Archives: Resources

Incentive and benefit structures, a key component of the sales promotion strategy of many companies, are designed to reward salespeople for revenue generated for the business. However, such structures can lead to negative outcomes for people where targets are excessively high, practices are subject to inadequate oversight, promotion activities towards third parties lead to over – or inaccurate prescription or recommendations, and, in some cases, where incentives are profit-based.

• Excessive sales targets and inadequate oversight can lead to predatory sales behavior. In the retail banking industry, this has included:
  • Unauthorized transactions on client accounts;
  • Sale of insurance products to clients who do not meet eligibility requirements (and therefore cannot take advantage of them);
  • Targeting the elderly or people conversing in their second language;
  • Sale of loans to people who cannot meet repayment obligations. (Privacy and Information rights; Economic security rights; Right to an adequate standard of living; Right to housing).
• Heightened risks arise where salespeople are required to use discretion in evaluating customer fitness for access to a product and/or have the ability to access/ modify private customer information without adequate oversight.
• Influencing third parties leading to excessive or inappropriate prescription or recommendation of products: Where incentive structures influence a professional’s exercise of discretion, people may be given advice or products that are not appropriate for their personal circumstances, affecting their health and/or finances:
  • Provision of baby formula to mothers in poverty by hospitals/ doctors receiving samples from companies, with subsequent impact on child health as mothers abandoned breastfeeding but could not afford an adequate amount of formula (see OHCHR) (Right to life; Right to health);
  • Sale of “sub-prime” loans by mortgage brokers receiving commissions from lenders, at interest rates above market and/or to borrowers who could not afford repayments (see CESR) (Right to an adequate standard of living, including Right to Housing); and
  • Over-prescription of potentially addictive painkillers facilitating or leading to addiction (Right to life; right to health).
• In the context of essential medicines, sales incentives that reward based on profits on products (rather than revenue) can drive up the price of essential medicines, reducing access to medicines for vulnerable persons (Right to life; Right to health).

• Reputational, Financial and Business Opportunity Risks: Scrutiny from governments, investors and civil society is becoming increasingly sophisticated and granular, including to the level of the existence and effect of sales targets. One example is the well-known Access to Medicine Index for the pharmaceutical industry, which includes Market Influence within its measurement areas, including “sales-based performance incentives and bonuses for sales agents.” Consequently, companies are unable to claim ignorance of expectations and best practices; to do so risks loss of investment, reputational risks and loss of access to business partners applying such standards in their criteria for engagement.
• Regulatory Risks: The impacts flowing from excessive sales targets and inadequate oversight can affect the reputation of an entire industry and potentially lead to increased regulation. The Banking Royal Commission in Australia was established in 2017 to inquire into and report on misconduct in the banking, superannuation and financial services industry, including fraudulent lending to elderly customers and the widespread provision of inappropriate and predatory financial planning advice. It was reported in 2020 that “about 40 pieces of … legislation sit on [the government’s] parliamentary agenda.”
• Reputational, Financial, Business Continuity, Regulatory and Legal Risks: As the impacts associated with this red flag tend to accumulate over time and exacerbate exiting social vulnerabilities, when impacts reach public consciousness, they tend to do so explosively, in the form of scandals, exposés and the partial collapse of industries. Companies face resulting litigation, increased scrutiny and regulation and reputational damage. For example, in the context of aggressive sales tactics and over-prescription in the opioid crisis, drug companies faced lawsuits, saw their reputation damaged and stock lose value. Reportedly 70% of Americans support “making drug companies pay the cost of addiction treatment services and cover the cost of naloxone, used to revive people who’ve overdosed.”

*For an explanation of how companies can be involved in human rights impacts, and their related responsibilities, see here.

Addressing risks to people associated with this red flag indicator can contribute to, inter alia:

Promotional practices influencing third parties

• Do we have a policy in our marketing practices with regard to potential human rights impacts, and do we include our marketing practices as part of our human rights due diligence?
• What evidence do we have as to whether our salespeople are acting in practice in line with our marketing policies and prescribed processes?
• What are the different contexts in which our products/services will be sold/recommended to individuals? How might poverty, a lack of information or other vulnerabilities affect potential impacts from our products? What strategies do we have in place to ensure that our products are not sold/recommended in circumstances where the products might lead to harm to our customers?
• Do we provide adequate training to our sales professionals to enable them to make decisions guided by our human rights responsibilities?
• How might our salespeople, or the professionals they influence, be incentivized to act otherwise than in accordance with our policies?
• Do we have sufficient oversight over our salespeoples’ activities? How do we internally/ externally audit our practices?
• What grievance mechanisms do we have, who can access them and how do we act on results?

Sales targets and predatory sales behavior

• Who are our most vulnerable potential customers? How can our products/ services potentially be connected to negative impacts on people?
• Do our salespeople exercise discretion in evaluating the appropriateness of a product for customer? How is this guided or constrained?
• How can we track any increases in sales to potentially vulnerable people?
• In practice, how do our salespeople experience the relative pressures to both deliver on sales targets and protect vulnerable people from potential impacts associated with our products/services? Do they find the two to be in tension and do they know how to address those tensions in practice?
• Do our salespeople have the ability to access/modify private customer information? What protections/ oversight is in place?

Profit-based incentives and access to medicine

• How do we incentivize our sales teams across geographies in which we operate? Do our incentive structures reward for profits on products (as opposed to revenue)?
• Could our incentives structures be playing a role in high/ rising drug prices?
• If so, do we whether higher prices could exacerbate existing vulnerabilities among potential consumers and limit access to essential medicines?
• Can we find a way to decouple sales agents’ incentives from sales targets?

Sales incentives and over-prescription in pharmaceuticals

• Do we offer sales bonuses based on sales volume in the context of drugs prone to over-prescription?
• Could we avoid deploying sales agents for such medicines, or decouple sales bonuses from volumes?

*Mitigation examples are current or historical examples for reference, but do not offer insight into their relative maturity or effectiveness.

