Schjødt's last minute tips in connection with the fast-approaching reporting deadline under the Norwegian Transparency Act

The Transparency Act highlights the importance of conducting thorough due diligence and implementing appropriate measures to mitigate risks for violations of human rights and decent working conditions that a company may cause or contribute to through its own operations or be directly linked to through its supply chain or business partners. 

As part of its mandate to supervise compliance with the Norwegian Transparency Act, the Norwegian Consumer Authority reviewed at least 400 reports during last summer/fall. The Norwegian Consumer Authority published a newsletter specifying systematic weaknesses that were observed in these reports. Companies subject to reporting requirements under the Norwegian Transparency Act are advised to take these observations and other guidance published by the Norwegian Consumer Authority since last summer into account in this year's reporting. 

Schjødt's key observations after reviewing numerous draft reports within the last few weeks and months can be summarised as follows:

• Many reports appear to address human rights risks in the supply chain and related to business partners only and can create the impression that companies do not perform due diligence for all in-scope activities. The scope of the Transparency Act is not limited to an assessment of the supply chain and business partners and the reporting should therefore also address the company's own activities. Furthermore, the Norwegian Consumer Authority has published guidance on assessments in relation to a company's downstream activities, such as sales to customers. The necessary risk-based approach does however in many cases suggest that risks related to a company's supply chain are and should be a key focus area. This is something that can be highlighted in the report. 
• The description of the business operations should provide sufficient information for a review of the findings of the due diligence and measures to be implemented. When reporting for a group of companies, it should be clarified what role the various entities have and what part of the reporting on impacts, risks and measures applies to all of them or only to selected entities / business areas.
• The report should include information on both actual adverse impacts and significant risks for adverse impacts on human rights and decent working conditions. This requires taking position on what risks are considered significant and making a reasoned decision on what to prioritize. The level of detail for the disclosure of impacts and risks should be assessed carefully in light of often interdisciplinary considerations, both legal, strategic and other. 

• The report should include information on relevant mitigation measures and the (expected) results of such measures. The measures should address the risks that were identified.

   

The current geopolitical situation may have affected the focus area of a company's due diligence in the last year. For companies with business activities that – directly or indirectly – are connected to conflict-affected areas, this comes with an expectation of heightened due diligence and in some instances, it might be useful to address this explicitly in this year's report. The Norwegian Consumer Authority has recently published a newsletter on the topic (link). At Schjødt, we generally recommend a holistic approach to risk - and particularly third-party risk - management where not only human rights risks, but also other compliance risks related to for example economic sanctions and export control, corruption, money laundering and other economic crime are considered. These risks often come together. 

Schjødt's Corporate Compliance & Crisis Management team regularly advises clients on compliance with the Norwegian Transparency Act.

We advise amongst others on: 

• Company-wide or business partner-centric risk assessments
• Drafting and improving policies and procedures
• Identifying and implementing adequate mitigation measures, including controls and audits of third parties
• Legal and strategic advice when responding to information requests
• Annual reporting