Exploring the relationship between human rights due diligence and broader environmental and social due diligence

Rachel Davis discusses the gaps in standards and practice in how financial institutions manage human rights risks, and relates the findings in the evaluation report to wider international experiences and discussions on differences between UNGP and IFC Performance Standards in this evaluation view.

Written by Rachel Davis, managing director and co-founder with Shift. She was a senior legal advisor from 2006-2011 for the Special Representative of the UN Secretary-General on business and human rights John Ruggie. She played a pivotal role in the development of the Guiding Principles, advising on all aspects of the relationship between the Guiding Principles and national and international law.

She offers this comment on the evaluation report UNGP, Human Rights and Norwegian Development Cooperation Involving Business. 


This evaluation report will of course be debated by all stakeholders; but in doing so, it is important to recognize that the study is an all too rare example of a government seeking to take a holistic view of how development policy connects with the duties of states and the responsibilities of business under the UNGPs.

Few governments to date have explored this question with any rigor, despite many mentioning it in their National Action Plans on the UNGPs. Indeed, we are aware of only one other current example of a comprehensive approach, and that is by the government of Finland.

The Norwegian government now has the potential to continue to lead by example through implementation of some of the key recommendations emerging from the study.

In this comment, Shift and Norad agreed that we would focus on the relationship between human rights due diligence (HRDD) under the UNGPs and existing environmental and social (E&S) due diligence approaches by financial institutions.

This is for two reasons. First, this is an area in which Shift has particular experience working with both public and private financial institutions, including work with the International Finance Corporation (IFC), with a number of national development finance institutions (DFIs) and Export Credit Agencies (ECAs), and with private banks.

We have explored in a hands-on, case-based way how HRDD can help strengthen and address gaps in existing approaches, particularly those based on the leading standard for E&S due diligence in project finance - the IFC Performance Standards. While there is substantial alignment between HRDD and the Performance Standards, there are also some differences, which we explore further below.

Second, this is an area that generated particular debate – and some disagreement – in the context of the study. This is not surprising as it is both a technical discussion and one that is still evolving at the international level (for example, in the context of the current revision of the Equator Principles).

This note is not a comprehensive analysis of the relationship between HRDD and existing E&S approaches; rather it seeks to highlight some of the key lessons that we have seen in practice through our work at Shift with a wide range of financial institutions. We hope that this note will be useful to all stakeholders involved in discussing the final results of the study, as well as others interested in or working on these issues globally.

Framing our understanding of human rights due diligence

It is important to state up front that alignment with the expectations of UNGPs is not simply about whether an organization has the right words on paper in a policy commitment, or whether it has conducted a one-off Human Rights Impact Assessment.

Meaningful alignment is about integrating the core concepts of HRDD into existing, ongoing E&S risk management systems to ensure that those systems are identifying, prioritizing and seeking to address the most severe risks to people as robustly as possible.

It is about being prepared to look beyond the scope of the project footprint to impacts connected to the project via extended business relationships if that is where the greatest risks to people are, and being willing to use leverage in creative ways to seek to address the most severe risks rather than following a “tick-box” approach to compliance with E&S standards.

The UNGPs establish that all businesses have a responsibility to respect human rights, that is, to avoid people’s human rights being harmed through their activities or business relationships, and to address any harms that they cause or contribute to.

To meet this responsibility, businesses need various processes in place, including human rights due diligence. HRDD is explained in the UNGPs as an ongoing process through which a business assesses the actual and potential negative human rights impacts it may be connected to, integrates the findings into its decision-making and actions in order to mitigate those impacts, tracks the effectiveness of these measures, and is able to communicate about its efforts internally and externally.

In our work, we have seen how important it is to be clear about how the UNGPs use the term “responsibility” and what flows from it, as this can lead to particular confusion in the financial sector. The responsibility to respect human rights extends across an organization’s operations and its value chain. It encompasses all situations where harm to human rights can be linked to what the organization does. But the concept of responsibility in the UNGPs does not mean liability for all impacts that an organization is connected to. Rather, responsibility defines both where a business needs to look to understand where it may be connected to human rights risks and impacts and what it is expected to do to address them, depending on how it is connected to them.

The UNGPs define three ways a business can be connected to an impact, with differentiated expectations for what actions are expected in response:

  • An organization can cause an impact solely through its own actions or decisions (including omissions),
  • An organization can contribute to an impact, either in combination with others or through another entity by incentivizing or facilitating that entity’s harmful actions or decisions, or,
  • An impact can be directly linked to an organization’s operations, products or services through its business relationships, including its direct contractual partners or clients as well as other entities in extended value chains (which, for a financial institution, includes its clients’ own value chains).

