Is the Auditing and Certification Industry Fit for Human Rights Due Diligence?
The German Parliament recently passed a law mandating certain companies to conduct due diligence to prevent human rights violations along their supply chain. Companies are now obligated by law to adopt and implement due diligence procedures that identify risks, prevent, and mitigate human rights and select environmental violations.
This law is a positive step as it creates a legal obligation for businesses to comply with the UN Guiding Principles on Business and Human Rights (UNGPs). But it does not address the problem that companies rather than undertaking their own due diligence and human rights risk assessments, increasingly rely on third party auditing and certification. Audits and certificates today address a wide range of aspects, from labour conditions, to product safety, supply chain management, compliance systems, private security services, fair trade, sustainable fishing, or climate neutrality. All these testify to topics that are relevant in a company’s human rights due diligence process. But is this industry fit to respect human rights and to audit and certify the human rights practices of others?
Human rights risks of the auditing and certification business
The European Centre for Constitutional and Human Rights (ECCHR), in collaboration with Misereor and “Bread for the World”, conducted a study of four cases in which certification companies provided false certificates and arguably themselves contributed to human rights violations resulting in grave and fatal consequences for workers, consumers, communities, and the environment:
- In Karachi, 258 workers were killed in a factory fire at Ali Enterprises in 2012, only months after the factory received an SA8000 certificate that did not identify obvious fire safety deficiencies.
- In 2019, the Brumadinho dam failure caused the deaths of 272 people and contaminated a river, four months after a certification company certified it as stable despite ongoing stability issues.
- Between 2001 and 2010, thousands of patients suffered serious health problems because of industrial rather than medical grade silicone being used in breast implants that were certified as being compliant with EU medical product safety regulations.
- The Roundtable on Sustainable Palm Oil (RSPO) has been the subject of complaints about ignoring land grabbing, displacement, pesticide poisoning and violence for over ten years without effective recourse.
The study shows that there are structural deficits within the certification industry and its lacking or insufficient regulation and governance across all sectors, whether it is product safety, social (labour) standards, or environmental management.
Auditing and certification providers have not effectively integrated human rights into their own policies and due diligence processes resulting in the use of deficient standards and methodologies based on an incomplete understanding of human rights. In all cases studied, there were also deficiencies in integrity management, conflicts of interest or corruption. These deficiencies are widespread because the sector is not adequately regulated and is not subject to government oversight. The lack of transparency and public access to information, such as audit reports, and the lack of legal liability and access to effective remedy for the harms caused compound the problems. Consequently, in practice, auditing and certification of human rights related topics often results in the issuance of substandard or false certificates that conceal human rights risks thereby preventing the necessary interventions to protect human rights from being made. In effect, then by concealing risks, the auditing and certification providers increase these risks to human rights. This is true across different sectors, whether audits testify (falsely) to labor conditions, safety of products and buildings, or environmental sustainability.
Therefore, auditing and certification companies – as they currently function – are barely fit to respect human rights themselves and are not fit to audit and certify human rights-related topics of others. The structural deficits discussed need to be urgently resolved.
What is needed: proposals for regulation, monitoring, accountability
States have a duty to protect human rights from interference by third parties. To ensure companies respect human rights, states should make human rights due diligence mandatory. They also need to monitor and ensure that companies comply. If monitoring of human rights issues is taken over by private auditing and certification providers, the state, within its duty to protect human rights, needs to ensure that such private services deliver effectively and reliably what is essentially a state responsibility (UN Guiding Principle 5). This requires not only that the auditing and certification industry needs to be covered by human rights due diligence laws. We also need new and better state regulation and oversight of the auditing and certification sector, that addresses specifically the quality and integrity issues mentioned. Liability to those affected by violations is a key element that increases the accountability of auditors and certification bodies and can also trigger an improvement in the quality and integrity of auditing and certification.
An unregulated market for human rights-related audit and certification would lead to competition without minimum standards, setting in motion a race to the bottom in terms of costs and at the expense of quality. This can already be observed in the use social audits. This approach would diminish the value of certification, and ultimately devoid the entire concept of human rights due diligence of practical substance and meaning.
ECCHR’s study “human rights fitness of the auditing and certification industry?” (short version) suggests practical solutions to the human rights risks of the auditing and certification sector. It is targeted at auditors and certifiers, standard-setters as well as states, and covers all identified areas in need of improvement: (1) human rights due diligence and liability for auditing and certification providers, (2) quality assurance for standards and methods, (3) integrity management, (4) state governance, public participation, and access to remedy.