Translate Lex Sustineo

Monday, September 13, 2010

Corporate Responsibility as Legal Risk Management

Corporate Responsibility (“CR”) has been referred to as a form of “self-regulation in the shadow of the law.” It is aimed at the management of social expectations between corporate organizations and their stakeholders, most notably in the areas of environment, health and safety, employment, human rights and community relations. While CR may often be voluntarily adopted by corporate organizations, it can and should be seen to serve as an extension of sound legal management, aimed at mitigating legal and other social risks for the business organization.

There are many business reasons to adopt a CR mandate aimed at compliance with social expectations beyond the minimum prescribed by law. The maintenance of a social licence to operate, which can be defined as a practical ability to operate within a particular market, may necessitate that a corporation act in a manner consistent with social expectations, whether or not such expectations are contained within the legal requirements of the State. In this way, CR presents itself as much more than simply aspirational objectives. It implies obligation, which is evidenced by the consequences many businesses have experienced when they have been deemed irresponsible.

But even accepting that CR is something much more than an aspirational objective, there is nevertheless a tendency of corporate leaders, and lawyers, to view CR as something distinct from or unrelated to legal expectations. Perceptions aside, closer examination reveals that CR expectations are highly intertwined and related to formal legal obligations.

The many faces of CR

From the perspective of corporate governance, corporate directors are often held to legal standards of care, skill and loyalty that can require effective implementation of CR practices. In fulfillment of this duty, senior executives may be required to certify internal controls that assure the identification of material social risks to the organization. Moreover, materiality based reporting requirements may necessitate corporations to disclose such risks to the extent that they may affect a company’s financial prospects. Policies and practices in respect of the environment, health and safety, employee relations, and consumers undoubtedly give rise to risks that fall within the scope of these obligations.

A growing consensus is also emerging in the investment community that the risks (both legal and reputational) presented by CR issues areas are material to the long term viability of the corporation. Fund trustees are often subject to higher fiduciary standards including, for example, a duty of impartiality, which requires them to identify, respect and balance the various interests of different participant and beneficiary groups. The international understanding of investment manager fiduciary duties has been expanding to include the permissibility of CR considerations when making investment decisions. Research suggests that taking CR considerations into account in investment analysis is clearly permissible at law in many jurisdictions, or even required as part of an investment manager’s fiduciary duty.

Aside from these governance related drivers of CR, there are other avenues by which CR practices will acquire legal relevance. For example, CR related standards in the areas of environment and health and safety have been used to inform concepts like standard of care relevant to the question of tort liability. The implementation of and adherence to internationally acceptable standards of CR can be useful in establishing defences to allegations of wrongdoing. This can include in relation to regulatory offences that impose strict liability, where penalties or sanctions can only be avoided by demonstrating due diligence, which can be shown where industry standards or best practices, including best practices in relation to CR, have been followed.

In business relationships, adherence to international CR standards may become incorporated into contracts amongst business partners. Where this occurs, there arises the possibility of legal enforcement of contractual agreements regarding adherence to CR expectations.

At the international level, emerging customary expectations in the area of human rights require companies to go beyond minimum compliance with local laws, particularly where such laws are not likely to be enforced by local government. On these standards of conduct, corporate actors may be responsible for complicity in human rights abuses committed by partners through the corporate supply chain, or even as a result of contractual relationships or between the corporate actor and sovereign governments. Civil or even criminal liability (local or international) and social disapprobation affecting corporate reputation may result from complicity by the corporation in human rights abuses which were foreseeable and ought to have been known and avoided by the company.

In these ways, the voluntariness of CR practices reveals itself as somewhat illusionary. Failure to adhere to generally accepted CR best practice can be the basis of legal liability. Moreover, adherence to CR best practices offers a persuasive and justifying reason to avoid legal consequences where corporate conduct is challenged. In light of these legal implications of CR practices, it is clearly essential that CR management be viewed as part and parcel of effective legal risk management more generally.

The drafting or adoption of voluntary codes of conduct in CR areas is, therefore, not a question of public relations or marketing. Instead, it is a matter of corporate governance that may eventually be determinative of legal compliance.

CR strategies—Where to start

Among the first questions corporate leaders must consider in implementing an effective CR/legal risk management program is how to identify standards of behaviour that can be used in corporate governance. There are a wide array of—and often competing—CR related standards to choose from. Among these are the Environmental and Social Standards of the World Bank, the International Standards Organization ("ISO") Environmental Standard 140001 and Social Responsibility Standard 26000, as well as multiple international customary and legal instruments affecting employment and human rights practices. Considerations may include the industry or jurisdiction of the corporate organization, the expectations of stakeholders such as suppliers, customers or business partners, or contractual obligations.

For example, businesses in the garment industry have generally adhered to the international frameworks established by the Fair Labour Association, particularly in light of customer expectations and encouragement from government. The financial sector has widely adopted the Environmental and Social Standards of the World Bank, through the multilateral agreement reached in the Equator Principles. The mining and oil and gas industries are increasingly adherent to the Voluntary Principles on Security and Human Rights, as endorsed by the United Nations and several governments.

Companies may also decide to participate in the development of CR standards and best practices, or to engage stakeholders in the management of CR issues. This can include the establishment of grievance mechanisms, which provide internal processes for the investigation of complaints regarding CR issues, to resolve concerns before they grow into a more adversarial dispute. The objective is for the corporate organization to take proactive steps to address social risk beyond adherence to the express requirements of traditional legal authorities. In so doing however, the corporation mitigates legal risks that may flow from social conflicts.

Two sides of the same coin

The objective of each of these strategies is to ensure that the corporate actor is operating to the greatest extent possible in compliance with social expectations, so as to mitigate social and legal risks to the organization. This necessitates dealing with CR and legal compliance as overlapping and interrelated objectives within the corporate organization, as two sides of the same social risk management coin.

No comments: