Bringing Teeth to Mandatory Business and Human Rights Rules: A Conversation with Rachel Chambers and Anil Yilmaz Vastardis
Over the past few years governments have started to step up with respect to their business and human rights obligations by using law and policy to hold companies accountable for preventing and remediating human rights and environmental harms. Much attention is being paid to developments in Europe with proposals for human rights and environment due diligence laws at the EU and individual state level. Starting with the groundbreaking Corporate Duty of Vigilance Law passed in France in 2017, these laws recognizing parent company influence over their subsidiaries and their supply chains are generally regarded as more effective means of holding corporations to account than the mandatory disclosure laws for modern slavery risks that were passed in California, the UK, and Australia.
Yet the focus of enforcement in debates around these laws has largely centered around creating a cause of action for civil liability for corporate harms ex post. Much less attention has been paid to the role of a regulator — arguably, a more efficient means of enforcement than sole reliance on the courts.
Rachel Chambers of the University of Connecticut and Anil Yilmaz Vastardis of University of Essex address this gap in their article, “Human Rights Disclosure and Due Diligence Laws: The Role of Regulatory Oversight in Ensuring Corporate Accountability,” published earlier this year in the Chicago Journal of International Law. The article provides a thorough assessment of the effectiveness of existing disclosure and due diligence laws and then goes one step further: to provide a detailed sui generis prototype for a regulator who can enforce them.
Joanne Bauer of Rights CoLab and Columbia University sat down with Rachel and Anil to discuss their proposal and its political feasibility.
Joanne: Rachel and Anil, it’s great to see the detailed proposal you lay out in your article for a regulatory oversight body to accompany human rights disclosure and human rights due diligence (HRDD) laws. We know that in general the reports that companies have produced in response to transparency laws have been weak. And, as you say in your article, even as we see more promise in human rights due diligence laws – including the prospect this year of an EU law that will have a civil liability provision – without regulatory oversight, the burden of accountability rests entirely with civil society. So your article is very timely. What motivated you to write it?
Rachel: My research focuses on the use of corporate accountability mechanisms for ensuring that businesses respect human rights. Anil’s research focuses on the intersection of corporate law, human rights law, and tort law. In an earlier article, we wrote about the EU Non-Financial Reporting Directive and the potential promise its human rights reporting provisions had for facilitating access to remedy for victims of human rights violations by corporate actors. Returning to study the Directive, and other disclosure and due diligence laws, a few years later, we found that they had not achieved their purpose.
Joanne: And may I just interject to say that thankfully the EU will call the new iteration of the directive the “Corporate Sustainability Reporting Directive”?
Rachel: Yes, much better than “non-financial”!
Anil: New disclosure and due diligence laws are emerging, but when we looked at the situation on the ground we didn’t see things changing meaningfully for workers and communities in global supply chains. We noticed that these laws primarily rely on a market oversight model, whereby oversight is delegated to consumers, civil society and investors and the state has withdrawn itself from ensuring that the disclosures are made and made adequately or due diligence is carried out to the standards expected. So we decided to interrogate and critique this model and offer an alternative approach.
Joanne: It is certainly clear that punting to the market to enforce laws weakens their impact. Say more about your proposal. What were your essential criteria as you were considering it?
Anil: In the existing model of disclosures and human rights due diligence, the stakeholders have few if any formal mechanisms to ensure the accuracy of disclosures and adequacy of HRDD processes. The regulatory body we are proposing can exercise annual checks on the accuracy and adequacy of reports — or on even if companies produced them — based on complaints from stakeholders on reporting deficits or another means of selecting a sample of disclosures for review.
Rachel: We don’t think any of the existing oversight models of standard corporate reporting are up to the task so we’re recommending a sui generis model, which has five attributes: First, a formal list of businesses covered by the disclosure and due diligence requirements and a publicly accessible repository for storing annual disclosures. It also needs to have an institutional structure to exercise oversight and enforcement functions. It would provide reporting and due diligence guidance for companies. Next, the regulatory body should be able to impose meaningful penalties for failure to comply with the relevant laws. Finally, in order to fulfil these functions, the body should have human rights subject matter expertise — it has to have the capacity to understand and advise stakeholders on the complexities of corporate human rights impacts.
Joanne: Why is it important to examine a sample of reports?
Rachel: As Anil said, an independent oversight mechanism for human rights disclosure and due diligence should have responsibility for reviewing reports and providing feedback to a sample of companies on an annual basis. In Denmark, for instance, the implementing legislation for the first EU Reporting Directive envisages a regulatory review of 10% – 20% of listed companies that are selected for full scope enforcement each year, checking presence and content of statements. Checking a sample of disclosure and due diligence reports is necessary in addition to receiving complaints from victims and others to create an effective deterrence from inadequately engaging with the disclosure/HRDD law.
Anil: It would create an untenable workload for a regulatory body to review every single disclosure annually, which is why we propose that the check be done based on a random sample of reports. But checking the content and substance of the reports would arguably require focusing on the sectors, issues, or worksites/countries with the most severe human rights risks or where a delayed response could make a human rights impact irremediable. We already see this kind of risk-based approach used in anti-money laundering law, for example.
Joanne: How does the regulator gain subject matter expertise in human rights to undertake that examination?
Anil: Part of what makes this regulator model sui generis is that it would be staffed by people with expertise in human rights and business. The regulator could collaborate with existing subject matter experts within government and other regulators. In the United States, for instance, the Department of Labor has experts who put together the annual child labor “Sweat and Toil” reports. If business and human rights expertise is held by National Human Rights Institutions then these would be obvious targets for close cooperation.
Joanne: Have you thought of the role of an independent advisory group – made up of very qualified BHR specialists like yourselves – reviewing the reports and providing independent assessments? I’m thinking of independent advisory boards in the private sector, such as the Human Rights Advisory Board of FIFA or Facebook’s Oversight Board for content moderation, made up of highly respected human rights experts.
Rachel: That’s an interesting idea. It isn’t the usual model for regulators, however. We do see National Contact Points, or NCPs, for the OECD Guidelines for Multinational Enterprises having this kind of advisory group, but NCPs are not typically staffed by BHR experts, as we propose in our model.
Joanne: What models — institutions or mechanisms — do you draw inspiration from? You mentioned Denmark’s proposed sampling approach for the EU Reporting Directive reports. Are there others?
Rachel: There are examples of good practice and innovation but there is no model with all the attributes that we seek for the regulator. The Dutch proposal for a human rights due diligence law that was put forward this year has detailed provisions in Chapter 3 about the creation of a regulator to oversee human rights due diligence, providing information about how to conduct due diligence, producing and following a supervisory strategy, and penalizing companies that don’t meet their obligations under the law.
Joanne: Good for the Dutch! What do you think about that provision? How close is it to what you are proposing?
Rachel: It is good to see a mandatory due diligence law containing specific information about the regulator that will enforce it. From what we have learned so far about the Dutch proposal, the regulator function is close to what we are proposing. Certain details are not known at this stage, such as whether the regulator will maintain a formal list of businesses covered by the law and a publicly accessible repository for storing annual reports. Given that this is a new regulator, we can infer that it will have the necessary subject matter expertise, but this is not specified.
Anil: After our article was published, three new legislative proposals were put forward in Europe, including the Dutch proposal Rachel mentioned. Each of these laws include regulatory oversight provisions. The other two are the Norwegian proposal and the adopted German due diligence law. The Norwegian proposal includes an oversight procedure that will be carried out by the Norwegian consumer protection agency. The new German law similarly includes a regulatory oversight procedure to be carried out by the Federal Office of Economic Affairs and Export Control, situated within the Ministry of Economics. German experts have noted that this Federal Office is also in charge of arms exports from Germany.
Rachel: At the EU-level the law being developed envisages a regulator to oversee the implementation of HRDD obligations at member state level. These are just proposals at the moment and they will be subject to revisions. But there’s at least a consistent push for regulatory oversight. Civil society and policy makers now see that without regulatory oversight these laws aren’t really achieving the goals that they were set out to.
Joanne: What do you think is the political feasibility of your proposal? When you were writing the article, is there a particular government you had in mind that would be most likely to lead on setting up such a regulatory body?
Rachel: I think the political feasibility question is such a key part of this. The UK law firm Kingsley Napley and I were commissioned to do some research last year on how a UK regulator could monitor and enforce the proposed UK human rights due diligence law. We were given this brief to create the best case scenario: What would this regulator look like? What would the powers be? What’s the best that’s currently being done among UK regulators — in terms of curbing corporate misconduct of different kinds, be it in terms of competition law, corruption, the environment, food safety, workplace health and safety etc? We looked at the regulatory landscape, which obviously differs from country to country. In considering the best case scenario, we were very much aware of the feasibility question: Who is going to resource this? Is there going to be political backing for it? A regulator is only as strong as the powers it has, and the resourcing in place. But those powers can change. Regulators have the ability to adapt the way they regulate to ever changing social and economic situations, as well as the opportunity to expand their operations as their expertise and competence grows. In the UK, for instance, regulators frequently lobby Parliament for changes to the scope of their powers.
Anil: As we were writing the article, we did not have a specific government in mind to lead in this area, but we thought that this type of regulation would first emerge from Europe. Some jurisdictions like the UK or the Netherlands seem to have a strong regulatory culture. I think the due diligence law proposals emerging from Europe show that our proposal is increasingly relevant.
Joanne: Do we have an example of that political will manifesting in a concrete regulatory body anywhere?
Rachel: The Netherlands passed a child labor due diligence law in 2019, which comes the closest. We are in that phase between enactment and enforcement. The Dutch were certainly planning for a regulator to accompany the legislation, a specific body to be the enforcement mechanism. That in itself is novel.
We’re starting from a very low point, after all. For example, the French law has no enforcer, just the courts, which serve a purpose, but are not a regulator. Then we have what’s in place for disclosure law, which typically falls to corporate / financial regulators such as the SEC in the U.S. and in the U.K., the Financial Reporting Council – they are not specialized in this field at all. As we know, the enforcement is very minimal. There was a time with UK reporting, for example, where Client Earth, the activist environmental law organization in London, was bringing instances to the attention of the Financial Reporting Council showing massive omissions in human rights disclosures. Yet, nothing really happened. It was extremely “light touch” regulation, and they never went as far as an injunction. We are still at a very embryonic phase – it’s all market regulator, market enforcement.
Anil: It’s worth pointing out that the Dutch child labor law looks at a very specific type of abuse. When your focus as a regulator is so specific and narrow as child labor, it will be more manageable to monitor, though still challenging due to the nature of the abuses. But if your scope is human rights due diligence across a wide range of human rights across a wide range of businesses in a wide range of countries, it will be a lot more challenging for a regulator to implement that kind of duty. But it’s not impossible. As Rachel said, a regulator is as powerful
as the resources it has.
Joanne: Do you think the political appetite is there now in a way that it wasn’t there before?
Anil: Compared to maybe five to eight years ago, there is more appetite for this, at least in Europe because civil society is pushing hard. We are now seeing the outcomes of legislation like the first EU Reporting Directive of 2014 and the U.K. Modern Slavery Act of 2015 and we can clearly see the weakness. That experience gives civil society and academics who push for these reforms the evidence to say to policy makers, “Look, this isn’t working.” These laws still have too much voluntarism embedded in them. I think this is the right time to push harder to get these reforms in. In fact, the UK Government recently proposed to introduce a single regulator for enforcing employment rights and it is planned that this body will also enforce s.54 of the UK Modern Slavery Act (MSA) on modern slavery reporting. However, this proposal has been criticized by trade unions for lack of a clear timetable for the establishment of this body, lack of adequate funding and overall weakness of the proposed enforcement measures. Separately on strengthening the UK MSA, a bill was recently brought before the U.K.’s House of Lords proposing improvements to the enforcement of s.54 of the MSA.
Rachel: What we do know for sure is that there is the political appetite at the EU level to enact a mandatory HRDD provision with a role for a regulator. The text of the proposed E.U. Directive requires each Member State to designate one or more national competent authorities responsible for the supervision of the Directive, and for the dissemination of due diligence best practices. Member States are being told to ensure that the national competent authorities are independent and have the necessary personnel?, technical and financial resources, premises, infrastructure, and expertise to carry out their duties effectively. So some form of regulator will be established in each of the Member States, and the question is, whether there is sufficient political appetite to make these truly effective regulators.
Joanne: Talk about the role of civil liability in relation to the regulatory body. Are you concerned that the push for a regulatory body such as the one you proposed will make governments less likely to include a provision for civil liability in their laws?
Rachel: Governments may feel that they have done enough by establishing regulatory oversight and there is no need for a civil liability provision. This is definitely a concern. In the German draft law, for example, we don’t see any form of civil liability. We agree with civil society advocates that civil liability is a vital component.
