Due diligence

According to the OECD Guidelines for Multinational Enterprises due diligence is to be understood as a process through which enterprises can identify, prevent, mitigate and account for how they address their actual and potential adverse impacts.

What is due diligence?

According to the OECD Guidelines for Multinational Enterprises, which were updated on 25 May 2011, due diligence is to be understood as a process through which enterprises can identify, prevent, mitigate and account for how they address their actual and potential adverse impacts.  

Due diligence can be included within broader enterprise risk management systems, provided that it goes beyond simply identifying and managing material risks to the enterprise itself.

The nature and extent of due diligence activities should be adjusted to:

  • the size of the enterprise/project
  • the general level of risk
  • other special conditions relating to each individual project

When performing due diligence, enterprises should take into account the fact that the level of risk associated with a project can vary over time.

Performing due diligence

The UN ”Protect, Respect and Remedy” framework and its accompanying guidelines (”Guiding Principles”) provide clear guidance on performing human rights due diligence. The Guiding Principles were endorsed by the UN Human Rights Council in June 2011.

John Ruggie (left) has played
a central role in developing the
UN’s guidelines for corporate
social responsibility. Pictured here
with former Norwegian Foreign
Jonas Gahr Støre.
(Photo: Ministry of Foreign Affairs)

The Guiding Principles apply first and foremost to the area of human rights. However, the OECD Guidelines for Multinational Enterprises state that due diligence should be carried out in all areas relating to a company’s social responsibility, including the environment, labour standards and efforts to combat corruption. Points one to four below are practical guidelines on how to run due diligence and applies to all these areas.


1) Assessing actual and potential human rights impacts
In order to gauge human rights risks, business enterprises should identify and assess any actual or potential adverse human rights impacts with which they may be involved either through their own activities or as a result of their business relationships.

In this process, enterprises should draw on internal and/or independent external human rights expertise.

They should also engage in meaningful consultations with potentially affected groups and other relevant stakeholders, as appropriate to the size of the business enterprise and the nature and context of the operation.


2) Integrating the findings into the business enterprise’s operations
In order to prevent and mitigate adverse human rights impacts, business enterprises should integrate the findings from their impact assessments across relevant internal functions and processes, and take appropriate action.

Effective integration requires that responsibility for addressing such impacts is assigned to the appropriate level and function within the business enterprise, and that internal decision-making, budget allocations and oversight processes enable effective responses to such impacts. Appropriate action will vary according to whether the business enterprise has caused or contributed to an adverse impact, or whether it is involved solely because of a business relationship. Appropriate action will also vary according to the amount of leverage the enterprise had for addressing the adverse impact.

3) Tracking responses
In order to verify whether adverse human rights impacts are being addressed, business enterprises should track the effectiveness of their response. This tracking should be based on appropriate qualitative and quantitative indicators, and it should draw on feedback from both internal and external sources, including affected stakeholders.

4) Communicating how impacts are addressed
In order to account for how they address their human rights impacts, business enterprises should be prepared to communicate this externally, particularly when concerns are raised by or on behalf of affected stakeholders. In all instances, communications should be of a form and frequency that reflect an enterprise’s human rights impacts and that are accessible to its intended audiences. Communications should provide information that is sufficient to evaluate the adequacy of an enterprise’s response to the particular human rights impact involved, and should in turn not pose risks to affected stakeholders, personnel or to legitimate requirements of commercial confidentiality. 

Due diligence in the supply chain

Business enterprises should also examine firms in their supply chains, in order to avoid causing or contributing to adverse impacts through their activities. Relationships in the supply chain take a variety of forms including, for example, franchising, licensing or subcontracting.

In the OECD Guidelines, enterprises that have a large number of suppliers are encouraged to identify general areas where the risk of adverse impacts is most significant. Based on this assessment they should prioritise suppliers for due diligence.

If the enterprise identifies a risk for adverse CSR impacts in its supply chain, it should take the necessary steps to cease or prevent it. Appropriate responses with regard to affected business relationships may include:

  • continuation of the relationship with a supplier throughout the course of risk mitigation efforts;
  • temporary suspension of the relationship while pursuing ongoing risk mitigation; or,
  • as a last resort, disengagement with the supplier either after failed attempts at mitigation, or where the enterprise deems mitigation not feasible, or because of the severity of the adverse impact.

The enterprise should take into account potential social and economic adverse impacts related to the decision to disengage. Enterprises may also engage with suppliers and other entities in the supply chain to improve their performance, in co-operation with other stakeholders, including through personnel training and other forms of capacity building, and to support the integration of principles of responsible business conduct.

Where suppliers have multiple customers and are potentially exposed to conflicting requirements imposed by different buyers, enterprises are encouraged to participate in industry-wide collaborative efforts with other enterprises with which they share common suppliers. The aim should be to coordinate supply chain policies and risk management strategies, including information-sharing.

Enterprises are encouraged to participate in private or multi-stakeholder initiatives and social dialogue on responsible supply chain management.

Sector-specific guides for carrying out due diligence

There are some sector-specific guides for carrying out due diligence. One of these is the OECD Due Diligence Guidance for Responsible Supply Chains of Minerals from Conflict-Affected and High-Risk Areas

This Guidance is the result of a collaborative process between governments, international organisations, the private sector and civil society, aimed at promoting corporate social responsibility and supply chain transparency in relation to minerals from conflict-affected and high-risk areas.  

The Guidance provides a framework for detailed due diligence as a basis for responsible global supply chain management of minerals. The purpose is to contribute to sustainable development and help companies act responsibly in conflict-affected and high-risk areas, while creating enabling conditions for constructive engagement with suppliers.

The framework can serve as a common reference for suppliers and other stakeholders in the mineral supply chain.

Due diligence requirements in national legislation: The Dodd-Frank Wall Street Reform and Consumer Protection Act in the US

Since it was passed in July 2010, the Dodd-Frank Act has received attention due to its sweeping new regulations affecting the financial industry.

The Act also requires that companies carry out due diligence.

In Section 1502 of the Act there is a provision aimed at addressing the problem of conflict minerals originating from the Democratic Republic of Congo (DRC). Along with requiring the US Secretary of State to develop a strategy to address the issue, Dodd-Frank requires companies under the jurisdiction of the Securities and Exchange Commission (SEC) to report annually on whether they are using minerals from the DRC or its nine immediate neighbours. All companies must also report on the due diligence they have undertaken to verify their supply chain and avoid tainted metals.

Although Dodd-Frank only applies to companies traded on major US stock exchanges, industry associations expect that its requirements will spread rapidly throughout the supply chain due to the globalised nature of the electronics industry.

Due diligence requirements may be incorporated into national legislation and regulations in other countries, too. If they are, it would be an advantage if as many countries as possible use the UN “Protect, Respect and Remedy” Framework and the OECD Guidelines for Multinational Enterprises as a basis. This will make it easier for businesses to implement the requirements, which in turn will help to ensure equal conditions of competition across national borders and across regions.