Friday, February 05, 2010

Business and Human Rights Part V: Human Rights Due Diligence--Introduction

This Blog Essay site devotes every February to a series of integrated but short essays on a single theme.  The Ruminations Series in 2009 produced a month long series of aphoristic (ἀφορισμός) essays, meant to provoke thought rather than explain it. The hope was that, built up on each other, the series would provide a matrix of thoughts that together might lead the reader in new directions. 
For 2010, this site introduces a new series--Business and Human Rights.  The series takes as its starting point the issues and questions raised by John Ruggie, the United Nations Special Representative of the Secretary-General (SRSG) on business and human rights, in a global online forum 
The U.N. "Protect, Respect, Remedy" framework is made up of three pillars: the State duty to protect against human rights abuses by third parties, including business; the corporate responsibility to respect human rights, which means to avoid infringing on the rights of others; and greater access by victims to effective remedy, judicial and non-judicial.  The forum is currently focused on the corporate responsibility to respect human rights, the second pillar of the framework. The forum is divided into sections, each of which contains multiple topics with space for discussion and comment.
New Online Forum for U.N. Business and Human Rights Mandate, United Nations Press Release, New York and Geneva, Dec. 1, 2009. Each of the Essays will consider one of the topics raised in the online consultation.  My hope is to help generate discussion and to encourage further discussion of the issues within the framework fo the consultation  framework. 

Part V: Human Rights Due Diligence--Introduction

The SRSG has described introduced the subject of human rights due diligence, a critical implementation mechanism of second pillart governance, in the following way:
Most companies would say that they respect human rights -- certainly none would state that they don't.  But how do they demonstrate to themselves and their stakeholders that they are indeed meeting this responsibility?  Companies need a process to do so:  a process of human rights due diligence, whereby companies become aware of, prevent, and mitigate adverse human rights impacts.
The SRSG uses “due diligence” not in the transactional sense of research undertaken before entering into a specific deal, but in its broader traditional meaning: “the diligence reasonably expected from, and ordinarily exercised by, a person who seeks to satisfy a legal requirement or discharge an obligation”.  (Black's Legal Dictionary)
Human rights due diligence may be incorporated into a broader management system; indeed it would make sense to consider human rights due diligence to be part of corporate governance.  Human rights due diligence may also be compatible with processes for identifying opportunities for a company to develop new business and promote human rights.  But the SRSG’s focus is preventing and mitigating business's negative impacts, so human rights due diligence is for that specific purpose -- for a company to meet its responsibility to respect human rights.

United Nations Special Representative of the Secretary-General on business & human rights, Human Rights DueDiligence--Introduction.  In an essay well worth reading, John Sherman nicely described the dilemma of human rights due diligence.  John F. Sherman III and Amy K. Lehr, Human Rights Due Diligence:  Is It Too Risky?, The CSR Journal 6 (Jan. 2010) (a publication of the ABA Section of International Law). On the one hand, the practice of due diligence is well understood by corporations.  These entities have perfected all manner of internal control systems, the object is to harvest critical information in a timely manner to permit the company to avoid liability, anticipate problems and meet them before they produce significant disruption. In this sense, due diligence as an internal control matter has always been used as a means of advancing the interests of the corporation and its stakeholders. Its principal benefit, of course, is to maximize the going concern value of the firm to its stakeholders.   On the other hand, companies are loathe to harvest information for the benefit of third parties who would use this information in actions against the company.  From the corporate perspectives, such activities would not serve the corporate interest.  Rather they serve the interests of third parties.  "This concern may reflect a natural reluctance to ask questions about previously unappreciated risks, exacerbated by the relatively new appearance of human rights risk on the business agenda." Id., at 6.  

Sherman and Lehr suggest that the benefits of such systems for anticipating and ameliorating liability producing practices outweighs the  risks  of exposure to litigation.  Moreover a well maintained due diligence system ought to serve to limit the magnitude of the risk of exposure.  Id.  This view reflects emerging notions relating to the fiduciary duty of oversight  under which a board of directors is required to create and maintain systems of information gathering.  In Delaware, for example, the courts have elaborated an oversight responsibility, holding that such a duty is breached where "(a) the directors utterly failed to implement any reporting or information system or controls; or (b) having implemented such a system or controls, consciously failed to monitor or oversee its operations thus disabling themselves from being informed of risks or problems requiring their attention."  Stone v. Ritter,   911 A.2d 362 (Del. 2006).  However, the Delaware courts have read this oversight obligation within the fiduciary duty of loyalty and good faith.  As a consequence, liability attaches for breach of the oversight obligation  only ifa plaintiff can show "that the directors knew they were not discharging their fiduciary obligations or that the directors demonstrated a conscious disregard for their responsinbilities such as by failing to act in the face of a known duty to act."  In re Citigroup Inc. Shareholder Derivative Litigation, 964 A.2d 106 (Del. Ch. 2009).   

Perhaps a useful way of thinking about human rights due diligence, in the context of the second pillar corporate responsibility to respect human rights, would be to distinguish between four distinct components of a due diligence system: (1) scope of monitoring; (2) information gathering; (3) assessment; and (4) disclosure.  See, Larry Catá Backer, Global Panopticism: States, Corporations and the Governance Effects of Monitoring Regimes. Indiana Journal of Global Legal Studies, Vol. 15, 2007.   By disaggregating the principal strands that contribute to systems of due diligence, including human rights due diligence, it may be possible to suggest the true contours of the dilemma of due diligence.  Scope of monitoring refers to the selection of those items that should be the subject of monitoring--for example, if a corporation faces liability for failure to meet environmental. rules, it may choose to set up systems fo information gathering that focus on actions that touch on these issues  The SRSG's efforts are directed principally to scope of monitoring issues.   He proposes that, like issues directly affecting operations (sales, quality issues, etc.) a corporation ought to include human rights issues within the core of its oversight efforts.   Information gathering, in contrast, refers to the precise information to be collected and the manner in which that information is collected.  These are system issues.  For corporations already well versed in the practices of information gathering (and it is the rare entity that is not well experienced in these functions), gathering human rights information involves little more than identifying the sorts of information that fall within  this category and figuring out the most efficient way to harvest this information.  Scope of monitoring and information gathering focuses on identification on the identity of the data to be gathered and the methods for its gathering.  Assessment, in contrast, is a values based function, requiring someone to "process" the information for the purpose of arriving at a judgment.  In the vase of human rights due diligence, the assessment would revolve around the human rights impact of certain activities based on certain thresholds and effects that are judged against human rights standards.  (On these human rights standards, see, Larry Catá Backer,  Business and Human Rights Part IV: Foundations--Content of the Corporate Responsibility to Respect, Law at the End of the Day, Feb. 4, 2010).  Lastly, disclosure focuses on issues of information dissemination.  Dissemination issues apply to each of the elements of due diligence--scope of monitoring, information gathering and assessment.  There is nothing in due diligence that compels disclosure to any one or more groups of stakeholders.

It is clear that when one looks closely at corporate discomfort with human rights due diligence, the core of that discomfort tends to settle on assessment and disclosure issues.  Corporations tend to have less concern with scope of monitoring issues because many companies have become convinced that issues of corporate social responsibility may be good for business.  And what is good for business tends to be natural subject for monitoring.   Moreover, expanding information harvesting to include new information sectors is only marginally disruptive.  Where the potential benefits are greater than the marginal costs of expansion, corporations ought to be willing to expand the scope of their monitoring.  Likewise, information gathering tends to pose little risk to companies.  There is a risk, of course, information gathered and preserved may be discovered by outsiders, for example in litigation.  But this is a well understood problem that companies have learned to deak with since the expansion of federal discovery rules in the 1930s.   Sherman and Lehr nicely describe the utility of due diligence in the contest of discovery in  American Alien Tort Claims Act actions.  See Sherman and Lehr, supra, at 7-8. There is nothing new here and corporate information management strategies are now well established.  Even assessment, for all its discomforts and ambiguities for companies, presents little by way of additional liability risk for corporations.  Corporations are in the business of a harvesting information and assessing it for the purpose of maximizing the value of corporate operations.  As the SRSG has been suggesting, information gathered from human rights due diligence can only help in the fundamental corporate function of alerting itself to liability producing conduct and  minimizing that conduct.  "The due diligence process described by the SRSG has much in common with other due diligence processes, such as the U.S. Sentencing Guidelines for Organizational Defendants, the internal controls derived from COSO (the Committee of Sponsoring Organizations  of the Treadway Commission), as embodied in Section 404 of the Sarbanes Oxley Act, and the enterprise wide risk management processes set forth in the UK Turnbull Report."  Sherman and Lehr, supra, at 6-7.  Assessment, when understood as another mechanism of internal controls, should produce the same sort of positive benefit as any other tool if internal management.  

