New human rights risk guidance from the Norwegian Human Rights Institution

As mentioned in our previous newsletter, one of the Norwegian Consumer Authority’s findings - after having reviewed reports from 500 different companies - was the lack of specific risk assessments and measures to address the risks found. However, assessing human rights risk from a business' perspective might be challenging.

The guidance from the NHRI, which has cooperated with the National Contact Point for Responsible Business Conduct Norway, consists of a table with 32 typical different human rights risks relevant to businesses, and gives practical examples of how companies can be involved in violation of these rights.

Some of the examples of human rights risks related to business mentioned by NHRI are:

• If a company is unaware of the fact that its subsidiaries or sub-suppliers are using forced labor in their production facilities. Production facilities employing women and young adults/children are especially vulnerable to this.
• Forced labor will also apply to situations where an employer exposes their workers to peonage schemes (through loans from the company or by taking payment from workers in return for them being able to work) or where a company retains a worker's identification papers. The latter may be a violation of the right to free movement as well.
• If a company fails to ensure a working environment free from serious harassment as this can cause severe mental health issues.
• The right to privacy may be infringed if a company fails to protect the confidentiality of the workers or other individuals' personal information.
• To have operations in a state where the workers are prohibited by law to express their opinions in a public space.

We recommend that all persons responsible for implementing the Norwegian Transparency Act review and consider the table. This is an efficient way to obtain a better understanding of the typical human rights issues that might be relevant for your business.

A crucial element in the human rights due diligence that is required by the Norwegian Transparency Act is the risk assessment. A risk assessment involves identifying and categorising the human rights risk that the company is exposed to, the severity of risk and the severity of the potential negative impacts. Being able to identify a company's high-risk exposure is key to being able to implement relevant and proportionate measures under the Transparency Act. It should also help to avoid adverse impacts for the business, which may consist of legal liability, reputational damage and/or negative publicity.

As the risk assessment should lie at the core of all compliance programs, we recommend prioritising spending time on the company's risk assessment, including documenting the relevant considerations in an internal document. We usually recommend a holistic approach that also reflects relevant corruption, trade control, money laundering, white collar crime and environmental risks when conducting the human rights risk assessment as these are often interrelated. This is however not required by the Norwegian Transparency Act.

The company's risk assessment should be reviewed at least once a year, or following significant changes for example to the products or services the company offers, its supply chain or to the risk landscape.

Schjødt's compliance team regularly assists clients with all steps of companies’ due diligence, including:

• Drafting and reviewing governance and compliance programs, including specific human rights-related policies and procedures.
• Risk assessments, including both general mapping of human rights to get an overview of where the company is exposed to risk, as well as specific risk assessments related to individual projects, activities or regions;
• Identifying and assisting with the implementation of suitable risk mitigation measures, including by advising on the prioritisation of risk and overall mitigation strategy, as well as project-specific measures.
• We also advice companies on their annual reporting under the Norwegian Transparency Act and the follow up of information requests.