How technology can help address human rights risks

Companies with large and complex supply chains often use third-party databases to map and gain intelligence into their supply chain. These databases utilize publicly available data to identify direct and indirect relationships between entities and thereby build a complete view of the upstream supply chain. Suppliers or entities that present elevated risks are then identified using various data sources. These include:

• The country risk tier published by the U.S. State Department1 annually in its report to Congress on trafficking in persons, which can be a useful proxy to categorize geographic risk
• The List of Goods Produced by Child Labor or Forced Labor, produced by the U.S. Department of Labor’s Bureau of International Labor Affairs,2 which includes a breakdown of goods by country and can be used to assess the risk related to both manufacturing in those geographies and sourcing goods from them
• The Uyghur Forced Labor Prevention Act (UFLPA) Entity List, published by the U.S. Department of Homeland Security,3 which identifies entities that have directly or indirectly benefited from forced labor
  The supply chain map and associated risks identified can then be validated with internal data obtained through technology-enabled surveys and enterprise resource planning (ERP) data such as procurement and resource spend.

Next

Once risks are identified and validated, companies can implement measures to effectively mitigate them. Companies can also establish targeted processes and controls to prevent these risks from reoccurring. For example, processes can be implemented to screen new vendors for human rights or forced labor risks during the RFP, supplier selection, onboarding or vendor due diligence processes. This can prevent high-risk vendors from entering the supply chain. When the risks are upstream from the company, one step may be to drill further into the supply chain mapping to further understand the parties with which the company is directly or indirectly partnering. It is equally important to understand the inherent risks faced by these parties and the policies and procedures they have in place to mitigate these risks.

Three areas of inherent risks to consider are:

• Workforce risk (e.g., Is the work dangerous or demanding? Is the labor force undervalued or low skilled?)
• Business model risk (e.g., human resource heavy, production/processing of raw materials, reliance on temporary laborers)
• Geographic risk (e.g., operating in locations with lower levels of regulation/enforcement, areas with historical human rights abuses)

Here again, third-party diligence data may provide information to facilitate the assessment of risk, including information on parties in the supply chain and their related entities, which can be analyzed to see if they are operating in areas subject to further scrutiny, such as the Xinjiang Uyghur Autonomous Region.

Additionally, where the risk is within the company’s operations and further scrutiny is warranted, analytics on payroll data to examine classes of workers can determine whether workers doing similar jobs receive similar remuneration or whether certain classes of workers receive lower pay rates or are subject to more frequent and higher deductions. Further, while many workers in at-risk roles or regions may not have company-provided devices, there are technology options, such as anonymously surveying over SMS message or secure websites or placing kiosks in private areas, to gather information from employees on working conditions and risks around human rights. Many compliance departments may be overlooking these types of data as part of a broad compliance analytics program, failing to realize the value of this information in specific scenarios to assess and mitigate risks. Additionally, if substantive issues are found, organizations can build more standardized data collection and analysis around these sources to demonstrate continuous improvement of their compliance program.

Beyond

Whether the process leads to a substantive investigation or simply highlights areas for improvements in controls or other program elements, the value lies in the insights. These insights enable the program to evolve as the business environment continues to change. Looking ahead, embedding sensors in business processes becomes invaluable for monitoring changes and assessing the effectiveness of the current program.

While technology is an ever-critical tool to improve transparency in large and complex supply chains , our next article will discuss the next step a company needs to take: refining the procurement and vendor management processes to address risks identified across the vendor base.