Regulators and standards bodies are gearing mandatory up to make value chain risk reporting, and forward-thinking firms should take note, writes techUK’s Craig Melson
Businesses are used to manage their supply chains. Not just from a cost and operational perspective, but also from a from human rights aspect. This is ingrained within big firms who invest large amounts of time and money to understand their supply chains risks, and is becoming more commonplace in SMEs, driven by regulatory compliance and sometimes even a desire to do the right thing.
What is this due diligence of which you speak?
Practices vary by business type and sector, but methods include background checks on supply chain partners, modern slavery training, making human rights policies a condition of winning business, all the way through to whistleblowing hotlines, spot checks, audits, participating in industry schemes and partnering with trusted charities and organizations home and abroad. There’s also a raft of guidance available from the likes of the Institute of Human Rights and Business, the Business and Human Rights Resource Centre, the Ethical Trading Initiative, Unseen UK and even sector specific guidance from bodies like techUK.
However, this is no longer enough. Firms will soon be expected to report on their ‘value chain’ risks, which means a much more enhanced, detailed and probably more expensive due diligence process.
So how does value chain differ from supply chain?
There is probably an MBA’s worth in that question, but broadly supply chains concern getting products made, stored and shipped while value chains cover all business operations, all aspects of products and services, what business relationships have been entered into as well as the supply chains . For tech firms, it is even more complex when the tech is used to enable something else or is used in a way it was not intended to be used; How to do effective due diligence on a much bigger range of people and partners is understanding something the sector is grappling with.
Who is driving this change?
There have been substantial efforts to move the business mindset to value chain due diligence and we’re seeing standards bodies, regulators and legislators now codifying this in law. The new International Sustainability Standards Board is trying to set up a baseline for global sustainability disclosure standards and throughout referring to value chain risks. Supply chains are mentioned, but only as one component of effective holistic due diligence processes.
The EU’s sustainability disclosure rules near completion, as well as the newly announced Corporate Sustainability Due Diligence Directive, all explicitly refer to ‘value chains’ too, making this a compulsory commitment. In the UK, we shortly expect to see new reforms to the UK Modern Slavery Act, which could also go beyond the supply chain.
This sounds like a lot of due diligence, where can firms start?
Firms are still grappling with understanding what value chain due diligence really means in practice. In tech, there have been discussions around ‘end user’ and what due diligence needs to be in place, as well as how to manage when a technology service or product transfers to different jurisdictions.
Luckily, we have the UN Guiding Principles on Business and Human Rights to help us out, setting out clear principles for effective due diligence. Firms should look to this as the first instance, and look at some of the great reports and research available on the Business & Human Rights Resource Center for some good case studies. At techUK, we’re here to help our members and we are looking forward to putting out some more free guidance to help firms in any sector.
Craig Melson is associate director at techUK