Skip to content

Illustration by Security Management; iStock

Bridging the Legal/Ethical Gap

The rights to life, food, education, work, health, and liberty represent a range of fundamental and universal rights, inherent to everyone simply because of their inclusion in the human race. These rights are indivisible and interdependent—one right cannot be fully enjoyed without the others.

The United Nations (UN) adopted the Universal Declaration of Human Rights in 1948—the first legal document to address fundamental rights, with articles providing the principles of subsequent legislation, conventions, and agreements.

Because only countries can be party to international treaties, governments are responsible for enforcing, promoting, and protecting these rights. This, however, does not mean that private actors or entities, especially businesses, cannot impact human rights—either positively or negatively. In some instances, companies may even have a greater effect on such rights compared to governments.

The UN and other international organizations actively encourage corporate responsibility. But in the absence of law, human rights frameworks are currently not compliance issues and are often placed at the bottom of the corporate priority list.

Human rights issues are predominantly regarded as an ethical dilemma for companies, one that often triggers a “cost vs. ethics” debate to decide the course and extent of a response.

However, governing bodies—including the U.S. government, the European Union, and others—are increasingly passing legislation, such as Germany’s Act on Corporate Due Diligence in Supply Chains (Lieferkettengesetz), that not only require businesses to respect human rights, but also conduct human rights due diligence (HRDD). HRDD detects and monitors operations’ adverse effects on human rights, offering analysis into the impacts of upcoming legislative changes and how future issues can be avoided.

By their very nature, human rights abuses are an emotional topic. Even allegations of such incidents against a company will impact its reputation, and it will be on the company to allay the charges.

More Than Compliance

Human rights law is a complex speciality, and with an increasing focus on the intersection of human rights and businesses, it is not going to get simpler. Corporate departments outside of compliance and legal—especially professionals tasked with security and asset protection—will have to familiarize themselves with the changes.

A company can be held legally responsible not only for its own actions but also for incidents linked to its value chains, business relationships, or third-party contractors—even if it has not directly contributed to those impacts.

For a corporation, especially a large one, abuses will typically occur at the bottom of its corporate value chain, making them more difficult to uncover. Security professionals can help identify those abuses by piggybacking on existing frameworks and programs that already have due diligence procedures in place, rather than duplicating efforts.

The Cost of Human Rights

When seeking justice for human rights abuses committed by corporations, plaintiffs are largely dependent upon domestic criminal laws. Currently, most businesses accused of human rights violations enjoy impunity in the courts. The international community is inching toward converging existing non-binding regulations with binding laws. Consumers are becoming increasingly sensitive and conscious of how their buying power can reflect a spectrum of concerns—including ethics, corporate social responsibility (CSR), and environmental impacts.

With this heightened consumer and stakeholder scrutiny, corporate citizenship and conduct are becoming even more critical; companies need to consider how these matters impact their reputations and bottom lines. There are already more than a few initiatives dedicated to either exposing or ranking companies based on their sustainability and impact on people and animals, including the Clean Clothes Campaign, Good on You, and the Sustainable Brand Index. While most of these efforts focus on environmental issues, human rights abuses are garnering increased interest and creating a growing risk for corporations.

By performing a risk assessment, security professionals can assist other corporate departments to make an informed decision on how to treat the risks. And as always, prevention is better than a cure. Not only is prevention usually easier to manage, but it will most likely also be more cost-effective.

Security professionals need to monetize proposed solutions and programs, convert them into economic terms, and show a return on investment. But what is the price tag of human rights and how quantifiable are their negative infringements?


Human rights transgressions can negatively impact all corporate assets, including property, people, and information. Retaliation against abuses can take many forms—contaminated products, facilities attacked or vandalized, staff threatened or harmed, and much more.

But companies can also be targeted in the courtroom. Although legal remedies against non-state actors charged with human rights abuses are limited, companies can face criminal charges, and there are some precedents that lend themselves to be used as benchmarks for financial analyses.

In December 2019, a lawsuit was filed in the U.S. District Court for the District of Columbia on behalf of 16 children and their guardians from the Democratic Republic of the Congo (DRC). The defendants—Apple; Dell; Google’s parent company, Alphabet; and Tesla—are accused of aiding and abetting in the deaths and serious injuries of children working in cobalt mines, which were part of the companies’ supply chain for lithium-ion batteries. (Doe 1 et al v. APPLE INC. et al, U.S. District Court for the District of Columbia, No. 1:19-cv-03737-CJN, 2019)

“This case is one of the first of its kind in the United States,” says Terrence Collingsworth, attorney for the plaintiffs and executive director of International Rights Advocates. “It will set precedent, and there might be a whole lot more suits like this in the future.”

According to the complaint, the companies knew about the unsafe mining practices due to public reports published by Amnesty International and others. Nevertheless, they allegedly failed to act and instead chose to exploit the system. Although all the defendants mentioned that their respective policies listed child labor as unacceptable, the suit claimed that no due diligence was conducted even though the cobalt industry is known for human rights abuses.

“The case could be settled, or it could go into a jury trial,” Collingsworth adds. “A settlement would spare the defendants the discovery process and me and the world (from) seeing what is actually happening in their supply chain.”
The plaintiffs have sued the five defendants and others for monetary, consequential, punitive, and exemplary damages, as well as “any and all other damages allowed by law according to proof to be determined at time of trial in this matter,” according to the lawsuit.

“Any company takes a risk with a potential damage award of a U.S. jury,” Collingsworth says. “It is hard to predict what a jury would look at, as many factors are at play, but it could be anything from $1 million upwards per life lost and even more for those victims that have been maimed for life.”

In July 2020, 85 plaintiffs sought damages for assault and battery, rape, false imprisonment, and other serious mistreatment of employees at the hands of security guards employed by Kakuzi PLC, a major producer of avocados in Kenya. The lawsuit roped in Kakuzi’s parent company, UK-based Camellia PLC, which is accused of negligence.

According to the suit, Camellia had a duty of care obligation because of its responsibility for Kakuzi’s operations and its intervention, advisement, and supervision of relevant operations, including compliance with applicable corporate social responsibility standards. (AAA & Others v. Camellia PLC et al., High Court of Justice Queen’s Bench Division, No. QB-2019-002329, 2021)

In February 2021, Camellia agreed to a $6.4 million settlement, which includes payments to the claimants, a contribution to their legal fees, an independent human rights impact assessment, and investments in community projects.

To date, the company has spent more than $10 million on the settlement and related suits—including a $3.1 million settlement for claims against another subsidiary, Eastern Produce Malawi—and that figure is likely to rise.

Lydia de Leeuw from the Dutch Centre for Research on Multinational Corporations (SOMO), which was actively involved in the case, says the settlement is not the only impact on the company.

“Once the court case was filed and the human rights violations on Kakuzi’s plantation became frontpage news in the Sunday Times, three UK supermarkets ended their collaboration with Camellia and publicly announced they’d suspend their purchasing of Kakuzi avocados, citing the human rights situation,” de Leeuw says. “Not being able to sell these in the UK supermarkets will have a financial, as well as reputational, impact.

“Going forward, we will obviously monitor whether the company implements an effective grievance mechanism and human rights defenders’ policy, as promised,” de Leeuw says. “For this purpose, we also look at the supermarkets who should, rather than ‘cut and run,’ use their leverage to ensure that further human rights violations are prevented and past violations are remedied.”


However, precedent is still nebulous in many cases and jurisdictions. In June 2021, the U.S. Supreme Court threw out a lawsuit against food corporations Nestlé USA and Cargill. The plaintiffs—six African men—accused the food firms of child slavery on farms in Africa, where they were forced to work on cocoa farms when they were younger. The plaintiffs said they were trafficked from Mali to farms in Côte d’Ivoire, working up to 14 hours every day, held captive by armed guards, and paid little besides the meals they ate. The men alleged that while the companies did not own or run the farms, they did buy cocoa from those farms and provided the sites with resources in exchange for exclusive purchasing rights.

In an 8-1 ruling, the judges dismissed the case because the human rights violations took place outside of the United States. The judges did not decide on whether U.S. companies were subject to the Alien Tort Statute, which allows non-U.S. citizens to pursue cases against U.S. citizens responsible for violations of international laws.

