Human Rights Due Diligence and
Corporate Governance
John F. Sherman III
Corporate Responsibility Initiative, Harvard Kennedy School
June 2021 Working Paper No. 79
!
1!
A version of this article will appear as a chapter in the upcoming ABA International Law Section book entitled A
Guide to Human Rights Due Diligence for Lawyers (chapter tentatively titled, “Human Rights Due Diligence and
Corporate Governance”). ©2022 by the American Bar Association. Reprinted with permission. All rights reserved.
This article has not been peer reviewed. The views presented therein are those of the author and not the ABA
International Law Section.
Human Rights Due Diligence and Corporate Governance
John F. Sherman, III*
Abstract
To meet its responsibility to respect human rights under the 2011 UN Guiding
Principles and Business and Human Rights, a corporation must conduct human rights due
diligence. To be effective, human rights due diligence must be embedded into corporate
culture through effective leadership that is firmly grounded in corporate governance.
Even in the most shareholder-protective jurisdiction (the U.S. State of Delaware),
corporate fiduciaries have a duty of loyalty to act affirmatively in good faith to promote
the best interests of the corporation.
Meeting this fiduciary duty means applying recognized corporate governance
management systems to identify and address the strong business case for respecting
human rights, as well as the wide ranging mixture of legal risks of corporate involvement
in business in human rights abuse. Legal risks are increasingly arising from the evolution
of human rights due diligence from soft law to hard law, and include mandatory human
rights due diligence laws, evolving legal standards of duty of care, and private law.
As corporate fiduciaries, corporate legal officers play key roles in integrating
human rights due diligence into corporate governance, not only by advising the board and
senior management on their legal duties, but also by exercising their leadership roles
within the company. Examples of leadership by corporate legal officers include going
beyond advising on how to avoid legal liability, taking the organizational lead in avoiding
involvement in gross human rights abuse, and not abusing legal privilege to chill open
discussion of human rights problems.
Going forward, two issues to watch closely are the fate EU directors’ duties
reform initiative, and the use of human rights due diligence as a defense to legal liability.
*The author is a Senior Program Fellow at the Harvard Kennedy School Corporate Responsibility
Initiative, a Senior Adviser and General Counsel of Shift, and a former senior legal advisor to the former
Special Representative of the United Nations (“UN”) Secretary General on Business and Human Rights,
Harvard Kennedy School Professor John Ruggie. This chapter reflects the author’s personal views only,
and not those of any person or entity with whom he is or has been affiliated.
!
2!
!"#$%#$&!
'(! !)*+,-+.////////////////////////////////////////////////////////////////////////////////////. 0!
A.! The$UN$Guiding$Principles$on$Business$and$Human$Rights$_______________________$3!
B.! Corporate Governance (and Culture)$ ___________________________________________________$5!
1.! Purpose of the Corporation!_______________________________________________________________________! 5!
2.! Corporate Governance Management Systems!____________________________________________________! 6!
a)! Internal Control Framework!___________________________________________________________________! 7!
(1)! The!U.S.!Sentencing!Guidelines!for!Organizational!Defendants!as!an!example!of!
internal!control!__________________________________________________________________________________! 7!
(2)! The use of the Sentencing Guidelines to inform Delaware fiduciary duty law!___________! 8!
(3)! The fiduciary duty to affirmatively advance the best interests of the corporation!________! 9!
(4)! Comparing!Human!Rights!Due!Diligence!and!the!US!Sentencing!Guidelines!________!10!
b)! Enterprise!Risk!Management!(ERM)!_______________________________________________________!10!
3.! The!evolution!of!Human!Rights!Due!Diligence!from!soft!to!hard!law.!______________________!13!
a)! Mandatory Human Rights Due Diligence!____________________________________________________!15!
b)! Duty of care!___________________________________________________________________________________!16!
c)! Private law!____________________________________________________________________________________!17!
4.! The business case!________________________________________________________________________________!18!
II.! The Corporate Legal Officer’s Role..///////////////////////////////////////////////.12!
A.! Going beyond liability avoidance.$______________________________________________________$20!
B.! The potential for involvement in gross human rights abuse.$_________________________$21!
C.! Not chilling open discussion of human rights problems.$_____________________________$21!
III.! Two Issues to Watch./////////////////////////////////////////////////////////////////.33!
A.! The EU Directors’ Duties Reform Initiative$___________________________________________$23!
B.! Defence to Legal Liability$_______________________________________________________________$23!
'4(! Conclusion.////////////////////////////////////////////////////////////////////////////.35!
!
3!
I. Context
!
As the 10
th
Anniversary of the 2011 UN Guiding Principles on Business and
Human Rights (“UNGPs”)
1
approaches, I have been thinking about my own small
contribution to the development of what has since become the global standard on
business and human rights. In the mid 1990s and early 2000s, I was an inside corporate
counsel to a U.S. electric utility, with leadership responsibilities for two of the company’s
corporate governance systems—its due diligence program to prevent involvement in
crime, and its Enterprise Risk Management program (“ERM”). After I retired from the
company in 2008, I became a senior legal adviser to Professor John Ruggie, the former
UN Special Representative on Business and Human Rights (“SRSG”), who authored the
UNGPs.
As a former corporate lawyer with experience in corporate governance, I outlined
to the SRSG and his team in 2010 how key elements of those two corporate governance
systems could be used help to shape the development of human rights due diligence, or
HRDD.
2
In the ten years that have passed since the unanimous endorsement of the
UNGPs by the UN Human Rights Council in 2011, the widespread uptake of HRDD has
made integration of HRDD into corporate governance increasingly important.
In this chapter, I try to answer the question, what is the right relationship between
corporate governance and HRDD? HRDD is a human rights management system for
businesses that forms a key part of the business responsibility to respect human rights
under the UNGPs. It enables businesses to know and show that they are respecting
human rights. As discussed in further detail, the success of HRDD depends in large part
on how deeply it is embedded in the culture of the company, which in turn depends upon
effective leadership that is grounded in corporate governance.
3
A. The UN Guiding Principles on Business and Human Rights
Since this chapter is about corporate governance, it is critical to understand that
the UNGPs were designed to address a gap in global governance with respect to business
involvement in human rights abuse. The Guiding Principles combine into a mutually
supporting framework three independent sources of governance: (1) voluntary business
!
1
UN Guiding Principles on Business and Human Rights: Implementing the “Protect, Respect, and Remedy
Framework” (2011) (“UNGPs”)
https://www.ohchr.org/documents/publications/guidingprinciplesbusinesshr_en.pdf.
2
John F. Sherman, III, Exploring Human Rights Due Diligence, Discussion Paper, Expert Meeting of
North American Corporate and External Counsel (April 30, 2010), https://media.business-
humanrights.org/media/documents/29c0373597a09aa834f2bdf87e93070fb6db345e.pdf
3
John G. Ruggie, Caroline Rees, Rachel Davis, Making ‘Stakeholder Capitalism Work: Contribution from
Business & Human Rights, Harvard Kennedy School Working Paper No. 76 (2020), p. 11,
https://www.hks.harvard.edu/sites/default/files/centers/mrcbg/files/CRI_WP76.pdf . Professor Ruggie
authored the UNGPs as the former Special Representative of the UN Secretary General on Business and
Human Rights.
!
4!
practices and policies and self-regulation (often known as corporate social responsibility,
or CSR); (2) State enforcement of laws to protect people from business-related human
rights abuse; and (3) the robust advocacy by civil society. Each is necessary to prevent
and address the problem of global business-related human rights abuse. Yet none is
sufficient by itself to solve the problem.
4
To fill the governance gap, the SRSG concluded that in order to move past the
logjam resulting from the bitter debate over voluntary and mandatory measures, an
authoritative normative framework had to combine these three distinct governance
systems in a manner that draws on their strengths. The result is the interdependent,
mutually supporting, three-pillar Protect, Respect, and Remedy framework. Pillar One is
the State duty to protect human rights, which reflects the State’s legal duty under
international treaties and covenants to protect persons from human rights abuse by third
parties, including businesses. Pillar Two is the non-legally binding business responsibility
to respect human internationally-recognized rights, which expects that businesses will not
infringe upon human rights in their operations and business relationships. Pillar Three is
the need for greater access to remedy by persons whose human rights have been harmed
by business, which is a responsibility of both States and businesses.
Pillar II, the business responsibility to respect human rights, expects that
corporate governance will provide a strong foundation to enable the corporation to avoid,
mitigate, and remedy its involvement in human rights abuse. Pillar II therefore expects
that the board will approve and promulgate a public policy commitment to respect human
rights. and ensure that the policy is embedded throughout the corporation, from top to
bottom.
5
This means embedding the policy in the corporation’s culture, that is, its
authentic norms and values, i.e., the way things are actually done.
6
I will discuss the
elements of a rights-respecting culture later.
HRDD is an essential component of the business responsibility to respect human
rights. It should be embedded in formal corporate governance processes and reflected in
effective leadership. HRDD expects that through engagement with stakeholders, a
corporation will take the following steps: it will identify the risks of its involvement in
human rights abuse from the perspective of the stakeholder; it will take integrated and
appropriate responses to those involvement in those risks; it will monitor its human rights
!
