Hostname: page-component-cd9895bd7-8ctnn Total loading time: 0 Render date: 2024-12-22T13:49:36.612Z Has data issue: false hasContentIssue false

Human Rights Due Diligence as Risk Management: Social Risk Versus Human Rights Risk

Published online by Cambridge University Press:  11 October 2016

Abstract

The UN Guiding Principles on Business and Human Rights endorse a risk management perspective of human rights due diligence, which may create ambiguities with regard to the nature of risk and the objectives of risk management. By ‘human rights risk’ we understand a business enterprise’s potential adverse human rights impacts. Human rights risk can be contrasted to an enterprise’s ‘social risk’ which refers to the actual and potential leverage that people or groups of people with a negative perception of corporate activity have on the business enterprise’s value.

This article puts forward the argument that due diligence in respect of human rights risk is conceptually incompatible with the management of social risk, because social risk management and human rights due diligence vary at each step of the risk management process (risk identification, risk measurement and assessment, risk reduction measures). To resolve this incompatibility, an effective integration of human rights due diligence processes into corporate risk management systems would require an elevation of human rights respect to a corporate goal that determines corporate strategy.

Type
Articles
Copyright
Copyright © Cambridge University Press 

Access options

Get access to the full version of this content by using one of the access options below. (Log in options will check for institutional or personal access. Content may require purchase if you do not have access.)

Footnotes

*

Professor of Law, EDHEC Business School, LegalEdhec Research Center, [[email protected]].

References

1 For the sake of clarity, this article understands the term ‘business corporation’ to refer to a business enterprise whose commanding entity takes the legal form of a corporation or company limited by shares, and which pays dividends to its shareholders based on net profits. Responsibilities to respect human rights transcend the controlling entity and can be applied throughout the entire group. The wider term ‘business enterprise’ could cover any kind of commercially motivated operation, for example non-dividend-paying social businesses, commercial networks, or sole proprietorships. For various ways of organizing a business enterprise, see Orts, Eric W, Business Persons - A Legal Theory of the Firm (Oxford: Oxford University Press Oxford, 2013) 175 CrossRefGoogle Scholar; see also Ruggie, John, Just Business - Multinational Corporations and Human Rights (New York: W.W. Norton & Company, 2013) 9798 Google Scholar, who writes that in the case of a multinational corporation the notion ‘enterprise’ would include the ‘entire corporate group, however it is structured’.

2 Human Rights Council, ‘Guiding Principles on Business and Human Rights: Implementing the United Nations “Protect, Respect and Remedy” Framework’, A/HRC/17/31 (21 March 2011).

3 The International Council on Mining and Metals recommends ‘stand-alone human rights impact assessments’ in certain situations, in particular where a ‘range of human rights issues merit or require in-depth/discrete analysis’; see International Council on Mining and Metals (ICMM), ‘Human rights in the mining and metals industry - Integrating human rights due diligence into corporate risk management processes’, (March 2012), https://www.icmm.com/page/75929/integrating-human-rights-due-diligence-into-corporate-risk-management-processes (accessed 25 July 2016). For an example of a non-integrative approach to managing human rights risk, see Baab, Mike and Jungk, Margaret, ‘The Arc of Human Rights Priorities: A New Model for Managing Business Risk’, (2011) Danish Institute for Human Rights Google Scholar (the subheading ‘a new model for managing business risk’ could be misleading, since the model deals with human rights risks and not business risk).

4 The official commentary to UNGP 17, note 2, 18–19, says that, ‘Human rights due diligence can be included within broader enterprise risk management systems, provided that it goes beyond simply identifying and managing material risks to the company itself, to include risks to rights-holders.’ In an ongoing survey performed by the Business & Human Rights Resource Centre, it is possible to view responses of business corporations to the question of how they manage human rights. At the time of writing this article, most business corporations that offered information on the issue explained that human rights would be integrated into their risk management frameworks, cf the survey at http://business-humanrights.org/en/company-action-platform (accessed 25 July 2016). See also, Désirée Abrahams and Yann Wyss, ‘Guide to Human Rights Impact Assessment and Management (HRIAM)’ (2010) guide endorsed by The International Business Leaders Forum (IBLF) and the International Finance Corporation (IFC), in association with the UN Global Compact for the global oil and gas industry see Ngyuen, Tam et al, ‘Management Systems Approach to Managing Human Rights Issues’ (2012) Society of Petroleum Engineers, doi:10.2118/158123-MS Google Scholar.