Where a business has caused or contributed to an impact through its own actions or decisions, it is expected to cease the action that caused or contributed to the impact and provide remedy to those individuals or groups who may have been harmed to the extent of its contribution. In contribution situations, a business should also use or build its leverage – i.e., its influence over other entities – to prevent or mitigate any remaining harm.

In linkage situations, a business is expected to use its leverage to seek to prevent or mitigate the harm caused or contributed to by other parties.

It does not have a responsibility to provide remedy in these situations, but using leverage to encourage or push a third party to provide remedy for any harms it has caused can be an important means of helping to ensure that they do not continue or recur.

Where businesses have limited influence, it is hardest to bring about change. It is important to think creatively about leverage and how to use it. Leverage may need to be built with internal colleagues to get the organization to act. Leverage with business partners and other external parties can be built in many ways: through the terms of contracts and their enforcement; through commercial incentives or capacity-building; through personal relationships and quiet persuasion; or through public advocacy or joint action with other companies, governments, and international or civil society organizations (See, for examples, Shift, Using Leverage in Business Relationships to Reduce Human Rights Risks, 2013).  Where building leverage will take time, it becomes even more important to track the effectiveness of efforts made and to explain the organization’s approach in order to remain credible.

The expectations of the UNGPs apply to both financial institutions and their clients, investee companies and other business partners (and to those businesses’ own value chain partners as well).

Each entity has its own individual responsibility to embed a policy commitment to respect human rights, to conduct human rights due diligence, and to enable access to remedy for impacts the organization might cause or contribute to. However, the specific actions each organization will take to meet these expectations will look different in practice, depending on the nature of their respective activities and their position and role in the value chain.

In practice, this means that an individual financial institution will be more likely to concentrate its efforts to meet its responsibility to respect human rights on whether its screening processes have appropriately prioritized certain clients or business partners for more in-depth due diligence, based on where the risks to people may be most severe, and whether it is using its leverage effectively to set clear expectations and follow up on them in connection with the most severe risks.

Gaps in standards and in practice

Our understanding of the relationship between HRDD and broader E&S due diligence in project finance contexts is grounded in exploratory work we undertook with the IFC in 2012 to investigate some of the differences between E&S due diligence under the IFC Performance Standards and HRDD under the UNGPs.

We drew on that work, with the IFC’s agreement, in a public report in 2015 on HRDD in high-risk circumstances, which has influenced the practice of a range of public and private financial institutions as well as helped to inform the 2016 revision of the OECD Common Approaches for Export Credit Agencies (Shift, Human Rights Due Diligence in High Risk Circumstances: Practical Strategies for Business, March 2015).

The five main factors that can heighten human rights risk relate to: the nature of the operating context; the nature of the client’s business relationships; the nature of the business activity that will be conducted; the presence of potentially vulnerable groups; and the quality of a client’s existing mitigation measures. 

Based on our experience since then with a range of financial institutions, we believe that organizations that implement the IFC Performance Standards in a robust manner (which is not always the case in practice) will be significantly advanced in meeting the expectations of the UNGPs.

However, HRDD and the Performance Standards are not perfectly aligned in their expectations. In this regard, footnote 12 in Performance Standard 1 may in fact have led to more rather than less confusion. The footnote provides that: “In limited high-risk circumstances, it may be appropriate for the client to complement its environmental and social risks and impacts identification process with specific human rights due diligence as relevant to the particular business”.

This frames HRDD as something distinctive that only happens after initial screening of risks and under certain conditions – that is, when severe risks have already been identified. Yet the purpose of HRDD is to inform an up-front understanding of whether there are high-risk circumstances in the first place, by focusing on where the most severe risks to people may lie. This should then inform subsequent decisions about where to invest additional resources in conducting further, deep-dive assessments and in using leverage with clients to mitigate those risks.

While broader E&S due diligence is also seeking to mitigate risks to people (and the environment) and often covers a range of human rights risks and impacts, we have seen how the concepts underpinning HRDD can bring greater precision to an organization’s existing approaches by highlighting what is unique about preventing and addressing the most severe risks to people. Drawing on our experience, we highlight a number of areas where we have seen gaps in standards and in practice between E&S due diligence and HRDD, as well as where we have seen efforts to address some of those gaps by individual financial institutions.

Considering business relationships 

This affects the scope of where an organization should look when assessing risks and impacts. The UNGPs start from the perspective of impact, meaning that all human rights risks and impacts that a project could be connected to are in scope, whether those are caused or contributed to by the project operator’s own activities, or by an entity in the project’s extended value chain where those impacts are connected to the project through one or more business relationships.

