The latest enterprise risk management news from around the world

UK businesses face a new compliance risk when the Modern Slavery Act comes fully into force at the end of March 2016. Dr Ian Livsey chief executive, Institute of Risk Management, discusses some of the supply chain risk management issues associated with the Act.

It has emerged recently that workers on Brazilian plantations producing coffee beans for Nestlé and Douwe Egberts were trafficked to work for little or no pay. A report from media and research centre DanWatch highlights serious issues in supply-chain risk management – a lack of knowledge about the sources of raw materials, the names of plantations, and the working conditions of employees.

Jacobs Douwe Egberts admits that it is possible that coffee from plantations with poor labour conditions ended up in their products, and coffee giant Nestlé acknowledges having purchased coffee from two plantations where authorities freed workers from conditions analogous to slavery in 2015.

Following the launch of the Modern Slavery Act 2015, all companies conducting business in the UK – with a turnover of more than £36m – are now legally-obliged to check and verify the robustness of their supply chains, no matter what country the supply chain covers. It is therefore imperative that British companies consider such supply chain risks as part of their wider business models.

There is always scope for inappropriate behaviour where people and processes are involved and the Institute of Risk Management’s stance is that these vulnerabilities should be recognised as part of a robust risk management identification process. To protect human rights as part of the overall risk management strategy, it is essential to take a broad view of the extended business including its supply chain partners.

Aidan McQuade, director of Anti-Slavery International, agrees. He said:

“Nestle's confirmation of forced labour being present in the production processes in some of its products indicates a growing tendency amongst businesses towards greater transparency in their supply chain.

“This transparency opens the possibility for greater collaboration between business, civil society and government to work together to confront the risks for businesses in relation to forced labour.

“It feels like a good moment for such collaboration, with the UK’s Modern Slavery Act 2015 putting an obligation on businesses to report on what they do to tackle slavery in their supply chains. The new legislation will help companies to work with organizations like ours to better understand the problem and help reduce similar reports in the future.”

So how are companies readying themselves for the legislation around supply chain risk and eliminating modern slavery and exploitation?

The act includes an innovative transparency and reporting clause (section 54 – Transparency in Supply Chains) requiring larger organizations to make an annual ‘slavery and human trafficking report’ setting out what they do to ‘ensure that slavery and human trafficking is not taking place in any of its supply chains, and in any part of its own business’.

The act will come fully into place at the end of March 2016; and, interestingly, some companies have voluntarily released their statements ahead of the deadline and they make for interesting reading.

A summary by Ergon Associates of some of the statements already published raises some key points:

Firstly, while there are some good examples of relatively detailed statements, which set out a company’s approach to due diligence in respect of modern slavery, the majority do not go much beyond setting out broad commitments to ensure that there is no modern slavery in the relevant company’s supply chains and descriptions of policies to support these commitments.

Secondly, most statements are brief – nearly all are under 1,000 words and half are under 500 words – though we may expect these to expand as reporting becomes mandatory and as due diligence activity and confidence to report increases.

Thirdly, a significant number refer to the fact that auditing of suppliers takes place, and also report on training for their staff. However, few statements describe the actual process of risk assessment they use related to modern slavery and fewer still mention outcomes, including identifying high-risk supply chains or geographies. Reporting on key performance indicators to monitor effectiveness is the least well covered issue in current statements.

So what conclusions can we draw from this?

Guidance published recently by a coalition of leading charities in this field, entitled ‘Beyond Compliance: Effective Reporting Under the Modern Slavery Act’, sets out best practice in addressing modern slavery in corporate activities. The guidance includes steps companies can take towards eradicating labour exploitation from their supply chains.

Caroline Robinson, director at Focus on Labour Exploitation said: “This guidance sets out some key risks of modern slavery occurring in business supply chains, including: business models that are highly flexible with low profit margins; operating contexts with poor government regulation and enforcement of labour standards; and dangerous and isolated working conditions.

“If businesses are truly going to eradicate exploitation from supply chains then it will require real leadership to tackle these risks head on,” she added.

We can say that future statements need to include specific detail about the risk management process, and how these factors will be implemented – including details around risk mitigation. They should be specific: including examples and details on how auditing and reporting policies and practices will be implemented, avoiding overall generalisations.

Is there a crisis management plan? Business interruption contingency plans? What checks are in place and how will flags be raised, equally what preventative measures will be employed in the first place?

If a huge fast moving consumer goods organization can miss links in the supply chain, then smaller companies can too. Supply chain management is a complex issue and organizations with many tiers in the chain can often be removed from the reality of working practices at grass roots levels. Particularly in global enterprises that include workers all across the globe.

Transparency is paramount, as is the buy-in from boards and directors. The process will be a learning curve but to ensure ethical practices, organizations will need to demonstrate a sustained approach to risk resilience; the legislation aims to embed this in working practices.

It may be a common misconception that only food and agricultural industries have the risk of exploitation in their supply chains but we have seen instances of retail (particularly clothing, where well-known companies have been shown to been using child labour at the root of the supply chain). Clearly, this is not good for brand perception and reputation – and somehow consumers are shocked but not altogether surprised. Interestingly, two of the most recent cases focussed on companies who preached good corporate social responsibility practices in their advertising.

We have all heard about examples in the domestic/cleaning industries where foreign workers have been exploited and made to live and work in unacceptable conditions – for example cases where au pairs and nannies have been kept in appalling conditions in what would be considered middle class suburban neighbourhoods – all examples of how slavery and mistreatment have not been abolished in society.

This legislation will take a while to kick in and embed in business practices – the reporting cycle will show a lag in results being reported, however raising these important issues at board level and for all those involved with enterprise risk has never been more important. Especially important as a director will have to be named within the statement provided and submission.

The 2016 model enterprise should be an ethical, transparent, resilient, financially sound business model that encourages every part of day-to-day practices to be fully risk assessed and compliant with the law.

Helpful resources:

IRM has produced some guidance around the Extended Enterprise, which can be downloaded here:

The Home Office guidance includes more detail and examples to include in your risk assessment:

Want news and features emailed to you?

Signup to our free newsletters and never miss a story.

A website you can trust

The entire Continuity Central website is scanned daily by Sucuri to ensure that no malware exists within the site. This means that you can browse with complete confidence.

Business continuity?

Business continuity can be defined as 'the processes, procedures, decisions and activities to ensure that an organization can continue to function through an operational interruption'. Read more about the basics of business continuity here.

Get the latest news and information sent to you by email

Continuity Central provides a number of free newsletters which are distributed by email. To subscribe click here.