5 Human Rights Council, note 2, 16, commentary to UNGP 17; see also the definition of ‘human rights risk’ at United Nations Office of the High Commissioner, ‘The Corporate Responsibility to Respect Human Rights - An Interpretative Guide’, HR/PUB/12/02 (2012), 6–7. Under such a definition of risk, the UNGPs due diligence concept differs from approaches to human rights due diligence that are expressed exclusively in terms of preventing and mitigating the business and legal risks facing business corporations, as proposed by Sherman, John F III and KLehr, Amy, ‘Human Rights Due Diligence: Is It Too Risky?’, Corporate Social Responsibility Initiative Working Paper No. 55. (Cambridge, MA: John F. Kennedy School of Government, Harvard University, 2010)Google Scholar, http://www.hks.harvard.edu/m-rcbg/CSRI/publications/workingpaper_55_shermanlehr.pdf (accessed 25 July 2016).

6 Early on the Human Rights Council emphasized fundamental differences between social risk management and human rights due diligence. On this point see, e.g., Human Rights Council, ‘Human Rights Impact Assessments - Resolving Key Methodological Questions’, A/HRC/4/74 (5 February 2007). However, this article proposes that human rights due diligence not only requires a different risk management approach as suggested by the Human Rights Council (HRC), but that such a different approach implies different analyses to be made at each step of the risk management process.

7 It is acknowledged that business corporations do not conduct risk management homogenously. Existing risk management standards give management much leeway in designing risk management processes. Geographical, cultural, organizational and market contexts account for varying and complex approaches. Therefore, the arguments presented here are conceptual rather than empirical in nature.

8 There is no agreed upon definition of ‘enterprise risk management’ (ERM). ERM commonly refers to an integrative approach to risk management that is informed by an organization’s highest level goals and strategies. For example, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) defines ERM as ‘a process, effected by an entity’s board of directors, management or other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives’ (see, Committee of Sponsoring Organizations of the Treadway Commission, Enterprise Risk Management – Integrated Framework, Executive Summary, (COSO, 2004) 2 Google Scholar).

9 See, for example, Human Rights Council, ‘Report of the Special Representative of the Secretary-General on the Issue of Human Rights and Transnational Corporations and Other Business Enterprises’, A/HRC/11/13 (22 April 2009), para 51: ‘Businesses routinely employ due diligence to assess exposure to risks beyond their control and develop mitigation strategies for them, such as changes in government policy, shifts in consumer preferences, and even weather patterns. Controllable or not, human rights challenges arising from the business context, its impacts and its relationships can pose material risks to the corporation and its stakeholders, and generate outright abuses that may be linked to the corporation in perception or reality. Therefore, they merit a similar level of due diligence as any other risk.’

10 Human Rights Council, ‘Report of the Special Representative of the Secretary-General on the Issue of Human Rights and Transnational Corporations and Other Business Enterprises, John Ruggie’, A/HRC/17/31/Add.2 (23 May 2011) 8.

11 Ruggie, John, ‘Global Governance and “New Governance Theory”: Lessons from Business and Human Rights’ (2014) 20 Global Governance 5 Google Scholar, 14. However, a forward-looking management standard can be useful in informing the contents of a due diligence liability standard – see, e.g., Bonnitcha, Jonathan and McCorquodale, Robert, ‘Is the Concept of “Due Diligence” in the Guiding Principles Coherent?’ (2013)Google Scholar, http://ssrn.com/abstract=2208588 or http://dx.doi.org/10.2139/ssrn.2208588 (accessed 25 July 2016).

