There is still uncertainty around the Transparency Act, how to carry out due diligence assessments and what is the duty of businesses. In this article, we want to illustrate how you can easily carry out, process and process due diligence assessments of your suppliers.
Due diligence assessments according to the Transparency Act
What are due diligence assessments?
A due diligence assessment is a working method for surveying, preventing, reporting and following up businesses in accordance with the Transparency Act. The main purpose is to account for and follow up actual and potential negative consequences on human rights and decent working conditions. Due diligence assessments must be carried out both at suppliers and at subcontractors. It is important to remember that the due diligence assessments must focus on breaches both in your own business, with your suppliers and externally (environment, local community, etc.).
Before starting the work with due diligence assessments, it is important to have a good understanding of the principles in the Transparency Act and in the due diligence assessments. We therefore recommend that you also read our article on templates in the Transparency Act to gain a basic understanding of the most important steps in the legislation.
Pursuant to Section 4 of the Transparency Act, businesses must carry out due diligence assessments in line with the OECD’s guidelines for multinational companies.
OECD guidelines for multinational companies
The Organization for Economic Co-operation and Development (OECD) is, as the Norwegian Consumer Protection Authority (Forbrukertilsynet) explains, an international organization that works to build better policies for better lives. They do this by shaping policies that promote prosperity, equality, opportunities and well-being for all.
Due diligence assessments under the Transparency Act are based on OECD guidelines for multinational companies. These guidelines are very comprehensive, but cover the most important points to ensure a responsible business life.
Who is the OECD and what is their purpose?
OECD stands for Organization for Economic Co-operation and Development (English: Organization for Economic Co-operation and Development). The Norwegian Consumer Protection Authority defines the OECD as an international organization that works to build better policies for better lives. They do this by shaping policies that promote prosperity, equality, opportunities and well-being for all.
The OECD has around 40 member countries in Europe, where the purpose is to set standards for the countries within economic and social issues, one of these being human rights. The company functions as a forum, where, among other things, Norway engages in dialogue with other member countries, in order to collaborate on the design of policy between the countries. One of the guidelines that has come through the OECD is the OECD’s guidelines for multinational companies.
“The guidelines aim to ensure that the activities of these companies are in accordance with public policy, to strengthen the basis for mutual trust between the companies and the society in which they operate, to seek to improve the climate for foreign investment and to strengthen the contribution of the multinational companies to sustainable development.”OECD guidelines for multinational companies
The guidelines of the OECD are based on the fact that due diligence assessments must minimize negative consequences for people, society and the environment linked to companies’ business activities. The points have clear expectations for the diligence of business in several areas such as: human rights, employee rights, the environment, anti-corruption and transparency. The guidelines also expect due diligence assessments to be carried out to avoid these negative consequences.
The steps in a due diligence assessment
Due diligence assessments can be broken down into 6 points, where the purpose is to map, prevent, account for and follow up businesses for negative consequences for violations of human rights and decent working conditions. It is the Norwegian Consumer Protection Authority that supervises and guides businesses in accordance with the Transparency Act, so we have taken their approach as a starting point:
1. Anchor accountability
The first step in due diligence assessments starts with the business setting internal guidelines. This means that you set overall goals for how negative consequences are to be avoided and how you are to prevent any damage. It is important that the goals are detailed, so that it is easy to follow up on your own guidelines. Concrete actions the business undertakes to take in the event of various findings should also be included in the document.
The company’s guidelines must be in line with the Transparency Act and OECD guidelines. This means that you can update your existing guidelines, or develop new ones with regard to the Transparency Act. The guidelines must cover the entire business, the supply chain and business partners. The guidelines must contain at least:
- How the business must act responsibly
- Expectations of accountability from suppliers and business partners, and
- their due diligence plans
Anchoring accountability is written in the NorwegianTransparency Act §4, letter a.
2. Map negative consequences
According to the Transparency Act §4, letter b. the businesses must map and assess actual and potential negative consequences for basic human rights and decent working conditions in the supply chain.
Under this point, the business itself must carry out analyzes of its own business, the supply chain and business partners. The aim of carrying out due diligence assessments is to identify which areas pose the highest risk of negative impact on human rights and decent working conditions. Furthermore, it must be assessed whether the damage has already occurred, or whether there is a real possibility of damage. An important aspect of the Transparency Act is to assess one’s own relationship to any damages/negative consequences for violations of human rights and decent working conditions.
Get information from suppliers
We recommend starting by getting an overview and sorting your own operations, suppliers and business partners by categories such as industry, geography and type of business partner. Where possible, also map subcontractors, here an overall map based on available information is often enough. Start by creating a risk analysis, where you look at historical risk by industry, geography or specific companies. Then dive deeper by obtaining information from your suppliers, e.g. through a survey, in-depth interview or signing a self-declaration form.
