Avoiding the patchwork problem: effective corporate social responsibility compliance integration
April 2016 | SPECIAL REPORT: MANAGING RISK
Financier Worldwide Magazine
Implementation of corporate social responsibility (CSR) commitments is being increasingly recognised as an integral part of corporate efforts to prevent and mitigate legal and operational risks, and to gain and maintain the trust of key stakeholders. The gradual ‘hardening’ of many voluntary best practices into new regulatory requirements underlines the importance of a coherent and comprehensive approach to CSR implementation. Companies that are ahead of the curve with regard to the implementation of their CSR commitments will find that their forethought pays dividends as formerly voluntary standards emerge as the foundation of new regulatory regimes.
Risks exist, however, for companies whose approach to CSR implementation has been patchwork at best or that have utilised bare minimum audits and reviews without the rigor that stakeholders, and regulators, have come to expect. CSR commitments cannot be ‘tacked on’ to compliance as an afterthought if they are to serve as effective risk management measures. Stakeholders, including regulators, are sophisticated and will identify the holes that a patchwork compliance approach has created. When putting CSR commitments into practice, compliance personnel and management can – and should – build on existing company compliance structures to create coherent procedures that fit a company’s existing compliance culture.
Companies typically invest significant resources in developing comprehensive compliance programmes to prevent and detect violations of legal and regulatory standards that may lead to legal liability or punitive fines. A commitment to strong social and environmental performance standards as part of a company’s CSR efforts can similarly help a company avoid lawsuits and fines, as well as boycotts, divestment and public condemnation. That said, while compliance and CSR fundamentally serve the same risk management functions, internally they are often managed quite differently. Both CSR and traditional compliance programmes help ensure that companies can operate consistently with established and emerging expectations for corporate behaviour. Too often, however, a company’s CSR efforts are effectively siloed from more traditional risk management and compliance functions. CSR may be seen as programmatic or philanthropic, and not tied to overall enterprise risk management.
Ultimately, failure to integrate CSR commitments into corporate compliance programmes results in operational inefficiencies and lost opportunities for improved corporate performance. Companies may assess the aspirational nature of certain CSR commitments, overlooking their relationship to key operational metrics, and make the mistake of failing to set specific CSR-related goals linked to concrete deliverables. CSR commitments may not be subject to robust internal standards nor supported by appropriate training and resources for relevant personnel. Insufficient oversight and accountability mechanisms may result in performance failures that undermine CSR’s risk management function.
Such an approach is short-sighted. Even as CSR commitments are often voluntary, they are often predictive of trends in the law and future compliance requirements. For example, many corporate human rights policies have long stated that companies will not tolerate the use of forced labour. This commitment may even have been embedded into supplier contracts and agreements with business partners. In practice, however, relatively few companies have focused management attention – and resources – on assessing the real risks of forced labour that may be linked to their operations, especially the activities of suppliers deep within their supply chains. These companies have found themselves challenged by a notable increase in public attention regarding the persistent prevalence of forced labour in connection with many different industries.
Notably, new legislation and regulations have been enacted in response to stakeholder and legislative attention to forced labour issues. For example, statutes such as the California Transparency in Supply Chains Act, which went into effect in 2012, and the UK Modern Slavery Act, which went into effect in 2015, require companies to disclose what actions they are taking to assess and respond to the risks of forced labour in human trafficking in their product supply chains. In another example of policymaker concern regarding corporate reliance on forced labour, the US government amended its regulations for federal contractors in 2015 to require certain contractors to develop detailed compliance plans to address the risks of trafficking associated with the goods and services they provide to the US government. As legal and regulatory requirements have increased, some companies have found themselves scrambling to develop the internal compliance systems necessary to identify and respond to forced labour risks. In some instances, the company’s internal expertise on forced labour, and other human rights challenges, lies within CSR departments that have not formerly been given the resources to adequately address concerns. Companies face the challenge of integrating and leveraging the functional capacity of traditional compliance and CSR functions in order to comply with new legislative requirements in a manner that addresses the concerns of both regulators and traditional CSR stakeholders, including investors, consumers and civil society organisations.
Companies should not overlook the opportunities that lie alongside these integration challenges. Companies seeking to assess human rights concerns, such as the risk of forced labour in their supply chains, may find that existing corporate compliance programmes with regard to anti-bribery and corruption provide a strong platform on which to build. Indeed, a number of recent studies have observed that due diligence processes focused on anti-bribery and corruption seek to evaluate many of the risk factors also associated with forced labour. Companies should therefore leverage the expertise of corporate personnel focused on anti-corruption compliance in order to engage them in developing corporate programmes to address forced labour risks.
Importantly, many new statutes and regulations require corporate transparency regarding efforts to address human rights-related risks. In addition to the transparency provisions cited above with regard to forced labour, another example of this trend is the US government’s conflict minerals rule, which requires corporate disclosure of due diligence efforts to address the risks that the sourcing of certain minerals is funding armed conflict in the Democratic Republic of Congo and adjoining countries. When developing the disclosures mandated by these new requirements, companies should utilise the skill sets and resources of their CSR personnel, who have considerable experience engaging with external stakeholders regarding corporate efforts to address complex social challenges. While compliance personnel may be inclined to minimal disclosures, a company’s CSR experts will understand what needs to be communicated in order to effectively demonstrate that a company is fulfilling its commitments.
Corporate CSR and compliance functions have the potential to be mutually reinforcing. Approaching CSR and compliance in an integrated fashion may significantly enhance corporate capacity to be responsive to stakeholder expectations and to comply with new and emerging hard law requirements. Continuing to approach CSR commitments in a piecemeal, and under-resourced, fashion will leave a company vulnerable to costly missteps and lost opportunities for comprehensive risk management built upon an effective and integrated compliance programme.
Sarah A. Altschuller is counsel and Gwendolyn W. Jaramillo is a partner at Foley Hoag LLP. Ms Altschuller can be contacted on +1 (202) 261 7387 or by email: saltschuller@foleyhoag.com. Ms Jaramillo can be contacted on +1 (617) 832 1224 or by email: gjaramillo@foleyhoag.com.
© Financier Worldwide
BY
Sarah A. Altschuller and Gwendolyn W. Jaramillo
Foley Hoag LLP
FORUM: Use of Big Data and data analytics as part of a risk management strategy
Effective board governance: the healthy tension between management and the board
Avoiding the patchwork problem: effective corporate social responsibility compliance integration
Control the controllable: lessons from farmers for corporate leaders
Managing reputation risk, a low-tech, high-touch, cross-functional process
Integrating security into broader risk management
Legal data domain: legal vs. the rest of the bank
Solvency II – pushing existing systems and processes harder is not enough for compliance
Top supply chain accountability risk trends for 2016
Identifying and managing hidden enterprise contract risk