Mitigating risk

The actions you should take depend on how you are linked with risks. If you are causing risks yourself (e.g. as a result of your procurement strategy), you should make the necessary adjustments as soon as possible to avoid further damage. If you are linked with risks through business partners, you should attempt to exercise leverage in order to encourage them to take action, and you should support these actions where possible.  The degree of leverage you have depends not only on the size of your company, but also on the type of business partner. For instance, a large multinational might be less inclined to listen to your concerns than a small-scale supplier that depends on you for its sales or reputation. Leverage can also vary across time. For instance, your leverage may be greater during contract negotiations, or when you get the results of a supplier audit.

In this section, we discuss a range of possible actions that you could take to work towards mitigating risks in your supply chains. As a rule of thumb, (1) actions you take together with others are more effective than actions you take individually; (2) only a smart mix of actions will be effective in the long run; and (3) particularly during the initial stages, actions aimed at integrating due diligence (see 'integrating due diligence') are at least as important as actions aimed at mitigating risks.

Low-hanging fruit

Procedures or practices that already exist within your company (e.g. in environmental management or occupational health and safety) could also be relevant for suppliers. You might consider sharing the know-how that exists within your company with suppliers, e.g. through training or during supplier visits. In doing so, it is important to highlight the benefits that such systems have brought to your own company (e.g. in terms of cost savings or process improvements).

A supplier dialogue

A dialogue with suppliers is arguably the single most important action that SMEs can take. A dialogue initiates a mutual learning process about risks, and about possible actions to mitigate these risks. Yet there can be cold feet on both sides. Ideally, therefore, a supplier dialogue is preceded by a supplier screening or -survey, the results of which can provide a starting point for a more informed discussion. While a supplier dialogue is very much a question of ‘learning by doing’, we can already offer a few tips.

• Assume that most suppliers are not yet aware of what due diligence entails, let alone that they would have systematic due diligence processes in place. Instead, start with the basics: what are possible risks to people and the environment? Why do you feel it is important to pay attention to these risks?
• Ask simple questions that go beyond formal policies and procedures. You can use the self-assessment that is linked to this online toolbox as a source of inspiration.
• Wherever possible, build on the results of a supplier survey or audit.
• Large suppliers in particular may be tempted to put up a nice story about their sustainability strategy as a whole. To avoid this, try to shift the focus to specific products or risks.
• Create a ‘safe space’ wherein sensitive issues can be discussed. Underline the importance of confidentiality, and provide assurances that the dialogue will not –or at least not during its initial stages– impact the supplier relationship.
• Proactively raise questions about the impact of your own procurement practices.
• Try to realize economies of scale by bringing different suppliers together around the table.

Standards and certificates

You can ask suppliers to make sure that their management systems, or the products or services they provide, conform to a certain standard. This standard can be developed by yourself (e.g. a supplier code of conduct), or by a third party, like an industry- or multi-stakeholder body (see below). Well-known standards include Fairtrade and FSC.

Often (but not always), standards are linked with certificates that acknowledge that companies or products comply with a standard. These certificates are awarded by a third party, usually (but not always) after an audit process. Examples of product certification include MSC (fisheries) and RSPO (palm oil). ISO-certification is a prime example of certification for management processes. While the words ‘certificates’ and ‘labels’ are often used interchangeably, a label is nothing more than a symbol that is used for communication purposes. While a label makes certain sustainability claims, not all labels are verified by a third party, and companies can create their own labels.

Certification systems have faced growing criticism for their purportedly limited impact on the ground, which is blamed in part on the inadequacy of auditing systems (we return to this in the section on ‘monitoring’). Many companies and consumers are also fed up with the seemingly never-ending proliferation of labels and certificates. There are now important debates about the role that third-party certification can play in human rights and environmental due diligence. The consensus that seems to emerge is that certification can indeed play a role in due diligence because it facilitates the flow of information, and because it provides indication of, among other things, the maturity of suppliers' environmental management systems, or the extent to which they comply with health and safety procedures. In addition, certification helps raise awareness among companies and consumers. However, certification alone does not cover a company's due dilgience obligations. Moreover, to fulfill their potential, certificates need to meet a number of criteria, which will be specified later on.