Emphasizing the current ambiguity, Justice Clarence Thomas wrote in the majority opinion that the courts needed to abstain from establishing a precedent where plaintiffs could successfully sue the companies. “That job belongs to Congress, not the Federal Judiciary. …Aliens harmed by a violation of international law must rely on legislative and executive remedies, not judicial remedies, unless provided with an independent cause of action.” (Nestlé USA, Inc. v. Doe et al., U.S. Supreme Court, No. 19-416, 2021)

The Void Between Legal and Ethical

As part of its corporate citizenship, a company is not only responsible for meeting legal standards, but also ethical ones. However, bridging the gap between these two demands can be frustrated by efforts to satisfy customers versus investing in corporate social responsibility. Some customers want their products as cheap as possible, without consideration for the global consequences, while other consumers are increasingly aware of human rights issues.

Operating within economic and price pressures while being ethical is possibly one of the biggest conundrums for businesses to conquer in the 21st century. The fact that there are currently few laws or regulations stipulating that companies have to respect human rights only increases the dissonance.

However, companies operating in high-risk areas and industries recognized a while ago that profitability and human rights are not necessarily mutually exclusive. In fact, CSR can help companies operate more effectively.

The Voluntary Principles Initiative (VPI) is a multi-stakeholder initiative established by extractive industry companies, non-governmental organizations (NGOs), and the governments of The Netherlands, Norway, the United Kingdom, and the United States. Today, the initiative also includes observers and companies involved in harvesting, developing natural resources, and energy.

The VPI promotes implementing a set of standards that guides companies in conducting a comprehensive human rights risk assessment in their engagement with public and private security providers, which ensure human rights are respected. Together, members share information that strengthens their capacity to address complex security and human rights issues in business operations around the world.

The initiative provides companies with guidance and tools to understand the environment corporations operate in, identify security-related human rights risks, and take steps to address them. It helps companies anticipate likely situations in which human rights abuses occur and develop on-the-ground strategies to mitigate them.

As the signees of the principles predominantly operate in challenging operating environments, they adopt the framework to not only minimize the risk of litigation and reputational damage, but also to maintain their social license to operate, foster investor confidence, and reduce operational and security risks.


While the above initiative is a collaboration between NGOs, companies, and governments, other initiatives have been established by international organizations and recommend measures for businesses.

The Organisation for Economic Cooperation and Development (OECD) published its Due Diligence Guidance for Responsible Supply Chains of Minerals from Conflict-Affected and High-Risk Areas for the first time in 1976 and has since occasionally updated it. As minerals frequently come from conflict-affected areas where good ethical governance is not applied, the potential for human rights abuses to occur in these areas is relatively high. The framework provides recommendations for companies to respect human rights, as well as guidelines on using detailed due diligence as a basis for responsible security management.

In 2011, the UN published its Guiding Principles on Business and Human Rights, which laid the foundation for HRDD globally. The document outlines the duties of governments to protect human rights and corporations’ responsibilities to respect such rights, as well as access to remedy any violations. They were written to apply to any business, regardless of its size, sector, location, ownership, or structure. While they do not claim to create a legal obligation, in the absence of applicable laws, the principles have become a standard for most businesses that wish to implement a framework. Additionally, many legal frameworks that have since been implemented or are being drafted use the Guiding Principles as their foundation.

The Legal Future

In 2014, the UN Human Rights Council set up an open-ended intergovernmental working group (IGWG) on transnational corporations and other business enterprises with respect to human rights. While the working group started slow, it gained significant ground in the last two years, publishing its second revised draft in late 2020 for a legally binding instrument that is supposed to regulate the activities of business with regards to international human rights laws. (A third draft is expected to be tabled by July 2021.) Although it will eventually become a treaty and thus only binding for countries, its purpose is to assist governments in implementing the necessary prerequisites. It also puts an obligation on governments to include a system of legal liability for human rights abuses that may arise from business activities—both from natural and legal persons—in their domestic laws.

Some countries have already implemented applicable legislation and other jurisdictions are rapidly following suit, with legal requirements becoming increasingly specific.