12 The fourth EU money laundering directive, EU Directive 2015/849, could serve as an example for such an enhanced risk-based regulatory approach. Art 8 of the directive provides that member state laws impose certain risk management and compliance processes on financial and credit institutions as well as other entities that could be targeted by money laundering. Such companies are to have controls and procedures to mitigate and manage effectively the risks of money laundering and terrorist financing. For an overview of risk-based regulation see, e.g., Black, Julia, ‘Risk-based Regulation: Choices, Practices and Lessons Being Learnt’ in OECD, Risk and Regulatory Policy - Improving the Governance of Risk (Paris: OECD Publishing, 2010) 185224 CrossRefGoogle Scholar, and, more generally, the research of the Centre for Analysis of Risk and Regulation (CARR) and the London School of Economics, http://www.lse.ac.uk/accounting/CARR/home.aspx (accessed 25 July 2016).

13 Michael Power describes the regulatory focus on a regulated entity’s internal controls as turning organizations ‘inside out’, see Power, Michael, The Risk Management of Everything: Rethinking the Politics of Uncertainty (London: Demos, 2004) 2425 Google Scholar.

14 International Standards Organization ISO-31000, Risk Management (2009) ISO, Guide ISO 79 (2009).

15 Cf, for example, Purdy, Grant, ‘ISO 31000:2009—Setting a New Standard for Risk Management’ (2010) 30:6 Risk Analysis, 881886 CrossRefGoogle ScholarPubMed; Aven, Terje, Renn, Ortwin and Rosa, Eugene A, ‘On the Ontological Status of the Concept of Risk’ (2011) 49:8–9 Safety Science, 10741079 CrossRefGoogle Scholar.

16 Taylor, Mark B, Zandvliet, Luc and Forouhar, Mitra, ‘Due Diligence for Human Rights: A Risk-based Approach’, Corporate Social Responsibility Initiative, Working Paper No. 53, (Cambridge, MA: John F. Kennedy School of Government, Harvard University, 2009)Google Scholar, http://www.hks.harvard.edu/m-rcbg/CSRI/publications/workingpaper_53_taylor_etal.pdf (accessed 25 July 2016); see also United Nations Office of the High Commissioner (2012), note 5, which uses the catchphrase describing human rights due diligence as ‘knowing and showing’ that a business respects human rights.

17 Ruggie, note 1, 99.

18 Cf, note 8.

19 Cf Boatright, John, ‘Risk Management and the Responsible Corporation: How Sweeping the Invisible Hand?’ (2011) 116:1 Business and Society Review, 145170 CrossRefGoogle Scholar; Hubbard, Douglas W, The Failure of Risk Management: Why It’s Broken and How to Fix It (New York: John Wiley & Sons, 2009) 457458 Google Scholar.

20 For these techniques see in particular Loch, Christopher H, DeMeyer, Arnoud and Pich, Michael T, Managing the Unknown: A New Approach to Managing High Uncertainty and Risk in Projects (New York: John Wiley & Sons, 2006)CrossRefGoogle Scholar; Andersen, Torben J and Schroder, Peter W, Strategic Risk Management Practice (Cambridge: Cambridge University Press, 2010)CrossRefGoogle Scholar.

21 Cf Kytle, Beth and Ruggie, John, ‘Corporate Social Responsibility as Risk Management: A Model for Multinationals’, Corporate Social Responsibility Initiative Working Paper No. 10 (Cambridge, MA: John F. Kennedy School of Government, Harvard University, 2005)Google Scholar; Jeffery, Neil, ‘Stakeholder Engagement: A Road Map to Meaningful Engagement’, Doughty Centre ‘How to do Corporate Responsibility’ Series No 2, (2009), 26 Google Scholar, 35.

22 Ruggie, note 1, 99–100.

23 This is not the place to engage in a discussion of the moral and policy implications of formulating problems and solutions in terms of risk. That any risk assessment does not merely require an empirical analysis of objective facts but at least also an appreciation of risk as a social construct with a normative basis is broadly accepted throughout the literature on risk and society. See, e.g., Beck, Ulrich, ‘Living in the World Risk Society’ (2006) 35:3 Economy and Society, 329345 CrossRefGoogle Scholar; Renn, Ortwin, Risk Governance: Coping with Uncertainty in a Complex World (London: Earthscan, 2008)Google Scholar; Rendtorff, Jacob D, ‘Risk Management, Banality of Evil and Moral Blindness in Organizations and Corporations’ in Christoph Luetge and Johanna Jauernig (eds.), Business Ethics and Risk Management (Dordrecht: Springer, 2014)Google Scholar.