Markets and society are constantly changing, so risk analyzes should be reviewed regularly. It is important to change the risk analyzes if you see clear changes in the risk picture. Also remember to change the public statement with the new information to avoid sanctions from the Norwegian Consumer Protection Authority (Forbrukertilsynet).
Once you have mapped your suppliers, the next step is to compile risks with expectations in a risk matrix. Here, the business must assess the suppliers and follow up the companies with the highest risk or expectations. Risk is most often based on countries, industries or specific companies with a high risk of violations of human rights and decent working conditions. Expectations are based on the supplier’s size, for example total turnover or contract size.
Based on the model above, we recommend always investigating the suppliers to comply with the requirements of the law
3. Take action
After completed risk analyzes and mapping of negative consequences in the supply chain, it is time to take measures to stop, prevent or limit the consequences. Which measures you should take depends on, among other things, the relationship you have to the negative consequences discovered in step 2 and the degree of severity. The closer the business is to the damage, the more responsible you will be for cleaning it up. We have three levels of measures that can be set. Alive based on the assessments: preventive measures, limited measures and stopping measures. Stopping measures such as canceling contracts should therefore be the last resort.
Actions you can take:
- Adapt activities (remove dangerous substances etc.)
- Upgrade facilities (remove risk elements)
- Pre-qualify suppliers
- Consolidate suppliers
- Collaboration across the industry
- Engage local authorities
Where violations of human rights are discovered, they must be stopped before other preventive measures are started. It is the top manager of the company who is responsible for stopping the breaches and it is expected that the management will take future measures to prevent them.
The due diligence assessments should result in an action plan that describes which measures are being initiated and which are planned in the future. The action plan should contain:
- Actions you will take
- Which identified risk areas have you prioritized and why
- What relationship does the business have to the consequences that measures are aimed at?
- Justification for the level of measures you choose to take in the face of the consequences
- Who is responsible for implementing and carrying out measures
- What changes would you like to make to your own guidelines
- What plans do you have for training relevant employees and managers in the risk area against which measures are to be taken
- Information about the dialogue you have had/will have with affected parties
- Expectations of suppliers and other business partners.
If the business has little influence on the business that violates human rights and decent working conditions, we recommend that you read the Norwegian Consumer Protection Authority’s website.
4. Follow up the measures
After initiating measures, the business should see what effect these measures have had. The purpose of the follow-up is to assess the measures and possibly make changes in the future.
It is recommended to examine the points:
- How many of the measures were actually carried out on time as planned.
- How well the measures have worked
- Has harm to individuals or groups actually been prevented or dealt with
Depending on the severity of the consequence and the company’s responsibility, the company should actively follow up on the measures that have been initiated. Examine different sources to assess the effectiveness of the measures, preferably from internal or third-party assessments.
Remember to temporarily limit direct communication with affected parties that may have consequences from the employer or local community. This typically applies to the indigenous population.
5. Communicate with affected stakeholders
The OECD’s guidelines mainly deal with communication with the general public and affected stakeholders. The Transparency Act, on the other hand, requires that the businesses must only communicate with affected stakeholders and rights holders, in addition to the public statement.
You can read more about the public statement here.
Here, the business must communicate the results of the measures in the due diligence assessment. This involves communicating measures and their results to affected parties and stakeholders.
Communication with affected stakeholders must take place in an understandable way, in the right format, and at the appropriate time and place. Meetings, online dialogue, consultations are typical communication platforms.
While the OECD’s guidelines here deal with communication both with the general public and affected parties, the Transparency Act therefore only requires communication with affected stakeholders and rights holders – with its own minimum requirements for the kind of information to be published in an annual report.
Unfortunately, companies occasionally find out that they have helped push companies to violate human rights. This is usually not proven, but happens as a result of choices made when selecting a supplier. In points 3, 4 and 5, the business made some choices to correct its impact on the negative consequences. We have created an example of involvement below.
It is important to specify that recovery of damages is only necessary when the business is directly involved in the negative consequences. The Norwegian Consumer Protection Authority nevertheless recommends that businesses use their influence to pressure larger players to follow up on this step in the Transparency Act.
You can read more about recovery here: Forbrukertilsynet.no
Some examples of recovery measures:
- Replacement or compensation
- A public apology
- Measures to prevent future damage
Share Control’s system for the Transparency Act
We help companies manage the compliance requirements of the “Openness Act” in one system, so you can avoid the risk of non-compliance and have full confidence that you are complying with them. With ShareControl Transparency you can easily regain control over your suppliers.
Collect information from your suppliers and enter data and documentation, so that you can more easily carry out risk analyses, due diligence assessments and take measures. Send out surveys with questions about the supplier’s handling of human rights and decent working conditions. In this way, you ensure compliance with the Transparency Act, while streamlining several of the processes.