Avoiding sales agents altogether: Johnson & Johnson, Otsuka and Teva do not deploy sales agents for at least some antibacterial and antifungal medicines.

• Sales Incentives and Over Prescription: The Access to Medicine Foundation’s Antimicrobial resistance benchmark “evaluates how 30 pharmaceutical companies are responding to the global threat of antimicrobial resistance” including their sales promotion practices.
• Profit-based Incentives and Access to Medicine: Information on pharmaceutical companies’ performance on “Market Influence,” including sales incentives, can be found in the Access to Medicine Index.
• Financial Services Misconduct: e.g., Submission of Dr. Kym Sheehan and Prof. David Kinley of Sydney Law School to the Australian Royal Commission into Misconduct in the Banking and Financial Services Sector.
• Misleading marketing practices of infant formula in developing countries: OHCHR (2015) Breastfeeding a matter of human rights, say UN experts, urging action on formula milk.

Citation of research papers and other resources does not constitute an endorsement by Shift of their conclusions.

• Some business models support commercial viability by externalizing the risks associated with changing levels of consumer demand on suppliers, rather than absorbing it in the business model.
• Companies may do this by way of:
  • Making last minute demands, changes or cancellation of orders;
  • Using contracts by which the supplier assumes the cost and risk of the product until delivered;
  • Avoiding warehousing goods by utilizing a “just in time” inventory/sourcing model.
• As a result:
  • When demand spikes, and the purchasing company places large volume orders with short lead times, suppliers may see no alternative but to demand excessive overtime. (Right to just and favorable conditions of work; Right to a family life; Right to Health).
    • A joint ETI/ILO survey on purchasing practices in 2017, to which responses were received from over 1,400 suppliers in 87 countries, found that only 17% of suppliers surveyed considered their orders to have enough lead time.
  • When demand drops, the purchasing company may cancel orders on short notice and/or refuse to take responsibility for goods that have already been produced. IndustriALL has noted that such cancellations leave factories holding the goods, unable to sell them to the customer that ordered them, and in many cases unable to pay the wages of the workers who made them.
• Purchasing practices such as this may, without appropriate mitigation measures, place heavy pressure on suppliers working on narrow margins. Risk and its associated costs are pushed up the supply chain and absorbed by the most vulnerable people – such as factory workers, including migrant workers, women workers, producers and small-holder farmers – affecting their livelihoods and those of their families. Suppliers under excessive pressure may not pay wages or overtime, or not provide safe working conditions; they may pregnancy test workers pursuant to a view that pregnant workers are not financially viable. Risks are exacerbated when the purchasing company(ies) provide little or no commitment to long-term sourcing, disincentivizing investment in improving working conditions (Right to just and favorable conditions of work; Right to Health).

• Operational Risks:
  • Purchasing practices that situate inventory risk with suppliers can leave suppliers with cash flow challenges and unpredictability that disincentivizes them from investing in compliance with codes of conduct. Such practices can also cause suppliers to outsource (including illegally) to subcontractors, increasing the complexity of the supply chain and reducing visibility and control on the part of the buying company.
  • Where the company does not keep an inventory of its products and relies on a small number of suppliers, it can be vulnerable to inventory shortages: in 2019, German-based Adidas’s sales growth declined due to “supply chain shortages” when “the company’s suppliers—nearly all of whom are based outside Germany—did not keep up with customer demand.”
  • The Covid-19 situation in 2020 further demonstrated the risks to the company of relying on, inter alia, just in time models and the detrimental impact of this practice on supply chain resilience.
• Reputational and Financial Risks:
  • Companies with purchasing practices that lag behind leading practices may receive poor results in the Better Buying review, a growing online platform that allows suppliers to anonymously rank the buying practices of brands and retailers.
  • During the 2020 Covid-19 pandemic, companies leaving overseas suppliers with excess inventory received negative publicity, including through Workers’ Rights Consortium’s “Brand Tracker” which listed apparel labels and retailers that were and were not paying their suppliers for orders in production or completed. From an investment perspective, research on the link between public sentiment on corporate responses to the pandemic and financial flows found that companies with labor and supply chain practices that were seen as taking action to secure their supply chain experienced higher institutional money flows and less negative returns.

*For an explanation of how companies can be involved in human rights impacts, and their related responsibilities, see here.

Addressing risks to people associated with this red flag indicator can contribute to, inter alia:

• Do we have sufficient budget allocated to warehousing products? If not, how are we ensuring that factories can produce in advance and keep overtime within acceptable limits?
• Do buyers have sufficient knowledge, incentives and support to assess how and when their decisions will place human rights at risk, and to know from whom to seek assistance when they do?
• How do we know whether our buyers follow our processes, rules or guidelines in practice when engaging or contracting with suppliers?
• Do we engage with our suppliers in ways that help us understand how far they can go to meet our demands while still respecting the rights of their workers? Do we work with suppliers in countries of production to increase worker protections?
• Do we take a short term, transactional approach to supply chains or do we develop supply chain partnerships? For example, do we see high turnover among suppliers?

*Mitigation examples are current or historical examples for reference, but do not offer insight into their relative maturity or effectiveness.

Spanish fashion company Alohas’ “business model revolve[s] around an on-demand production process.” The company previews upcoming designs to customers early in the season and makes them available at a discount rate. Once it calculates how many units of each new style should be produced it commences manufacturing. Alohas notes that “on-demand reverts the sales cycle by applying a discount for early purchases and offering the product at full price only once stock has been made available. Meaning we don’t adhere to the traditional sales calendar anymore.”