24 Power, Michael, ‘Risk, Social Theories and Organizations’, in Paul Adler et al (eds.), The Oxford Handbook of Sociology, Social Theory, and Organization Studies (Oxford: Oxford University Press, 2014) 370392 Google Scholar.

25 Definitions of ‘social risk’ vary but have in common the focus on the business’s interests. For example, Kytle and Ruggie, note 21, define social risk as occurring ‘when an empowered stakeholder takes up a social issue area and applies pressure on a corporation (exploiting a vulnerability in the earnings drivers – e.g. reputation, corporate image), so that the company will change policies or approaches in the marketplace’. Thus understood, pressure points on a business enterprise constitute social risk. See also Robert Holzmann, Lynne Sherburne-Benz and Emil Tesliuc, Social Risk Management: The World Bank Approach to Social Protection in a Globalizing World World Bank (May 2003) DC: World Bank (2003); Tamara Bekefi, Beth Jenkins and Beth Kytle, ‘Social Risk as Strategic Risk’, Corporate Social Responsibility Initiative, Working Paper No. 30 (Cambridge, MA: John F. Kennedy School of Government, Harvard University, 2006), present social risk as a factor for stakeholders or groups of people who, regarding a certain issue, have a negative perception of the company and may do damage to it.

26 See, for a discussion of the SLO and its relationship to academic concepts such as legitimacy, social contract and stakeholder theory Morrison, John, The Social License to Operate: How to Keep your Organization Legitimate (New York: Palgrave MacMillan, 2014)Google Scholar; Demuijnck, Geert and Fasterling, Björn, ‘The Social License to Operate’ (2016) 136:4 Journal of Business Ethics, 675685 CrossRefGoogle Scholar.

27 United Nations Office of the High Commissioner, note 5, 5.

28 ISO (2009), note 14.

29 Fraser, Ian and Henry, William, ‘Embedding Risk Management, Structures and Approaches’ (2007) 22:4 Managerial Auditing Journal, 392409 CrossRefGoogle Scholar; Jondle, Douglas et al, ‘Modern Risk Management Through the Lens of the Ethical Organizational Culture’ (2013) 15:1 Risk Management, 3249 CrossRefGoogle Scholar.

30 COSO, note 8.

31 See, e.g., Boatright, note 19.

32 For the expression ‘human rights respect as a necessary cost of doing business’, see Arnold, Denis G, ‘Transnational Corporations and the Duty to Respect Basic Human Rights’ (2010) 20:3 Business Ethics Quarterly, 371399 CrossRefGoogle Scholar.

33 Fiduciary or similar managerial duties owed to the corporation would probably not impede such an approach. See, for example, Human Rights Council, note 10. Peter Muchlinski takes this notion a step further by saying that duties of care may evolve in a way that they are also owed to foreseeable potential victims of business-related human rights infringements; see Muchlinski, Peter, ‘Implementing the New UN Corporate Human Rights Framework: Implications for Corporate Law, Governance, and Regulation’ (2012) 22:1 Business Ethics Quarterly, 145 CrossRefGoogle Scholar, 157 et seq.

34 The ‘business case’ is understood here as a notion that is justified by value maximization, or simply put, ‘the bottom line’ for the business corporation. Occasionally, a different understanding of ‘business case’ becomes promulgated, for example by The global oil and gas industry association for environmental and social issues (IPIECA) that writes, ‘it is good business practice to understand the potential human rights issues and impacts associated with business operations, and to factor them into management plans.’, IPIECA, Human Rights Due Diligence Process: A Practical Guide to Implementation for Oil and Gas Companies (London: IPIECA, 2012)Google Scholar. For a demonstration of the conceptual weaknesses of ‘business case’ thinking with regard to the human rights responsibilities of business enterprises see Wettstein, Florian, ‘Human Rights as a Critique of Instrumental CSR: Corporate Responsibility Beyond the Business Case’ (2012) XXVIII(106) Notizie di Politeia, 1833 Google Scholar.