The UK Modern Slavery Act 2015 makes provisions for slavery, forced human trafficking offenses, and protection of victims. It requires UK-based businesses with an annual global revenue of at least £36 million ($50 million) to publish an annual slavery and human trafficking statement disclosing what steps have been taken to ensure such incidents do not occur in their supply chain.

The 2017 French Loi de Vigilance mandates that large French companies publish and implement a plan to identify and prevent human rights risks linked to their activities.

The Australia Modern Slavery Act 2018 requires entities that are based or operating in Australia—with an annual consolidated revenue more than A$100 million ($73.4 million)—to report on the risks of modern slavery in their operations and supply chains, as well as how they addressed those risks.

In July 2019, the U.S. House of Representatives introduced an amendment to the Securities Exchange Act of 1934—the Corporate Human Rights Risk Assessment, Prevention, and Mitigation Act of 2019 (CHRRA Act). Although this bill failed to pass prior to the end of the House’s term, it may be reintroduced in the future, and other bills are being discussed in the U.S. Congress that could effectively prevent the importation of products made with forced labor and other extreme human rights violations.

In June 2021, the German parliament adopted the Lieferkettengesetz, which will require companies to regularly identify, mitigate, and prevent risks associated with their own activities and those of their subsidiaries, suppliers, and subcontractors. The law is scheduled to come into effect in 2023. It first requires larger companies to conduct the checks, extending its scope to smaller businesses in 2024.

Austria, Denmark, Finland, Luxembourg, and The Netherlands are working on legislation that would enforce HRDD enquiries for a company’s supply chain, and the European Commission has committed itself to tabling an EU-wide HRDD law in 2021.

The Road Ahead

The sheer volume of legislation being drafted or already implemented will mean that most companies will probably have to adhere to a human rights law within the next few years. Even if a business is based in a jurisdiction that does not require HRDD, it may be beneficial for it to start proactively identifying risks and establishing a relevant framework.

It is also clear that companies, especially those with an abundance of suppliers, cannot exercise complete oversight over the entire supply chain on a continuous basis. Therefore, HRDD lends itself to a risk-based approach, particularly when first implementing the framework and vetting companies that are part of the supply chain.

Companies can begin by assessing their supply chain based on jurisdictions or industries and assigning risk profiles to them—ultimately identifying which parts of the supply chain are highly vulnerable to human rights abuses and should be examined first. High-risk areas for human rights abuses are characterized by a country’s inability or unwillingness to fulfil its own human rights obligations, along with political instability or repression, institutional weakness, insecurity, collapse of civil infrastructure, and widespread violence.

Corruption thrives in similar environments and can pose a separate risk while impeding a company’s ability to access necessary information. Like anti-corruption programs, achieving compliance with HRDD frameworks will rely heavily on conducting due diligence inquiries within the supply chain. Therefore, security professionals can use existing programs with a slightly changed approach. While anti-corruption programs predominantly operate under a perpetrator-centric perspective, the focus of a human rights program would be primarily victim-centric. Modified accordingly, they can accommodate for the identification, analysis, and treatment of actual and perceived human rights abuses, as well as other adverse social responsibility impacts.

An HRDD framework will certainly depend on company size, type, legal structure, geographical area, and industry, as well as other laws and regulations it operates under. Nevertheless, most HRDD legislation will likely align with the UN Guiding Principles. In the absence of legal requirements, they can be used as a guideline to set up the framework.

Equally, ISO 26000:2010, Guidance on Social Responsibility, promotes responsible practices in organizations while considering a variety of social responsibility issues, including human rights. It has a similar approach to the OECD Guidelines in that ISO 26000 provides guidance rather than requirements and cannot be certified like other ISO standards.

By aligning its policies to any of the three above existing guidelines and adhering to it, a company will have already taken major steps and positioned itself well for the inevitable regulatory shifts.

Eva Nolle, CPP, CFE (Certified Fraud Examiner), specializes in commercial intelligence, including due diligence enquiries, background screenings, political risk analysis, and commercial and fraud investigations. During the last decade, she has assisted clients operating on the African continent to gain a better understanding of potential risks when operating on the continent and how to avoid, mitigate, transfer, accept, or exploit them. Nolle holds a bachelor’s degree in risk and security management.