• ACT (Action, Collaboration, Transformation), including the ACT Global Purchasing Practices Commitments.
• ILO (2017) Purchasing practices and working conditions in global supply chains: Global Survey results: provides the results of an ILO/ETI global survey on purchasing practices and working conditions, to which over 1,400 suppliers from 87 countries responded, with the sample covering nearly 1.5 million workers.
• ETI (2017) Guide to Buying Responsibly: The guide includes best practice examples and outlines the five key business practices that influence wages and working conditions.
• Better Buying has created a tool for suppliers to anonymously rate their buyers against 7 purchasing practices, developed through consultation with suppliers. Buttle (2018) Can there be fair rules for the ‘purchasing practices’ game?: a ETI blog post from ETI’s Apparel and Textiles Lead summarizes standards for company purchasing practices and offers recommendations for improvements in practice.

• Workers’ Rights Consortium’s “Brand Tracker” lists apparel labels and retailers that were and were not paying their suppliers for orders in production or completed during the 2020 Covid-19 pandemic.
• A. Triponel and C Bader (2020) Coronavirus is shining the spotlight on unhealthy supply chains: cleaning them up will help both business resilience and worker wellbeing.
• A. Triponel and J. F. Sherman (2020) Moral bankruptcy during times of crisis: H&M just thought twice before triggering force majeure clauses with suppliers, and here’s why you should too.

Citation of research papers and other resources does not constitute an endorsement by Shift of their conclusions.

There are a range of reasons why companies in diverse sectors are collecting and holding data. For example, private hospitals and pharmaceutical companies may do so to improve diagnoses, improve treatment plans and develop medicines; banks may use personal and transaction data to identify fraud; and autonomous vehicle companies may seek to monetize data about customer driving habits to enable individuals to improve insurance premiums. Even so, in order to fully realize these benefits for businesses and people, the following risks must be managed.

• Right to Privacy: Where a company collects, holds or provides third parties with access to data about customers or users, there are inherent and widespread privacy risks. Examples include:
  • Where information about an individual is collected, sold or shared without their consent. This includes when data are used for purposes beyond those originally consented to by a “data subject.”
  • Where data breaches result in individuals’ personal financial or health data being publicly accessible.
  • Breaches of sensitive personal information, such as racial or ethnic origin, political opinions, religious or other beliefs, trade union membership, sex, gender identity or sexual orientation, genetic data, biometric data, or data concerning health.
• Freedom from Arbitrary Attacks on Reputation and Right to an Adequate Standard of Living: Where the personal data becomes accessible to the public, this data can be used to threaten individuals or tarnish their reputations, which can in turn impact victims’ mental health, job prospects and livelihoods.

• Regulatory Risks and Fines: Failure to protect user or customer privacy can lead to investigations, scrutiny and sanction, and many jurisdictions around the world are debating and enacting stricter laws to govern privacy, affecting multinational companies domiciled all over the world. The most notable of these are the EU’s General Data Protection Regulation which governs how personal data must be collected, processes and erased, and sets two-levels of fines.
  • In 2020, British Airways was fined €22 million when their website diverted users’ traffic to a hacker website, impacting the data of over 400,000 customers.
  • In 2019 Marriot International was fined €110 million related to a cyber-attack through which personal data from over 339 million guest records were exposed.
  • In 2019, Google was fined €50 million due to a lack of meaningful consent about how data was being collected and used for the purposes of targeted advertising.
  • In the United States, individual states have also put in place privacy regulations that apply to all industries. One such example is California’s Consumer Privacy Act.
• Legal Risk and Financial Settlements or Penalties: An increasing number of companies have been subject to lawsuits over inadequate action to address risks to people throughout the data lifecycle. Examples include:
  • Facebook paying $550 million to settle a class action lawsuit from Illinois Facebook users accusing the company of violating an Illinois biometric privacy law.
  • An £18 billion class action claim against Easy Jet in which the data of 9 million customers was accessed by third parties in a cyber-attack.
  • Equifax, the US consumer credit score company, paying $425 million following a data breach affecting 147 million people in 2017, some of whom suffered identify theft, fraud and related legal or other costs.

*For an explanation of how companies can be involved in human rights impacts, and their related responsibilities, see here.

Data about individuals can be used to advance a number of SDGs such as those listed below. Addressing impacts to people associated with this red flag can contribute to ensuring that this is done in ways that do not simultaneously increase discrimination, or erode the privacy, reputation and well-being of vulnerable communities.

• Do we have policies, processes and practices that follow the principle of data minimization such that we only collect or purchase data to the degree that is absolutely necessary to accomplish specific tasks we have in mind?
• Have we conducted an assessment, and where necessary put in place mitigation plans, for privacy and other risks to people that may arise across the data life cycle including generation, collection, processing, storage, management, analysis and interpretation?
  • Have we done this for all stakeholder groups that may be at risk including employees, contract workers, prospective employees, customers and users?
  • Are we engaging expert groups and potentially affected groups to ensure we understand the risks they perceive or experience?
  • Do we assess whether and how our terms of service or policies for gathering and sharing customer data might increase human rights risks?
• Do we ensure that customers or users consent to how we gather and use their data, and that their consent is free and informed, including that they:
  • Know that we gather and are in control of data about them.
  • Are informed about how the data will be obtained and held, and for how long.
  • Understand the operations that will be carried out on their data.

*Mitigation examples are current or historical examples for reference, but do not offer insight into their relative maturity or effectiveness.

• Consumer Products and Services: A number of companies have launched privacy-oriented alternatives such as:
  • Messaging App Signal: One of the only apps that has its privacy-preserving technology always enabled and ensures that there is never a risk of sharing moments or sending messages to a non-intended recipient. For more on messaging apps see this article.
  • Search Engine Swisscows: Swisscows does not collect any of their visitors’ personal information such as an IP address, browser information, or device information. They do not record or analyze search terms. The only data that Swisscows records is the total number of search requests it receives each day.
• Enterprise Solutions: A 2020 World Economic Briefing, A New Paradigm for the Business of Data, profiles a small number of Enterprise and consumer solutions that place privacy, user consent and data security at the core. These include:
  • Hewlett Packard Enterprise (HPE) and Continental: HPE and Continental have created the Data Exchange Platform as a marketplace for mobility data. “It provides a secure, transparent, decentralized architecture for trusted vehicle sensor data sharing and payment, based on blockchain technology and smart contracts. It offers data sovereignty and includes a consent- management system for drivers.”
  • Inrupt: “Instead of a company storing siloed snippets of personal data on their servers, users store it in interoperable online data stores giving them unprecedented choices over how their data is shared and used. They can, for example, share their fitness data with their health insurance company, or allow sharing between their thermostat and air conditioner. They can set time limits on sharing and change their choices at any time.”