Initiating a stakeholder dialogue

Like a dialogue with suppliers, a dialogue with other stakeholders allows you to better understand risks, and to reflect about more effective actions to mitigate these risks. Relevant stakeholders may include other companies, sector organisations, NGOs, academics, trade unions, international organisations, local organisations, etc. A stakeholder dialogue can take different forms:

• Bilateral discussions with one or more civil society organizations to gain a better understanding of potential risks.
• An exchange with other companies, with or without the involvement of an industry body.
• An information session or roundtable discussion with multiple stakeholders, in which you seek feedback on your approach.
• A focal group that evaluates your due diligence processes on an annual or bi-annual basis.

Industry initiatives

Industry initiatives are initiatives that are primarily initiated and governed from within the business community. While there exist important differences in terms of the objectives and scope of industry initiatives, they often have some sort of shared code of conduct, audit protocols, a platform to share audit results, and (increasingly) joint mechanisms for receiving and handling grievances. The name industry initiative is somewhat misleading, because some initiatives focus on different industries (e.g. Amfori BSCI), and because attempts are being made to involve other stakeholders – albeit not always on a systematic basis.

Critical questions are rightly raised about the extent to which industry initiatives can lead to fundamental change, knowing that they are led one-sidedly by businesses themselves. At least in some areas (e.g. freedom of association), the standards are often less ambitious than is the case for multi-stakeholder initiatives (see below). A lot of industry initiatives are also implicitly catering for larger companies, and are more difficult to access for SMEs.

Multi-stakeholder initiatives

Like industry initiatives, there exist considerable differences between multi-stakeholder initiatives (MSIs) in terms of their scope and ambition. MSIs differ from industry initiatives through their emphasis on the importance of involving different stakeholders (including civil society and workers), and of independent third-party monitoring. 

MSIs provide opportunities for companies to gain valuable expertise and experience in a safe environment. They can also help companies (and notably SMEs) realize economies of scale, by sharing costs, e.g. for carrying out a risk analysis or for auditing suppliers. Yet like industry initiatives, MSIs face growing criticism: they remain essentially voluntary mechanisms, and quite some observers claim that despite their more inclusive nature, they still reproduce the power imbalances between business and other stakeholders.

Worker-driven due diligence

The growing frustration with the shortcomings of existing systems is leading to new initiatives wherein workers themselves assume central stage in the development of standards, in raising awareness amongst stakeholders (particularly workers themselves), in setting up grievance mechanisms, and in monitoring the situation on the ground (we return to this in the section on ‘monitoring’). Moreover, these initiatives encourage more binding agreements between companies, suppliers, and workers (which may or may not be represented by trade unions).

While research shows the potential of worker-driven due diligence, there are many barriers to scaling up these types of initiatives. For instance, setting up this kind of mechanism is tricky in countries without a tradition of employee participation. Moreover, existing initiatives are mainly focused on large companies and their suppliers, and there are few examples involving SMEs.

When things go wrong - Remediation

Even if you take all necessary measures to prevent risks, a negative impact might still occur. When you are responsible for this negative impact yourself, you are expected to remedy this negative impact. Remediation can take the form of apologies, restitution (e.g. of expropriated property), rehabilitation (e.g. of dismissed employees), compensation, punishment (e.g. dismissal of employees guilty of abuse of power), and measures to prevent future damage.

If you are linked with a negative impact through a third party (e.g. an environmental offence by your supplier’s supplier), you are not expected to remedy this negative impact yourself, but rather to encourage (and possibly support) your supplier to take steps towards remediation. Nonetheless, in some cases, it may be important to directly contribute to remediation processes, for instance to avoid reputational damage.