35 Institute for Human Rights and Business, From Red to Green Flags - The Corporate Responsibility to Respect Human Rights in High-risk Countries (London: IHRB, 2011)Google Scholar.

36 See, e.g., Business Leaders Initiative on Human Rights (BLIHR), ‘A Guide for Integrating Human Rights into Business Management’ (2009), http://www.integrating-humanrights.org/ (accessed 21 December 2015).

37 Human Rights Reporting and Assurance Frameworks Initiative (RAFI), ‘UN Guiding Principles Reporting Framework’ (2015), http://www.ungpreporting.org/reporting-framework/ (accessed 25 July 2016).

38 Spedding, Linda and Rose, Adam, Business Risk Management Handbook - A Sustainable Approach (Oxford: Elsevier, 2011) 313366 Google Scholar.

39 Taylor et al, note 16.

40 Cf Graetz, Geordan and Franks, Daniel M, ‘Incorporating Human Rights into the Corporate Domain: Due Diligence, Impact Assessment and Integrated Risk Management’ (2013) 31:2 Impact Assessment & Project Appraisal, 97106 CrossRefGoogle Scholar; Abrahams and Wyss 2010, note 4, 20.

41 Business for Social Responsibility (BSR) Conducting an Effective Human Rights Impact Assessment - Guidelines, Steps, and Examples (BSR, 2013) 6.

42 Studies on links between business success and ‘corporate social responsibility’ are far more common. However, even such studies must be read with caution as regards the evidence for a ‘business case’, see in particular Rost, Katja and Ehrmann, Thomas, ‘Reporting Biases in Empirical Management Research: The Example of Win-Win Corporate Social Responsibility’ (2015) Business & Society, 149 Google Scholar.

43 Davis, Rachel and Franks, Daniel, ‘Costs of Company-Community Conflict in the Extractive Sector’, Corporate Social Responsibility Initiative Report No. 66 (Cambridge, MA: Harvard Kennedy School, 2014)Google Scholar.

44 The problematic two-sidedness of the supposed ‘business case’ for human rights respect finds a parallel in the more general discussion about a business corporation’s interest in obtaining a ‘social license to operate’. For more on this, see Demuijnck and Fasterling, note 26.

45 See for example Kytle and Ruggie, note 21.

46 See in a wider context Paine, Lynn Sharp, ‘Does Ethics Pay?’ (2000) 10:1 Business Ethics Quarterly, 319330 CrossRefGoogle Scholar, who puts forward that the business case for ethical behavior of companies is rather highly dependent on context and situation than generally given.

47 For a parallel argument that calls into question Michael Porter and Mark Kramer’s ‘Creating shared value’ concept, see Crane, Andrew et al, ‘Contesting the Value of Creating Shared Value ’ (2014) 56(2) California Management Review, 130 CrossRefGoogle Scholar, 136–8.

48 Condamin, Laurent, Louisot, Jean-Paul and Naïm, Patrick, Risk Quantification: Management, Diagnosis and Hedging (Hoboken: Wiley & Sons, 2006) 14 Google Scholar et seq.

49 A further illustration of the point could be made by making reference to the IPIECA, note 34, 4. The organization puts forward several business drivers for improving human rights due diligence, among which: ‘help prevent disruptions to construction and future disruptions to operations, and improve business continuity, including providing reliable energy and managing budgets and schedules’. Disruptions indeed expose a business’s assets. However, for assessing risks to the business’s assets it does not matter if a business disruption could be linked to corporate activity that has been qualified as having an adverse human rights impact or not. A business corporation could perfectly manage risks of business disruption, prioritizing its factual causes according to their probability and severity without undertaking any kind of normative assessment.

50 To the extent that risk management is conducted through establishing correlations between adverse human rights impacts and losses, the indirect nature of causality might be less relevant. However, establishing correlations between adverse human rights impacts and losses (to value) has been limited to date, because adverse human rights impacts can only be identified when taking into account normative assessments of the individual case, which has so far excluded the existence of large datasets offering comparable data for establishing reliable correlations.