This is separate from an analysis of whether the client (or the financial institution) has sufficient influence or control over the entity causing the impact to prevent or mitigate it. In contrast, the expectations of the Performance Standards regarding third parties do not always start from the fact of impact; instead they are limited to certain specified third parties and tend to give weight to where a client has influence or control (See, for example, PS 1 paras 9 and 10). 

In practice, we have seen a growing number of DFIs, ECAs and private banks recognize their responsibility for impacts they might be connected to through a client’s business relationships and go beyond the requirements of the IFC Performance Standards, and related standards like the Equator Principles, to extend the scope of their due diligence in practice, even as they continue to frame their public policy commitments around these core frameworks.

We have seen examples of financial institutions conducting supply chain due diligence in the extended (third or fourth tier) of the value chains of the agricultural and ship-building industries, focusing on how to address impacts caused by the legacies of poor government-led land acquisition processes, and examining risks connected to the end-use of products financed by covered transactions. 

Here we would draw attention to GIEK’s Environmental and Human Rights Due Diligence Procedure, also highlighted in the report, which is relatively unique among financial institutions in explicitly discussing the organization’s responsibility to use leverage in connection with human rights impacts and its commitment to doing so. What makes this meaningful (rather than simply words on paper) is that it reflects how GIEK seeks to operate in practice, based on our first-hand experience working and engaging with the organization over the last five years.

Assessing contextual risks

HRDD expects a financial institution (and its clients) to assess the extent to which a particular context may heighten the severity or likelihood of the human rights risks connected to a project. These could include legacy impacts (for instance, flawed land acquisition processes that led to a license being issued to a former project operator which the current operator has now inherited, or a history of past conflict between local stakeholders and a particular local industry), or risks connected to operating in a particularly complex operating environment (such as pervasive corruption, widespread social discrimination against certain groups, or the repeat targeting of human rights defenders for harassment or more severe abuse).

By contrast, typical E&S due diligence often emphasizes the nature of risks to people from the project itself, but less so the ways in which the context could enhance the severity or likelihood of identified project risks or create additional risks for particularly vulnerable individuals or groups.

We have seen leading DFIs start to integrate greater contextual risk analysis into their assessment approaches, having learned from experience that much more is needed in this regard. We have also seen that some are concentrating their use of leverage in higher-risk contexts, and particularly with financial intermediaries such as banks and private equity funds that the DFIs are providing financing to, who may be less aware of the need to consider how the context heightens human rights risks in connection with their own investments in and lending to local companies.

Prioritizing assessment and use of leverage based on the severity of risk to people

The UNGPs expect businesses to prevent and address all human rights risks connected to their operations, and to prioritize the most severe, or salient, risks (using the criteria of scale, scope and remediability of harm) where prioritization is necessary.

Traditional E&S due diligence often follows the approach of the IFC Performance Standards, which require a management plan to address all instances of non-compliance with the standards. The mitigation hierarchy in the Performance Standards emphasizes avoidance of impacts wherever possible, but accepts that either mitigation, compensation or offsets may be the only solution in some cases. While this approach is broadly aligned with the UNGPs, it does not provide the same clarity of focus on the most severe risks to people when prioritization is necessary (especially since the Performance Standards are also considering environmental harms).

For large or complex projects, there are often a huge number of issues for clients to address through an E&S management plan and they will often be unable to address all identified issues at once. Although the Performance Standards call for mitigation that is commensurate with the level of risk, in practice, if clients have to make choices because of resource constraints, they may default into prioritizing either those risks that are easiest to address or that pose the greatest risk to the business, rather than focusing on those that pose the greatest risk to people.

This is also important at the level of financial institutions, especially when it comes to deciding where and how to use leverage. We have seen the most creative approaches by DFIs and ECAs seeking to use their leverage to address human rights risks where they have already engaged in prioritization using the types of criteria referenced in our 2015 report (Human Rights Due Diligence in High Risk Circumstances: Practical Strategies for Business, Shift 2015).

This allows the financial institution to focus more of its resources on engagement and leverage in relation to the most severe risks to people, even where those risks are caused by third parties and where it may (at least at first glance) have very limited leverage. For example, where some of the most severe risks to people arose from the practices of labor hire companies that were providing workers to a second-tier contractor to a company contracted by the project operator to construct a pipeline that the project will utilize – so, effectively a fourth-tier supplier.

Grounding in international human rights standards 

The IFC Performance Standards explicitly reference international human rights standards and instruments in a number of important areas, such as in the guidance on labor rights in Performance Standard 2. However, in other areas – such as the rights to water and sanitation – while there are certainly aspects of the standards that are relevant to achieving respect for those rights, the Performance Standards do not spell out the content of the rights in detail. For example, with regard to water, this would mean considering the five key dimensions of the right – availability, accessibility, quality and safety, acceptability and affordability – and how different stakeholders could be affected across all these dimensions. In the case of the right to privacy, the right is not mentioned at all.

