Pedestrian crossing in top view perspective

How technology can help address human rights risks

Authors

  • Amanda Massucci

    EY Americas Forensic & Integrity Services, Transaction Forensics Leader and West Region Leader

  • Lauren Rogge

    Principal, Climate Change and Sustainability Services, Ernst & Young LLP

  • Jeffrey Everson

    Partner, Forensic & Integrity Services, Ernst & Young LLP

4 minute read 08 May 2024
Related topics
Forensic & Integrity Services

This is Part 3 in the “S” in ESG series: using technology to understand and mitigate human rights risks.

In brief
  • Companies can mitigate human rights risks by leveraging technology.
  • Third-party databases can help companies map and gain intelligence into their supply chain.
  • After risks are identified and validated, companies can implement measures to mitigate them.

Now

As discussed in the first and second articles in our series on the “S” in environmental, social and governance (ESG) issues, companies should be thoughtful in evaluating and mitigating social risks and issues across the value chain, including but not limited to human rights risks such as forced labor, child labor and working conditions; diversity, equity and inclusion; health and safety; and community rights and engagement. As with the discussion in the last article, the first place to start is the risk assessment. Compliance risk assessments regularly use different forms of technology to gather information, which drives a more robust assessment of risk. One way that companies can more efficiently address human rights risks leverages technology-enabled screening of the supply chain to identify risks faced by the organization around the world.

Download full article on Part 3 in the Forensics ‘S’ in ESG series – using technology to help address human rights risks

PDF (417 KB)

How EY can help

Companies with large and complex supply chains often use third-party databases to map and gain intelligence into their supply chain. These databases utilize publicly available data to identify direct and indirect relationships between entities and thereby build a complete view of the upstream supply chain. Suppliers or entities that present elevated risks are then identified using various data sources. These include:

 

  • The country risk tier published by the U.S. State Department1 annually in its report to Congress on trafficking in persons, which can be a useful proxy to categorize geographic risk
  • The List of Goods Produced by Child Labor or Forced Labor, produced by the U.S. Department of Labor’s Bureau of International Labor Affairs,2 which includes a breakdown of goods by country and can be used to assess the risk related to both manufacturing in those geographies and sourcing goods from them
  • The Uyghur Forced Labor Prevention Act (UFLPA) Entity List, published by the U.S. Department of Homeland Security,3 which identifies entities that have directly or indirectly benefited from forced labor
    The supply chain map and associated risks identified can then be validated with internal data obtained through technology-enabled surveys and enterprise resource planning (ERP) data such as procurement and resource spend.

 

Next

Once risks are identified and validated, companies can implement measures to effectively mitigate them. Companies can also establish targeted processes and controls to prevent these risks from reoccurring. For example, processes can be implemented to screen new vendors for human rights or forced labor risks during the RFP, supplier selection, onboarding or vendor due diligence processes. This can prevent high-risk vendors from entering the supply chain. When the risks are upstream from the company, one step may be to drill further into the supply chain mapping to further understand the parties with which the company is directly or indirectly partnering. It is equally important to understand the inherent risks faced by these parties and the policies and procedures they have in place to mitigate these risks.

 

Three areas of inherent risks to consider are:

  • Workforce risk (e.g., Is the work dangerous or demanding? Is the labor force undervalued or low skilled?)
  • Business model risk (e.g., human resource heavy, production/processing of raw materials, reliance on temporary laborers)
  • Geographic risk (e.g., operating in locations with lower levels of regulation/enforcement, areas with historical human rights abuses)

 

Here again, third-party diligence data may provide information to facilitate the assessment of risk, including information on parties in the supply chain and their related entities, which can be analyzed to see if they are operating in areas subject to further scrutiny, such as the Xinjiang Uyghur Autonomous Region.

 

Additionally, where the risk is within the company’s operations and further scrutiny is warranted, analytics on payroll data to examine classes of workers can determine whether workers doing similar jobs receive similar remuneration or whether certain classes of workers receive lower pay rates or are subject to more frequent and higher deductions. Further, while many workers in at-risk roles or regions may not have company-provided devices, there are technology options, such as anonymously surveying over SMS message or secure websites or placing kiosks in private areas, to gather information from employees on working conditions and risks around human rights. Many compliance departments may be overlooking these types of data as part of a broad compliance analytics program, failing to realize the value of this information in specific scenarios to assess and mitigate risks. Additionally, if substantive issues are found, organizations can build more standardized data collection and analysis around these sources to demonstrate continuous improvement of their compliance program.

 

Beyond

Whether the process leads to a substantive investigation or simply highlights areas for improvements in controls or other program elements, the value lies in the insights. These insights enable the program to evolve as the business environment continues to change. Looking ahead, embedding sensors in business processes becomes invaluable for monitoring changes and assessing the effectiveness of the current program.

 

While technology is an ever-critical tool to improve transparency in large and complex supply chains , our next article will discuss the next step a company needs to take: refining the procurement and vendor management processes to address risks identified across the vendor base.

Parag Agarwal also contributed to this article.


Summary

By utilizing technology, companies can detect global human rights risks and implement effective mitigative and preventative strategies.

About this article

Authors

  • Amanda Massucci
    EY Americas Forensic & Integrity Services, Transaction Forensics Leader and West Region Leader
  • Lauren Rogge
    Principal, Climate Change and Sustainability Services, Ernst & Young LLP
  • Jeffrey Everson
    Partner, Forensic & Integrity Services, Ernst & Young LLP
Related topics
Forensic & Integrity Services

Related articles

What leaders can do to address the “S” in ESG

Companies’ “S” focus largely appears to be on DEI metrics. This focus is certainly important, but other social issues also need attention. Learn more.

Amanda Massucci + 1

How to address the ‘S’ in ESG

This Part 2 in the Forensics ‘S’ in ESG series explores human rights risk assessments. Learn more.

Amanda Massucci + 1

    EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients.