Corporate risk continues to evolve, particularly in the field of human rights and corporate responsibility. Increasingly, human rights obligations are viewed as corporate obligations. Drivers of this shift include the UN Guiding Principles on Business and Human Rights, transnational civil litigation, investor disclosure expectations and an array of domestic regulations.

For fund sponsors, the private funds they manage and the investors in those funds, human rights and corporate responsibility compliance at the level of the portfolio company increasingly is becoming more important, from both a legal and a reputational perspective.

By managing a private fund that invests in, or provides financing to, a portfolio company that fails to satisfy its human rights and corporate responsibility obligations, a fund sponsor is exposed to liability. It is important for the fund sponsor to understand, and monitor, its portfolio companies’ approaches to human rights compliance and corporate risk matters.

By committing to a private fund that invests in, or provides financing to, a portfolio company that fails to satisfy its human rights and corporate responsibility obligations, an investor may be deemed to be directly linked to an adverse human rights impact. As such, it is becoming increasingly more common for human rights and corporate responsibility issues to factor in the fund sponsor due diligence process in a similar way to anti-corruption compliance matters.

Changes in the corporate risk landscape are not unprecedented. Over the last decade, corporate anti-corruption laws have multiplied, along with increasingly vigorous enforcement, even sometimes in unexpected places. This has promoted the creation of robust anti-corruption compliance programs requiring businesses to set clear statements of policy, establish due diligence processes, monitor and test for compliance and provide mechanisms for remediation.

Substantively, there is much overlap: heat maps of countries with high corruption risk often mirror those of countries with high human rights risk. Corruption can fuel or at least facilitate human rights abuses, such as human trafficking, and vice versa. For portfolio companies, building a human rights compliance program by leveraging existing anti-corruption compliance programs provides a powerful, practical and efficient approach for seeking to address evolving human rights risks.

1. Portfolio Companies Can Meet Human Rights Responsibilities by Adopting Processes for Addressing Adverse Human Rights Impacts

As a matter of international human rights law, the responsibility to address human rights abuses has largely been seen as a matter of state competence. This legal obligation rests on individual states to comply, which in turn can act domestically through criminal and administrative law provisions.

The UN Guiding Principles on Business and Human Rights (the "Guiding Principles"), which were unanimously endorsed by the UN Human Rights Council in 2011, are an innovation to that basic approach. They seek to address—on an international level—the individual responsibility of companies, advancing a voluntary, systems-based approach to corporate human rights obligations. The Guiding Principles largely have been lauded in policy and academic circles, as well as by civil society organizations, and have taken a central role in shaping transnational civil liability, investor disclosure expectations and relevant domestic regulations.

The Guiding Principles distinguish between public- and private-sector human rights responsibilities. States must protect human rights. Businesses must respect human rights. Respect is systems-focused. That is, businesses respect human rights by adopting policies and implementing processes to address adverse human rights impacts with which they are involved.

2. Compliance Programs Can Be Built on Existing Models

Before legal corporate human rights emerged as a more formalized risk, businesses witnessed a similar evolution in anti-corruption laws. In response to a growing number of scandals and concerns regarding corporate bribery, the U.S. Congress enacted the Foreign Corrupt Practices Act ("FCPA") in 1977, outlawing the bribery of foreign officials. But anti-corruption enforcement in the United States remained relatively limited for decades: for 1977 through 1997, the websites of the U.S. Department of Justice ("DOJ") and the Securities and Exchange Commission ("SEC") reflect only 39 FCPA-related enforcement actions.

Outside the United States, efforts to combat transnational corruption progressed more slowly. Until the late 1990s, the German, French and Swedish governments, among others, still deemed bribes paid to foreign officials by local companies to be tax-deductible. The attitude shifted markedly with the adoption of the OECD Anti-Bribery Convention in 1997. The Convention requires signatory countries to criminalize offering or giving bribes to foreign public officials under their domestic laws. One by one, the OECD signatory nations have implemented national legislation proscribing the bribery of foreign officials.

Meanwhile, the enforcement of anti-corruption legislation has ballooned. Over the last decade, the DOJ and SEC websites recount 350 FCPA-related enforcement actions, roughly nine times as many as in the first 20 years the statute was in force. And anti-corruption enforcement is no longer the exclusive province of U.S. regulators. Recent years have witnessed a growing intensity of anti-corruption enforcement throughout the world, including in South America, Europe and Asia.

In seeking to enhance anti-corruption compliance, regulators around the world increasingly have articulated standards for what constitutes an effective compliance program. The broad strokes are often largely the same. For example, the UK Ministry of Justice has underscored the importance of proportionate procedures, committed management, risk assessment, communications (including training), due diligence and monitoring. Likewise, DOJ’s and SEC’s 2012 Resource Guide, as well as DOJ’s April 2016 Guidance unveiling its new FCPA pilot program, have emphasized: (1) an established culture of compliance; (2) effective policies and procedures, including a code of conduct; (3) sufficient oversight, autonomy and resources for the compliance program, including qualified and experienced personnel; (4) risk assessment; (5) adequate training and continuing advice; (6) positive incentives and disciplinary measures; (7) the mitigation of third-party risks through due diligence; (8) a confidential reporting mechanism and an efficient and reliable internal investigation process; (9) continuous improvement through periodic testing and review; and (10) adequate due diligence on acquisition targets. The Decree implementing the so-called Brazilian Clean Company Act sets out similar parameters for assessing the effectiveness of a compliance program.

