Upholding human rights through the lens of due diligence


By Nicolas Tollet – Counsel at Hughes Hubbard & Reed LLP & Athena Arbes – Associate at Hughes Hubbard & Reed LLP


Maintaining human rights has long been presumed to be the primary responsibility of the state. Since the United Nations was founded in 1945, international declarations and conventions calling for protection against violations of, for example, forced labour, discrimination and the right to fair remuneration, were addressed only to governments.

However, with the expanding global market, there has been growing attention focussed on the impact that corporations and international businesses can have on human rights and pressure is on such entities to address these issues when undertaking their activities.

Allegations of exploitation of Syrian refugees[1], forced labour[2] and firing of pregnant women[3] are just  a few of the recent stories about allegations of human rights abuses of workers in factories supplying well-known retailers. While these abuses often occur in factories run by subcontractors and not by the retail corporation directly, companies are expected to know and prevent such abuses and can be held responsible by the press and the public when human rights abuses occur in their supply chain. Increasingly, companies face not only reputational harm but potential legal consequences in the courts, too.

Indeed, the emerging international trend has been to hold companies of a certain size and scope responsible to ensure human rights are respected throughout their supply chains. To do so, over the past decade, international institutions have issued recommendations and, following suit, governments have begun to implement national legislation to create obligations on certain corporations to conduct due diligence focussed on identifying and remediating such abuses.

Guiding Principles

The United Nations was one of the first, and arguably the most influential, international institutions to call for corporate responsibility of human rights. After a six-year study, in 2011 it issued recommendations that were directed both at states and at corporations. These recommendations, entitled the United Nations Guiding Principles on Business and Human Rights, called for businesses to undertake due diligence to enable them to identify, prevent, mitigate and account for how they address potentially adverse human rights impacts caused by their operations.

Since companies vary in size, scope and complexity, the UN acknowledged that a ‘one-size-fits-all’ approach was impractical and recommended that companies undertake a risk mapping exercise. To do so, companies are to evaluate the likelihood and severity of potential and actual impact that their business activities and their business partners may have on various stakeholders, including their own employees, workers in their supply chain, end-use customers of its products and services and local communities. Such an exercise is meant to be conducted periodically, as risks may change according to evolving circumstances.

For companies who have already implemented corruption-focussed due diligence procedures in their compliance programmes, this approach may sound familiar. As many companies already know, third-party relationships pose perhaps the largest category of risk that a company faces in the anti-corruption context and with human rights abuses there is similarly a heightened risk profile flossing from such relationships. Due diligence mechanisms that seek out and prevent risks of corruption and bribery, required under laws, such as the US Foreign Corrupt Practices Act or the French anti-corruption law commonly referred to as Sapin 2, can be used here as well, albeit for a different end.

Taking action

Once a company has completed its risk mapping exercise, the UN’s guiding principles anticipate that the company will assess the impact of identified risks and take appropriate mitigating measures. Taking appropriate action means both addressing the impacts that a company can mitigate as well as reporting those actions. This communication may take various forms and formal disclosure is only required where a company has discovered risk of material adverse impacts pursuant to relevant contractual (e.g. financing) or legal (e.g. if the company is listed) obligations.

Although the UN Guiding Principles specify that it is a company’s duty to remedy negative impacts it has caused or contributed to, obligating companies to do so has been problematic for the United Nations. As a set of ‘principles’ issued by an international body, the Guiding Principles face the same shortcomings as other international declarations and conventions; its audience is countries, not the corporations that are housed within them and, even then, the UN’s guiding principles are voluntary measures for best practices. These shortcomings are not lost on the UN itself, as the UN High Commissioner’s Office stated in its interpretive guide to these principles in 2012, a company ‘cannot be expected to provide for remediation unless or until it is obliged to do so (for instance, by a court)’.[4]

Nevertheless, other international institutions have taken steps to reinforce the UN’s call for corporate responsibility for human rights through subsequent and continued recommendations, reports and conferences. The same year that the UN published its guiding principles, the OECD issued its Guidelines for Multinational Corporations, updated to reflect the UN’s work in an additional chapter on human rights and outlining its approach to due diligence and supply chain management. It has continued to issue non-binding guidance, applying the general framework of due diligence to industry-specific problems, such as recent recommendations on how to perform due diligence in the garment industry.[5] More recently, the International Labour Organisation issued its Tripartite Declaration of Principles concerning Multinational Enterprises and Social Policy, updated in March 2017, yet again calling for due diligence to be performed by multinational enterprises to prevent adverse impacts on human rights through their operations, even if the company has not directly contributed to those impacts.[6]


Despite these efforts of international organisations to call for due diligence to be conducted to prevent human rights abuses, making remedial action compulsory for corporations is still left to national legislation.