4
See: John G. Ruggie, Just Business (Norton, 2013); John G. Ruggie, Life in the Global Public Domain:
Response to Commentaries on the UN Guiding Principles and the Proposed Treaty on Business and
Human Rights (2015) https://papers.ssrn.com/sol3/papers.cfm?abstract_id=25547 ; and John G. Ruggie,
The Social Construction of the UN Guiding Principles on Business and Human Rights, 12 Jun. 2017,
Harvard Kennedy School Faculty Research Working Paper Series, HKS Working Paper No. RWP17-030
,https://www.hks.harvard.edu/publications/social-construction-un-guiding-principles-business-human-
rights.
5
UNGP 16.
6
!See:!John!F.!Sherman,!III,!Rights-Respecting!Corporate!Culture:!!Identifying!the!cultural!norms!and!
values!that!underpin!business!respect!for!human!rights!(2019),!Shift!Valuing!Respect!Project,!
https://shiftproject.org/resource/rights-respecting-corporate-culture-cultural-norms-values-that-
underpin-business-respect-for-human-rights/!(“Valuing!Respect”)!and!Shift,!Leadership!and!
Governance!Indicators!of!a!Rights!Respecting!Culture:!!22!practices!and!behaviors!that!help!foster!
business!respect!for!human!rights!(2021),!https://shiftproject.org/resource/lg-indicators/foreword/!!
(“Leadership!and!Governance!Indicators”).!
!
5!
performance; and it will be prepared to disclose its human rights performance publicly,
particularly to stakeholders where the risks of harm are severe.
7
B. Corporate Governance (and Culture)
Corporate governance is the strategy through which a corporation manages the
relationships among its senior management, its board of directors, its shareholders,
customers, employees, and other stakeholders, in order to meet the corporation’s goals.
8
The board of directors is ultimately responsible for corporate governance, including the
establishment of the corporation’s goals. The corporation’s senior officers are
responsible for designing and implementing corporate governance systems, in order to
provide assurance that the corporation will be able to meet those goals. As corporate
fiduciaries, the general counsel and other top corporate legal officers also play an
essential role in corporate governance by advising the board and senior management on
what is legal and what is right in the corporation’s best interests.
9
Although this paper is not about corporate culture, it is important not to lose sight
of the fact that a key goal of corporate governance is to combine with effective leadership
to embed the corporation’s norms and values deeply into the organization. It is a truism
that ‘culture eats strategy for breakfast.’ As a result, the board and senior management
are responsible for getting the culture right. Corporate culture is actual, not aspirational,
since it is ‘the way things are done’. As a result, achieving the right culture through
corporate governance and leadership is the ultimate responsibility of the board and senior
management.
10
1. Purpose of the Corporation
A threshold corporate governance issue is the purpose of the corporation. Is its
sole purpose to maximize shareholder wealth? Or is its purpose to encourage
corporations to address risks to all stakeholders? This issue has been the subject of
heated debate, which has intensified in recent years.
The late economist Milton Friedman wrote in 1970 that the social responsibility
of the corporation is to increase its profits.
11
According to Martin Lipton of the Wall
Street law firm of Wachtel, Lipton, Rosen & Katz, the
“Friedman doctrine was a precursor to, and became a doctrinal foundation for an
era of short-termism, hostile takeovers, extortion by corporate raiders, junk bond
financing and the erosion of protections for employees, the environment and
!
7
UNGPs 17-21.
8
European Commission, Green Paper on Corporate Governance in Financial Institutions and
Remuneration Policies, COM(2010) 284 https://op.europa.eu/en/publication-detail/-/publication/1788e830-
b050-447c-8214-77ed51b13241,
9
Ben J. Heineman, Jr., The Inside Counsel Revolution: Resolving the Partner-Guardian Tension,
American Bar Association (2016).
10
!See!Valuing!Respect!and!Leadership!and!Governance!indicators,!supra.!
11
Milton Friedman, The Social Responsibility of Business is to Increase Its Profits, N.Y . TIMES (Sept. 13,
1970), p. 3, http://www.umich.edu/~thecore/doc/Friedman.pdf .
!
6!
society generally, all in support of increasing corporate profits and maximizing
value for shareholders.”
12
As a consequence, some of the world’s leading business associations have sharply
criticized the doctrine of shareholder primacy, as seen by the 2019 statement of the U.S.
Business Roundtable on the purpose of the corporation.
13
This led to a mainstream debate
on the subject, which shifts the question from whether corporations should consider
stakeholder interests to how they should do so.
14
An extended discussion of the corporate purpose debate is beyond the scope of
this chapter. Instead, I focus on whether, how, and the extent to which, the most
shareholder-protective State (Delaware) in the most shareholder-protective country (the
U.S.) encourages corporations to address the risks of their involvement in human rights
abuse as a matter of corporate governance.
2. Corporate Governance Management Systems
Two complementary management systems are critical to effective corporate
governance—Internal Control systems and Enterprise Risk Management, or ERM. The
board has responsibility for overseeing the effectiveness of both, and senior management
is responsible for their effective design and implementation. Both systems were
developed by the Committee of Sponsoring Organizations of the Treadway Commission
(“COSO”), and are widely followed in and outside of the U.S. COSO started as an
initiative of five major private accounting and auditing associations formed in 1985 to
combat corporate fraud, in response to major corporate financial scandals at the time.
COSO has continued to develop authoritative frameworks and guidance on internal
control, enterprise risk management, and fraud prevention.
In 1992, COSO published Internal Control: Integrated Framework (“Internal
Control Framework”), which COSO has updated it most recently in 2013.
15
The Internal
Control Framework is not legally binding by itself, but it has been widely followed; a key
example is the U.S. Sarbanes Oxley Act of 2002, which requires publicly-traded U.S.
companies to maintain systems of internal control.
16
!
12
Martin Lipton, The Friedman Essay and the True Purpose of the Business Corporation (September 17,
2020), Wachtel, Lipton, Rosen & Katz (2020) https://corpgov.law.harvard.edu/2020/09/17/the-friedman-
essay-and-the-true-purpose-of-the-business-corporation/ . See also, Malcolm Rogge, Bringing Corporate
Governance Down to Earth: From Culmination Outcomes to Comprehensive Outcomes in Shareholder
and Stakeholder Capitalism, Corporate Responsibility Initiative, Harvard Kennedy School April 2020
Working Paper No. 72,
.https://www.hks.harvard.edu/sites/default/files/centers/mrcbg/files/CRI_WP_72_Rogge.pdf
13
Business Roundtable, Corporate governance: Statement on the Purpose of a Corporation (2019),
https://www.businessroundtable.org/business-roundtable-redefines-the-purpose-of-a-corporation-to-
promote-an-economy-that-serves-all-americans
14
John G. Ruggie, Caroline Rees, and Rachel Davis, Ten Years After: From UN Guiding Principles To
Multi- Fiduciary Obligations, Business Human Rights Journal, First View, pp. 1-19 (May 3, 2021),
https://doi.org/10.1017/bhj.2021.8 .
15
COSO, Guidance on Integrated Control, Integrated Control—Integrated Framework (2013),
https://www.coso.org/pages/ic.aspx .
16
Section 404(b) of the Sarbanes-Oxley Act of 2002, Public Law 107-204 (July 30, 3003), 116 Stat. 745,
16 U.S.C. s. 7262(b), https://www.govinfo.gov/content/pkg/PLAW-107publ204/pdf/PLAW-
107publ204.pdf .
!
7!
In 2004, COSO published its Enterprise Risk Management—Integrated
Framework which complements its Internal Control Framework by focusing more
extensively on the management of risks to the enterprise.
17
COSO updated its ERM
Framework in 2017.
18
In 2018, COSO and the World Business Council for Sustainable
Development, or WBSCD, published a guidance for applying ERM to ESG
(environmental, social and government) risks, which explicitly recommends applying
HRDD to the management of human rights risks (“ESG ERM Framework”).
19
a) Internal Control Framework
The Internal Control Framework outlines a management system framework that
enables a corporation to provide reasonable assurance to the external world regarding the
achievement of its objectives, based on its control environment, risk assessment, control
activities, information and communication, and monitoring.
20
“Control environment” as used above is the first component of internal control,
and forms the foundation for the others; it sets the tone at the top and comprises the
integrity and ethical values of the organization.
21
Since the control environment includes
a corporation’s commitment to ethics and integrity, it would naturally also include the
corporation’s top-level commitment to respect human rights.
(1) The U.S. Sentencing Guidelines for Organizational
Defendants as an example of internal control
One of the best-known examples of an internal control system is the United States
Sentencing Guidelines for Organizational Defendants (“Sentencing Guidelines”).
22
Although they are not legally binding by themselves, the Sentencing Guidelines establish
a normative standard for an internal control system to prevent corporate involvement in
crime.
The Sentencing Guidelines guide U.S. federal judges in sentencing corporations
that are convicted of crimes.
