Mobile Nav
Shift

Are There Risks in Knowing and Showing?

In this opinion article – originally delivered as a speech to the BSR human rights working group – former corporate lawyer and Shift General Counsel and Senior Advisor John Sherman argues that potential concerns about conducting due diligence are more than offset by the benefits of doing it.

October 2012 | John S. Sherman III; Shift | Pages: 6

This speech by Shift General Counsel John Sherman was delivered to the BSR human rights working group on October 22, 2012.

As some of you know, I was a member of John Ruggie’s UN mandate team. We helped him draft the UN Guiding Principles on Business and Human Rights. I was a former in house counsel for 30 years. I retired in 2008 as deputy general counsel of National Grid, a large US/UK utility. I was a jack-of-all-trades as a lawyer, but my day job was litigation. My job on the UN mandate team was to speak the voice of the corporate lawyer. I’m now with Shift, a nonprofit 501(c)3 organization that John Ruggie chairs. It’s staffed with people who helped him draft and shape the UNGPs. We’re dedicated to implementing the Guiding Principles.

Our goal in the mandate was both principled and pragmatic—to craft a management system to enable companies to respect human rights, but not to create something so foreign that it would activate the immune systems of companies, which otherwise would send out antibodies to destroy the alien object.

Tonight, I’ve been asked to talk about the risks of a core component of the business responsibility to respect human rights—human rights due diligence. Specifically, I’m gong to talk about the risks that— by knowing their human rights impacts, and by showing what they’re doing to address them— companies may actually increase their legal liability profile, rather than reduce them.

In a nutshell, I think that potential concerns about conducting human rights due diligence can be managed, and that they are more than offset by the benefits of doing it. To explain, I need to review the concept of human rights due diligence and place it in context.

Recap of the Guiding Principles

To review, the Guiding Principles rest upon three independent but interrelated pillars: the state duty to protect against human rights abuses by third parties, including business; the corporate responsibility to respect human rights, which means to avoid infringing on the rights of others and to address negative impacts with which a company is involved; and the need for greater access to effective remedy.

I’m going to focus on the second pillar—the corporate responsibility to respect human rights. It requires businesses to know and show that they are respecting human rights through the following: 

First, companies should have a high level policy commitment to respect human rights, supported by operational level policies, training and incentive structures that embed the company’s commitment from the top of the organization to the bottom. (Guiding Principle 16) | See the entire text of the Guiding Principles

Second, companies should have human rights due diligence processes (Guiding Principle 17), consisting of: assessing actual and potential impacts on human rights arising from the company’s own activities and through its business relationships, including assessing them from the perspective of affected stakeholders as well as the company (Guiding Principle 18); integrating the findings from such assessments and taking action to ensure that the company is addressing its impacts coherently, across corporate silos. (Guiding Principle 19); tracking the effectiveness of efforts to address human rights impacts, including through operational level grievance mechanisms (Guiding Principle 20), and communicating these efforts to affected stakeholders, and where appropriate, reporting on them publicly, such as where impacts are or may be severe. (Guiding Principle 21)

Finally, companies should cooperate in legitimate state-based and non-state-based grievance mechanisms to remediate human rights harms that the company caused or contributed to, including by establishing or participating in effective operational level grievance mechanisms. (Guiding Principles 22, 29 and 31)

Concerns About Knowing and Showing

What may concern some is the “knowing and showing” part of the human rights due diligence process, which is at the process at the heart of the corporate responsibility to respect human rights. The perceived risk is that this requires businesses to gather and disclose information for the benefit of their adversaries—in court and in public campaigns. So let’s look at this in some detail.

The two key Guiding Principles are GP 18—Risk Assessment—and GP 21—Communication.

Guiding Principle 18 requires a company to assess the actual and potential adverse human rights impacts with which it may be involved—through its own operations, and also, through its business relationships, such as its supply chain. Assessing risks is of course nothing new for businesses; it is a fundamental requirement of proper corporate governance, because a company cannot properly manage risks that it does not know exist. And getting involved in human rights problems is a risk for companies, even when measured by the company’s bottom line. Guiding Principle 18 does require businesses to assess their human rights impacts through “meaningful consultation with potentially affected groups and other relevant stakeholders.” However, it does not mandate making the entire risk assessment public. Moreover, it does not require the company “to assess the human rights record of every entity with which they have a relationship.” Rather, it requires them to assess, “the risk that those entities may harm human rights, when acting in connection with the enterprise’s own operations, products or services.” (See Interpretive Guide section 7.8.)