Binding legislation has, until 2017, been focussed primarily on reporting and disclosure requirements to encourage due diligence without attaching civil liability in case of non-compliance. For instance, while the 2015 UK Modern Slavery Act requires companies with a turnover of at least £36million and which operate in the United Kingdom to disclose actions they have taken to ensure slavery and human trafficking do not occur in their supply chains, this law is limited in scope, content and penalty.[7] First, it affects only companies with respect to slavery and human trafficking and, second, the law only requires reporting of its findings, obligating the company to merely post a public statement on its website. There is no risk of financial penalty for failing to report. Similarly, the EU amended its Directive on Disclosure of Non-Financial and Diversity Information by Certain Large Undertakings and Groups for certain public interest companies with more than 500 employees.[8] However, these too are general disclosure requirements, with no direct financial sanctions included in the text.

“Although the UN Guiding Principles specify that it is a company’s duty to remedy negative impacts it has caused or contributed to, obligating companies to do so has been problematic”

In 2017, however, there have been legislative developments which seek to prevent abuses to human rights through mandatory due diligence, as envisioned by the UN.

In March of last year, France adopted a new law,[9] known as the ‘law on the duty of care’, requiring French parent companies and their subsidiaries[10] using suppliers and subcontractors to institute preventive and remedial measures on both themselves and companies within their supply chain. Specifically, to ensure the prevention of abuse to human rights, the law requires that these companies create a vigilance plan, which includes five elements: (i) an assessment to identify, analyse and categorise risks; (ii) procedures to regularly evaluate the company’s affiliates, subcontractors and service providers; (iii) actions adapted to attenuate risk and prevent such infractions; (iv) an alert system and a system for collecting these alerts; and (v) a system to monitor the implementation of these measures. These plans must be made public and published in companies’ annual reports and French courts are able to compel them to do so and to demonstrate that the plans were effectively implemented. Failing to do so will open the corporations up to monetary fines issued by the court, in the form of daily injunctive fines and those issued in general tort.

France is not the only European jurisdiction in which duty of care laws have been envisaged. Germany adopted a National Action Plan for Business and Human Rights, in which there is a proposal for state-owned companies and private companies with more than 5,000 employees to conduct due diligence to prevent abuses of human rights. While still voluntary for private companies, if 50 per cent of them have not implemented such measures by 2020, the government will consider imposing binding legislation. Similarly, Switzerland contemplates establishing mandatory due diligence aimed at protecting human rights and the environment in an initiative entitled the Responsible Business Initiative.

Risk factors

Some critics view these laws as expanding the scope of corporate duty to an undue degree. Viewed through another perspective, however, these laws can be seen as incentivising companies to undertake due diligence of their supply chains to avoid the negative reputational and other effects that allegations of human rights abuses have, in the past few years, had on corporations. Consequences, such as loss of reputation and brand, loss of investor confidence, diminution of customer base and loss of business opportunity, have been and will continue to be significant risks that modern corporations are subjected to in the face of such allegations.

Upholding human rights through the lens of due diligence Ethical Boardroom
TAKING ACTION Compliance training is becoming more important as sanctions hold bad apples accountable for abuse

Although the implementation of new due diligence standards to take into consideration potential human rights abuses will require additional resources, companies are encouraged – by relevant guidance and legislation – to ensure that they are undertaking such efforts with a risk-based approach. Doing so and combining where possible, the assessment of human rights risks with the assessment of other third-party risks (such as those relating to corruption) will help to mitigate the financial impact that such requirements might have. To echo the UN’s Guiding Principle 17, it is unreasonable to expect that a large corporation perform due diligence on each and every one of the entities in its value chain, the number might be too great. In such a case, businesses should devote resources to areas where the risk of the negative impact to human rights is the greatest. In addition, companies that embrace such requirements may actually find that they have greater access to financing than companies who could be considered non-compliant.

Financial institutions, such as the 92 members of the Equator Principles Association which include banks, such as BNP Paribas, Banco Santander, CaixaBank, Crédit Agricole, Citigroup, First Abu Dhabi Bank, HSBC, SMBC and export credit institutions such as UKEF, have in the past few years increasingly demanded that assessments of environmental and social risks be performed prior to granting financing.[11] Companies have also been requested to include undertakings to set up a human rights compliance programme in their project financing. Similarly, investors are putting provisions in their commercial contracts, stipulating that they may inquire as to whether due diligence has been performed and auditors are requesting such information in their assessments. Statutory auditors, in particular in France following the enactment of the duty of care law referred to above, are becoming more and more curious about their clients’ human rights compliance programme.

“For the last several years, with increased financial exposure arising from corruption-related prosecutions, companies have been developing stronger anticorruption compliance and due diligence requirements throughout their supply chain”

For the last several years, with increased financial exposure arising from corruption-related prosecutions, companies have been developing stronger anticorruption compliance and due diligence requirements throughout their supply chain. Corporations should take advantage of these efforts and include an assessment of human rights implications in the due diligence they perform on their suppliers, subcontractors and joint venture/ consortium partners. Companies should also consider inserting human rights audit clauses in their third-party agreements to ensure that (i) their third-party contractors abide by any applicable code of ethics and (ii) they themselves verify the like with their own third-party contractors. As the above indicates, with respect to implementing due diligence for human rights, from an ethical, financial and regulatory perspective, an ounce of prevention is worth a pound of cure.


About the Authors:

Upholding human rights through the lens of due diligence Ethical BoardroomNicolas Tollet is a counsel at Hughes Hubbard & Reed’s Paris office and a member of the firm’s Anti-Corruption & Internal Investigations practice group. He previously served as Vice President Group Compliance for Technip, a French multinational company, and was based between Paris and Rio de Janeiro. His experience includes navigating monitorships, conducting internal and external investigations, establishing robust compliance programs, conducting third party due diligence, and developing and performing training for diverse employee populations. He has an in-depth knowledge of the FCPA, UKBA, Brazil Clean Company Act and French anti-corruption laws. He worked actively with members of the French Parliament on drafting France’s revised law on anti-corruption “Sapin 2,” which was passed into law in December 2016. In addition, Mr. Tollet teaches a course in anti-corruption compliance at the University of California at Berkeley.


Upholding human rights through the lens of due diligence Ethical BoardroomAthena Arbes is an associate at Hughes Hubbard & Reed’s Paris office and a member of the firm’s Anti-Corruption & Internal Investigations practice group. Athena assists clients with matters involving the U.S. Foreign Corrupt Practices Act, U.K. Bribery Act, international anti-corruption law and compliance, third-party due diligence, and internal investigations. She holds a JD from American University, Washington College of Law and masters’ degrees from Université Paris Ouest Nanterre La Défense.


1.Kierean Guilbert, European Chains Profit On back of Syrian Refugees In Turkish Factories: watchdog, Reuters Online (Nov. 3, 2017).

2.Peter Bengtsen, Workers Held Captive In Indian Mills Supplying Hugo Boss, The Guardian Online (Jan. 4, 2018).

3.Emma Graham-Harrison, M&S And Others Supplied By Factories That Mistreat Workers, Rights Group Says, The Guardian Online (March 12, 2015).

4.Office of the High Commissioner, United Nations of Human Rights, The Corporate Responsibility to Respect Human Rights, An Interpretive Guide (2012).

5.OECD, OECD Due Diligence Guidance For Responsible Supply Chains In The Garment And Footwear Sector (2017).

6.International Labour Organisation, Tripartite Declaration of Principles Concerning Multinational Enterprises And Social Policy (2017).

7.Section 54 (‘Transparency in Supply Chains’), Annex A, Modern Slavery Act (2015).

8.Directive 2014/95/EU of the European Parliament and of the Council of 22 October 2014 amending Directive 2013/34/EU as regards disclosure of non-financial and diversity information by certain large undertakings and groups.

9.Loi n°2017-399 du 27 mars 2017 relative au devoir de vigilance des sociétés mères et des entreprises donneuses d’ordre (March 28, 2017).

10.Specifically, the law applies to companies incorporated or registered in France for two consecutive fiscal years which either employ 5,000 people in France or at least 10,000 people in France and abroad.

11.The Equator Principles (2013). See also Thun Group of Banks, Discussion Paper on the Implications of UN Guiding Principles 13 & 17 in a Corporate and Investment Banking Context (2017).