23
Under the Sentencing Guidelines, a corporation receives a
lower sentence if can show that it had an effective compliance and ethics program to
!
17
COSO, Enterprise Risk Management—Integrated Framework (2004),
https://www.coso.org/Documents/COSO-ERM-Executive-Summary.pdf.
18
COSO, Enterprise Risk Management—Integrating with Strategy and Performance (2017),
https://www.coso.org/Pages/erm.aspx .
19
COSO and WBSCD, Enterprise Risk Management--Applying enterprise risk management to
environmental, social and governance-related risks, (2018), https://www.coso.org/Documents/COSO-
WBCSD-ESGERM-Guidance-Full.pdf . As discussed later, the ‘S’ of ESG is heavily populated with
human rights risks.
20
Melvin Eisenberg, Corporate Governance: The Board of Directors and Internal Control, 19 Cardozo L
Rev. 237 (1997) (“Eisenberg”), p. 242, https://papers.ssrn.com/sol3/papers.cfm?abstract_id=11400 .
21
Institute of Internal Auditors, Sarbanes-Oxley Section 404: A Guide for Management by Internal
Controls Practitioners (2d Ed., 2008), p. 15. Professor Michael Power states that internal control systems
are “at the heart of a process by which organizations are being turned inside out and made into newly
responsible actors” in order to meet the external expectations of society. Thomas Power, Organized
Uncertainty, Designing a World of Risk Management (Oxford U. Press, 2007), p. 42.
22
See: United States Sentencing Commission Guidelines Manual, Chapter 8B.2.1,
https://guidelines.ussc.gov/gl/§8B2.1, and Eisenberg, supra, p. 255-256.
23
Eisenberg, supra, p. 256.
!
8!
prevent criminal conduct by its employees.
24
In such a program, an organization must
“exercise due diligence to prevent and detect criminal conduct” and “otherwise promote
an organizational culture that encourages ethical conduct and a commitment to
compliance with the law.”
25
(Emphasis added).
The Sentencing Guidelines due diligence program consists of seven steps: (1) the
organization should establish appropriate standards and procedures to reduce the
likelihood of its involvement in crime; (2) the organization should administer the
program by high level persons; (3) the organization should ensure that the board is
knowledgeable about the program and exercises reasonable oversight regarding its
implementation and effectiveness; (4) the organization should communicate its standards
widely; (5) the organization should monitor and audit compliance with these standards;
(6) the organization should respond appropriately when violations occur, in order to
prevent future ones; and (7) the organization should periodically assess the risk of
criminal conduct and make changes as appropriate.
26
(2) The use of the Sentencing Guidelines to inform
Delaware fiduciary duty law
In its landmark Caremark case,
27
the Delaware Court of Chancery addressed the
importance of the Sentencing Guidelines to the board’s fiduciary duty of loyalty to act in
good faith to further the company’s best interests. The case is important because the
majority of U.S. corporations are registered in the U.S. State of Delaware, and because
Delaware has the most highly developed law in the U.S. for the protection of shareholder
interests.
28
Caremark arose from a lawsuit by shareholders of Caremark, a health care
company, against the company’s board of directors, to recover losses arising from the
company’s indictment for violations by the company of U.S. criminal laws, which had
resulted in huge fines of over USD $250 million.
29
The shareholders alleged that the
board breached its fiduciary duty by failing to inform itself and senior management
promptly about the likelihood of the company’s involvement in criminal activities. The
Court agreed that the board had such a duty, but held that the board could be legally
liable for the loss only if “utterly failed” to ensure that a reasonable information and
reporting system was in place. In Caremark, the Court held that the plaintiff shareholders
did not meet this burden, and dismissed the lawsuit.
30
In its decision, the Court pointed to the Sentencing Guidelines, and the “powerful
incentives” they provide for corporations to have compliance programs to detect legal
violations, to report them to public authorities, and to take prompt action to remedy
!
24
The reference to “ethics” was added in 1994.
25
Sentencing Guidelines, supra, Section 8B2.1(a).
26
Sentencing Guidelines, supra, Section 8B2.1(b).
27
In re Caremark International Inc. Derivative Litigation, 698 A.2d 959 (Del. Ch. 1996) (“Caremark”)
28
Caremark, supra, 692 A.2d at 970.
29
Caremark, supra, 698 A.2d at 961.
30
In Stone v. Ritter, 911 A.2d 362, 369 (2006), the Delaware Supreme Court confirmed that the Court of
Chancery had applied the correct standard in Caremark. It characterized the board’s fiduciary duty of good
faith as part of its duty of loyalty.
!
9!
them.
31
It concluded that “any rational person attempting in good faith to meet an
organizational governance authority would be bound to” take the Sentencing Guidelines
into account.
32
The Court’s use of the Sentencing Guidelines shows how a soft law standard for
an internal control system can shape a corporate fiduciary’s responsibility. The
Sentencing Guidelines are not legally binding on corporations, and are a feature of U.S.
federal law, not state corporation law. They come into play only where a corporation has
been convicted of a federal crime. As a result, the Sentencing Guidelines are, in effect,
soft law. But as is often the case, ignoring soft law can have a sharp bite.
33
(3) The fiduciary duty to affirmatively advance the best
interests of the corporation
Since the Court required proof that the board “utterly failed” in its oversight
responsibilities, Caremark is typically cited for the proposition that it is extremely
difficult to prove facts sufficient to hold a board legally liable for money damages for its
failure of oversight. That is true, even though recent decisions of the Court of Chancery
have denied motions to dismiss Caremark claims against boards and officers.
34
However, Caremark also stands for the proposition that in order to fulfill their
duty of loyalty, fiduciaries have an affirmative duty of good faith to look to relevant soft
law standards, if doing so will further the corporation’s best interests.
35
Georgetown Law
Center Professor Chris Brummer, and former Delaware Supreme Court Judge Leo Strine,
Jr. argue (in the context of furthering the human rights-infused goals of diversity,
inclusion, and equity),
36
that this affirmative duty imposes a “normative obligation” on
directors “to try to avoid the regulatory penalties, managerial turnover, stakeholder
backlash, and overall reputational and financial harm that occurs when companies violate
laws essential to society.”
37
This affirmative duty requires corporate fiduciaries to pay
close attention to relevant soft law norms.
!
31
Caremark, supra, 698 A.2d at 969.
32
Caremark, supra, 698 A. 2d at 970.
33
Chris Brummer and Leo E. Strine, Jr., Duty and Diversity, U of Penn, Inst for Law & Econ Research
Paper No. 21-08; Columbia Law and Economics Working Paper No. 642, Vanderbilt Law Review (March
2021), Forthcoming, https://corpgov.law.harvard.edu/2021/03/04/duty-and-diversity/ (“Brummer and
Strine”)
34
E.g., Teamsters Local 443 Health Svcs & Ins. Plan v. Chou, Court of Chancery, C.A. No. 2019-0816-SG
(Memorandum Opinion, August 24, 2020),
https://courts.delaware.gov/Opinions/Download.aspx?id=309790 .
35
Claire A. Hill, Caremark as Soft Law, 90 Temple Law Review 681 (2018),
https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3240667.
36
The corporate goal of Diversity, Inclusion and Equity (DEI) supports respect for internationally
recognized human rights laws and the achievement of several sustainable development goals (SDGs).
United Nations Office of the High Commissioner on Human Rights (OHCHR), Empowerment, Inclusion,
Equality: Accelerating sustainable development with human rights,
https://www.ohchr.org/Documents/Issues/MDGs/Post2015/EIEPamphlet.pdf .
37
Id.
!
10!
(4) Comparing Human Rights Due Diligence and the US
Sentencing Guidelines
Although they have different purposes, both HRDD and the Sentencing
Guidelines are both internal control systems that are essential to corporate governance.
Both are soft law systems that are designed to enable corporations to manage critical
corporate risks. Both must be integrated into corporate governance and both require high
level attention within the corporation. Both are grounded in the expectation of a lawful
and ethical corporate culture. Both are ongoing rather than single-shot due diligence
processes. And both are ‘knowing and showing’ systems that provide prompt
information to the board and management regarding the corporation’s major risks: by
assessing and identifying them; by monitoring the company’s performance; by taking
appropriate preventative actions; and by reporting on violations.
The focus of the Sentencing Guidelines is to prevent corporate involvement in
crime. To accomplish this goal, the affirmative duty of loyalty to act in good faith to
further the best interests of the corporation expects that the corporation should do more
than insist solely on bare legal compliance with criminal laws. Rather, this duty also
requires the corporation to protect the corporation from financial, management,
reputational, and other adverse consequences that can harm the corporation, by going
beyond the minimum needed to avoid legal liability.
38
Like the Sentencing Guidelines, HRDD is also predicated on compliance with the
law. However, since HRDD’s focus is on identifying and addressing corporate
involvement in human rights abuse, HRDD is not limited by what the law requires to
prevent and address such harm, even where applicable law is absent or insufficient to
protect human rights.
39
Nevertheless, HRDD does not operate in a law-free zone. Prior
to the promulgation of the UNGPs in 2011, numerous laws protected people from
business-related human rights abuse in such fields as workplace and public safety,
antidiscrimination, privacy, and environmental protection, to name a few.
