Skip to content
Navigation
  • Home
  • Downstream Due Diligence

Identifying and addressing risks downstream

Downstream human rights risks can arise through how products and services are used, misused, modified, or integrated into other products and services - often beyond the point of sale. Developing processes to enable effective downstream human rights due diligence can help companies identify, prevent, mitigate and account for these risks in practice.
 


Turning attention downstream 

Downstream human rights due diligence can be understood as human rights due diligence on products and services, and business relationships arising from the production phase onwards to the point of sale and beyond, placing particular focus on how products and services will be used and by whom.

Human rights due diligence should be seen as a continuous and dynamic process. Risks can change over time, so effective due diligence requires both proactive elements (where potential risks can be identified in advance), and reactive elements (where risks become more likely or harms occur and action is required to prevent or mitigate).


Why downstream human rights due diligence matters

A holistic value chain approach is a core expectation of the UN Guiding Principles on Business and Human Rights (UNGPs) and the OECD Guidelines. Human rights due diligence (HRDD) is intended to cover the whole range of possible impacts companies may have across their value chains. It is meant to help companies understand the risks that are present or likely to arise in their value chains, and can show what they are doing to address these risks to support rights-respecting practices.

Failing to look downstream can create significant blind spots and damaging consequences to reputation, market access and business partnerships, as well as significant out-of-court settlements or provision for large-scale remediation where impacts occur.
 

Image of a container ship moving downward on deep blue water

DOWNSTREAM DUE DILIGENCE

Access the GBI Conversations podcast series


What does effective downstream HRDD look like in practice?


Increasing litigation and reputational risk downstream

Downstream HRDD follows the same core logic as HRDD at any other point in the value chain: identify and assess risks, integrate and act, track effectiveness, and communicate.

There is growing recognition of exposure where a company “knew or ought to have known” impacts could occur downstream, for example:

  • Begum v Maran (UK) Ltd [2021] EWCA Civ 326 – a claim relating to the sale of a ship for scrappage and alleged unsafe disposal resulting in loss of life.
  • The United States opioid settlements - including Walmart (US$3.1bn), CVS/Walgreens (near US$10bn), and McKinsey (US$573m).
  • The French (Amesys) case involving alleged complicity in torture in Libya linked to surveillance technology.
  • A broad set of downstream issues raised through OECD National Contact Points, including sales of surveillance equipment/arms/tear gas, drugs used in lethal injections, construction machinery linked to illegal occupation, financing linked to impacts, and other downstream linkages.

Ways to identify risks connected to products, services and business models

  • Assess whether the company’s business model elevates risk (for example, where there is little visibility over end use, or where incentives encourage the sale of goods or services that may negatively affect people).
  • Conduct human rights impact assessments on existing products and services to identify impacts they may cause, contribute to, or be directly linked to downstream, supported by consultation with actually or potentially affected stakeholders or appropriate proxies.
  • Identify potential impacts from new products/services early in the research and development cycle so that addressing risk can become part of the design brief.
  • Where products/services are added through merger or acquisition, assess how acquired offerings could pose risks to people.
  • Consider whether there are risks inherent in markets and operational contexts that could give rise to downstream human rights risks.
  • Put processes in place to identify new and emerging issues over time, including using operational-level grievance mechanisms to surface concerns linked to products and services.

Ways to identify end-user, customer and downstream business partner risks

  • Define the risk factors and determinants of misuse relevant to the company’s products and services.
  • Assess potential risks from use and misuse by end users, including where certain end users may face heightened risks.
  • Assess risks inherent in customers’ markets or operational contexts, including where the context may elevate the likelihood of misuse or harm.
  • Assess how customers operationalise their responsibility to respect human rights, including their approach to identifying and addressing misuse and onward sales risk.
  • Enable sales teams to support risk identification, recognising that sales colleagues may be closest to customers and can help surface risk indicators when trained and supported. 


Integrating findings and acting on identified risks

Insights from business practice

  • Good reporting and disclosure can strengthen relationships and dialogue with key stakeholders

    Human rights reporting can help you engage more effectively with stakeholders – including governments, investors, civil society organisations, customers and other business partners, as well as consumers and local communities. It presents an opportunity to help people understand the company’s human rights risks and challenges, and the complexity of its business relationships and operating environment. When everyone has a stronger understanding of these things, you can have a more mature conversation about how these challenges should be managed.