Guiding Principle 21 provides that businesses should communicate how they are addressing their human rights impacts, particularly when stakeholders raise concerns. It requires companies to report formally, but only on the risks of severe human rights impacts—i.e., those that are large scale, large scope, or are irremediable.

Here are the requirements for a communication: It should be in a form and frequency that reflects the severity of the impacts. It should be accessible to its intended audiences. It should provide sufficient information to enable a reader assess the adequacy of the company’s response. And most significant for my talk tonight, the communication should “not pose risks to affected stakeholders, personnel or to legitimate requirements of commercial confidentiality.” (Emphasis added).

This language recognizes that businesses have a proper interest in keeping certain matters confidential. To explain this, the Interpretive Guide, prepared by the UN Office of the High Commissioner of Human Rights in December 2011, with Prof. Ruggie’s approval, says, “The legitimate requirements of commercial confidentiality would … include information legally protected against disclosure to third parties.” (See Interpretive Guide section 10.7.)

This recognizes that businesses need a confidential space in which to investigate difficult problems, to evaluate them candidly and realistically, and to communicate them internally, in order to address those problems. GP 21 does not close that space.

Legal Protections

Under US law, this space is protected by doctrines of legal privilege and the work product rule (See (Upjohn v. United States, 339 US 383 [1981]). So I need to give a primer on that, for the non-lawyers in the room. Legal privilege protects communications between an attorney and a client from discovery and use at trial, unless the client waives the privilege. The privilege applies only to the confidential communication itself, but not to the underlying facts. The work product rule provides more limited protection to investigative reports conducted by or for lawyers. It can be overcome by a showing of need by adversaries, such as their inability to get the information in any other reasonable way.

These protections are not boundless. They cannot be abused to, “allow a corporation to funnel its papers and documents into the hands of its lawyers for custodial purposes and thereby avoid disclosure.” (See Radiant Burners, Inc. v. American Gas Association, 320 F.2d 314, 324 [7th Cir., 1963]). One of the things that John Ruggie is fond of saying is that although the Guiding Principles do not impose legal duties on companies, they don’t not exist in a law free zone, either. Existing law requires companies to respect many human rights, such as rights relating to safety, the workplace, and antidiscrimination. In addition, the process requirements of the Guiding Principles are starting to influence the law. 

Here are some examples from the US: The US Department of State has published a draft regulation requiring companies who make new investments in Burma—which has recently emerged from decades of military dictatorship—to report on their policies and procedures with respect to human rights, using the Guiding Principles and concepts of human rights due diligence as a reference point. 31 C.F.R. § 537.321. Section 1502 of the Dodd-Frank Act requires companies to conduct due diligence on their supply chain for products containing certain minerals from the Democratic Republic of the Congo, where mining has fueled armed conflict resulting in the deaths of millions. Section 1502 in turn has spawned California legislation regulating state procurement of products containing conflict minerals from companies in violation of Section 1502. And the California Transparency in Supply Chains Act of 2010 requires large retail and manufacturing companies doing business in California to disclose the efforts they have taken to eliminate slavery and human trafficking from their supply chains.

And then, last but not least, there’s the potential for complicity in gross human rights abuses. That requires some focused attention, because it’s the subject of a separate Guiding Principle. Guiding Principle 23(c) says that companies should treat the risk of causing or contributing to gross human rights abuses—e.g., torture, death, slavery—as a legal compliance issue wherever they operate, even if the applicable legal standards may be unclear.

In other words, a company should act on the prudent assumption that it may legally liable if it causes or contributes to such abuses, in some court somewhere in the world. Kiobel v. Shell is such a case. It was argued before the US Supreme Court twice, in March and October, 2012. Plaintiffs alleged that in the early 1990s, the defendant oil companies had enlisted the support of the Nigerian government to suppress environmental protests by residents against defendants’ oil and gas exploration and production activities in the Ogoni Region of Nigeria. They alleged that members of the Nigerian military “shot and killed Ogoni residents and attacked Ogoni villages—beating, raping, and arresting residents and destroying or looting property—all with the assistance of defendants.”(See Kiobel v. Shell, 621 F.3d 111, 2010 U.S. App. LEXIS 19382, 28M29 (2d Cir. 2010). 

