In the last 10 years, financial crime enforcement has been transformed through the introduction of a number of compliance-based offences whereby a company may face liability for actions that occur throughout its supply chain. Crucially, the company may avoid prosecution if it can demonstrate that it had put in place procedures and controls intended to mitigate these risks.
In the UK, for example, this was crystallised by the 2010 Bribery Act, and has become known as the 'failure to prevent' offence: the company faces liability because it fails to prevent bribery. It has been influential in developing a culture of compliance across all industries and it applies globally, provided the company has some business in the UK. It covers bribery committed throughout a supply chain, by anyone, provided they were acting for or on behalf of the company.
This model of enforcement is also applied by the UK's money laundering and tax evasion legislative frameworks. Increasingly, the same may become true for environmental, social and governance (ESG) concerns as companies are under growing pressure to ensure that human rights are observed throughout their supply chains and they take steps to mitigate the risk of environmental harms or biodiversity loss or damage.
Although the legal imperative is generally less clear than in the context of financial crime, the commercial imperative is just as evident. As recently as Monday, the CEO of Aviva Investors wrote to the 1500 companies the asset manager invests in to set out the expectation for 2022 with a focus on their responsibilities on climate, biodiversity and human rights throughout supply chains too, as well as on executive pay.
But while financial crime is measured against straightforward compliance frameworks, the same is not true for ESG factors, including, perhaps surprisingly, international human rights frameworks. Although a small number of international documents have begun to effectively set the standard in this area – led by the UN Guiding Principles on Business and Human Rights – organisations are largely able to choose which standards to impose and which values to prioritise.
Future reform
However, as regulators begin to mandate climate disclosures and responsibilities across supply chains, it seems unlikely that human rights-related measures will remain voluntary indefinitely. In the UK, again, the 2021 Environment Act has introduced obligations intended to address deforestation harms whereby companies dealing in 'forest risk commodities' must undertake due diligence to ensure that such products were produced in compliance with local laws. France and Germany have already introduced legislation that is intended to require due diligence by larger companies to ensure that supply chains are free of human rights abuses. And the European Commission is currently considering a draft directive called Corporate Due Diligence and Corporate Accountability, which would build on the UN Guiding Principles and provide for mandatory due diligence on a range of ESG-related issues.
For companies and those advising them, the practical impact of the shift towards viewing ESG-related concerns through the lens of compliance is, of course, an increased compliance burden. But the fundamental mitigation steps necessary in the context of supply chains are broadly the same, whether in respect of financial crime risks or ESG risks.
For example, the key mitigating principles identified in guidance published by the UK government in the context of bribery and tax evasion will typically equally relate to concerns about ESG issues in supply chains. These include proportionate procedures, due diligence and risk assessment: no organisation may reasonably be expected to eradicate the risk of issues arising, but the systems and controls it puts in place should reflect such risk.
The risks posed by supply chains are only becoming more complex for business, whether from the perspective of financial crime enforcement – with the potentially imminent expansion of a compliance model of corporate criminal liability for all economic crime – or in the context of increasingly thorough ESG concerns. In the months and years to come, those businesses who act to put in place robust and reliable compliance systems, together with prompt and thorough investigation of wrongdoing, will be best placed to succeed.
Christopher Gribbin and Matthew Ewens are an associate and a partner, respectively, at Mishcon de Reya.