Because the Sentencing Guidelines and HRDD have different objectives and
origins, they are not identical. However, there are strong parallels between them. Both
are soft law internal control systems with heavy normative weight that enable companies
to manage their operations in ways that reflect the expectations of society as to
responsible business conduct. They therefore inform the responsibility of corporate
fiduciaries to act affirmatively in good faith to further the best interests of the
corporation.
b) Enterprise Risk Management (ERM)
The second relevant COSO framework is Enterprise Risk Management, or ERM.
ERM complements internal control systems. ERM is focused on the identification and
assessment of strategic risks to the organization, which if not properly identified and
!
38
Brummer and Strine, supra, pp. 8-9.
39
UNGPs 17 and 23.
!
11!
managed, will prevent the organization from achieving its core goals.
40
In other words,
ERM “helps an entity to go where it wants to go and avoid pitfalls and surprises along the
way.”
41
Like internal control systems, ERM also has a social and ethical dimension. It is
one thing for a corporation to assess and tolerate risks to itself or other parties with whom
can share, shift, or hedge the risk. It is quite another for a corporation to manage risk in
ways that stakeholders are forced to assume involuntarily and sometimes unknowingly.
42
The 2018 ESG Risk Framework, referenced earlier, explicitly addresses how
companies should manage their ESG risks, which include human rights risks. ESG
stands for Environmental, Social and Governance. The “S”, or social impact factor in
ESG, measures “how well a company manages its risks to people connected with its core
business” and is therefore “heavily populated with labour and human rights elements.”
Since the UNGPs are the authoritative global standard on business and human rights,
company alignment with the UNGPs gives investors a better tool to use to predict a
company’s future human rights performance.
43
In addition, HRDD is also relevant to the G, or governance factor of ESG. Since
HRDD must be integrated into corporate governance in order to be effective, the failure
of a company to do so will likely reduce a company’s Governance, or G factor as well.
Finally, HRDD is relevant to a company’s E, or environmental factor, because
severe human rights harm can result from environmental impacts, such as climate change
and reduction in biodiversity. As to climate change, on May 26, 2021, the Hague District
Court in The Netherlands ordered Royal Dutch Shell (“SDS”) to reduce its CO2
emissions, after concluding that RDS breached its duty of care imposed by a rule of
unwritten law relating to social conduct under Dutch Civil Code Article 6:162. In so
doing, the Court used the UNGPs and other soft law instruments to define RDS’s duty of
care.
44
As to the loss of biodiversity (seen a contributor to pandemic disease such as
!
40
COSO, ERM—Integrating Strategy with Strategy and Performance (2017)
https://www.coso.org/Documents/2017-COSO-ERM-Integrating-with-Strategy-and-Performance-
Executive-Summary.pdf
41
Committee of the Sponsoring Organizations of the Treadway Commission, Enterprise Risk Management
— Integrated Framework (2004) (“ERM Risk Framework”) p.1, https://www.coso.org/Documents/COSO-
ERM-Executive-Summary.pdf
42
John R. Boatright, The Ethics of Risk Management in the Information Age, Bentley University Center for
Business Ethics, (2010), p. 25, http://d2f5upgbvkx8pz.cloudfront.net/sites/default/files/inline-files/ns-
monograph.pdf .
43
John G. Ruggie and Emily K. Middleton, Money, Millennials and Human Rights: Sustaining
‘Sustainable Investing’ (2019) 10(1) Global Policy p. 144,
https://www.hks.harvard.edu/sites/default/files/centers/mrcbg/working.papers/CRI69_FINAL.pdf See
also, the UN Guiding Principles Reporting Framework, www.ungpreporting.org .
44
See Office of the High Commissioner on Human Rights, OHCHR’s role in promoting rights-based
climate action,
https://www.ohchr.org/EN/Issues/HRAndClimateChange/Pages/PromotingRightsBasedClimateAction.aspx
. On May 26, 2021, the Hague District Court in The Netherlands ordered Royal Dutch Shell (“SDS”) to
reduce its CO2 emissions, concluding that RDS breached its duty of care imposed by a rule of unwritten
law relating to social conduct under Dutch Civil Code Article 6:162, In so doing, the Court used the
UNGPs and other soft law instruments to define RDS’s duty of care. Clifford Chance, Climate Change,
!
!
12!
COVID-19), the UN Special Rapporteur on human rights and the environment observed
that businesses have are involved in reducing biodiversity through “deforestation, land-
grabbing, extracting, transporting and burning fossil fuels, industrial agriculture,
intensive livestock operations, industrial fisheries, large-scale mining and the
commodification of water and nature.”
45
The ESG Risk Framework notes that ESG risks, which were once considered
‘black swans’, are now common and manifest quickly and significantly.
46
The ESG Risk
Framework points out the increasing attention paid by investors to ESG factors, including
by the largest passive investors globally, such as BlackRock (USD $6.3 trillion in assets
under management), State Street Global Advisors (USD$ 2.8 trillion), and the
Government Pension Fund of Japan (USD$ 1.4 trillion).
47
Very recently, Exxon’s
shareholders voted to install two new board directors who are more focused on the need
for the company to effectively address its climate change risk. Exxon’s management
strongly opposed the proposal and major institutional investors, such as BlackRock,
strongly supported it. As stated in the New York Times, “To corporate America, the
upset was a clear sign that company boards and leaders need to pay attention to
environmental, social and governance issues (known as E.S.G.) — or suffer rebukes.”
48
With respect to human rights specifically, in March 2021, BlackRock issued its
new policy regarding engagement with companies on human rights impacts, which states
that as a matter of sound corporate governance and long-term value creation, companies
should “implement processes to identify, manage, and prevent adverse human rights
impacts that are material to their business, and provide robust disclosures on these
practices” that align with the UNGPs, even though they are not legally binding.
49
The ESG Risk Framework includes: (1) governance and culture; (2) strategy and
objective setting; (3) performance; (4) review and revision; and (5) information,
communication, and reporting.
50
The ESG Risk Framework focuses first on the need for
systems and processes for effective corporate governance, “which provides the oversight,
!
Human Rights and Corporate Duties – Dutch Court Issues Landmark Decision, (May 27, 2021),
https://www.cliffordchance.com/insights/resources/blogs/business-and-human-rights-insights/climate-
change-human-rights-and-corporate-duties-dutch-court-issues-landmark-decision.html .
45
See the Report of the Special Rapporteur on the issue of human rights obligations relating to the
enjoyment of a safe, clean, health and sustainable environment, Human rights depend on a healthy
biosphere David R. Boyd (July 15, 2020), A/75/161, https://undocs.org/A/75/161, paragraphs 76-77; See
also, Office of the High Commissioner on Human Rights, Human Rights at the Heart of the Response:
Human Rights, the Environment, and Covid-19: Key Messages, (2021),
https://www.ohchr.org/Documents/Issues/ClimateChange/HR-environment-COVID19.pdf .
46
ESG Risk Framework, supra, p. 2.
47
ESG Risk Framework, supra, p. 4.
48
Andrew Ross Sorkin, Jason Karaian, Sarah Kessler, Michael J. de la Merced, Lauren Hirsch and Ephrat
Livni, Wall Street Rebels Against Exxon: A small activist investment fund scored a huge win (May 27,
2021), https://www.nytimes.com/2021/05/27/business/dealbook/exxon-mobil-engine-no-
1.html?searchResultPosition=1 .
49
BlackRock, Our approach to engagement with companies on their human rights impacts
Investment Stewardship (March 2021), https://www.blackrock.com/corporate/literature/publication/blk-
commentary-engagement-on-human-rights.pdf .
50
ESG Risk Framework, supra, p. 9.
!
13!
structure and culture needed to establish the goals of the organization, the means to
pursue them and the ability to understand any associated risks.”
51
Unsurprisingly, the ESG Risk Framework points to the unique features of risk
assessment under HRDD to evaluate and manage the company’s involvement in human
rights risks.
52
The UNGPs allow human rights risks to be included within broader ERM
systems, “provided that the ERM identifies risks to rights-holders.”
53
Therefore, the ESG
Risk Framework recommends that in accordance with HRDD, corporations should
prioritize attention to the risks of involvement in human rights abuse by the severity of
the risk to the stakeholder. The ESG Risk Framework notes that risk management under
HRDD is characterized by assessing risk from the perspective of the stakeholder, that
stakeholder engagement is critical, and that findings of a risk assessment should be
shared with stakeholders.
54
Graphically, the ESG Risk Framework shows how to assess risks under HRDD by
using a risk heat map that displays the relationship between the likelihood and severity of
a human rights risk as follows:
© 2021 Shift (Reproduced with permission)
Risks within the darkest shaded blocks draw management’s attention to the most severe
stakeholder impacts; they require prioritized attention, even if they are relatively unlikely.
That is, a highly unlikely risk of catastrophic harm to people (e.g., such as the failure of a
tailings dam, the collapse of an oil drilling platform, or the meltdown of a nuclear power
plant) nevertheless deserves priority attention by the corporation from an HRDD
perspective.
