Human rights–related risks consider the impact of an organization’s activities and operations on internal and external stakeholders.  Analysis of human rights–related risk is becoming more important in an age where mobile devices and 24/7 news coverage can quickly generate a reputational crisis.  Considering human rights–related risks can help characterize the perspectives of non-governmental organizations (NGOs) and local communities as they relate to an organization’s activities.  NGOs and local communities can be leveraged to benefit an organization or to raise questions causing reputational damage.

Human rights risk analysis (HRRA) provides insight into factors that may impact the life-safety and rights of stakeholders (including employees, clients, and communities).  By communicating that respect for legal requirements and human dignity is a core principle, a positive image is projected. Therefore, HRRA needs to be seen as an integral part of the overall risk assessment and treatment process.

The term “human rights” is frequently narrowly perceived to apply only to non-derogable human rights associated with governments.  However, businesses also need to consider a range of human rights in applicable local and international laws pertaining to (i) labor and employment, (ii) cruel, inhuman, or degrading treatment, (iii) sexual exploitation and abuse or gender-based violence, (iv) human trafficking and slavery, (v) bribery, corruption, and similar crimes, and (vi) environmental agreements and regulations.

Violations of these laws and codes may result in criminal charges and liability consequences in the jurisdiction of the occurrence, in an organization’s home country, or even in jurisdictions where goods and services were procured.  It is essential to monitor and contractually enforce an organization’s human rights expectations throughout the supply chain—the reality is that organizations with the deepest pockets are typically the ones targeted for legal and liability actions.  Advocacy NGOs play a role in investigating complaints and seeking remediation on the world stage, not just in the local jurisdiction.

A central focus of HRRA is the identification and assessment of factors that impact human dignity.  Examples of factors to be considered include

• stakeholder identification and characterization: internal (e.g., persons working on an organization’s behalf, labor leaders, and recruitment pool) and external (e.g., local communities, clients, NGOs, government oversight bodies, and the media),
• human, tangible, and intangible impacts of and on operations of internal and external stakeholders,
• infrastructure dependencies and operational interdependencies, such as allocation of, access to, distribution of, and use of resources,
• local government, supply chain, and contractor relationships and commitments,
• key issues and trends that may affect the processes and objectives of an organization, including labor rights, child labor, conflict materials, human trafficking, and environmental justice,
• political and economic factors, such as corruption, perceptions of entitlement, and the antipathy of communities; discrimination; harassment; and gender-based issues,
• perceptions, values, needs, and interests of local communities, including equal access to opportunities; cultural, social, and religious norms, and
• operational forces and lines of authority.

Understanding the perceptions of local communities is key to developing a human rights strategy.  Do local communities perceive that the presence of an organization contributes to or detracts from their quality of life?  Answering this question requires consideration of the local culture of affected communities, which may conflict with an assumed perspective that an organization will bring increased prosperity.  Understanding the local perceptions of societal hierarchy, gender relations, family structures, and disparity of wealth frames this analysis.  Furthermore, local community perceptions of their government’s respect for rights and human dignity will influence whether the presence of an organization is seen as a progressive factor or a tool of an unpopular government.

Evaluating the role, nature, and political motivations of NGOs before starting a project can help avoid conflicts.  Some NGOs function as advocacy groups that pursue “bad actors.”  Other NGOs focus on providing services and promoting development.  In some countries, NGOs are facades for governmental activities and are not truly independent.  NGOs, particularly those involved in providing services and promoting development, can provide invaluable cultural, social, and political intelligence.  They can also offer introductions to local communities, providing a company the opportunity from the outset to present a good image.  Early communication makes local communities feel valued and helps avoid the pitfalls of projecting a company’s assumptions and biases on them.  If the local community feels there is a benefit to a company’s presence, they can become partners in protecting its investment. 

It is important to incorporate HRRA into the overall risk assessment process.  Most of the factors to consider in HRRA are interwoven with defining the risk environment that may impact a company’s image, brand, and reputation.  Building on the risk management process outlined in ISO 31000, a schematic of the thought process is available at http://www.acq.osd.mil/log/PS/.psc.html/7_Management_System_for_Quality.pdf (Source: ANSI/ASIS.PSC.1:2012)

Clearly defined and monitored procedures for human resource management and training are the most cost effective methods to manage human rights risks.  First, conduct a review of local, national, and international labor codes and practices and then

• implement recruitment, selection, and vetting processes that meet or exceed local and international norms,
• define and fairly implement labor practices and remuneration of persons working on the company’s behalf (this helps reduce turnover and, subsequently, recruitment and training costs),
• create a policy and code of conduct emphasizing a dedication to human rights and respect for dignity,
• establish training programs that explain the rationale for conducting activities (this helps promote respect and self-esteem),
• create communications mechanisms to enable internal and external stakeholders to identify, correct, and prevent issues (grievance, complaint, and whistleblower mechanisms will prevent the escalation of potentially damaging issues and hopefully avoid the intervention of NGOs and government bodies in issues that can be resolved internally),
• communicate company policies and code of conduct to supply chain partners and inform them that a continuing relationship will depend on their adherence. 

A community that views a company’s presence as a benefit will be more likely to share intelligence with the organization and prevent undesirable events that they perceive as contrary to their interests. Creating a culture of human rights and dignity throughout the organization will produce the benefits of reducing reputational risks while enhancing worker satisfaction and producing higher retentions rates.  These policies and procedures can positively influence the bottom line.  

General Motors Companyheadquartered in Detroit, Michigan, designs, manufactures, markets, and distributes vehicles and vehicle parts and sells financial services. General Motors produces vehicles in 37 countries under ten brands: Chevrolet, Buick, GMC, Cadillac, Opel, Vauxhall, Holden, Baojun, Wuling, and Jiefang. The company employs 215,000 people and does business in more than 140 countries spanning six continents. In 2015, GM delivered 9.8 million vehicles globally; therefore, ensuring business continuity is a critical capability for the company. The task of ensuring the provision of enterprise risk management services for the company’s global supply chain falls on Paul Rossi, GM’s Supply Chain Management Risk Supervisor and his group.

Paul leads a team of six people to tackle GM’s supply chain risk management (SCRM) initiatives. He reports to Dave Leich, Director, Global Supply Chain Risk Management & Business Process. Paul’s team is part of the larger global product development organization. Paul and his team are tasked to identify, research, and publicize the risks in GM’s supply chain throughout the company; collect and analyze supply chain visibility data; report on supply chain risks and disruptive events that happen around the world; develop sustainable processes to improve event discovery and reaction time; and develop a sustainable strategy for SCRM at GM. On a day-to-day basis, he coordinates risk reporting activity for the supply chain, investigates global supply chain risks and recent events for their potential impact on GM, and meets with different functional groups (supply chain, purchasing, compliance and sustainability, and quality) to discuss mitigation plans and initiatives to deal with top supply chain risk concerns.

Paul says that he faces three big challenges in his job. The first concerns supply chain data analytics. Gaining a strong understanding of the data is very challenging. It is easy to drown in data, which encompass Tier 1 supplier demographics, sub-tier demographics, industry/commodity data, risk data (geopolitical and natural disaster), capacity data, etc. The second challenge is leading the change within GM to a risk-aware culture, which includes developing and driving process change within the purchasing and supply chain organization. The final challenge is developing and proposing executable risk mitigation plans. Paul enjoys leading and developing his team by teaching and motivating them. His favorite meetings are ones where his team members have the opportunity to present to leadership or if he himself gets the chance to highlight the team’s work at a senior staff level. He is grateful to be part of such an exciting and changing field. SCRM is growing in importance and he believes that the work his team is doing at GM is best-in-class.

Paul also represents General Motors in the Automotive Industry Action Group (AIAG), which works to develop best practices to strengthen the industry and build effective business relationships between the original equipment manufacturers (OEMs) and all tiers of the supply base. In addition to his responsibility on GM's SCRM team, in his role with AIAG, he collaborates with other OEMs and suppliers on automotive industry initiatives. He provides technical and professional leadership on new and existing work groups, including oversight responsibility for industry steering committees.

Paul received his bachelor of business administration (BBA) in integrated supply chain management from Western Michigan University in 2010.

