Traditional methods of supply chain risk management have focused on commercial aspects of procurement and on contingency planning, with a view to ensuring favorable supply terms and business continuity.
However, against a backdrop of increasingly globalized and complex supply arrangements, stakeholder expectations have evolved.
Changing Legal Landscape
There are ever greater calls for businesses to consider and address the sustainability of their supply chains, and this is matched by a changing legal landscape as regulatory requirements start to be imposed. Prudent businesses are investing in supply chain management systems that take greater account of human rights risks and impacts, business integrity, and supplier conduct.
GCs will have noted the introduction of reporting requirements seeking to encourage businesses to know their supply chains, conduct due diligence, and report on steps they have taken.
For example, the UK Modern Slavery Act requires certain businesses to report on what they have done to ensure there is no modern slavery in their supply chains. Similar requirements exist in California and Australia and are proposed in Canada and Hong Kong.
Large French companies must prepare and report on a ‘vigilance plan’ through which they identify and manage human rights risks (amongst other things), including in relation to suppliers. Human rights-related supply chain due diligence requirements are proposed in Switzerland and in the Netherlands (in relation to child labor).
EU requirements for non-financial reporting demand that certain large organizations report on human rights matters and their approach to supply chains (amongst other things).
‘Soft’ Law Gaining Prominence
Some of these initiatives have been shaped by ‘soft’ laws, such as the UN Guiding Principles on Business and Human Rights (UNGPs). These are not legally binding, but widespread business convergence around them means that they have been highly influential.
They require businesses to respect human rights, including by assessing through due diligence actual and potential human rights impacts arising from their own activities, or those to which they contribute or are directly linked through their business relationships (including suppliers and customers). Businesses are expected to act upon their findings, track the effectiveness of their efforts and communicate openly about them.
While the UNGPs are not alone in governing this area, they set the standard for international corporate best practice, with courts and regulators using them as a reference point with increasing frequency.
Businesses are under mounting pressure to integrate UNGP requirements into their risk management systems to keep pace with their peers, ensure they can present a credible narrative to support their compliance with relevant ‘hard’ laws. This typically requires a cross-functional effort, drawing on the skills of GCs and their teams, compliance professionals, and those with subject matter expertise (whether in-house or external).
For many businesses this represents a significant challenge. Even gaining a meaningful understanding of the complex web of suppliers supporting their business can be a gargantuan task.
In this context it is never possible to eliminate the risk of problems arising, but for GCs a key part of managing legal and other risks is to ensure that information is obtained promptly, so the business can react quickly if an issue does arise in order to establish the facts, work with the supplier to remedy the problem, and communicate its approach to stakeholders.
GC Tips and Trends
Trends and practical tips that GCs supporting their businesses are deploying:
- Publishing supplier codes of conduct which are aligned with both “hard” and “soft” law standards, codifying their minimum expectations of suppliers.
- Requiring suppliers to ensure that their own suppliers adhere to those codes and policies.
- “Mapping” suppliers to gain a better understanding of their supply chain, and adopting a risk-based approach to focus efforts on higher risk supplies or jurisdictions.
- Including human rights-related “red flags” into supplier selection processes, which can be done as part of basic third party due diligence, to ensure those with known problems or operating in challenging environments can be easily identified.
- Increasing their leverage in supplier relationships by including contractual protections, and seeking transparency in the form of audit, access and reporting obligations.
- Expanding existing risk management systems to include supply chain risks, facilitating prompt identification, management, and elimination or mitigation of risks and impacts.
- Undertaking in-depth human rights impact assessments on high risk parts of their supply chain.
- Seeking to build capacity with suppliers identified as high risk (e.g. through training), and working with those identified as non-compliant on remedial plans.
- Seeking to build “collaborative leverage” by engaging in strategic partnerships with industry associations, unions, NGOs, and other multi-stakeholder initiatives.
- Reviewing their approach to communications, to ensure clear, accurate and timely messaging on supply chain issues and a realistic call out of the complexities and limitations of effective supply chain management.
- Prioritizing their efforts and preparing an action plan for continuous improvement.
This column does not necessarily reflect the opinion of The Bureau of National Affairs, Inc. or its owners.
Rachel Barrett is a partner at Linklaters in London. She has extensive experience in crisis and risk management with particular expertise in environment, sustainability and human rights.