• Ranking Digital Rights Investor Outlook (2021) Geopolitical risks are rising—and regulation is coming.
• Institute for Human Rights and Business, Data Brokers and Human Rights.
• Global Network Initiative resources:
  • Implementation Guidelines.
  • 2018/19 Report on Independent Assessments of GNI Members.
• Harvard Data Science Review, Jeanette Wing, The Data Life Cycle.
• Human Rights and Big Data Project, Developing an Online consent manifesto based on human rights.
• Information is Beautiful, Map of Data Breaches/Hacks: An interactive tool showing the world’s largest data breaches and hacks since 2009 up until the present. The map includes examples from 15 industry sectors and multiple well-known corporations including.
• Data Guise, Data Minimization in the GDPR: A Primer.
• UN Secretary-General’s Roadmap for Digital Cooperation.

Citation of research papers and other resources does not constitute an endorsement by Shift of their conclusions.

The way in which companies decide to structure their business relationships can have an effect on their ability to meet their human rights responsibilities. In particular, companies may routinely structure relationships in ways that limit their leverage over business partners.

Below are examples of ways in which companies structure relationships that may lead to a reduction in their ability to identify, prevent, mitigate and account for human rights impacts, or may reduce their perception of their responsibility to do so.

• In a syndicated loan, this may arise where the bank:
  • relies on human rights due diligence conducted or commissioned by another participating bank in the syndicate;
  • has little (direct) interaction with the E&S coordinating bank and/or the other participating banks on human rights impacts;
  • has little interaction with stakeholders potentially affected by the project or those representing their interests
  • has no influence over the creation or effective management of grievance mechanisms for affected stakeholders.
• In a JV partnership, this may arise where one party takes sole or primary responsibility for communication and dispute resolution with third parties, or where a company situates control over decisions on land and employment with the partner. This can be particularly problematic where the partner with this responsibility is an enterprise wholly or partially owned by a government that has a history of causing or ignoring impacts on vulnerable groups in the country, and the company has little practical leverage available to it.
• In a franchising relationship, this may arise where contracts retain franchisor control over businesses’ methods, procedures and standards, but not set out requirements on – nor accept responsibility for – rights-related issues such as employment practices, land acquisition, and environmental issues.

• Operational, Financial and Reputational Risks: A company’s understanding and implementation of its own responsibility in relation to impacts can be undermined when it structures a relationship in ways that limit its own scope for action and its accountability.
  • For example, risks can arise where there are mistaken assumptions that due diligence conducted or commissioned by the E&S coordinating bank in a syndicated loan for project finance is sufficiently thorough. High profile examples of community conflict halting projects have highlighted that each financier is expected to know (and to show) that the HRDD conducted meets expectations: according to Banktrack, banks participating in the financing of the Dakota Access Pipeline “found themselves on the receiving end of the #DefundDAPL divestment campaign after the project violated Indigenous People’s rights – estimated to have cost them between US$8 and $20 billion in deposit withdrawals.”
• Legal Risks: The have been several lawsuits seeking to hold US company McDonald’s responsible for the treatment of franchise workers. In the United States the responsibility of franchisors to assume responsibility for employment conditions is a contested area. The company has stated that “franchisees are independent businesses that want to make their own decisions about hiring, pay and other matters.” Worker advocacy groups have “argued that many companies use contracting and franchising as ashield from responsibility for workers who make their business possible.” In 2020, a complaint was brought to the Dutch National Contact Point against McDonald’s on the basis that the company had not met OECD guidelines which “require due diligence by institutional shareholders in companies to ensure responsible business conduct.” The complainants alleged that due to “systemic sexual harassment” at franchised restaurants, the company had “neglected to act to create a safe workplace” for franchise employees.

• Business Opportunity Risks: Where advisors do not advise clients appropriately on the human rights risks associated with corporate decisions or activity, they risk losing repeat business when that advice proves inadequate in practice. The International Bar Association notes that:
  • “There is growing recognition that a strong business case exists for respecting human rights and that the management of risks, including legal risks, increasingly means that lawyers, and particularly business lawyers, need to take human rights into account in their advice and services. The UNGPs are relevant to many areas of business legal practice, including but not limited to corporate governance, reporting and disclosure, litigation and dispute resolution, contracts and agreements, land acquisition, development and use, resource exploration and extraction, labour and employment, tax, intellectual property, lobbying, bilateral treaty negotiation, and arbitration.”

*For an explanation of how companies can be involved in human rights impacts, and their related responsibilities, see here.

Where a company retains and uses leverage with business partners to strengthen respect for human rights, it can contribute to various SDGs. It may also build the capacity of its partners to contribute to the SDGs, by helping them understand and implement their own responsibilities, thereby contributing to:

SDG 17: Partnerships for the Goals, in particular: Target 17.6 Enhance the global partnership for sustainable development, complemented by multi-stakeholder partnerships that mobilize and share knowledge, expertise, technology and financial resources, to support the achievement of the sustainable development goals in all countries, in particular developing countries. Target 17.17 Encourage and promote effective public, public-private and civil society partnerships, building on the experience and resourcing strategies of partnerships.