Anil: Exactly. Some within civil society are rightfully worried that we can’t have everything — I’ve heard the view that a regulator may seem appealing but a regulator that is watered down and lacks independence and resources may also derail the possibility for a civil liability provision. So there is anxiety. I still think all options should be on the table at the start of the process.
Joanne: Maybe the motivation to have a regulatory body ought to be to avoid clogging up the cases in courts…
Rachel: Definitely. Not all judges will be as familiar with the issues in these cases. In France, the only country to have enacted a human rights due diligence law, there is no mechanism of regulatory oversight and enforcement is done through courts. There is a question about which court should hear complaints about inadequate due diligence (known as ‘duty of vigilance’ under the French law) – a commercial court made up of business law experts or a regular court. What’s valuable in a regulator is human rights expertise as well as the ability to manage complaints, know best practices, what to expect of companies, and so forth. The idea of going to the courts each time is pretty inefficient.
Anil: I agree. There is going to be an important role for courts. Civil liability should be part of any due diligence law because that’s where victims get access to remedy. A regulator would not replace the remediation function of courts. The regulator should take a distinct role to monitor the presence and accuracy of due diligence reports. This can ease the burden on the courts. For example, the French court case concerning Total’s business in Uganda concerns inadequacies in Total’s vigilance plan. Because the French Law on Duty of Vigilance doesn’t provide for a regulator, it had to be taken up by the courts. But that kind of issue should have gone to a regulator. If there are grievances, and the affected communities are seeking remedies, then that should go to the courts in the form of a civil claim. The regulator’s role is not to provide redress to the communities. So it’s more of a preventative role.
Rachel: The civil society reports on how companies are doing in terms of reporting under the French law are not positive at this stage. Companies are facing a novel and, for them, an uncertain duty. They are taking a conservative approach, doing as little as possible, and waiting to be prodded to do more. It takes time to process a complaint about inadequate HRDD in the courts, so arguably this alone is insufficient to push companies to do more. Conducting HRDD is not necessarily straightforward given the different industries, abuses, and impacts, and the distant business relationships that may be the greatest source of the greatest risk.
Joanne: Is there an initiative in the UK to develop a mandatory human rights due diligence law?
Anil: There is a civil society initiative which developed an outline of a proposal. In the process of developing the proposal, there were discussions about a regulator. Some were not too keen on the idea as they saw it as distracting from civil liability. But the draft, which is still skeletal, includes an option for a regulator that would exercise oversight and enforcement functions, alongside accountability via civil liability in courts.
Rachel: During the 2019 UK elections, both the Labour and Liberal Democrat party manifestos had a commitment to make companies accountable for human rights impacts – e.g., from the Labour one: “Support ongoing UN efforts to introduce a binding international treaty on business and human rights, and make companies legally accountable for failing to prevent human rights abuses or environmental damage in their operations and supply chains, including criminal liability in the most serious cases.” Having two out of the three major political parties committing to this is an important sign of feasibility and it shows the issue has moved up in the political agenda. There has been support from certain UK companies for the enactment of this type of law but this support may not extend to include regulatory enforcement of the law. The companies that advocated for the modern slavery reporting law enacted in Section 54 of the UK’s Modern Slavery Act, they weren’t in favor of enforcement of that.
Joanne: Why? If you are looking for a level playing field, why wouldn’t you want to see the laws you are advocating for enforced?
Rachel: This is true, and it makes me question the sincerity of companies’ advocacy for HRDD laws. Companies that want a level playing field should not be leaving enforcement to the whims of civil litigation, but should be on board with a systematic attempt to ensure compliance with the law.
Anil: More and more companies want HRDD laws, but without civil liability or regulatory oversight. For instance, the recently adopted German Supply Chain Due Diligence law was heavily influenced by corporate lobbying and as a result does not contain a civil liability provision. There’s still a strong belief among companies in soft law initiatives. But soft law initiatives aren’t bringing the kind of progress we need.
Joanne: I’ve always wondered why the sustainability industry associations don’t play a role there. Why aren’t they coming together and saying, “We want these laws”…? Do we have any examples of that?
Rachel: I know we have companies in favor of HRDD. And the Global Compact has stated support for HRDD laws recently. We are seeing a shift, but it’s slow.
Joanne: I asked about the UK developments because I wanted to know if you see the end to mandatory disclosure laws like the UK and Australian modern slavery laws in favor of HRDD laws?