51 According to mainstream stakeholder theory as it is defended by Edward Freeman and others, stakeholder interests are taken into account instrumentally, i.e., with a view to maximizing the value of the firm. See for example Phillips, Robert, Edward Freeman, R and Wicks, Andrew C, 2003, ‘What Stakeholder Theory is not’ (2003) 13:4 Business Ethics Quarterly, 479 CrossRefGoogle Scholar, 486 et seq. For the notion of instrumental stakeholder theory, see Jones, Thomas M, ‘Instrumental Stakeholder Theory: A Synthesis of Ethics and Economics’ (1995) 20:2 Academy of Management Review, 404437 Google Scholar. People who have no leverage over the business’s operations and whose lives are negatively affected by business activities would only be taken into account as ‘stakeholders’ under a normative perspective on stakeholder theory that emphasizes the need to consider those with legitimate (moral) claims on the company rather than just those with significant stakes in it. On this point, see Waxenberger, Bernhard and Spence, Laura J, ‘Reinterpretation of a Metaphor: From Stakes to Claims’ (2003) 12:5 Strategic Change, 239249 CrossRefGoogle Scholar.

52 In a similar vein, Florian Wettstein argues that an instrumental account of corporate responsibility would motivate companies to prioritize stakeholders with a high potential impact on the business rather than paying attention to those who have little power to make their own claims heard, see Wettstein, note 34, 27.

53 Ruggie, note 1, 99–100.

54 Cf United Nations Office of the High Commissioner (2012), note 5, 7, where it is noted that human rights risk is prioritized according to severity of impact.

The commentary to UNGP 14 defines ‘severe human rights impact’ with reference to its scale, scope and irremediable character; see Human Rights Council, note 2, 16.

55 Condamin, Louisot and Naïm, note 48, 28 et seq.

56 Some risk management advisors appear to have developed methodologies for measuring adverse human rights impacts. For example, on its website Verisk Maplecroft claims that its ‘Human Rights Risk Atlas 2015’ would ‘help business, investors and international organisations assess, compare and mitigate human rights risk across all countries.’; see https://maplecroft.com/themes/hr/ (accessed 25 July 2016). However, to the extent that the details of their methodologies are held confidential, they cannot be satisfactorily appraised by academic research. The same applies to corporations that communicate assessments of human rights risk, but do not disclose how it is quantified.

57 See ‘The Corporate Human Rights Benchmark – Pilot Methodology 2016’, jointly developed by Aviva Investors, Business & Human Rights Resource Centre, Calvert Investments, Institute for Human Rights and Business, VBDO and Vigeo Eiris, available at https://business-humanrights.org/en/corporate-human-rights-benchmark (accessed 25 July 2016). Damiano de Felice demonstrates the prospects but also the shortcomings and pitfalls of human rights performance indicators; see de Felice, Damiano, ‘Business and Human Rights Indicators to Measure the Corporate Responsibility to Respect: Challenges and Opportunities’ (2015) 37 Human Rights Quarterly, 511555 CrossRefGoogle Scholar.

58 Cf United Nations Office of the High Commissioner, note 5, 7.

59 Hoyt, Robert E and Liebenberg, Andre P, ‘The Value of Enterprise Risk Management’ (2011) 78:4 Journal of Risk and Insurance, 795822 CrossRefGoogle Scholar.

60 The prerequisite of having an available common measure for assessing risk has led to ERM being questioned as a basis for rational decision-making. See in particular Schiller, Frank and Prpich, George, ‘Learning to Organise Risk Management in Organisations: What Future for Enterprise Risk Management’ (2014) 17:8 Journal of Risk Research, 9991017 CrossRefGoogle Scholar.

61 Spedding and Rose, note 38.

62 Note that in their book Spedding and Rose do not explain in detail how they reached these estimations.

63 See on this point Schiller and Prpich, note 60.

64 The ISO 31000:2009 standard recommends several risk reduction measures:

- (1) ‘Avoiding the risk by deciding not to start or continue with the activity that gives rise to the risk’

- (2) ‘Accepting or increasing the risk in order to pursue an opportunity’

- (3) ‘Removing the risk source’

- (4) ‘Changing the likelihood’

- (5) ‘Changing the consequences’

- (6) ‘Sharing the risk with another party or parties (including contracts and risk financing)’

- (7) ‘Retaining the risk by informed decision’.

