Downstream Due Diligence

• Build a screening process so transactions that trigger concern are scrutinised more closely.
• Build on existing processes where possible (for example, pre-bid screening).
• Consider relevant contextual factors, such as whether a prospective customer is a government or state-owned entity, a politically exposed person, or subject to sanctions.
• Where used, internal watchlists can flag transactions for scrutiny when created in Customer Relationship Management (CRM) systems.
• Post-sale, ensure operational-level grievance mechanisms are open to those impacted by products and services, to provide an ongoing check on the effectiveness of due diligence.
   

• Put in place robust governance with clear lines of accountability to support day-to-day decisions and help prevent repeat harms.
• Establish mechanisms to review issues escalated by sales colleagues.
• Some companies use a decision tree to assess severity, degree of involvement, and reasonable foreseeability; they then refer cases to human rights subject-matter experts as needed.

• Where the customer and end user are not the same, encourage channel partners and other customers to establish similar downstream due diligence processes to reduce the risk of direct linkage to harms.

• Build human rights protections into products and services from the start, rather than trying to fix problems after launch. This means thinking early about who might be harmed by a product or service, how it could be misused, and what safeguards can reduce those risks. For example, many companies already apply “privacy by design”; the same approach can be used to help prevent other human rights harms too.
• Where the company is unlikely to have a relationship with end users, consider whether tracking batch or product-level unique identifiers could improve traceability. This can help prevent recurrence of sales through distribution channels where misuse has been 

• Use contractual stipulations that limit end-user ability to use products or services in ways that adversely impact human rights.
• Use contracting as an entry point to communicate the company’s approach and to gauge counterpart commitment and capability.
• Where human rights language cannot be secured (including where leverage is limited, such as with some state-owned enterprises or government customers), some practitioners find common ground using terms like “responsible business conduct” and/or referencing protections in national law.
• A clear policy commitment can support negotiations.
   

• Where feasible, explore audit rights as part of contractual negotiations.
• Where there is an ongoing relationship with end users through after-sales service, support, or warranty offerings, this can provide additional leverage to help prevent misuse or unintended use that could result in adverse impacts.
• Provide training and guidance to customers on acceptable ways of using your products or services, particularly where there is a potential for misuse or unintended/unforeseen use. In certain industries and transactions. capacity-building support can increase customer willingness to engage on human rights issues.
   

• Use qualitative and quantitative measures to understand whether policies and processes are implemented optimally and whether responses to identified impacts are effective.
• Consider developing relevant KPIs and metrics to assess the effectiveness of the downstream due diligence programme.
• Communicate meaningfully on the nature and extent of the downstream due diligence programme and the principal outcomes.
• Ensure transparency and accountability to impacted people and other relevant stakeholders.
   

Human rights reporting can help you engage more effectively with stakeholders – including governments, investors, civil society organisations, customers and other business partners, as well as consumers and local communities. It presents an opportunity to help people understand the company’s human rights risks and challenges, and the complexity of its business relationships and operating environment. When everyone has a stronger understanding of these things, you can have a more mature conversation about how these challenges should be managed.

Opening up about the company’s challenges – and its approach to managing these – can also give a company’s business partners and its own employees confidence to raise dilemmas they are facing, improving the company’s visibility of these risks and ability to help find solutions.

There are many mechanisms a company can use to report on or disclose information about its human rights policies, processes, progress and performance. These include:

• integrating human rights information into an integrated annual or corporate responsibility report.
• preparing a standalone human rights report.
• publishing a modern slavery statement.
• disclosing information on the company's website or through an app.
• making disclosures through an industry or multistakeholder initiative.

There is no one right way to approach this.

What works best for your company will likely reflect legal requirements in countries where it operates and the company’s preferred approach to non-financial reporting. It will also depend on its salient issues, opportunities to make disclosures through industry initiatives and – importantly – who its key stakeholders are and what information they want or need.

Most companies combine multiple approaches – for example, they may share some information on the company’s website and supplement that with a more formal human rights or sustainability report. They may also make specific disclosures prepared to comply with regulatory requirements or industry expectations – for example, by making a modern slavery statement or reporting through the Voluntary Principles on Security and Human Rights.

The UN Guiding Principles Reporting Framework can be used to strengthen formal reporting by helping companies present a comprehensive picture of how they identify and manage human rights challenges. It helps companies focus on the issues that are most relevant to stakeholders. Practitioners observe that this Framework can also be used to spark internal conversations and to strengthen management policies and processes.

There are a broad range of other tools and frameworks that companies use to guide how they report on human rights and other responsible business issues. Some companies choose to develop one report that meets the requirements of a number of frameworks or tools, and annex an analysis showing where information required by each framework can be found in the report. It may not be necessary to report against each framework or tool – some practitioners note that their company’s stakeholders tend to be more interested in some types of reporting than others.

UN Guiding Principles Reporting Framework

To report on human rights issues, you will need to engage with colleagues from different functions and parts of the business. For example, to gather relevant information and to secure the necessary approvals. Having strong leadership buy-in from the beginning can help encourage support from colleagues across the business.

Engaging early and often with key colleagues – particularly those who may be cautious about communicating publicly on human rights-related issues – is key to building comfort and confidence in this work.

To report on human rights progress and performance, you will need information from a variety of functions and parts of the business to report on the company’s human rights-related policies, processes, progress and performance. Ideally, such information should be contained in a company-wide reporting tool.

Think creatively and collaboratively about how to get this. Processes to collect information for reporting and disclosure are often a continuation of other information-gathering processes. For example, it may be helpful to draw on systems developed to support human rights due diligence and grievance processes. In-person workshops with colleagues from specific functions or regions can also help develop and test content. It is important to think critically about the reliability of information sources and their interpretation – for example, if a grievance mechanism isn’t trusted, the data it generates may not be complete. 

Assessing the impact of a company’s efforts to implement respect for human rights can be much more difficult than gathering information and data on compliance with company policies, participation in training programmes and identified grievances or incidents. 

Companies are generally comfortable communicating about successes and achievements. Reporting on challenges, mistakes and areas where improvement is needed can be more difficult. However, honest and open reporting about the often messy realities of managing human rights risks tends to be received well by companies’ stakeholders. Being real about your challenges and dilemmas, as well as what's working well, can build trust and help stakeholders find ways to work with the company to drive positive outcomes.

It is important to work closely with lawyers to navigate concerns about any legal risks that may arise from disclosing information about human rights issues. Bringing them in early can help build comfort and buy-in. Some companies ‘test the waters’ by communicating about human rights challenges through one mechanism (such as the UN Global Compact Communication on Progress process), then become more open with their reporting and disclosure when they feel ready.