55
3. The evolution of Human Rights Due Diligence from soft to hard
law.
The UNGPs originated as a soft law norm. However, since their unanimous
endorsement by the UN Human Rights Council in 2011, the UNGPs have enjoyed broad
and swift uptake. The UNGPs are increasingly incorporated or reflected in law,
regulation, judicial and administrative decision-making, public policy, multistakeholder
norms, commercial and financial transactions, the practices and policies of leading
!
51
ESG Risk Framework, supra, p. 13.
52
ESG Risk Framework, supra, p. 54.
53
UNGP 17, Commentary.
54
ESG Risk Framework, supra, p. 54.
55
ESG Risk Framework, supra, p. 55.
!
14!
companies, and the advocacy of civil society.
56
The former UN High Commissioner for
Human Rights, Zeid Ra’ad Al Hussein, described the UNGPs as “the global authoritative
standard, providing a blueprint for the steps all States and businesses should take to
uphold human rights.”
57
Although HRDD is soft law by itself, it does not operate in a law free zone. A
corporation’s responsibility to respect human rights has always existed in a mixed hard
law and soft law environment, as I discussed earlier. Since the promulgation of the
UNGPs in 2011, HRDD has become reflected or incorporated in public policy and hard
law around the world. For the first five years after 2011, States encouraged voluntary
business action by promulgating National Action Plans that outline their plans to
implement the UNGPs.
58
In addition, States, particularly in the EU, requires companies to report on their
human rights performance.
59
The U.S, in its own procurement processes, requires sellers
of products to the federal government to eliminate human rights trafficking from their
supply chains.
60
Beyond reporting, the UK authorized the seizure of imported goods manufactured
in a manner involving human rights abuse.
61
Recently, the U.S. Customs Office has
increased its seizure of goods manufactured by companies engaged in forced labor or
other human rights abuses.
62
!
56
John F. Sherman, III, Beyond CSR: The Story of the UN Guiding Principles on Business and Human
Rights, in Ray Lindsay, and Roger Martella, Corporate Social Responsibility – Sustainable Business-
Environmental, Social and Governance Frameworks for the 21st Century (Wolters Kluter, 2020), Section
20.04, https://www.hks.harvard.edu/sites/default/files/centers/mrcbg/programs/cri/files/CRI_71.pdf
(“Beyond CSR”).
57
Zeid Ra’ad Al Hussein, Ethical Pursuit of Prosperity, The Law Society Gazette, 23 Mar. 2015, available
at https://www.lawgazette.co.uk/commentary-and-opinion/ethical-pursuit-of-prosperity/5047796.article
58
See UN Working Group on Business and Human Rights, Guidance on National Action Plans on
Business and Human Rights, OHCHR (2016),
https://www.ohchr.org/Documents/Issues/Business/UNWG_NAPGuidance.pdf.
59
Id.
60
In 2012, the U.S. adopted the U.S. Federal Acquisition Regulation, ‘Combatting Trafficking in Persons’,
FAR Subpart 22.17 and Part 52 (2012), https://www.federalregister.gov/documents/2015/01/29/2015-
01524/federal-acquisition-regulation-ending-trafficking-in-persons ,which requires all US government
contractors to take detailed actions to eliminate human trafficking at all levels of their supply chains,
including the development and implementation of compliance plans, with significant sanctions for non-
compliance.
61
In 2017, the UK adopted the Criminal Finances Act of 2017,
https://www.legislation.gov.uk/ukpga/2017/22/contents/enacted, which authorizes UK prosecutors to seize
property that was obtained by or “in connection with” gross human rights abuse, regardless of when the
property was obtained.
62
Luciano Racco and Anna Maria Annino, A Review of CBP Actions on Forced Labor in 2020 and Outlook
for 2021 (February 4, 2021), Foley Hoag Trade Sanctions and Export Controls Alert,
https://foleyhoag.com/publications/alerts-and-updates/2021/february/a-review-of-cbp-actions-on-forced-
labor-in-2020-and-outlook-for-2021. The threat of seizure can have serious adverse financial impacts; e.g.,
a Malayan company’s USD $1 billion listing in Hong Kong was delayed in order to resolve a U.S. import
ban based on multiple indicators of forced labour in its production processes. Scott Murdoch, Liz Lee and
Anshuman Daga, Top Glove's $1 billion Hong Kong listing delayed amid U.S. ban imbroglio – sources,
NASDAQ (June 1, 2021), https://www.nasdaq.com/articles/top-gloves-%241-bln-hong-kong-listing-
delayed-amid-u.s.-ban-imbroglio-sources-2021-06-01-0 .
!
15!
a) Mandatory Human Rights Due Diligence
More recently, States have moved beyond National Action Plans, reporting
requirements, and asset seizures to require corporations to engage in mandatory due
diligence, starting with France in 2016
63
and then the Netherlands in 2019.
64
These
statutes apply to companies domiciled or doing business in those countries. Similar due
diligence legislative initiatives are underway in Austria, Denmark, Finland, Germany,
Switzerland, Norway, the UK, and elsewhere.
65
Since the EU is the world’s largest trading block, its policies and laws have
enormous global reach that reach beyond the EU’s borders. In 2020, the EU launched a
consultation process, framed as an initiative on sustainable corporate governance, on a
comprehensive, EU-wide mandatory HRDD directive, a draft of which is expected in
2021, that would be implemented by all EU member States into national law.
66
The initiative has received strong support from the EU Parliament, which on
March 10, 2021, voted overwhelmingly in favor of a resolution recommending enactment
of such legislation.
67
The adopted resolution provides that the legislation would apply to
non-EU companies that sell goods or services into the EU market.
68
The extraterritorial
impact of the EU HRDD legislation would be huge for U.S. and UK companies that do
!
63
The French Duty of Vigilance Law imposes human rights and environmental due diligence obligations
on large French companies (including foreign firms with a significant French presence), with legal
consequences for their violation. See Business and Human Rights Resource Center, France’s Duty of
Vigilance Law (March 16, 2021), https://www.business-humanrights.org/en/latest-news/frances-duty-of-
vigilance-law/ .
64
The Dutch Child Labour Diligence Law requires companies that sell goods to Dutch consumers
(including foreign companies) to determine whether child labour occurs in their supply chains, and if so, to
set out a plan of action on how to combat it, and issue a statement showing its due diligence investigation
and plan, violation of which would incur criminal penalties. See Business and Human Rights Resource
Center, Dutch Senate votes to adopt child labour due diligence law (March 16, 2021),
https://www.business-humanrights.org/en/latest-news/dutch-senate-votes-to-adopt-child-labour-due-
diligence-law/ .
65
See Business and Human Rights Resource Center, National & regional movements for mandatory human
rights & environmental due diligence in Europe (May 19, 2019), https://www.business-
humanrights.org/en/latest-news/national-regional-movements-for-mandatory-human-rights-environmental-
due-diligence-in-europe/
66
European Commission, Sustainable corporate justice, DG Justice, A3 Company Law unit, Legislative
and possible guidance, Q1 2021, Ref. Ares (2020) 4034032 - 30/07/2020, https://media.business-
humanrights.org/media/documents/files/documents/090166e5d21fb60c.pdf . The initiative draws upon a
European Commission 2020 study of due diligence in the supply chain, https://op.europa.eu/en/publication-
detail/-/publication/8ba0a8fd-4c83-11ea-b8b7-01aa75ed71a1/language-en and a European Commission
2020 study on directors’ duties and sustainable corporate governance, https://op.europa.eu/en/publication-
detail/-/publication/e47928a2-d20b-11ea-adf7-01aa75ed71a1/language-en. The EU proposed to look
separately at the questions of human rights due diligence and requiring company directors to integrate
stakeholder impacts into their fiduciary duty of care.
67
European Parliament, Corporate due diligence and corporate accountability, European Parliament
resolution of 10 March 2021 with recommendations to the Commission on corporate due diligence and
corporate accountability (2020/2129(INL)) (“European Parliament Resolution”).
https://www.europarl.europa.eu/doceo/document/TA-9-2021-0073_EN.html
68
Under Article 2, Paragraph 3 of the European Parliament Resolution, supra, the due diligence
requirement “shall also apply to ... undertakings, … which are governed by the law of a third country and
are not established in the territory of the Union when they operate in the internal market selling goods or
providing services.”
!
16!
business in the EU. For example, in 2019, U.S. exports to the EU were USD $598
billion.
69
As a result, U.S. and UK companies selling into the EU would likely be
scrutinized for evidence that their exported goods and services were produced in
accordance with meaningful HRDD processes.
b) Duty of care
In addition to State efforts to codify HRDD into statutes, HRDD has the potential
to become the basis for a duty of care owed by corporations to avoid harming persons and
society. Common law courts have long-used normative standards as the basis for
establishing tort-based legal duties of care to injured persons under domestic law. As
Justice Learned Hand wrote in the famous T.J. Hooper case in 1932, “Courts must in the
end say what is required; there are precautions so imperative even their universal
disregard will not excuse their omission.”
70
To date, violations of internationally
recognized human rights laws have been rarely invoked to date to establish a common
law duty of care, but that will likely change as HRDD becomes more deeply embedded in
law, policy, and corporate practice. The change would be highly significant, since the
majority of multinational corporations are headquartered in common law jurisdictions,
such as those in the U.S., the UK, and Canada.
Although no courts have yet held that a common law duty of care to exercise
HRDD exists, the Canadian Supreme Court set the stage for it in Araya v. Nevsun
Resources. There, the Court recognized that customary international laws, including
crimes against humanity, forced labor, and torture, are part of Canadian law, and that
Canadian companies may be liable for the breach of these standards as a result of their
overseas operations (in that case, arising from a Canadian company’s mining operations
in Eritrea).
71
Professor Emeritus Douglas Cassel of Notre Dame Law School argues that
all of the elements are in place to establish a common law duty of care claim against a
parent company for injuries to people and communities that result from its failure to
conduct HRDD with respect to the operations of its foreign subsidiary.
72
In addition, duty of care claims based on the UNGPs and HRDD can arise under
statutes, too. I earlier discussed the very recent Dutch case involving Royal Dutch Shell,
where the Court explicitly relied on the UNGPs to conclude that RDS has breached its
!
69
Office of the U.S. United States Trade Representative, European Union, https://ustr.gov/countries-
regions/europe-middle-east/europe/european-union
70
The T. J. Hooper, 60 F.2d 737, 738 (2d Cir. 1932) (Hand, J.),
https://law.justia.com/cases/federal/appellate-courts/F2/60/737/1542549/ “ [I]n most cases reasonable
prudence is in fact common prudence; but strictly it is never its measure; a whole calling may have unduly
lagged in the adoption of new and available devices. It may never set its own tests, however persuasive be
its usages. Courts must in the end say what is required; there are precautions so imperative even their
universal disregard will not excuse their omission.” (emphasis added). The case is discussed in Waitzer
and Stoller, supra, p. 825.
71
Araya v. Nevsun Resources, Ltd., 2016 BCSC 1856 (2016),
https://www.ccij.ca/content/uploads/2016/10/BCSC-Nevsun-judgment-Oct-2016.pdf .
72
That is, there would be a proximate connection between the parent’s conduct and the injury, the injury
would be foreseeable, and liability would serve the public interest. Doug Cassel, Outlining the Case for a
Common Law Duty of Care to Exercise Human Rights Due Diligence (2016) 1(2) Business and Human
Rights Law Journal 179–202, http://journals.cambridge.org/abstract_S2057019816000158 .
!
17!
duty of care under a rule of unwritten law relating to social conduct under the Dutch Civil
Code by not taking sufficient steps to reduce its CO2 emissions.
Similarly, plaintiffs are trying to import HRDD as a duty of cure under the U.S.
Trafficking Victims Protection Reauthorization Act (“TVPRA”). The statute provides
that companies can be held civilly liable if they participated in a venture, that engaged in
forced labor, where the company knowingly received anything of value from the venture
or “knew, or should have known” that the venture had engaged in forced labor.
73
In a
pending TVPRA class action against Apple, Google, and Tesla, the alleged class consists
of children who claim to have been enslaved and injured while mining cobalt in the
Congo for ultimate use in the assembly of lithium ion storage batteries in defendants’
products. Plaintiffs claim that defendants knew, or should have known through the
exercise of HRDD, that their products were manufactured with child and slave labor.
74
c) Private law
In addition to common law or statutory legal liability, private commercial law is
increasingly incorporating UNGPs and HRDD concepts into contracts and agreements;
this is creating a new lex mercatoria, or private commercial law, of human rights. For
example, when huge global business organizations such as FIFA (the world’s largest and
richest sports organization), require partners and suppliers to comply with these
standards, including in FIFA World Cup tournaments, the results cascade throughout the
supply chain.
75
When huge multinational enterprises require their contractual counterparties to
comply with the UNGPs, procurement lawyers are incentivized to address the
deficiencies of current supply chain contracts from an HRDD perspective. These
contracts are typically based on buyer-enforced supplier representations and warranties to
meet human rights standards in the contract. However, the representations and warranties
approach of existing supply chain contracts has been largely ineffective to improve
human rights performance by suppliers; this is because so many suppliers lack the
managerial and financial capacity to comply with both human rights and commercial
performance standards (such as price, quantity, and timing of delivery of goods).
Moreover, buyers often undercut the ability of low-margin suppliers with prices that
make it impossible for workers to enjoy a living wage, and by last-minute changes in
design and quantity. Doing so makes cheating and unauthorized subcontracting
inevitable, if the supplier wants to keep the busines. Under such circumstances, the
!
73
18 U.S.C. § 1595 et. seq.
74
Class Action Complaint, Jane Doe 1, etc. v. Apple Inc 1, etc., U.S. District Court for the District of
Columbia, 16 December 2019, https://www.classaction.org/media/doe-et- al-v-apple-inc-et-al_1.pdf.
75
John G. Ruggie and John F. Sherman, III, Adding Human Rights Punch to the New Lex Mercatoria: The
Impact of the UN Guiding Principles on Business and Human Rights on Commercial Legal Practice (2015)
6(3) Journal of International Dispute Settlement 455–461, available at
https://scholar.harvard.edu/files/john-
ruggie/files/adding_human_rights_punch_to_the_new_lex_mercatoria.pdf
!
18!
buyer’s expectations of suppliers with respect to human rights performance is like
“paying for a bus ticket and expecting to fly.”
76
Buyers get what they pay for.
As a result, a Working Group of the Business Section of American Bar
Association has drafted model supply chain contracts that would shift contracts from a
representations and warranties approach to a human rights due diligence regime, in which
buyers and suppliers would share the responsibility of addressing supply chain human
rights abuse.
77
The model contract clauses are suggestive only, but indicate the need for
corporate lawyers to address more effectively the problem of supply chain human rights
abuse by incorporating HRDD principles into supply chain contracts.
Finally, private arbitration is increasingly being used to resolve business related
human rights disputes. Two examples are (a) the Bangladesh Accord, an agreement
between about 200 Western garment companies and two trade unions to raise factory
safety improvements in the wake of 2014 Rana Plaza factory collapse, which is
enforceable by arbitration; and (b) foreign investor host State bilateral treaty arbitration,
which may involve allegations that a State’s increased efforts to protect human rights
violates the rights of investors under bilateral treaties.
78
4. The business case
Complying with public or private legal standards that reflect or incorporate
HRDD is foundational for corporate governance. However, legal compliance is hardly
the only reason for corporate fiduciaries to act affirmatively to ensure that HRDD is
implemented into corporate governance. Furthering the best interests of the corporation
also requires understanding the business case for HRDD that goes beyond avoiding legal
liability.
The importance to ESG investors of company involvement in human rights abuse
to investors has been discussed earlier, since such involvement implicates at least the ‘S’
factor, and perhaps the E and G factors as well. A company’s involvement in human
rights abuse is a leading indicator to ESG investors of the likelihood of risks to the
business, and ultimately lower ratings in potentially all three factors. Human rights can
harm the corporation’s operations, finances, legal costs and liabilities, reputation, or staff
recruitment and retention, among other things.
For example, conflicts between extractive companies and communities, and labor
strikes and disruptions in the supply chain, can be very expensive. These conflicts disrupt
production, prevent products from coming to market, jeopardize reputations and divert
senior management attention. The disruption of the global supply chain as a result of the
!
76
Human Rights Watch, ‘Paying for a Bus Ticket and Expecting to Fly’: How Apparel Brand Purchasing
Practices Drive Labor Abuses (April 2019) available at https://www.hrw.org/report/2019/04/23/paying-
bus-ticket-and-expecting-fly/how-apparel-brand-purchasing-practices-drive .
77
John F. Sherman, III, No Need to Reinvent Wheels: Drafting Meaningful Human Rights Due Diligence
through Model Suggested Supply Chain Contract Clauses, Shift Viewpoint (March 2001),
https://shiftproject.org/aba-contract-clauses/ .
78
Beyond CSR, supra, Section 20.04[K][2].
!
19!
COVID 19 pandemic has highlighted the fragility of supply chains to disruption.
79
In one
famous case, an extractive company calculated that the cost of disruption form disputes
with communities, spread out over all its facilities over a two-year period, cost USD
$6,500,000,000. Similar in terms of magnitude is the value of reputation.
Finally, it is estimated that over 1/3 of the market capitalization of FTSE350
companies is attributed to reputation, which is at risk when companies are involved in
deaths to workers from the collapse of factories where workers are assembling their
garments, or in sourcing from suppliers that use child or slave labor.
80
II. The Corporate Legal Officer’s Role.
Under Delaware law, corporate officers are also fiduciaries, who owe the same
duties of care and loyalty to the corporation as board members.
81
Officers include
corporate general counsel and other legal officers, provided that they are acting in their
capacity as officers.