As a further incentive to adopt compliance programs, regulators may consider such programs in determining whether to charge a corporate violation or at least in deciding what penalty to impose (or seek). Indeed, the sole defense against the corporate offense of failing to prevent bribery under the UK Bribery Act is that the company had “adequate procedures” in place designed to prevent bribery by associated persons. In the United States, although not a formal defense, both DOJ and SEC routinely consider a company’s compliance program as part of their investigations. Last year, DOJ hired a compliance consultant to help with this important task. As reflected in the U.S. Sentencing Guidelines, a company’s failure to prevent a particular violation does not necessarily mean that the entity’s compliance program is ineffective. Regulators therefore focus on a compliance program’s good faith design, implementation and enforcement.

Of course, there are no “one-size-fits-all” effective compliance programs. Each program should be fashioned to meet an organization’s specific needs and risks. In general, regulators’ measures of an effective anti-corruption compliance program, as laid out above, are instructive for fashioning programs that are likewise effective for demonstrating respect for human rights. The Guiding Principles add to this mix an expectation of public reporting. The cornerstone of each of these expectations is for the business to prioritize risks from the perspective of those whose rights might be negatively impacted.

3. The Regulatory Landscape Is Evolving

The Guiding Principles are reshaping corporate risk in a way similar to that of the OECD Anti-Bribery Convention. First, they provide a benchmark against which consumers, investors, courts and activists can assess corporate respect for human rights. Second, just as the OECD Convention led to national regulation of extraterritorial corruption, the Guiding Principles have inspired legislation to enforce business respect for human rights.

The trend is most apparent in the context of human trafficking (or modern slavery), which corruption can facilitate. Recent anti-trafficking legislation includes the California Transparency in Supply Chains Act, the UK Modern Slavery Act and the U.S. Federal Acquisition Regulation on Ending Trafficking in Persons. The risks created by each of these regulations differ.

The California and UK Acts, for instance, focus on disclosure. Thus, the California Transparency in Supply Chains Act requires that businesses disclose any measures they take relating to verification, audits, certification, internal accountability and training; it does not mandate that businesses adopt particular processes regarding their supply chains. Similarly, the UK Modern Slavery Act focuses on disclosure, though it broadens the set of relevant business activities. Companies can comply with both regulations by reporting that they have done nothing to prevent human trafficking. When a company reports that it has taken measures to address human trafficking, those representations must of course be true, and litigation risk may ensue if they are not.

The U.S. Federal Acquisition Regulation on Ending Trafficking in Persons goes further. Issued in March 2015, the regulation significantly expands the responsibility of federal contractors sourcing over $500,000 in overseas goods or services to adopt measures to prevent human trafficking and forced labor. In particular, contractors must now develop, and annually certify, detailed Human Trafficking Compliance Plans evidencing: (1) policies and procedures related to recruitment, wages and housing; (2) employee training and awareness-raising; (3) due diligence measures to monitor, detect and terminate subcontractors; and (4) confidential grievance mechanisms to report violations.

Modern slavery legislation is just one aspect of emerging corporate human rights risk. The trend, however, is clear. As with anti-corruption two decades ago, corporate human rights risks are quickly multiplying. At the same time, the expectations of businesses are becoming more certain and practical.

Even as the breadth of these risks evolves, we can clearly discern regulatory focus on compliance program design. Against this backdrop, lessons internalized from anti-corruption efforts—regarding codes of conduct, due diligence, internal investigations, etc.—are invaluable for businesses seeking to navigate modern human rights risk.

4. Integrated Risk Management Can Bring Substantial Benefits in Efficiency and Effectiveness

The evolution of anti-corruption compliance not only helps us understand trend lines for human rights compliance, but also provides a practical model that companies can leverage to meet the expectations of regulators, courts, and investors. The fundamental compliance structure is the same: businesses must set clear statements of policy, establish due diligence processes, monitor and test for compliance and provide mechanisms for remediation. In addition, compliance functions require sufficient resources and autonomy. The foundation of both anti-corruption and human rights compliance is risk- and context-sensitive, including obligations that extend to agents and subcontractors.

As corporate risks evolve, portfolio companies need not start afresh in designing and implementing compliance strategies. To navigate effectively the changing human rights landscape, companies should mine their anti-corruption experiences, deploying lessons learned and considering the possible benefits of integrated risk management.

* * *

A version of this article first appeared in on the Global Investigations Review website on December 2nd, 2016.