership
- Financial viability, credit ratings and performance
- Litigation, bankruptcy & lien searches
- Name screening (adverse media, Politically Exposed Persons, Sanctions)
- Assessment of management’s style, integrity, competence and track record
- Reputation in business, industry, the company or community
- Disclosed and undisclosed Conflicts of Interest, Related Party relationships and other red flags
Simplifying the OECD’s six-step due diligence process
When I look at the OECD’s six-step due diligence process outlined earlier, Step 2 constitutes what I would consider to be the crux of the actual due diligence (Figure 1, p21). The purpose of Step 2 is to “identify and assess actual and potential adverse impacts associated with the enterprise’s operations, products or services”, which the guidance decomposes into four elements:
- 2.1 – Develop an enterprise-level risk assessment to identify the areas of highest risk based on a range of internal and external factors, including information gaps. Complete the due diligence from areas of highest to lowest risk
- 2.2 – Undertake iterative and increasingly in-depth assessments of operations, suppliers and other business relationships to identify and assess adverse Responsible Business Conduct impacts, starting with the highest risk areas first from 2.1 (above)
- 2.3 – Assess whether the enterprise caused (would cause), contribute to, or whether the adverse impact is (would be) directly linked to its operations in order to determine an appropriate response (i.e. is it actually involved, or potentially involved)
- 2.4 – Prioritise the most significant risks and impacts for action based on severity and likelihood
Step 2.1 will resonate well with anyone familiar with the principles of risk management in that resources should always be concentrated towards those areas of the highest risk exposure.
Step 2.2 is an interesting one. In Terrorist Diversion (Routlege, 2021), I wrote the chapter on due diligence practices for non-profit organisations. In this, I outlined a risk-based process where the level (extent) of due diligence initially undertaken is predicated on the perceived inherent risk prior to commencing due diligence. Where indications are encountered that an entity is actually higher risk whilst performing the diligence, the extent of diligence can be easily increased. Step 2.2 aligns with these principles.
Steps 2.3 and 2.4 start to get into matters of liability and social responsibility for any identified (or potential adverse) findings, and subsequently a treatment plan. Depending on your organisation, this may or may not be the responsibility of the team actually performing the due diligence itself.
To make it easier for readers to follow all of this, I have developed this simple cheat sheet which I hope will be a useful resource (please remember to cite me appropriately).
Further Reading
- Allens – Business and Human Rights legal practice
- Australian Government (2018). Commonwealth Modern Slavery Act 2018: Guidance for Reporting Entities, Department of Home Affairs, Canberra.
- Curwell, P. (2021). Modern Slavery, Human Trafficking & People Smuggling? (Part I), https://paulcurwell.com/2021/04/30/modern-slavery-human-trafficking-people-smuggling-part-i/
- Curwell, P. (2021). How do you assess management’s track record?, https://paulcurwell.com/2021/03/27/how-do-you-assess-managements-track-record/
- OECD (2011). OECD Guidelines for Multinational Enterprises, OECD Publishing.
- OECD (2018), OECD Due Diligence Guidance for Responsible Business Conduct, OECD Publishing
- The Australian National Contact Point (AusNCP)
- United Nations (2011). Guiding Principles on Business and Human Rights: Implementing the United Nations “Protect, Respect and Remedy” Framework, Office of the High Commissioner for Human Rights, New York and Geneva.
DISCLAIMER: All information presented on ForewarnedBlog is intended for general information purposes only. The content of ForewarnedBlog should not be considered legal or any other form of advice or opinion on any specific facts or circumstances. Readers should consult their own advisers experts or lawyers on any specific questions they may have. Any reliance placed upon ForewarnedBlog is strictly at the reader’s own risk. The views expressed by the authors are entirely their own and do not represent the views of, nor are they endorsed by, their respective employers. Refer here for full disclaimer.