In September 2021, the Business & Human Rights Resource Centre (BHRRC) published a briefing entitled “Social Audit Liability: Hard law strategies to redress weak social assurances” (the “Briefing”).

The Briefing contends that the existing model of social auditing is inadequate and that social auditing is not a substitute for human rights due diligence (see our previous Blog Post).  Among other things, the Briefing reflects on the failure of social audits to detect human rights abuse in the past and on the potential flaws in certification schemes.  Ultimately, the Briefing argues that companies should not solely rely on social audits and certifications and should instead adopt a “transformative approach” to human rights due diligence which goes beyond social auditing.

The limitations of social audits

The Briefing defines a social audit as “a voluntary process carried out to assess and verify a company’s compliance with specified labour and/or environmental standards”.  While in theory, third-party social audits provide independent verification of an organisation’s compliance with such standards, in practice there are a number of inherent limitations to social auditing.  For example, the independence of a social auditor may be compromised to the extent it is paid and/or engaged  by the company being audited.  Furthermore, social audits only provide a “snapshot” view of the target organisation’s compliance and tend to adopt a “check-box approach”, which does not guarantee compliance on an ongoing basis.

There are numerous instances in which deficiencies in social audits have been in the spotlight.  For example, social audit firms repeatedly failed to report on forced labour risks at rubber glove factories in Malaysia, issues that were exposed by investigative journalists in 2018 and by state labour inspections in 2020.  Following the 2013 collapse of the Rana Plaza building in Bangladesh, which killed 1132 people, it also emerged that multiple social audit firms had failed to report on structural defects in the building.

In addition, the Briefing highlights the clear distinction between social auditing and human rights due diligence.  In particular, the Briefing states that: “Human rights due diligence differs fundamentally from social auditing in its approach, scope, and ambition.  Standard social auditing is about ensuring lists are ticked to gain compliance statements, often limited to Tier 1 suppliers.  Human rights due diligence demands companies identify and assess salient human rights risks across their operations and value chain and take systemic measures to prevent and address adverse impacts.”

Holding social audit firms to account

In response to the limitations of social auditing described above (see also our previous Blog Post and this Clean Clothes Campaign report), the BHRRC argues that social audit firms (like companies) must be held to account “where they cause, contribute or are directly linked to adverse human rights impacts and redress harm.”

To date, legal claims against social audit firms have been limited in scope and effect.  In 2014, an Italian firm was subject to a criminal complaint in respect of a social certification it issued in 2012 to a factory in which more than 250 workers died weeks later in a factory fire as only one fire exit to the building was useable.  In another case, a lawsuit was brought against the social audit firm that was allegedly negligent in its audits of the Rana Plaza building.  Neither case resulted in a finding of liability.

The Briefing sets out a number of innovative approaches for social auditor liability to offer an avenue for victims to access legal remedies going forwards.  Among other things, the BHRRC points to potential avenues for legal redress under UK, French, German and US law – in some cases, applying legal principles relating to tort, duty of care and negligence.

However, in order to ensure that victims of abuse have effective access to legal remedy, including for claims against social audit firms, the BHRRC calls for contractual and legal reform to help secure social auditor liability.  In addition, in its recommendations, the BHRRC calls on companies (including social audit firms) to:

  • respect human rights in accordance with the United Nations Guiding Principles on Business and Human Rights (UNGPs), ensuring effective human rights due diligence through the meaningful engagement of rights-holders;
  • protect those reporting on corporate abuse, and taking legal action, against reprisals; and
  • introduce contractual reform to grant affected rights-holders third-party rights and remove confidentiality restrictions to disclosing audit reports and contracts.
Practical Steps to Manage ESG Risks

Best-in-class companies are already applying the below strategies to preserve and create value by appropriately managing ESG-related risks and opportunities, including with respect to human rights:

  1. Integrating ESG into corporate governance structures by clearly defining ESG-related roles and responsibilities of the board, senior management and dedicated ESG or sustainability committees;
  2. Adopting ESG-related policies, action plans and targets to ensure group-wide alignment on ESG initiatives and disclosing those policies, plans and targets to the public;
  3. Building ESG-related organizational capacities through stakeholder engagement initiatives, trainings and handbooks;
  4. Incorporating ESG factors into commercial contracts, due diligence processes and procurement practices;
  5. Benchmarking ESG governance, strategy, risk management and disclosures against peers and industry best practices;
  6. Analysing and responding to ESG-related regulatory and legislative developments, including with respect to mandatory ESG disclosures, ESG risk management requirements and “green claims”; and
  7. Assessing ESG-related disclosures in the context of increasing litigation risk, including potential claims under securities laws and consumer protection laws.