The case was argued before the US Supreme Court on March 7, 2012, on the question of whether corporations—as distinct from their directors, officers, and employees—could be sued in US Courts under the Alien Tort Statute, or “ATS” (codified at 28 U.S.C. § 1350) for their involvement in gross human rights abuses outside the US. Afterwards, the Court requested additional briefing and argument on the Statute’s extraterritorial reach and a second round of argument was heard on October 1, 2012 (See Kiobel v. Shell, ___S. Ct. ___ , 2012 U.S. LEXIS 1998 (2012)).

The ATS has been a significant legal tool for victims seeking to hold international companies legally accountable for gross human rights abuses; a discussion of the merits of the issues before the Court in Kiobel is beyond the scope of this paper. However, the ATS is not the only game in town. For example, in 2007, the SRSG’s identified an “expanding web of potential corporate liability for international crimes – imposed through national courts.” (See Business and Human Rights: Mapping International Standards of Responsibility and Accountability for Corporate Acts, UN Doc. A/HRC/4035 (February 9, 2007), para 22). Countries forming part of this “emerging web” include the United Kingdom and The Netherlands. In those countries, the interaction between their domestic law, and their ratification of the Statute of the International Criminal Court, leads to the potential imposition on corporate actors of criminal liability for genocide, crimes against humanity, and war crimes.

“In this fluid setting,” Prof. Ruggie wrote, “simple laws of probability alone suggest that corporations will be subject to increased liability for international crimes in the future.”

The Role of Lawyers

So what’s a company to do, given the potential risks of legal liability for failing to respect human rights? I think that it would be highly prudent for companies to call on its lawyers for help where it suspects that it has been involved, or has a risk of becoming involved, in gross human rights abuses, in order to take appropriate action. Indeed, Guiding Principle 23 compels such an approach. In such a case, appropriate assertion of legal privilege and work product would not be incompatible with human rights due diligence. Those protections do not apply to underlying facts communicated, and even investigations subject to the attorney work product rule may be disclosed upon an appropriate showing of need.

Caveats

But I’d like to add some caveats. First, I do not want to suggest that a company’s responsibility for respecting all human rights should be vested in a company’s legal department and made a matter solely of legal compliance and legal risk. Under the Guiding Principles, the challenge for companies is also about improving relationships and changing ways of doing business. Guiding Principle 23(c) simply recognizes that, regardless of the uncertainty of the law in particular jurisdictions, a company’s involvement in gross human rights abuses would be such an egregious calamity for the company and society that its lawyers should be proactively engaged in preventing it, as they would be engaged in the prevention of any serious corporate crime.

Second, even where assertion of legal protection is justified, a reflexive resort to it, wherever possible, is not a good thing. It may be in tension with the need to head off or reduce problems by building relationships with external stakeholders based on mutual trust. Building trust between companies and stakeholders is the purpose of Guiding Principle 21—and indeed—underpins the corporate responsibility to respect. This requires being candid and open about problems and taking responsibility when things go wrong (See Susskind and Field, Dealing with an Angry Public: The Mutual Gains Approach to Resolving Disputes (Free Press, 1996), pp. 160-177). In the end, the decision to assert legal privilege with respect to assessments of a company’s human rights performance should not be reduced to a simple “on or off” switch—where the default is “on.”

Finally, as one who has spent some time in court defending companies, if the facts demonstrate that one of your own people, or your business partners, is involved in unethical activity, you’re far better off being able to demonstrate that you acted proactively to discover the facts yourself, and tried to deal with it, rather than to be named and shamed afterwards. As John Ruggie said“Conducting due diligence enables companies to identify and prevent adverse human rights impacts. Doing so also should provide corporate boards with strong protection against mismanagement claims by shareholders. In Alien Tort Statute and similar suits, proof that the company took every reasonable step to avoid involvement in the alleged violation can only count in its favour.”

Thank you.

Close Overlay