• Do we clearly communicate our human rights expectations to our partners?
• For joint ventures with significant human rights risks, do we ensure that legal and other agreements underpinning the ventures provide the necessary basis to ensure that human rights are respected in their operations? (See OHCHR and Business Dilemmas Forum)? For example:
  • How do our agreements with partners allocate roles with relevance to the human rights of stakeholders, such as decisions on land,employment or dispute resolution with third parties?
  • How do we ensure our partners carry out these roles in ways that respect human rights?
  • Do we have pre-agreement on how human rights incidents and disputes will be dealt with, once they arise?
  • Do we have the right to conduct audits of overall human rights compliance?
  • Do we have the right to terminate the agreement in the event that human rights non-compliances are identified during such audits and are not rectified within a reasonable amount of time?
• How thorough are our due diligence procedures and do they include human rights risks? Do we tend to defer to or rely on processes of another partner without our own investigations? Are we prohibited from making contact with stakeholders by our agreements with business partners? How do we identify gaps between others’ processes and international human rights standards? How do we address these gaps? Do we look for early opportunities (e.g. at point of market entry) to create leverage? Do we include a leverage mapping into our due diligence procedure?
• Does the structure or duration of the relationship significantly limit our leverage?
• Do we have or participate in an effective grievance mechanism through which affected persons can raise human rights issues related to our partners’ activities?
• Do our agreements with partners contain confidentiality or consent requirements that constrain our ability to disclose information about our operations in higher risk areas? If so how do we ensure that stakeholders have access to information relevant to understanding how they may be affected and to claiming their rights?

*Mitigation examples are current or historical examples for reference, but do not offer insight into their relative maturity or effectiveness.

There may be opportunities for increasing leverage to address actual and potential human rights impacts in a joint venture context through a coordinated approach. For example, in 2016 BHP created the Non-Operated Joint Ventures (NOJV) Asset within Minerals Americas in order to establish effective engagement with its joint venture partners and companies in line with BHP’s Charter. The Asset creates a single point of accountability with responsibility for all non-operated joint ventures in Minerals Americas and its purpose includes having transparency over JV companies’ risks and opportunities, in an active feedback process, whilst maintaining the JV company’s management independence.

General:

• Shift (2015) Human Rights Due Diligence in High Risk Circumstances: Practical Strategies for Businesses: highlights strategies and practices that certain businesses have found most effective when conducting human rights due diligence in high risk circumstances. It includes “higher risk business relationships” such as those with business partners.
• Shift (2013) Using Leverage in Business Relationships to Reduce Human Rights Risks addresses various business relationships, including joint ventures.

Joint Ventures:

• IHRB (2012) Chapter 5: Respect for Human Rights in Joint Ventures Relationships of State of Play – Human Rights in Business Relationships: assists, inter alia, with identification and mitigation of human risks arising in connection with JV partners.

Finance:

Project Finance:

• Shift (2018) Enhancing the Alignment of the Equator Principles with the UN Guiding Principles on Business and Human Rights: A Public Summary of Shift’s Advice to the Equator Principles Association.
• Equator Principles (2020) Equator Principles EP4.
• Equator Principles (2020) Guidance note on Implementation of human rights assessments under the Equator Principles.

• Risks to people are heightened by the nexus between products that are vulnerable to misuse and sales to entities likely to misuse them.
• Interviews with business and civil society representatives conducted by the UN Global Compact “underscored that one of the biggest challenges in conceptualizing product misuse as a human rights issue is the vast array of ways, including non-obvious ways, a product or service can be misused and inflict human rights harm.”
• Several examples are listed above and include severe impacts, such as:
  • sale of pharmaceuticals misused for the administration of the death penalty (right to life; right to freedom from torture, cruel, inhuman or degrading treatment);
  • sale of tracking or facial recognition technologies that may be misused to surveil civil society or arbitrarily imprison, e.g. ethnic or political groups. (Freedom from arbitrary arrest, detention or exile and/or freedom from torture and inhuman or degrading treatment).

• Reputational Risks: Links between well-known companies and the impacts of product misuse are more easily spread through the 24/7 news cycle and the sharing of incidents and photographs facilitated by mainstream and social media. During the Arab Spring, the role of Western Technology firms in “helping Arab dictators” was highlighted in US media. Popular opinion increasingly places some degree of responsibility on the companies concerned, and not just on those misusing the product or service, or on regulators.
• Financial Risks: These may include investor divestment or customer boycotts where companies are seen to be failing to address product misuse. In 2012, construction machinery company Caterpillar was removed from three MSCI indexes for factors including “an ongoing controversy associated with use of the company’s equipment in the occupied Palestinian territories.”
• Legal, Financial and Operational: Risks also arise, for example, where end users include repressive regimes. Blacklisting of Chinese technology companies by the US Government on the grounds of rights violations against Muslim minority groups in Xinjiang, China, disallows US companies from selling technology to these companies without a US government license. In 2019, Sony and Sharp faced scrutiny for the alleged supply of parts to a Chinese video surveillance company blacklisted by the United States over human rights violations of ethnic Uyghur people in the Xinjiang Autonomous Region of China. The blacklisted company had “previously stated on its website that it could identify members of the Uighur ethnic minority group.”

*For an explanation of how companies can be involved in human rights impacts, and their related responsibilities, see here.

Addressing impacts to people associated with this red flag indicator can contribute to a range of SDGs depending on the industry and impact concerned, for example:

• How do we assess the potential risk of product misuse? How do we understand and address the ways in which “specific variables in design, components or materials used, and markets and customers targeted” may lead to product misuse resulting in human rights impacts?
• How do we know which of our end users/customers are high risk from a product misuse perspective? How do we stay abreast of developments that affect the level of risk? What systems do we have in place to identify and address such risks, prior to sale? Has the company considered how it might work with others – regulators, industry peers, customers, civil society organizations etc. – to seek ways to minimize the potential misuse of its products?
• Do we build safeguards against product misuse into our agreements with business customers, end-users and intermediaries involved in the sale of our products/services? Have we considered how we could use contract clauses or service provisions to monitor usage?
• How do we track and report internally or externally on our efforts to ensure responsible use of our products and/or services?

* Mitigation examples are current or historical examples for reference, but do not offer insight into their relative maturity or effectiveness.