    Opening up about the company’s challenges – and its approach to managing these – can also give a company’s business partners and its own employees confidence to raise dilemmas they are facing, improving the company’s visibility of these risks and ability to help find solutions.

  • Report in a way that works for your company

    There are many mechanisms a company can use to report on or disclose information about its human rights policies, processes, progress and performance. These include:

    • integrating human rights information into an integrated annual or corporate responsibility report.
    • preparing a standalone human rights report.
    • publishing a modern slavery statement.
    • disclosing information on the company's website or through an app.
    • making disclosures through an industry or multistakeholder initiative.

    There is no one right way to approach this.

    What works best for your company will likely reflect legal requirements in countries where it operates and the company’s preferred approach to non-financial reporting. It will also depend on its salient issues, opportunities to make disclosures through industry initiatives and – importantly – who its key stakeholders are and what information they want or need.

    Most companies combine multiple approaches – for example, they may share some information on the company’s website and supplement that with a more formal human rights or sustainability report. They may also make specific disclosures prepared to comply with regulatory requirements or industry expectations – for example, by making a modern slavery statement or reporting through the Voluntary Principles on Security and Human Rights.

  • The UN Guiding Principles Reporting Framework is a helpful reporting and management tool

    The UN Guiding Principles Reporting Framework can be used to strengthen formal reporting by helping companies present a comprehensive picture of how they identify and manage human rights challenges. It helps companies focus on the issues that are most relevant to stakeholders. Practitioners observe that this Framework can also be used to spark internal conversations and to strengthen management policies and processes.

    There are a broad range of other tools and frameworks that companies use to guide how they report on human rights and other responsible business issues. Some companies choose to develop one report that meets the requirements of a number of frameworks or tools, and annex an analysis showing where information required by each framework can be found in the report. It may not be necessary to report against each framework or tool – some practitioners note that their company’s stakeholders tend to be more interested in some types of reporting than others.

    UN Guiding Principles Reporting Framework

  • Engage early and often with key internal stakeholders as you develop content for a report

    To report on human rights issues, you will need to engage with colleagues from different functions and parts of the business. For example, to gather relevant information and to secure the necessary approvals. Having strong leadership buy-in from the beginning can help encourage support from colleagues across the business.

    Engaging early and often with key colleagues – particularly those who may be cautious about communicating publicly on human rights-related issues – is key to building comfort and confidence in this work.

  • Be creative and collaborative to gather relevant information for reporting and disclosure

    To report on human rights progress and performance, you will need information from a variety of functions and parts of the business to report on the company’s human rights-related policies, processes, progress and performance. Ideally, such information should be contained in a company-wide reporting tool.

    Think creatively and collaboratively about how to get this. Processes to collect information for reporting and disclosure are often a continuation of other information-gathering processes. For example, it may be helpful to draw on systems developed to support human rights due diligence and grievance processes. In-person workshops with colleagues from specific functions or regions can also help develop and test content. It is important to think critically about the reliability of information sources and their interpretation – for example, if a grievance mechanism isn’t trusted, the data it generates may not be complete. 

    Assessing the impact of a company’s efforts to implement respect for human rights can be much more difficult than gathering information and data on compliance with company policies, participation in training programmes and identified grievances or incidents. 

  • Honesty and openness tend to be well-received by stakeholders

    Companies are generally comfortable communicating about successes and achievements. Reporting on challenges, mistakes and areas where improvement is needed can be more difficult. However, honest and open reporting about the often messy realities of managing human rights risks tends to be received well by companies’ stakeholders. Being real about your challenges and dilemmas, as well as what's working well, can build trust and help stakeholders find ways to work with the company to drive positive outcomes.

    It is important to work closely with lawyers to navigate concerns about any legal risks that may arise from disclosing information about human rights issues. Bringing them in early can help build comfort and buy-in. Some companies ‘test the waters’ by communicating about human rights challenges through one mechanism (such as the UN Global Compact Communication on Progress process), then become more open with their reporting and disclosure when they feel ready.