This matters because, in practice, some clients tend to see affected stakeholders as passive “project beneficiaries” who should be grateful for the steps taken by the company to consult them and to attempt to mitigate impacts (where that is cost effective), rather than as active “rights-holders” who are entitled to have their rights respected and to access to remedy when they are harmed (See the discussion in IDB, Meaningful Stakeholder Consultation, 2018, at pp 9-10). 

These starting assumptions can lead to quite different mindsets influencing the design and implementation of risk management plans. This makes it all the more important that the right expertise is brought into the impact assessment process and in advising on mitigation measures. Indeed, the International Association for Impact Assessment has recognized in its Social Impact Assessment Guidance that human rights expertise should generally be integrated into the conduct of all social impact assessments, yet this is not the norm in practice (See Social Impact Assessment: Guidance for assessing and managing the social impacts of projects, especially pp 14-15.).  

Focusing on meaningful stakeholder engagement and effective grievance mechanisms: This is an area where we see greater alignment between the expectations of the IFC Performance Standards and HRDD, but often very weak practice that undermines both standards.

Under the UNGPs, HRDD is grounded in meaningful stakeholder engagement across all phases of the due diligence process, but particularly in identifying risks, in prioritizing the most severe ones, and in tracking performance. HRDD places special emphasis on the perspectives of affected stakeholders – those individuals or groups who are or could be harmed, or their legitimate representatives. Both the IFC Performance Standards (and Equator Principles that draw on them) are clear that clients should conduct effective stakeholder engagement. However, cases repeatedly demonstrate that this remains a particularly weak area of client practice. Moreover, our experience has been that financial institutions often lack the necessary tools for assessing the quality of clients’ stakeholder engagement processes and their capacity for conducting them effectively.

We are starting to see a growing recognition of the central importance of ensuring meaningful project-level engagement with affected stakeholders.

For example, the Inter-American Development Bank recently produced new guidance on “meaningful stakeholder consultation”, emphasizing the critical role this plays in effective due diligence (See the discussion in IDB, Meaningful Stakeholder Consultation).

Likewise, the Performance Standards and Equator Principles set a clear expectation for effective project-level grievance mechanisms (although under the Equator Principles this applies only to higher-risk projects). But again, experience shows that many operational-level grievance mechanisms are far from effective in practice and are not aligned with the effectiveness criteria in the UNGPs (Principle 31).

Here, our experience has again been that financial institutions largely lack the tools to assess the effectiveness of these operational or project-level grievance mechanisms, and instead tend to focus on the fact of their existence and whether the client deems them to be effective, rather than whether there is any credible evidence that their intended users consider them to be.

A number of DFIs in particular have now introduced their own “second-line mechanisms” to address cases where clients’ mechanisms are ineffective and/or where remedy has not been provided. But many still lack their own mechanisms, which then places greater priority on whether clients have good mechanisms in place.

Moreover, a grievance mechanism is merely one tool that can assist in providing remedy to affected stakeholders. Under the UNGPs, a company’s responsibility to provide remedy where it has caused or contributed to a harm exists regardless of whether or not it has a grievance mechanism. Assuming the financial institution has not contributed to the harm caused by the client (or a third party), it nonetheless remains linked to it. While the financial institution does not have a responsibility to provide remedy directly in linkage situations as discussed above, it can still play an important role in remedy by directing its efforts to use leverage to seek to get the client to meet its responsibility to provide remedy. This remains a seriously under-explored area and one that we are focused on in our work with financial institutions.

Another area where there is a gap between the Performance Standards and the UNGPs is on the issue of formal, public reporting where significant human rights risks exist. A discussion of that is beyond the scope of this short note; however, it is worth noting that, in the ECA context, the Dutch ECA, Atradius DSB, set a new bar when it published the analysis that Shift conducted with ADSB of how the organization’s current approach aligns with HRDD and where it falls short, particularly in the area of transparency (Available here).

Concluding comment

In brief, this is clearly an area where greater discussion amongst practitioners in financial institutions is needed, including in order to compare how current approaches measure up in practice to HRDD, since, as discussed above, we often see a substantial gap between policy and practice in terms of how human rights risks are actually being managed particularly in the DFI and ECA space.

We hope that this short note can contribute to the stakeholder discussion in Norway about the results of the study, and we look forward to seeing how key aspects are taken forward and implemented.

Published 13.09.2018
Last updated 13.09.2018