• UN Global Compact Good Practice Note, prepared by Meaghan Malloy (2017) Addressing Adverse Human Rights Impacts Connected to Product Misuse.
• Human Rights and Business Dilemmas Forum, Product Misuse dilemma sets out common product misuse scenarios, case examples, risks to business and suggestions for responsible business.
• Bureau of Democracy, Human Rights, and Labor, U.S. Department of State Guidance on Implementing the “UN Guiding Principles” for Transactions Linked to Foreign Government End-Users for Products or Services with Surveillance Capabilities.

Citation of research papers and other resources does not constitute an endorsement by Shift of their conclusions.

• Several examples of the impact of overuse on people are listed below. The first three have the potential to impact the right to the highest attainable standard of health and further, where overuse intersects with certain vulnerable groups (children’s rights, or rights of minorities).
• High-salt, High-sugar, High-fat Foods: High levels of consumption are associated with increased health risks, including obesity and other noncommunicable diseases, diet-related diseases in minority communities and rising costs of healthcare where those costs are passed on through higher premiums. Corporate activities that bring about an intersection of vulnerability and potential harm include:
  • Marketing to children, including online (esp. via social media) and SMS campaigning to school children at lunch time
  • Disproportionate targeting of minorities of low average income, including through selective advertising in specific language media and/or billboards in minority communities. The University of Connecticut Rudd Centre for Food Policy and Obesity has conducted a brand by brand analysis of targeting of black and Hispanic youth by major food and beverage companies in the United States and found that, “food-related marketing continues to disproportionately target youth of color with harmful products and contributes to health disparities affecting their communities.” They found that this was the case even where companies offer diverse portfolios of healthy and unhealthy brands in multiple categories.

• Social Media and Young People: In the UK, a parliamentary committee released a report on the Impact of Social Media on Young People’s Mental Health and Wellbeing. After noting the range of positive effects of social media, it also highlighted “very damaging” effects, including, “feelings of low self-esteem and negative body-image, resulting in harmful behaviours to achieve, ‘results’… the publicising of self-harm methods…[and] cyberbullying” and called for further research into the potentially “‘addictive’ nature of social media.”
• Alcohol: Overconsumption of alcohol can lead to well- documented health impacts in the short and long term. Moreover the US CDC notes that binge drinking is linked to, for example, “motor vehicle crashes” as well as “violence, including homicide, suicide, sexual assault, and intimate partner violence.” Any consumption by children is not recommended due to health impacts. The exposure of children to alcoholic beverage industry marketing is one key challenge.
• High-interest Pay-day Loans: When loan repayments balloon in size and they have difficulty keeping up, recipients may be forced to choose between loans and basic needs, affecting their right to an adequate standard of living (see Human Rights Watch article). There can be a disproportionate effect on minority communities when lenders cluster in those areas, or target minorities through online platforms. Corporate activities that bring about an intersection of vulnerability and potential harm include:
  • Targeting potentially vulnerable individuals who are unlikely to meet repayment obligations.
  • Offering fin-tech services charging fees for access to advances, which, if regarded as interest, would equate to annualized interest payments many times higher than legal limits (See Nikkei Asian Review article).

• Reputational Risk: Where companies target vulnerable groups in the marketing of products that are harmful when overused, reputational risk may arise. The University of Connecticut report cited above warned that while companies may “view advertising of nutritionally poor brands to multicultural consumers as a business opportunity,” the public may rightly focus on the resulting costs to these communities. Researchers and consumer groups have expressly compared such practices with companies’ public commitments to health, and apparent contradictions are noted and publicized. Moreover, increasingly sophisticated consumers and watch-dog NGOs:
  • Identify and publicly call-out companies seeking to focus blame for overconsumption on individuals, without acknowledging the impact of marketing practices.
  • Scrutinize non-profit or research bodies set up by industry members for evidence of intent to avoid responsibility for impacts associated with their products.
• Legal and Regulatory Risk: As consumers and international bodies increasingly scrutinize companies selling products or services linked to impacts from overuse, lack of meaningful industry action increases the likelihood of further regulation in this area. For example, six [US] localities had enacted a “soda tax” in 2019, levying a per volume excise tax on drinks sweetened with sugar, and one government levied a per volume tax on all sweetened drinks. As scrutiny leads to consumers seeking to hold companies responsible for impacts, legal risks arise: one US-based pay-day loan company, for example, ceased operations to deal with legal challenges.
• Financial Risks: Understanding of health impacts associated with overconsumption of products has been associated with decreased sales among certain demographics. However, at the same time, the link between overconsumption and profit remains in several industries. For example, a 2018 UK study concluded that the alcohol industry appears to be highly financially dependent upon heavy drinking, and might face significant financial losses were consumers to drink within guideline levels.
• Business Opportunity Risk: Business partners may choose to disengage from companies with business models that are seen as carrying too high a risk from a human perspective. In August 2019, Google banned high-interest lenders from its Google Play app store.

*For an explanation of how companies can be involved in human rights impacts, and their related responsibilities, see here.

Addressing impacts to people associated with this red flag indicator can contribute to a range of SDGs depending on the impact concerned, for example:

• What systems do we have in place to identify and address the potential risk of product overuse?
• How do we know which of our end users/customers are highest risk from a product overuse perspective? How does our marketing strategy intersect with these vulnerabilities?

On Food Marketing:

• How does the nutritional quality of the products we advertise correlate with the age/ethnicity breakdown of our target consumers?
  • What percentage of our advertising expenditure is to media viewed predominantly by children? By minority communities?
  • Do we disproportionally target food of poor nutritional quality to particular groups?
• Do we take a compliance approach to national labelling laws, or do we always conform to the highest international standards, including relevant human rights? Have we investigated whether there are gaps between voluntary industry self-regulatory programs and international standards?