Anil: Hopefully, we will see more HRDD laws going forward. But, oversight of human rights disclosures will not become irrelevant, as transparency is an integral part of the due diligence responsibility. But I am hoping that increasingly we will move away from only disclosure laws and to more HRDD laws.
Rachel: I agree. Financial disclosure will go on – the question is how HRDD and disclosure will track one another. At the EU the regulations are being reviewed now. The processes are talking to each other, but it’s hard to know whether the outcome will be that they remain separate. It doesn’t make sense for them to be separate, except for when social impacts are determined to be financially material and thus are required under the financial report. HRDD and disclosure laws should be feeding into each other.
Joanne: How would they feed into one another? Are you suggesting there would be one regulator for all of that? I don’t think we’re far off from the time when modern slavery will be seen as financially material.
Rachel: You need the financial regulator, but I expect you will have regulators working together and when there are issues that cross-cut the domains you would see coordination. And you do see this in the UK regulatory landscape – regulators working together where issues cross cut jurisdictions.
Anil: We see regulators collaborating in other fields. Most recently, in the UK we have witnessed the Medicines Agency collaborating with the Public Health Agency on the usage and distribution of Covid-19 vaccines. So, it is very likely that a regulator overseeing the implementation of an HRDD law would collaborate with the regulator overseeing financial reporting on issues of overlapping interest. On the question of financial materiality, this is something we discuss in the Article. In the context of HRDD, it is important to distinguish between the financial materiality of risk for the company and the saliency of the human rights risk for workers or communities affected. In the current EU Non-Financial Reporting Directive, the primary focus is still company risk. Although the guidance of the Directive refers to double materiality — risks to society and the environment as well as risk to business — this approach has not yet been implemented by EU member states. This means that if the risk is not financially material, even if it involves potential or actual severe harm to communities or workers, the company can avoid disclosing the information. Financial regulators are still focused on financially material risks, but a regulator of HRDD needs to also consider the salient human rights risks a company poses to affected groups.
Joanne: There’s so much momentum for government action to close the governance gap that we’ve never seen before – this does seem to be the right moment to push for a regulator. Let’s move to investors. In your paper, you argue that investors are beneficiaries of good disclosure. They are also enforcers. Understanding risk is an essential part of the investment calculus and investors will shy away — and sometimes divest – from companies that aren’t disclosing those risks. That has real consequences for business and can be seen as its own type of enforcement. Your proposal for a strong regulator adds a layer of urgency for investors since failure to disclose or inadequate disclosure presents a legal/regulatory risk – not just an operational and reputational risk – potentially exposing the company to financial penalties, which amounts to material financial impact.
I also find it interesting that investors sit in the background of these conversations around regulation and enforcement, but tend not to be part of these conversations. Yet, there is strong alignment of interests between investors and civil society because of that element of risk. One thing we’ve been working on at Rights CoLab is how you bring investors and civil society into better dialogue, so that investors can better understand what the risks are and in turn civil society understands when investors have power in the deal and how to advocate for ways to overcome limitations investors think they face.
Rachel: There are two gains for investors from an effective and well-resourced regulator in this area. One is greater information accuracy. Investors want better and more accurate information about what is going on in the environmental and social sphere. A regulator can improve the quality of the reported information.
Another gain is the oversight and enforcement of due diligence laws. The argument there is all about the quality of information disclosed and the quality of processes that companies engage in to understand the environmental and social impacts. If a company is hit with a fine, the investor should be able to foresee that. Investors want a world where they have better insights into what the future may hold.
Anil: In the article we did not focus very much on investors, as we have more faith in civil society than in investors to drive change. But we still think that committed investors have an important role to play alongside civil society in pushing companies towards better disclosure. Investors need good quality information and HRDD processes to make better informed decisions.
Joanne: So what’s next for your research? Are you engaging in the EU debates on mandatory reporting and due diligence?
Rachel: Anil and I both regularly host and participate in discussions with other academics, civil society, and businesses and about legislative developments in the EU and beyond. Speaking to civil society actors about our proposal, we have identified a further area of research, namely the practicalities of using a severity of risks hierarchy to check corporate disclosure and due diligence. We are interested in diving deeper into this operationalization question.
Anil: And we need to understand why in certain regulatory contexts there is a preference for court oversight as opposed to regulatory oversight. What accounts for that difference?