A common conversation many of us have heard before – and maybe been part of ourselves – goes like this:
“Do you think we can do business with a [supplier/client/investee] in that country? Wasn’t that country in the news a few years ago – something about crackdowns on protestors?”
“Yes, I think I heard about that too. But that was several years ago. I haven’t heard anything about it since. I checked some reports where the country had a moderate risk rating and their economy seems to be doing well. Maybe it’s doing better these days.”
“Ok, if the ratings are not so bad, and we haven’t seen more negative press coverage, maybe we can go ahead and do business with that [supplier/client/investee].”
This is what we would call a red flag conversation – we see assumptions left unquestioned, and a likely lack of reliable information. Left unaddressed, these red flags could turn into real problems for the business, due to risk blind spots. They can significantly hinder a business’ efforts to demonstrate responsible business conduct, meet customer, regulator and investor demands, support sustainable development, and works to build resilience and long-term value.
The maturity curve on risk assessment: moving from passive assumptions to proactive engagement
In over a decade of working with clients in the mineral sector, here at Levin Sources we’ve seen businesses take different approaches when seeking to understand human rights-related risks. If we try to organise these approaches in categories, we generally see:
- ASSUME: in this lower maturity approach to risk assessment, some businesses assume
a set of risks, focused often on certain geographies, which are based on a pre-determined list compiled by another party (often an industry group, or a research or think tank-type of organisation).
- Why is this approach less mature? Because the business hasn’t checked its own risks – it doesn’t actually know if that pre-determined list reflects its operational reality. Of course, using an external list of likely risks and comparing it to other information sources is perfectly credible and can provide a useful basis for the business’ own assessment. What’s more problematic (and tends to create more risk blind spots) is when the pre-determined list is allowed to stand as a given, without any questioning or information triangulation.
- RELY: in this medium-maturity approach, we see businesses use a few or a small handful of different written sources to inform their risk assessment. These sources frequently come from large think tanks or governmental organisations. Sometimes they are supplemented by publications from civil society organisations (typically annual human rights country reviews), or news media reports.
- Why is this approach medium maturity? Using different information sources does shed more light on risks. But businesses that rely on these sources more passively – failing to dig deeper on signals of risk from existing sources – are still usually left with significant blind spots.
- ENGAGE AND TRIANGULATE: in this higher maturity approach, we see businesses add a key complementary element to the “rely” approach: the business interrogates and questions the findings of the written information sources. This means the business identifies red flags and potentially risky unknown unknowns that need to be probed, and reaches out to representatives and experts who may be closer to reality, such as civil society organisations or trade unions, human rights defenders, journalists, or professional experts such as academics. In the ‘engage and triangulate approach,’ the business reviews existing risk information and then proactively digs deeper where it has signals of higher risk.
“No news is bad news”
When discussing these different approaches to risk assessment with clients, we frequently hear the following:
“That makes sense in theory. But how can we apply the more mature approach at scale? We have too many suppliers/clients/investees/sourcing countries. We can hardly dig deeper on every one!”
And with this (understandable) concern we see the door open to a very significant problem: too many unknown unknowns. Put another way: “what you don’t know can hurt you.”
While there are many useful sources of human rights risk information currently available, more and more businesses we work with are realising that some sources of information are not always reliable or complete. In some cases, it is because of the increasingly prevalent, dangerous phenomenon of civic space restrictions.
As stated by a group of five financial sector organisations in a new publication supported by Levin Sources, called “No News Is Bad News”:
“Civic space restrictions create an ‘information black box,’ leaving us with blind spots about potential or actual negative impacts on human rights connected to our business. When civic space is restricted – meaning people are unable to organise, participate and communicate freely in their societies – we lack critical information about the human rights situation in those places, and we struggle to know if human rights have been harmed in connection with our clients and investees. These restrictions exist in every region of the world, which means they affect many of our clients and investees. In these circumstances, ‘no news is bad news’ – we are not hearing about that which is precisely what we need to know about.”
How prevalent are civic space restrictions? Very. The civil society organisation CIVICUS, which tracks civic space in 197 countries and territories, reports that only 3.2 percent of the world’s population lives in countries with open civic space.
Breaking open the black box: tackling the unknown unknowns
Financial institutions are perhaps the sector most prone to the challenges of scale when it comes to demonstrating responsible business conduct through effective risk management. This is due to their (typically) very large number of client and investee relationships – with those clients and investees frequently being part of vast global value chains. The scale of these business relationships means that financial institutions tend to carry a huge number of possible risk exposures.
Beginning in November 2021, a project group comprised of ABN AMRO, APG, ING, Robeco, and Morningstar Sustainalytics, with advice from the Business & Human Rights Resource Centre and facilitated by Levin Sources, came together for a discussion and exchange process to better understand how financial institutions can strengthen human rights risk assessments of business activities in areas where civic space is restricted. Over the course of eight discussion sessions, the project group consulted with external experts from civil society and academia, as well as with internal colleagues from different organisational functions.
Our project group identified some key observations and distilled ideas about how to potentially tackle the ‘black box’ of information that results from civic space restrictions. The publication provides more detail about these observations and ideas. As the facilitator and primary writer of the publication, here is our Levin Sources short takeaway version – designed especially for companies and financial institutions in and connected to the minerals sector.
- Diversity of written information sources: it’s important for businesses to supplement risk information from ESG data providers, large international organisations and think tanks with news media and civil society sources, especially credible local sources (see maturity model no.2 above)
- Information from ‘frontline’ voices: to truly understand risks, especially in places where civic space is restricted, businesses need to dig deeper where signals indicate risks are more severe (or where there is a significant lack of information – this is also a signal of risk). This means building a body of risk information that is more closely sourced from affected people (see maturity model no.3 above). This may be more laborious for the business, but businesses can consider various approaches to manage resource expenditure, from pooling resources with other businesses that share concerns about certain operating contexts, to collaborating with civil society organisations to build understanding of and gain access to these “frontline” information sources, to focusing deep dives based on the salience methodology
- Avoiding the total automation trap: automated risk scans cannot replace human judgment and human knowledge of human rights and how to identify human rights risks. It’s important for businesses to retain the human element in risk assessment, and invest in ensuring access to that knowledge – ideally in an internal role, but potentially supported by expert external advisors (especially at earlier stages, when the business is building its capacity). Again, the challenge of scale can be tackled through resource pooling, a focus on salient issues, collaboration with experts, and other practical and creative approaches. This blog from Shift is a thoughtful challenge to the assumption that we can’t assess risk at scale.
Where can a business begin?
Getting to a more mature and more effective human rights risk assessment isn’t something that happens overnight. At Levin Sources, we are experts in the complexities and challenges of minerals value chains – we know how tough it is to build an accurate picture of risk. But businesses can – and have – strengthened their human rights risk assessment, even in the most complex minerals value chains, using a stepwise approach that builds on strengths and moves away from less effective practices. Ready to move along the maturity curve and reduce unknown unknowns? We’re happy to hear from you.
The No News is Bad News report is quoted in Chatham House's Investors and the ESG blind spot research paper (July 2023)
Photo by Ehimetalor Akhere Unuabona on Unsplash