On Pay-day Loans:

• Would our “fees” be considered exorbitant or illegal if annualized as interest rates?
• Are we operating in a legal grey zone? If so, are we comfortable that we are not profiting from such opportunities to the potential detriment of our customers’ rights?
• What processes do we have in place to ensure that recipients of loans are able to meet repayment obligations?
• Are we confident that our decisions on customer targeting/ shop front locations do not exacerbate or exploit existing vulnerabilities?
• Are we carefully weighing the benefits of making credit more readily available (including through smartphone technology) with the potential negative impacts of greater availability on vulnerable consumers?

* Mitigation examples are current or historical examples for reference, but do not offer insight into their relative maturity or effectiveness.

• Alcoholic Beverages: With motivations ranging from the ethical, personal health, to purely commercial (noting that the number of people who consume alcohol in the world has decreased by nearly 5 percent since 2000), several brands and start-ups have begun offering non-alcoholic alternatives: Diageo (the world’s second largest distiller and parent of Guinness, Smirnoff and Johnnie Walker) recently funded a nonalcoholic spirits company called Seedlip.

• Food Marketing: University of Connecticut Rudd Centre for Food Policy and Obesity has several reports including a brand by brand analysis of targeting of black and Hispanic youth by major food and beverage companies in the United States. See also WHO (2019) Reducing the impact of marketing of foods and non-alcoholic beverages on children.
• Social Media: UK parliamentary committee report on the Impact of Social Media on Young People’s Mental Health and Wellbeing.

Citation of research papers and other resources does not constitute an endorsement by Shift of their conclusions.

Financial or advisory services can enable companies to act in ways that increase the risk of impacts on people. Further, risks to people can arise even where financial or advisory services are provided in compliance with applicable laws and regulations. Some examples of human rights impacts connected to such services are listed below.

• Providing finance, insurance or advice for large infrastructure or other projects requiring relocation of communities can, without proper mitigation measures, be associated with forced relocation, the loss of adequate housing and livelihoods, the destruction of sacred indigenous sites, environmental damage and violence against community members. Where the advice relates to a project or facility in a geography undergoing conflict, there is a risk of connection to impacts on the right to life. In the case of finance, risks can be exacerbated where a financier is a non-lead bank in cases of multi-bank syndicated loans for project finance. (See Red Flag 15).
• In February 2021, the Telegraph reported that “consulting firm McKinsey has agreed to pay $573 million” in order “to settle claims by US states that the consulting company helped fuel the opioid epidemic by providing marketing advice to drugmakers including Purdue Pharma and Johnson & Johnson.”
• Accounting and Taxation advice on aggressive, but legal, taxation minimization strategies can deprive governments of the resources needed to address poverty and to finance programs seeking to protect and fulfil rights. (See also Red Flag 24).
• In relation to legal advice, risks can arise where there is a gap between domestic laws and international human rights standards. For example, advice to employers in relation to legal tactics to undermine labor rights can negatively impact the practical enjoyment of those rights, e.g. the right to collective bargaining. Advice on bringing certain claims under stabilization clauses in investment agreements with host governments (which provide protections for investors against future changes in law) can interfere with a State’s bona fide efforts to implement laws, regulations or policies in a non-discriminatory manner in order to meet its human rights obligations.

• Reputational Risks: Connection to severe human rights impacts can have reputational effects for financial and advisory service providers; where such connections are repeated or persist over time, it can lead to public questioning of the company’s social license to operate. In 2018 a Forbes opinion article cited connections to human rights impacts as the basis for asserting that “McKinsey & Co fails as a global leader.” At worst, it can bring an entire industry into disrepute. In 2020 an investigative article relying on the Luanda Leaks asserted that “consultants, accountants and lawyers provided vital support at each step of the way” and argued for the need for greater regulation over the “key role Western professionals play in maintaining an offshore industry that drives money laundering and drains trillions from public coffers.” Civil society is increasingly highlighting the connection between finance and advisory services and impacts, most visibly in campaigns for divestment by banks from companies or projects associated with human rights impacts, such as in the case of banks lending to the private prison industry.
• Financial Risks: In February 2021, the Telegraph reported that “consulting firm McKinsey has agreed to pay $573 million” in order “to settle claims by US states that the consulting company helped fuel the opioid epidemic by providing marketing advice to drugmakers including Purdue Pharma and Johnson & Johnson.” Banks can be required to compensate communities for adverse impacts connected to their finance: in 2020 an Australian bank agreed to contribute the money that it earned from a loan to a sugar company to Cambodian families that were forcibly displaced by the company, as a form of contribution to remedy. This followed a decision in which the Australian National Contact Point found that it was “difficult to reconcile” the bank’s decision to take on the client “with its own internal policies and procedures” as the risks would have been “readily apparent.” Financial risks can also arise where banking clients are unable to repay loans due to the high costs associated with conflict with communities proximate to projects. Finally, pressure associated with a service provider’s connection to a human rights impacts can lead to them finding it necessary to end a business relationship, (e.g. in the case of the Dakota Access Pipeline), with financial consequences for the company.
• Business Opportunity Risks: Where advisors are unable to advise clients appropriately on the human rights risks associated with corporate decisions or activities, they risk losing business of increasingly sophisticated clients seeking these insights. The International Bar Association has noted that “lawyers, both as in-house counsel and as members of law firms, are increasingly asked to help businesses understand what the responsibility to respect human rights implies.” The Working Group on Business and Human Rights has noted a “[l]ack of understanding by some lawyers of the links between human rights risks, legal risks, commercial risk and reputational risks and, specifically, a failure to appreciate that, even where no material legal risks can be identified, that there can still be commercial and reputational consequences coming from a company’s behaviour, especially since the endorsement of the Guiding Principles and the growing focus … on the company’s performance on managing human rights risks.”

*For an explanation of how companies can be involved in human rights impacts, and their related responsibilities, see here.

Providing financial or advisory services to companies or governments in a way that supports human rights standards – by helping them to understand their own responsibilities or by seeking to use leverage with the client where risks to people arise – can contribute to various SDGs, including, but not limited to:

Adapted from Shift’s, Human Rights Due Diligence in High Risk Circumstances: Practical Strategies for Businesses: Identifying potentially higher risk customers/clients.