It is when human rights due diligence is considered in the context of external assessment and disclosure that corporate misgivings are at their greatest.  In these contexts, due diligence ceases to function as a mechanics of internal controls.  Instead, it assumes a new role, as  a basis for independent monitoring from corporate outsiders.  Corporations do not like to be second guessed.  And they like less to be put to the expense and effort of providing information to outside stakeholders that would then be used against them.  Disclosure and external assessment raises the risk for corporations that their efforts  will produce liability rather than contain it.  Yet all publicly traded companies have long become accustomed to disclosure regimes with respect to their financial and related information under the disclosure rules of the Federal Securities Laws in the United States and their analogs elsewhere.  Still, even in the financial information context, such disclosures can be burdensome.  It is certainly expensive.  For that reason some companies have gone private.  Expense that also reduces the cost of increasing exposure to liability from actions by third parties tends to make corporations leery of disclosure (though again, not necessarily of monitoring, information gathering and assessment).   

And thus efforts to recast due diligence from a means for containing liability and managing firm conduct, to a means to ensure against liability irrespective of the actions taken in the face of information.  See, e.g., Lucien J. Dhooge, Due Diligence as a Defense to Corporate Liability Pursuant to the Alien Tort Statute, 22 Emory International Law Review 455 (2008) (due diligence should insulate a company from liability for actions related to that diligence effort).  There is a value in rewarding compliance with due diligence obligations, and perhaps an even greater value in rewarding actions undertaken on the basis of information harvested through the due diligence process.  But as Sherman and Lehr suggest, there is also a great danger in such an approach that "elevates form over substance, which awards processes that do not result in better human rights outcomes."  Sherman & Lehr, supra, at 12.  They suggest, as an alternative, rewarding process only where it has been reviewed and audited by a thrid party (the model is the requirement that management internal control systems be audited by outside auditors under Sarbanes Oxley Act Section 404). Id., at 12.   

The problem of due diligence, then is likely much narrower than supposed.  Disclosure and assessment, and the consequences of both, frame  But the problem is important for its narrowness.  The issue, as Sherman and Lehr well demonstrate, is usually framed as one of liability.  But equally important, disclosure and outside assessment issues, and the potential consequent liability, suggest a different problem--that of the management of linkages between the state's duty to protect and the corporations responsibility to respect.  In one sense, the principle object of human rights due diligence is to fulfill a corporation's responsibility to respect human rights, a responsibility is derived from its social license, which is grounded on norms that are independent of those imposed under law.   To comply with its  due diligence obligations under  this standards, a corporation ought to tool its scope of monitoring, information gathering, assessment and disclosure to the  content of second pillar norms--the basic principles of which are memorialized in international instruments.  But the liability produced by corporate human rights due diligence appears to flow from the state duty to protect human rights framework.   The sources of that liability are memorialized in the law of domestic legal systems that vary from a state to state (at least to an important respect in their detail).  That reality might require a corporation to change its approach to scope of monitoring, information gathering, assessment and disclosure, to meet the requirements of law,  to the detriment of its responsibility to respect under the normative framework of the second pillar.   

No comments: