Due diligence assessment according to the Transparency Act – guidance

Due diligence assessment according to the Transparency Act – guidance

There is still uncertainty around the Transparency Act, how to carry out a due diligence assessment according to the Transparency Act and what is the duty of businesses. In this article, we want to illustrate how you can easily carry out, process and process due diligence assessments of your suppliers.

What is a due diligence assessment?

A due diligence assessment is a working method for mapping, preventing, accounting for and following up businesses in accordance with the the Transparency Act. The main purpose is to account for and follow up actual and potential negative consequences on human rights and decent working conditions. Due diligence must be carried out on both suppliers and subcontractors. It is important to remember that the due diligence assessments must focus on breaches both in your own business, with your suppliers and externally (environment, local community, etc.).

Before starting the work with due diligence assessments, it is important to have a good understanding of the principles in the Transparency Act and in the due diligence assessments. We therefore recommend that you also read our article on templates in the Transparency Act to gain a basic understanding of the most important steps in the legislation.

Pursuant to Section 4 of the Transparency Act, businesses must carry out due diligence assessments in line with the OECD’s guidelines for multinational companies.

You can read the OECD guidelines here.

Equality in the workplace

OECD guidelines for multinational companies

Due diligence assessments under the Transparency Act are based on OECD guidelines for multinational companies. These guidelines are very comprehensive, but cover the most important points to ensure a responsible business life.

One of the guidelines that has come through the OECD is the OECD’s guidelines for multinational companies.

“The guidelines aim to ensure that the activities of these companies are in accordance with public policy, to strengthen the basis for mutual trust between the companies and the society in which they operate, to seek to improve the climate for foreign investment and to strengthen the contribution of the multinational companies to sustainable development.”

OECD guidelines for multinational companies
Wheel for due diligence assessments and process for carrying out due diligence assessments and assessing negative impact

The OECD’s guidelines for multinational companies are based on the fact that due diligence assessments should minimize potential negative consequences for human rights, society and the environment linked to companies’ business activities. The points have clear expectations for the diligence of business in several areas such as: human rights, employee rights, the environment, anti-corruption and transparency. The guidelines also expect due diligence assessments to be carried out to avoid these negative consequences.

The steps in a due diligence assessment

Due diligence assessments can be divided according to 6 points, where the purpose is to map, prevent, account for and follow up businesses for negative consequences for violations of basic human rights and decent working conditions. It is the Norwegian Consumer Protection Authority that supervises and guides businesses in accordance with the Transparency Act, so we have taken their approach as a starting point:

1. Anchor accountability

The first step in due diligence assessments starts with the business setting internal guidelines. This means that you set overall goals for how negative consequences are to be avoided and how you are to prevent any damage.

It is important that the goals are detailed, so that it is easy to follow up on your own guidelines. Concrete actions the business undertakes to take in the event of various findings should also be included in the document.

The company’s guidelines must be in line with the Transparency Act and OECD guidelines. This means that you can update your existing guidelines, or develop new ones with regard to the Transparency Act. The guidelines must cover the entire business, suppliers and other business partners. The guidelines must contain at least:

  • How the business must act responsibly
  • Expectations of accountability from suppliers and other business partners, and
  • their due diligence plans

Anchoring accountability is written in the NorwegianTransparency Act §4, letter a.

2. Map negative consequences

According to the Transparency Act §4, letter b. the businesses must map and assess actual and potential negative consequences for basic human rights and decent working conditions in the supply chain.

Under this point, the business itself must carry out analyzes of its own business, the supply chain and business partners. The aim of carrying out due diligence assessments is to identify which areas pose the highest risk of negative impact on human rights and decent working conditions. Furthermore, it must be assessed whether the damage has already occurred, or whether there is a real possibility of damage.

An important aspect of the Transparency Act is to assess one’s own relationship to any damages/negative consequences for violations of basic human rights and decent working conditions.

Get information from the supply chain

We recommend starting by getting an overview and sorting the company’s own operations, the supply chain and business partners according to categories such as industry, geography and type of business partner. Where possible, also map subcontractors, here an overall map based on available information is often enough.

Start by creating a risk analysis, where you look at historical risk by industry, geography or specific companies. Then dive deeper by obtaining information from your suppliers, e.g. through a survey, in-depth interview or signing a self-declaration form.

Markets and society are constantly changing, so the company’s risk analyzes should be reviewed regularly. It is important to change the risk analyzes if you see clear changes in the risk picture. Also remember to change the public statement with the new information to avoid sanctions from the Norwegian Consumer Protection Authority (Forbrukertilsynet).

Risk matrix

Once you have mapped your suppliers, the next step is to compile risks with expectations in a risk matrix. Here, the business must assess the suppliers and follow up the companies with the highest risk or expectations.

Risk is most often based on countries, industries or specific companies with a high risk of violations of human rights and decent working conditions. Expectations are based on the supplier’s size, for example total turnover or contract size.