Example Diagnostic Questions:

Concerning the customer/client

• Do customers/clients have known and effective internal governance and accountability structures?
• Do they have known and effective processes for managing environmental, social and human rights risks?
• Do they have a record of, or reputation for, breaching the law?
• Do they have a record of, or reputation for, negatively impacting human rights?
• Are they known or likely to engage in corrupt practices?
• Are they in conflict with stakeholders?
• Is this a government owned or connected entity and does that suggest greater or lesser risk to human rights?

Does the structure or duration of the relationship significantly limit the business’ leverage?

*Mitigation examples are current or historical examples for reference, but do not offer insight into their relative maturity or effectiveness.

• Shift (2015) Human Rights Due Diligence in High Risk Circumstances: Practical Strategies for Businesses highlights strategies and practices that certain businesses have found most effective when conducting human rights due diligence in high risk circumstances. It includes “higher risk business relationships” such as those with customers/clients.

Finance:

• The Dutch Banking Sector Agreement’s paper on Enabling Remediation gathers some of the most recent thinking in relation to:
  • how to understand the responsibility of a bank when connected to an impact through the activities of a client.
  • the practical roles banks could play and actions a bank could take to enable remedy in practice, across all forms of responsibility.
• The Equator Principles Association’s EP4.

Legal Advice:

• A4ID’s The UN Guiding Principles on Business and Human Rights: A guide for the legal profession provides an analysis, with case examples, of:
  • a law firms’ implementation of rights and responsibilities in client relationships.
  • the relationship between the UNGPs and codes of professional conduct for the legal profession.
• International Bar Association’s Practical Guide on Business and Human Rights for Business Lawyers and Business and Human Rights Guidance for Bar Associations.
• IBA’s Handbook for company and commercial lawyers on Business and Human Rights, which provides an explanation for lawyers about the links between different kinds of risks.
• Principles for responsible contracts: Integrating the management of human rights risks into state-investor contracts.
• UNGC’s Good Practice Note Meeting the Responsibility to Respect in Situations of Conflicting Legal Requirements.

Hate Speech, Harassment and Illegal Content
(Right to equality and non-discrimination; Right to life, liberty and security; Right to freedom of thought, conscience and religion; Right to Just and favorable conditions of work; Right to highest attainable standard of physical and mental health):

• Online classified ads platforms have been accused in recent years of facilitating human trafficking, including sexual exploitation of children.
• Hate speech and other forms of harmful communication can incite violence, including attacks on targeted individuals or communities. UN Human Rights investigators looking into the genocide in Myanmar confirmed that social media had played a “determining role” in the spreading of hate speech and the campaign of ethnic cleansing against the Rohingya minority.
• Social media platforms can be used for practices like “doxing” and harassment, particularly where platforms fail to prevent or manage gender-specific harassment and overtly toxic interactions.
• Some adult websites allow for non-consensual content to be posted. Some companies have been reluctant to (or refused to) take down content when requested by victims while profiting from the harm through ad revenue.
• Companies can facilitate the harmful practices of online platforms through provision of “back-end” services, such as building custom tools to support platforms that impact rights.

*For an explanation of how companies can be involved in human rights impacts, and their related responsibilities, see here.

Addressing impacts to people associated with this red flag indicator can positively contribute to a range of SDGs depending on the impact concerned, for example:

Online Platforms:

• In the run up to the 2020 US elections, Facebook announced a range of steps they were taking to ensure the integrity of the elections including by removing misinformation, violence-inciting posts, the creation of a Voting Information Center, the development of a new hate speech policy, as well as political advertising blackout periods the week before and after the election.
• Social media companies have been developing stronger moderation systems to flag, escalate and make decisions about discriminatory or otherwise abusive behavior (e.g. employing monitoring staff that are trained on the local context; convening groups of experts to monitor important topics, especially where hate speech or fake news can lead to serious harm). For example, Facebook has announced the use of AI to limit the spread of hate speech and improve the speed of its removal and, with others including Twitter, has joined the global pledge to fight hate speech online.
  • Content moderation: monitoring and removing content is, in principle, a viable risk mitigation strategy and many social media companies employ moderators to manage the related risks to people. However, a number of additional risks to people are inherent to this work: (1) privacy risks related to having your content, personal information and private interactions monitored; (2) censorship if companies make inappropriate or incorrect decisions; and (3) risk to the mental health of the content moderators who are regularly exposed to harmful, toxic and violent content.
• Facebook and Twitter have created lead roles for human rights experts, and Facebook has reportedly commenced “making sure that people with human rights training are in the meetings where executives sign off on new product features.” Facebook has also created an Independent Oversight Board to take final and binding decisions on whether specific content should be allowed or removed from Facebook and Instagram. The Board considers content referred to it by both users and Facebook. Members contract directly with the Oversight Board, are not Facebook employees and cannot be removed by Facebook.
• Online recruitment companies, such as LinkedIn, use a “multitude of tools and systems to proactively monitor content and identify activity that may be in violation of [their] policies,” deploying human reviewers where users identify and report discriminatory content in job postings.

• Fast Company (2020), What data experiments tell us about racial discrimination on Airbnb.
• European Commission against Racism and Intolerance, Combating Hate Speech, General Policy Recommendation.
• OpenCanada (2019), Bringing human rights standards to content moderation on social media.
• Human Rights Watch (2018), Social Media’s Moral Reckoning.
• Investor Alliance for Human Rights, Information, Communications and Technology (ICT) Briefing: Discrimination.
• New America (2020), Getting to the Source of Infodemics: It’s the Business Model.
• New America (2020), It’s Not Just the Content, It’s the Business Model: Democracy’s Online Speech Challenge.
• The Atlantic (2016), Facebook And The New Colonialism.
• The Conversation (2019), Digital Colonialism: Why Some Countries Want To Take Control Of Their Peoples Data From Big Tech.

Citation of research papers and other resources does not constitute an endorsement by Shift of their conclusions.