Paul began his automotive career with General Motors as a buyer, purchasing electronic modules, wiring harnesses, and connectors. By the end of 2012, he took a position in Global Supply Chain Supplier Development, as a Supply Chain Specialist.  In this new role, he visited over 100 supplier facilities over a two-and-half year period, performing assessments and benchmarking supply chain processes against best practices. In September 2014, he began his current role in SCRM. In 2016, he added an SCRM certification to his credentials. Paul’s degree in integrated supply chain management, combined with his participation in multiple risk management committees and on leadership councils, has propelled him into a leadership role within GM and the automotive industry. When he is not busy with ensuring business continuity at General Motors, Paul enjoys golf, beach volleyball, biking, and traveling.

Today’s supply chain professionals are well aware of the complex structure of the global supply chain network and the potential for significant risk propagation. However, it is often difficult to convey such vulnerabilities, and the importance of mitigation actions, to C-level decision makers. This is because it is often difficult to accurately quantify the financial impact of supply chain risk events and thus to alert key decision makers to the most relevant numbers. Without concrete financial measures (e.g., expected stock value losses given a company’s current supply chain network position and vulnerability level), it is difficult to spur the correct action.

University of Michigan researcher Andrew Wu[1] recently developed machine-learning–based analytics to directly quantify the financial impact of multi-tiered risk propagation in the supply chain network. The analytics platform is described below:

1. A 20-year database of more than 8,000 firm-specific/insurable production risk events (e.g., fires and production accidents) is extracted using a Bayesian, text-mining algorithm on more than 5 million individual firm disclosures and news reports.
2. A 20-year network of more than 1 million global supply chain relationships among publicly traded firms is constructed from Bloomberg and other firm disclosure data.
3. Precise mapping of the first two data sets enables firm-level quantification of the impact of risk events on (a) fundamental outcomes (e.g., sales), (b) corporate policies (e.g., mitigation efforts), and (c) market-adjusted stock prices of the origin firms, their immediate (tier-1) customers, and their remote (tier-N) customers.

The most relevant findings are as follows.

Financial Impact:Firm-specific supply chain risks spill over significantly and persistently in the supply chain network, causing substantial impact up to tier-4 customers. Specifically, a risk event causing a 1% decline in revenue growth for the origin company causes an average 0.82% decline for tier-1 customers and further leads to 1.03%, 0.87%, and 0.40% declines, respectively, for tier-2, -3, and -4 connections. Moreover, these risks also translate to substantial stock value losses in the financial market: For each 1% value impact on the origin firm, market participants assign 0.42% and 0.37% lower market-adjusted stock returns for tier-1 and -2 firms.

Structural Vulnerability:The U.S. supply chain network exhibits several topological features that are particularly conducive to prolonged and pronounced risk propagation. For example, the network is quite asymmetric, with only a few key suppliers covering large customer bases.[2] In addition, market power is unevenly distributed along supply chains, further prolonging the spillover effect.

Under-reaction:Both companies and market participants underreact to supply chain risk events. First, the financial market is not fully efficient in pricing these risks: There is a persistent negative drift in the stock returns of remote (customer) companies for up to 40 days. Second, companies initiate some mitigation efforts (e.g., multiple sourcing and inventory buildup) only after risk events but do not seem to take preemptive mitigation measures, particularly with respect to remote supplier risks.  

This research also opens up opportunities to build predictive analytics to score companies in terms of supply chain vulnerability and riskiness and to forecast the impact of future supply chain risks. Specifically, leveraging the supply chain disruption database and machine learning tools, researchers at the University of Michigan are

1. developing a risk-enhanced network centrality measure that uses both network and risk event data to accurately measure the level of exposure of each company to supply chain risks,
2. deriving the expected value impact of this risk exposure from stock market returns,
3. determining the expected value benefit of different mitigation actions (e.g., multiple sourcing, insurance, and vertical integration), and
4. assessing the financial impact of non-physical risk events (e.g., demand shocks and labor issues).

These dynamic risk measures should further standardize the process of financial market-based supply chain risk quantification and facilitate the communication between various stakeholders on multiple dimensions.