65 Note that the official commentary to UNGP 11 deems that such positive measures do not offset failure to respect human rights, see Human Rights Council, note 1, 14.

66 Catherine Coumans reports a case that provides an extreme example of the point made here. In this case the corporation’s social risk reduction measures may even have intensified human rights risk. A mining corporation had engaged with consultants, development agencies and socially responsible investment firms, and it was precisely this engagement that may have facilitated the continuation of harmful practices. According to Coumans, such situations can arise when the intermediaries in question fail to advance the claims being made by rights-holders against the corporation, when they lend legitimacy to corporate strategies, and, being bound by confidentiality agreements, remain silent about the human rights abuses which they are able to observe. See Coumans, Catherine, ‘Occupying Spaces Created by Conflict: Anthropologists, Development NGOs, Responsible Investment, and Mining: with CA comment by Stuart Kirsch’ (2011) 52(S3) Current Anthropology, Corporate Lives: New Perspectives on the Social Life of the Corporate Form, 2943 CrossRefGoogle Scholar.

67 See, for example, Damodaran, Aswath, Strategic Risk Taking – A Framework for Risk Management (New Jersey: Pearson / Wharton School Publishing, 2007)Google Scholar.

68 See above, note 64.

69 Joseph Heath cautions against assuming perfectly rational behavior of companies. He suggests that agency theory and other economic theories based on rational behavior models would be helpful analysis tools as they operationalize ‘a certain form of moral scepticism’ and show ‘what the consequences of generalized immorality would be’—rather than tools to predict actual behavior. See Joseph Heath ‘The Uses and Abuses of Agency Theory’ (2009) 19:4 Business Ethics Quarterly, 497–528.

70 However, popular ‘business case’ thinking that underwrites the view that it might be profitable to respect human rights is implicitly suggesting that it is a consideration to take into account. A parallel argument with regard to the corporate responsibility to respect human rights as being moral duty has been presented by Fasterling, Björn and Demuijnck, Geert, ‘Human Rights in the Void? Due Diligence in the UN Guiding Principles on Business and Human Rights’ (2013) 116 Journal of Business Ethics, 799814 CrossRefGoogle Scholar.

71 Muchlinski, note 33.

72 In the field of private security, reference could be made to the Voluntary Principles on Security and Human Rights, see: http://www.voluntaryprinciples.org (accessed 20 June 2016). For a case study on the implementation of the Principles and the problems associated with their use on the ground see, e.g., EarthRights International &The Centre for Environment, Human Rights and Development, ‘Assessing and Improving the Voluntary Principles on Security & Human Rights: Lessons from the Nigerian Experience’ (May 2013), https://www.earthrights.org/publication/assessing-and-improving-voluntary-principles-security-human-rights (accessed 20 June 2016).

73 See above, Section IV.

74 Cf United Nations Office of the High Commissioner, note 5, 51, that recommends not entering into a business relationship, when it is unlikely that the business enterprise can use its leverage to prevent or mitigate the risk of human rights abuses by the other party.

75 Fasterling, Björn, ‘UN Guiding Principles on Business and Human Rights – Implications for Human Rights Risk Management’ (2015) 27 Revue Internationale de la Compliance et de l’Ethique des Affaires, 2023 Google Scholar.

76 Cf Wesley Cragg, who argues that the respect of human rights as an explicit ethical obligation would provide the responsibility to respect with a stronger justificatory foundation. Cragg, Wesley, ‘Ethics, Enlightened Self-Interest, and the Corporate Responsibility to Respect Human Rights: A Critical Look at the Justificatory Foundations of the UN Framework’ (2012) 22:1 Business Ethics Quarterly 936 CrossRefGoogle Scholar. Björn Fasterling and Geert Demuijnck hold that corporate responsibility to respect human rights would need a ‘moral commitment’ by corporate agents to be effective, Fasterling and Demuijnck, note 70.

77 Denis G Arnold has argued that human rights respect should be interpreted in a moral sense, meaning that human rights should be considered as minimal ethical requirements that are universally valid, which implies that the moral duty to respect them would be an absolute side-constraint of doing business. See Arnold, note 32.

78 For this argument, cf Sherman and Lehr, note 5.