82
Although corporate legal officers partner with the CEO and other
senior officers to manage the corporation’s strategic risks, their affirmative fiduciary duty
of loyalty and care is to the corporation itself. This creates an inevitable tension, where
the general counsel and other inhouse lawyers must “reconcile the dual—and at times
contradictory—roles of being both a partner to the business leaders and a guardian of the
corporation’s integrity and reputation.”
83
As corporate fiduciaries, corporate legal officers have an affirmative duty to
exercise their leadership of the legal function to further the best interests of the
!
79
John F. Sherman, III, Irresponsible Exit: Exercising Force Majeure Provisions in Procurement
Contracts, Business and Human Rights Journal, Cambridge University Press vol. 6, issue 1, 127-134
(2021), https://www.cambridge.org/core/journals/business-and-human-rights-
journal/article/abs/irresponsible-exit-exercising-force-majeure-provisions-in-procurement-
contracts/A1206F08637B7353E652857B9CDC9720 .
80
For a fuller description of these costs and the research that supports it, see Shift, Business, Human Rights
and the Sustainable Development Goals: Forging a
Coherent Vision and Strategy (2016), commissioned by the Business and Sustainable
Development Commission, Section 4, http://s3.amazonaws.com/aws-bsdc/BSDC-Biz-HumanRights-
SDGs.pdf . See also: OECD and Columbia/SIPA Quantifying the Costs, Benefits and Risks of Due
Diligence for Responsible Business Conduct, Framework and Assessment Tool (June 13, 2016)
https://www.oecd.org/industry/inv/mne/Quantifying-the-Cost-Benefits-Risks-of-Due-Diligence-for-
RBC.pdf ; Rachel Davis and Daniel Franks, Costs of Company-Community Conflict in the Extractive
Sector, (2014), https://shiftproject.org/resource/costs-of-company-community-conflict-in-the-extractive-
sector/.
81
Gantler v. Stephens, 965 A.2d 695 (Del. 2009), https://caselaw.findlaw.com/de-supreme-
court/1129452.html .
82
Under Delaware law, a corporation cannot exculpate officers from liability for money damages for
breach of the duty of care, as they can for board members. Edward B. Micheletti, Bonnie W. David, Andre
D. Kinsey, Recent Trends in Officer Liability, Skadden, Arps, Slate, Meagher & Flom (December 18,
2020), https://www.skadden.com/insights/publications/2020/12/insights-the-delaware-edition/recent-
trends-in-officer-liability .
83
Ben W. Heineman, Jr., The Inside Counsel Revolution: Resolving the Partner-Guardian Tension (ABA,
2016) p. 55. See also, Malcolm Rogge, Vesting Transnational Corporate Responsibility in Natural
Persons v. Legal Persons – What Matters Today?, Forthcoming in Corporate Citizen: New Perspectives on
the Globalized Rule of Law, (Oonagh Fitzgerald, ed.) CIGI-McGill-Queen’s University Press, 2020,
https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3570105
!
20!
corporation when it comes to avoiding involvement in human rights abuse. There are
many steps that a corporate legal officer can take to do so,
84
but here are three: (1) not
focusing exclusively on the narrow issue of avoiding legal liability; (2) treating the
potential for involvement in gross human rights abuse as a matter of legal compliance;
and (3) not using legal privilege to chill the open discussion of human rights problems in
the corporation in order to find and fix them.!
A. Going beyond liability avoidance.
According to the UN Office of the High Commissioner on Human Rights,
corporate lawyers can impede the effective implementation of HRDD for their companies
through an overly narrow focus on avoiding legal liability.
85
The tendency of corporate
legal officers to focus mainly on liability avoidance or delay in the short term has resulted
in their paying too little attention to their affirmative duty to promote the best interests of
the corporation
86
Osgoode Law School Professor Edward J. Waitzer and Ontario Securities
Commissioner Douglas Sarro argue that corporate lawyers tend not to focus on what a
corporation can do, unless to confirm that the client’s decided course of action is rational.
Rather, they focus more on what a client should do to avoid legal liability, which is
“typically, the most conservative path available”.
87
Such reasoning often can be used to justify short term decision-making that can
severely harm people. For example, Waitzer and Sarro point a study on deterrence by
Roy Shapira and Luigi Zingales, which showed that the chemical company DuPont
consciously avoided disclosing for many years the severe health impacts of releasing
toxic Teflon waste from its West Virginia plant into community water supplies. The
decision would have likely been considered to be rational from the short-term financial
perspective of the company, because the “immediate costs of polluting would be borne by
others, and any damages, penalties, or reputational harm for which the company or its
managers ultimately might be accountable are discounted by both the probability of
detection and the time lags between the decision to pollute and the detection of pollution,
and between detection and enforcement.”
88
Ultimately, the company paid approximately USD $670 million to settle personal
injury claims brought by community members, who were successful in large part because
!
84
!The!leadership!role!of!corporate!c ounsel!with!respect!to!human!rights!is!discussed!in!detail!in!The!
Corporate!General!Counsel!Who!Respects!Human!Rights,!Legal!Ethics!Journal!(forthcoming!in!2021),!
https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3624331!(“Corporate!Counsel”).!
85
United Nations General Assembly (UNGA), The Report of the Working Group on the issue of human
rights and transnational corporations and other business enterprises (16 June 2018) UN Doc A/73/163
para 41, https://documents-dds-
ny.un.org/doc/UNDOC/GEN/N18/224/87/PDF/N1822487.pdf?OpenElement
86
Brummer and Strine, supra, p. 64.
87
Edward J. Waitzer and Douglas Sarro, In Search Of Things Past And Future: Judicial Activism And
Corporate Purpose, Osgood Hall Law Journal, Volume 55 Issue 3, Article 5, p. 804 (Summer 2018) ,
https://digitalcommons.osgoode.yorku.ca/ohlj/vol55/iss3/5/ (“Waitzer and Sarro”).
88
Waitzer and Sarro, supra, at 797, citing Roy Shapira and Luigi Zingales, Is Pollution Value-
Maximizing? The DuPont Case, NEBR Working Paper 23866 (2017),
https://www.nber.org/papers/w23866 (“Shapira and Zingales”)
!
21!
they were (luckily) able to hire an experienced lawyer who had previously worked to
defend chemical companies, and because (fortuitously), they were able to sue in a state
(West Virginia) that happened to recognize medical monitoring as recoverable
damages.
89
Otherwise, they would probably have lost the litigation.
The logic that likely supported the company’s decision not to disclose the severe
health risk of toxic pollution would have been consistent with a primary focus on
delaying and avoiding short term legal liability. However, not disclosing the risks would
ignore the need to prevent and remedy harm to community members who would be
sickened and die from toxic waste from the company’s operations.
B. The potential for involvement in gross human rights abuse.
The UNGPs specifically address the need for the legal function to take a
leadership role in preventing the corporation’s involvement in the most egregious forms
human rights abuse. When corporations operate in areas of conflict, there is often a grave
risk of gross human rights abuses, such as murder, rape or torture, and corresponding
impunity on the part of the relevant actors (which often include public security forces or
armed groups). UNGP 23(c) therefore provides that businesses should treat “the risk of
causing or contributing to gross human rights abuses as a legal compliance issue
wherever they operate.”
The Commentary to UNGP 23(c) provides that treating the risk of involvement in
gross human rights abuses as a matter of legal compliance is required, “given the
expanding web of potential corporate legal liability arising from extraterritorial civil
claims, and from the incorporation of the provisions of the Rome Statute establishing
specific corporate criminal responsibility and the jurisdiction of the International
Criminal Court for those offences. In addition, corporate directors, officers and
employees may be subject to individual liability for acts that amount to gross human
rights abuses.”
UNGP 23(c) therefore directly asks the general counsel’s office to take the lead in
ensuring that the potential of involvement in gross human rights abuses is treated as a
matter of legal compliance, rather than allowing other functions to decide whether the
risk of such involvement to the company outweighs the costs of the risks to people.
C. Not chilling open discussion of human rights problems.
As fiduciaries, corporate legal officers should help to foster, and not undermine, a
culture that respects human rights. One of the core norms and values of a rights-
respecting culture is openness and learning.
90
This means searching out problems, tries
to understand them, and fix them, which is effective leadership that embeds HRDD into
corporate culture. An open and learning culture means (a) actively searching for human
rights problems of which the corporation is not already aware (for example, abuse in the
remote tiers of its supply chain); (b) accepting responsibility when things go wrong (for
!
89
The case was dramatized in the 2019 movie, Dark Waters, https://www.focusfeatures.com/dark-waters .
90
The other three authentic norms and values of a rights respecting culture are respect for the dignity of all
individuals and empathy with them, individual empowerment and responsibility, and coherence. Corporate
Counsel, supra.
!
22!
example, by providing remedy when the corporation causes or contributes to abuse); and
(c) being transparent about problems, even when they are not yet resolved.