Based on the model above, we recommend always investigating the suppliers to comply with the requirements of the law.

Risk matrix for assessing negative consequences for people, society and the environment

Examples: basic human rights and decent working conditions

Basic human rights and decent working conditions mean, for example, the right to:

  • Life
  • Education
  • Freedom of speech
  • Privacy/Privacy
  • Equality and non-discrimination

Examples: potential negative consequences you should investigate

When businesses research their suppliers, it can sometimes be difficult to know what to look for. If you have no clear opinions about what you should investigate and what contains potential negative impacts on people, society and the environment, we recommend the following points:

  • Excessive use of overtime
  • Low wages that do not cover basic human needs
  • Pollution or accidents
  • Discrimination
  • Forced labour
  • Violation of the right to privacy

3. Take action

After completed risk analyzes and mapping of negative consequences in the supply chain, it is time to take measures to stop, prevent or limit negative consequences. Which measures you should take depends on, among other things, the relationship you have to the negative consequences discovered in step 2 and the degree of severity. The closer the business is to the damage, the more responsible you will be for cleaning it up. We have three levels of measures that can be set. Alive based on the assessments: preventive measures, limited measures and stopping measures. Stopping measures such as canceling contracts should therefore be the last resort.

Actions you can take:

  • Adapt activities (remove dangerous substances etc.)
  • Upgrade facilities (remove risk elements)
  • Training
  • Pre-qualify suppliers
  • Consolidate suppliers
  • Collaboration across the industry
  • Engage local authorities

Where violations of human rights are discovered, they must be stopped before other preventive measures are started. It is the top manager of the company who is responsible for stopping the breaches and it is expected that the management will take future measures to prevent them.

Implementing measures and conducting due diligence

Action plan

The due diligence assessments should result in an action plan that describes which measures are being initiated and which are planned in the future. The action plan should contain:

  • Actions you will take
  • Which identified risk areas have you prioritized and why
  • What relationship does the business have to the consequences that measures are aimed at?
  • Justification for the level of measures you choose to take in the face of the consequences
  • Who is responsible for implementing and carrying out measures
  • What changes would you like to make to your own guidelines
  • What plans do you have for training relevant employees and managers in the risk area against which measures are to be taken
  • Information about the dialogue you have had/will have with affected parties
  • Expectations of suppliers and other business partners.

If the business has little influence on the business that violates human rights and decent working conditions, we recommend that you read the Norwegian Consumer Protection Authority’s website.

4. Follow up the measures

After initiating measures, the business should see what effect these measures have had. The purpose of the follow-up is to assess the measures and possibly make changes in the future.

It is recommended to examine the points:

  • How many of the measures were actually carried out on time as planned.
  • How well the measures have worked
  • Has harm to individuals or groups actually been prevented or dealt with

Depending on the severity of the consequence and the company’s responsibility, the company should actively follow up on the measures that have been initiated. Examine different sources to assess the effectiveness of the measures, preferably from internal or third-party assessments.

Remember to temporarily limit direct communication with affected parties that may have consequences from the employer or local community. This typically applies to the indigenous population.

5. Communicate with affected stakeholders

The OECD’s guidelines mainly deal with communication with the general public and affected stakeholders. The Transparency Act, on the other hand, requires the businesses to communicate only with affected stakeholders and rights holders, in addition to the public statement.

You can read more about the public statement here.

Here, the business must communicate the results of the measures from the due diligence assessments carried out. This involves communicating measures and their results to affected parties and stakeholders.

While the OECD’s guidelines here deal with communication both with the general public and affected parties, the Transparency Act therefore only requires communication with affected stakeholders and rights holders – with its own minimum requirements for the kind of information to be published in an annual report.

6. Restore

Unfortunately, companies occasionally find out that they have helped push companies to violate human rights. This is usually not proven, but happens as a result of choices made when selecting a supplier. In points 3, 4 and 5, the business made some choices to correct its impact on the negative consequences. We have created an example of involvement below.

It is important to specify that recovery of damages is only necessary when the business is directly involved in the negative consequences. The Norwegian Consumer Protection Authority nevertheless recommends that businesses use their influence to pressure larger players to follow up on this step in the Transparency Act.

You can read more about recovery here: Forbrukertilsynet.no

The Transparency Act: recovery measures

Share Control’s system for the Transparency Act

We help companies manage the compliance requirements of the “Transparency Act” in one system, so you can avoid the risk of non-compliance and have full confidence that your business complies with them. With ShareControl Transparency, you can easily regain control over the supply chain.

Collect information from all the company’s supply chains and enter data and documentation, so that you can more easily carry out due diligence assessments, risk analyzes and take measures. Send out surveys with questions about the supplier’s handling of human rights and decent working conditions. In this way, you ensure compliance with the Transparency Act, while streamlining several of the processes.

See more articles on due diligence assessment, the Transparency Act etc.:

About The Author