In a few short years the financial services sector has shifted globally. Spurred on by regulators and proof-points that sustainable investments make financial sense, the sector is increasingly recognising the need to deeply consider non-financial risk in the way it does business.
The ‘environmental, social, governance’ or ESG agenda has been given new prominence and meaning as we collectively grapple with the impacts of climate change, human rights violations and uncertain geopolitics. The global COVID-19 pandemic has exposed existing vulnerabilities and highlighted the need for focused and immediate action. The financial services sector is at the center of these intersections.
For a considerable period of time, the emphasis rested on environmental challenges. This is now expanding as regulators require enhanced disclosure on particular social risks – or the risk of harm to people. For the financial services sector, this means coming to terms with how people might be adversely impacted by their business activities and relationships, for example with customers or suppliers. It is also an opportunity to do business differently and take a considered approach to building back better.
The benefits of taking a ‘risk to people’ approach
Failure to respond to human rights risks affects business in four domains: regulatory reporting requirements and standards; reputational damage and eroded public trust; investor scrutiny of social impact credentials; and values alignment with today’s socially conscious workforce.
A key difference between traditional business due diligence and human rights due diligence is that the latter seeks to identify risks to people rather than risks to the business. In practice, it requires enterprise risk management to change the focus of its analysis and response. For example, a case of data breach or misuse of customer or employee information may violate a person’s human right to privacy and could lead to other adverse human rights impacts like discrimination. In contrast, traditional enterprise risk management would classify the same event in company-centric terms, such as the ‘risk of legal non-compliance or reputational damage’. Rather than adopting one over the other, the strength lies in the combination of both, whereby the ‘risk to people’ lens inherent in human rights due diligence enhances enterprise risk management and with that, ultimately human rights risk management. As such, the objective becomes the integration and alignment of human rights due diligence with existing enterprise risk processes.
Beyond the important role of enterprise risk management in identifying and assessing risk to people, the same principles can be applied to setting appetites, procurement frameworks, making responsible investments, managing assets and the multiplicity of activities undertaken by the financial services sector.
Accountability is critical to implementing this in practice. Taking a ‘risk to people’ approach requires today’s financial sector leaders to ‘un-learn’ traditional ways of thinking and honestly ask: ‘How might people be harmed as a result of a business activity, decision, transaction, relationship or purchase by our organisation?’ Decisions should be shaped by the answers to that question.
Leading institutions are implementing comprehensive and enterprise-wide human rights frameworks. They are taking a dedicated 360-degree approach that embeds human rights practices and formal accountability into their existing processes, controls and culture. This is yet to be adopted across the industry, with most lagging behind these champions.
For those across the sector who are wary of stepping into a leadership role, that choice is likely to be taken away. There is considerable momentum towards the implementation of mandatory human rights due diligence in Europe. Just last year, a group of investors with US $5 trillion in assets under management called on governments to institute mandatory human rights due diligence1.
Start with one issue to build an approach
Faced with tackling ‘human rights’ – many that we speak to across the sector can feel overwhelmed. In some jurisdictions, it may make sense to start with one particularly egregious set of human rights violations: modern slavery.
Modern slavery is defined as severe human rights violations and crimes involving coercion, threats or deception to exploit people and deprive them of their freedom.
It includes forced labour, deceptive workforce recruiting, human trafficking, child labour, slavery, forced marriage and debt bondage.
Around the world, countries like the UK and Australia have introduced domestic legislation with cross‑jurisdiction reporting requirements. Entities must produce annual public statements on how they are addressing the risk of modern slavery in their operations and supply chain.
Financial institutions – given the vast scope of their interactions with every industry – are connected to a broad range of risks related to this global problem. As such, financial services organisations have a pivotal role to play in combatting modern slavery. Examples include monitoring financial information or data for indicators of exploitation, particularly by making smart use of data and collaborating with other agencies; assessing investments in high risk categories and geographies and introducing conditionality where inherent risks emerge; engaging and monitoring suppliers; and critically, remediating where harm to people is found.
Practical steps to identify and manage human rights risk
KPMG Australia has joined with the Australian Human Rights Commission to release a series of sector specific guides aimed at helping companies manage modern slavery risks, including key steps to identifying potential problems. This guidance aims to support those directly responsible for oversight of enterprise risk management, but also other functions with increased responsibility for identifying, managing and reporting on the risk of harm to people including procurement, legal, sustainability, corporate affairs and human resources.
Key risk identification steps
1. Map your operations and supply chain.
2. Identify areas of operations and supply chain where high-risk factors are present with internal cross function engagement.
3. Test your assumptions through consultation with relevant external stakeholders.
4. Perform ongoing risk identification and assessment during any business relationship.
5. Enhance your risk-identification methodology over time by:
- understanding both inherent and residual risk
- building on current ESG frameworks, supplier-management frameworks, customer-screening systems and other third-party risk research to identify human rights/modern slavery risk
- drawing on and embedding sector-wide typologies and indicators
- asking new questions of existing data and enabling smart use of data analytics
- identifying evolving risk dynamics to reflect changes in the profile of modern slavery practices.
6. Confirm accountabilities.
7. Establish governance structures and cross-functional responsibilities.
8. Benchmark existing commitment, risk management systems and controls, and grievance mechanisms and remediation.
9. Incorporate explicit modern slavery risk considerations into risk processes.
Investors may drive demand for human rights due diligence
The growing centrality of human rights in shaping investor decision-making illustrates the increased awareness that social risk is just as important to consider as environmental risk. This was also a key finding of KPMG’s report on Prioritising in a Pandemic: How COVID-19 is Impacting the Corporate ESG Agenda (PDF 1.46 MB). COVID-19 has led to a surge in the awareness of corporate social impact as companies have been forced to consider societal expectations, their role and impact on society. One finding was that investors ‘are asking for a more comprehensive story on the company’s role in society and its purpose beyond making money for its shareholders.’ The environment has not been de-prioritised, but the impact on people is now at the top of the corporate ESG agenda.
KPMG Australia, in conjunction with the Responsible Investment Association Australia (RIAA), recently released its Responsible Investment Benchmark Report 2020. The report found that responsible investment funds tend to outperform mainstream funds over most timeframes and asset classes. This is good news for those who want to incorporate human rights considerations into all aspects of their decision-making. It is gaining traction. Specifically, the report found that according to consumers, human rights abuses were the second most important exclusionary or negative investment screen from funds and portfolios, only behind fossil fuels. Norm-based screening also checks investments meet minimum standards of business practice, and key human rights instruments and voluntary standards are central to this type of screening.
COVID-19 has shown companies in all sectors they will be held responsible, by governments and investors and society at large, for the wellbeing of their people and stakeholders. Given their multi-sector reach, financial services need to have a clear view of their impacts on people and what they must do to respect their human rights. This is the perspective that human rights due diligence offers financial services entities: the ability to prioritise responses that avoid causing or contributing to harm. In the context of a global pandemic, which is exacerbating and accelerating adverse human rights impacts, foresight of the risk of harm to people may support building more resilient, responsive and rights-respectful companies.
- Investors with US$5 trillion call on governments to institute mandatory human rights due diligence measures for companies, Investor Alliance for Human Rights, 21 April, 2020.