91
A notorious example of a closed culture fostered by the corporate legal team is the
General Motors ignition key scandal, where the GM product safety and legal teams used
legal privilege to slow-walk the investigation, discovery, and public disclosure of a
design defect for 10 years. The defect had caused airbags not to deploy in accidents when
the ignition key became loose and moved. This resulted in the deaths of 124 people, the
recall of 300 million cars worldwide, and the payment of $900 million in a Deferred
Prosecution Agreement to the US. government. An independent report to GM’s Board
strongly criticised the role of the legal department in fostering a closed culture, which
chilled candid internal discussion and investigation of safety issues out of fear that
discovery of problems could result in increased product liability awards in court.
92
Of course, there is an inevitable tension between promoting the value of openness
and learning, and the need for clients to be able to communicate in confidence with their
legal counsel to assess their compliance with new mandatory HRDD laws.
93
This is
particularly true as HRDD becomes mandatory, and the threat of legal violations
becomes more widespread. Companies have an interest in protecting the “legitimate
requirements of commercial confidentiality” under UNGP 17. This includes confidential
attorney client communications. Such communications need not be disclosed to affected
stakeholders.
In this exercise of its fiduciary duty, the General Counsel should therefore ensure
that even where the exercise of legal privilege may be technically justified, the
organization does not use legal privilege reflexively to chill internal discussions that
would identify and resolve human rights problems and build trust with external
stakeholders.
94
III. Two Issues to Watch
!
Going!forward,!there!are!at!least!two!issue!to!watch!for!with!respect!to!
corporate!governance:!the!EU!directors’!duties!reform!initiative,!and!the!use!of!
HRDD!as!a!defence!to!liability.
!
91
!Id.!
92
Anton R Valukas (Jenner & Block), ‘to Board of Directors of General Motors Company Regarding
Ignition Switch Recalls (Attorney’s Information Exchange Group, 29 May 2014),
https://www.aieg.com/wp-content/uploads/2014/08/Valukas-report-on-gm-redacted2.pdf (redacted copy).
93
Yousuf Aftab and Jonathan Drimmer, Expert ESG Attorneys: How Corporate Sustainability Creates
Legal Risk (Corp Gov, 11 February 2020) https://corpgov.com/lessons-from-cobalt-in-the-congo-how-
corporate-sustainability-creates-legal-risk/ .
94
John F Sherman, III and Amy Lehr, Human Rights Due Diligence: Is it Too Risky? (2010) HKS
Corporate Social Responsibility Initiative Working Paper No 55, 15ff
https://www.hks.harvard.edu/sites/default/files/centers/mrcbg/programs/cri/files/workingpaper_55_sherma
nlehr.pdf.
!
23!
A. The EU Directors’ Duties Reform Initiative
The!first!issue!is!the!separate!EU!initiative!to!require!company!directors!to!
take!a!long-term!view!of!stakeholder!impacts.
95
!!The!directors’!duty!reform!initiative!
is!proceeding!separately!from!its!due!diligence!initiative,!and!due!diligence!is!on!a!
faster!track.!!For!non-EU!registered!companies!that!do!businesses!in!or!with!the!EU,!
the!directors!duty!initiative!would!not!have!quite!the!same!extraterritorial!impact!as!
mandatory!HRDD,!since!the!law!of!corporate!fiduciary!duty!depends!on!the!
jurisdiction!where!the!corporation!is!registered.!!Thus,!the!EU!initiative!on!directors!
duties!would!not!apply!legally!to! US! corporations!registered!in!the!State!of!
Delaware,!for!example.!!However,!for!EU-registered!subsidiaries!and!affiliates!of!US!
corporations,!the!EU!initiative!on!directors!duties!might!well!apply.!!!
The!shape!and!details!of!any!EU!directors!duty!legislation!remain!to!be!seen.!!
One!problem,!as!Professor!Ruggie!has!noted,!is!the!linking!of!mandatory!HRDD!
legislation!with!directors!duties!legislation.!!The!reformation!of!directors’!duties!is!
more!controversial!than!mandatory!HRDD,!because!the!proposed!reformation!is!not!
based!on!the!same!global!consensus!that!produced!the!UNGPs.!!As!a!result,!Professor!
Ruggie!voiced!concern!that!linkage!of!the!EU!of!directors’!duty!reform!with!
mandatory!HRDD!legislation!might!derail!the!passage!of!effective!mandatory!HRDD.!
legislation.
96
!Indeed,!the!proposed!reform!of!directors’!duties!has!already!generated!
opposition!by!business!groups.
97
!
B. Defence to Legal Liability
Going forward, a second corporate governance issue will be whether and the
extent to which a corporation’s implementation of HRDD should protect it from liability
for not managing the corporation’s human rights risks. The risk of liability will increase
if the EU adopts mandatory human rights due diligence legislation that has teeth and is
enforced robustly by regulatory authorities.
During the SRSG’s UN mandate, an observer suggested that the proper exercise
of HRDD ought to provide a safe harbour from legal claims arising from the involvement
in human rights abuse, similar to the so-called business judgement rule under Delaware
law, which immunizes a board’s actions from legal liability in a Caremark-type claim if
it the board’s action is rational.
98
However, the Commentary to UNGP 17 flatly rejects
safe harbour immunity. Rather, it states that evidence that a corporation took “every
!
95
Sustainable corporate justice, supra.
96
John G. Ruggie, Letter to the European Commission regarding reform of directors duties (February
2021), https://www.business-humanrights.org/en/latest-news/john-ruggie-raises-concerns-about-adding-
company-directors-duties-in-eu-mandatory-human-rights-due-diligence-legislation/
97
Sarah Anne Aarup, Barbara Moens, Giorgio Leali, and Hans von der Burchard, Europe, Inc. wins as EU
delays new business rules, Politico (March 21, 2021), https://www.politico.eu/article/europe-inc-puts-
brussels-new-business-rules-on-ice/ .
98
Report of the Special Representative of the Secretary-General on the issue of human rights and
transnational corporations and other business enterprises, John Ruggie, Business and Human Rights:
Further steps toward the operationalization of the “protect, respect and remedy” framework A/HRC/14/27
(April 9, 2010), par. 86, https://media.business-humanrights.org/media/documents/files/reports-and-
materials/Ruggie-report-2010.pdf .
!
24!
reasonable step to avoid involvement with an alleged human rights abuse” should help to
defend itself from a legal claim.
As a result, in order to defend against a claim that a corporation’s failure to
conduct HRDD led to its involvement in human rights abuse, a corporation should be
prepared to submit evidence to point show that it took “every reasonable step” to avoid
involvement in human rights harm through the exercise of HRDD. This requires more
than pointing to the existence of its of its human rights policy, or listing the number of
training sessions and the number of contracts with human rights provisions. These steps
may be important, but they do not explain why and how a company has taken these
particular steps, how those steps fit into the company’s overall HRDD efforts, and
whether they are effective.
More fundamentally, the company should be prepared to defend itself by pointing
to the specific HRDD policies, processes, and systems that it has integrated into its
corporate governance, and to the leadership that it has exercised, in order to drive respect
for human rights into the organization’s culture.
99
In other words, the effective
integration of HRDD into corporate governance will become critical to the defence of a
claim under mandatory HRDD laws, even though it should not provide absolute
immunity.
IV. Conclusion
As I have tried to show, the increased recognition of the need to embed HRDD
firmly into corporate governance has resulted from, in Professor Ruggie’s words, a
process of “norm cascading” by distributed networks of independent entities, rather than
from a top down, command and control enforcement process by the UN. This reflects his
desire that the UNGPs “trigger an iterative process of interaction among the three global
governance systems, producing cumulative change over time.”
100
As the UN Business
and Human Rights Working Group has recently is “normative development is easy to
overlook but has been an essential step for progress. Norms shape laws, policies and
practices.”
101
And vice-versa.
The evolving and dynamic relationship between corporate governance and the
soft and hard law of HRDD is a prime example of this interaction. The interactive
relationship is a two-way street. As I noted at the outset, the development of HRDD was
shaped by dynamic interaction of the hard and soft law of internal controls, the
Sentencing Guidelines, ERM, and the fiduciary duty of directors and officers under
!
99
Shift, Discussion Draft: Signals of Seriousness for Human Rights Due Diligence: How can national
regulators best assess the quality of a company’s HRDD efforts under potential EU legislation? (February
2021), https://shiftproject.org/resource/signals-draft1/ .
100
John G. Ruggie, The Social Construction of the UN Guiding Principles on Business and
Human Rights, 12 Jun. 2017, Harvard Kennedy School Faculty Research Working Paper
Series, HKS Working Paper No. RWP17-030, https://www.hks.harvard.edu/publications/social-
construction-un-guiding-principles-business-human-rights, at 25.
101
!Report!of!the!UN!Working!Group!on!the!issue!of!human!rights!and!transnational!corporations!and!
other!business!enterprises,!Guiding!Principles!on!Business!and!Human!Rights!at!10:!taking!stock!of!the!
first!decade,!A/HRC/47/39!(April!22,!2021),!https://documents-dds-
ny.un.org/doc/UNDOC/GEN/G21/093/82/PDF/G2109382.pdf?OpenElement!.!
!
25!
Caremark. The dynamic interaction of HRDD with those and other mixed soft and hard
law standards continues to this day.
!
