Social Auditor Accountability – Proposals for Reform

Social Auditor Accountability – Proposals for Reform

Overview

The Business and Human Rights Resource Centre recently produced a report calling into question the quality and utility of the now ubiquitous social audit reporting (Social Audit Liability: Hard Law Strategies to Redress Weak Social Assurances) (the "Report").

The Report explores how existing legal remedies could be used to issue legal claims on the basis of flawed social audits, the challenges those claims might face and how, in the view of its authors, new legal frameworks need to be introduced to avoid existing challenges. In our briefing, we explore social audit liability and corresponding legal accountability strategies, as well as the Report's recommendations for regulatory reform.

Social audits: origins and purpose
What is a Social Audit?

A formal review of a company's compliance with specified labour, governance, human rights environment and/or health and safety standards, including its policies, procedures and overall impact on society. Social Audits are typically undertaken by specialist third-party auditors ("Social Audit Firms"), and involve both a desktop review and an onsite investigation.

What is a Certification Scheme?

A voluntary set of standards developed  covering labour, governance, human rights, environment and/or health and safety conditions which have an accompanying auditing "methodology" to assess conformity with these conditions. Certification Schemes are created, developed and administered by "Certification Bodies" (which are usually not-for-profit and/or industry specific). A Certification Body will typically award a certificate to the audited entity in question to show that they comply and have achieved the requirements set out under the relevant scheme.

Social Audits have become popular amongst some corporations, retailers and consumers as a tool to identify, evaluate and monitor compliance with a wide variety of voluntary standards and CSR objectives, including voluntary Certification Scheme standards. Certification Schemes, in particular, require audited businesses to undergo regular Social Audits (undertaken by Social Audit Firms) to monitor compliance with the Certification Scheme's standards. Many Certification Schemes that use Social Audits specifically seek to improve labour conditions in global supply chains.

Despite Social Audits becoming commonplace in certain sectors (e.g. fashion, agriculture), the Report suggests that the increasing popularity in Social Audits and Certification Schemes "has systematically failed to improve labor conditions in supply chains", and could, in the most extreme cases, perpetuate dangerous human rights abuses. Specifically, the Report states that Social Audits are inherently limited, as they often represent a "snapshot" and "box ticking" exercise which fails adequately and objectively to evaluate a company's conformity with relevant conditions. An example given in the Report is the 2013 collapse of the Rana Plaza building in Bangladesh, which tragically killed 1,132 people and injured thousands more. The Rana Plaza was subject to multiple Social Audits prior to its collapse, none of which reported any structural defects in the building. A claim was brought against auditor Bureau Veritas in Canada but it failed because the issue of structural safety fell outside the scope of the Social Audit1.

The Report: key issues

The Report focusses on legal remedies for potential claimants (either (i) employees of audited businesses or (ii) consumers of audited products) to bring claims against both (i) Social Audit Firms and (ii) Certified Bodies across a number of jurisdictions, including in the UK. Before addressing the routes to social auditor liability suggested in the Report we note the following three points:

  • First, the Report considers remedies that exist under current legal frameworks in the UK (and elsewhere) and acknowledges that, under existing legal frameworks, any claims brought by workers against Social Audit Firms and Certified Bodies face challenges as the law currently stands in many jurisdictions. Many of the types of claims suggested in the Report would require material changes in the existing law in order to succeed. Expanding existing legal frameworks to address issues associated with Social Audits also risks placing Courts in the position of quasi-regulators, developing the law quite radically for policy reasons. There are obvious questions as to whether this is an appropriate or justified approach.

  • Secondly, the Report presupposes that claimants seeking to bring a claim against a Social Audit firm should do so in a jurisdiction in the "Global North" (e.g. the UK) in circumstances where the claimants and the defendants (i.e. the local Social Audit Firms who provided the audit in dispute) are likely to be domiciled in the "Global South". A common criticism of transnational claims is that the legal costs associated with bringing them (on all sides) may be significantly higher than the damages sought by the claimants. Transnational claims also bring into question their connection to the jurisdiction in which the claim is brought and why recourse to foreign courts is required in circumstances where the key events (and individuals) are related to countries, cultures and political systems abroad.

  • Finally, implicit in the Report is the notion that radical expansion of the scope of existing liability frameworks to include social auditors is justified in order to refocus corporate attention (whether by means of social audits or otherwise) on human rights-related risks. However, this begs the questions of (i) whether complex, cross-border and often expensive litigation (or the threat of litigation) is really an effective means of achieving that objective; and (ii) whether in any event it is appropriate for the judiciary to assume a quasi-regulatory function in determining such cases. Given the complex policy issues engaged, we would suggest that developments of this nature should properly lie in the hands of legislators and regulators, following appropriate consultation and legislative due process. This point is in fact, if tacitly, recognised by the Report itself in relation to mandatory human rights due diligence regimes (see below). 

Focussing on the Report's proposals, it considers several potential means by which existing legal concepts and/or frameworks might be utilised (and, realistically, expanded) in order to impose social auditor liability:

  • Common law breach of a duty of care to an employee of an audited company. The Report suggests that existing lines of English case law which impose on a professional (a) a duty of care in relation to advice or services which are relied upon by a third party, and (b) liability if the third party suffers harm as a result of such reliance, could be expanded to found a cause of action against social auditors. The Report emphasises the policy-driven reasons for extending negligence-based liability in this way: "The social audit industry has rightly come under increasing scrutiny for its role in sustaining tolerance of abuse in company supply chains. It is time the social audit industry is held to account for false or negligent claims which hide the truth of abuse against workers". Notwithstanding the Report's proposals in this area, and quite aside from the fact that this would represent a material extension of the scope of existing liability frameworks, as the Report also recognises, claimants would potentially still face significant hurdles on factual aspects of such a claim, including in proving reliance by employees on a Social Audit.

  • An extension of parent company liability principles to include Social Audit Firms. The Report considers that the principles in the high-profile Vedanta decision could be extended to make a Social Audit Firm liable to employees of an audited business in circumstances where the Social Audit Firm effectively sets company policies and the audited business relies on the Social Audit Firm to set those company policies. While the court in Vedanta made it clear that the parent-subsidiary relationship was not a required ingredient in order for liability to be founded, nevertheless application of the principles discussed in Vedanta to a Social Audit context would be novel. 

Moreover, on the facts of a given claim it is still necessary, following Vedanta, to establish that there was some form of control or direction by the defendant over a relevant function of the entity which is alleged to have harmed the claimant. The Report accepts this and so suggests that a claimant would need to argue that a Social Audit Firm controlled the relevant function of a company that it audited for a claim to be brought under the Vedanta principles. In our view, this would be a very difficult argument to advance. While, of course, this type of claim will be highly fact-dependent, it seems an ambitious, if not improbable, argument to advance that a Social Audit Firm could be said to control the relevant function of a company that it audited for the purpose of assessing compliance with a Certification Scheme. 

Vedanta Resources Plc v Lungowe [2019] UKSC 20

Vedanta is the most high-profile of the recent "parent company liability" line of caselaw.  In Vedanta, which concerned environmental contamination around the site of a copper mine in Zambia, the UK Supreme Court considered that there was a "real triable issue" that the ultimate owner of the mine, a UK-domiciled company, could be liable in negligence to thousands of Zambian domiciled claimants. Following Vedanta, it will be more challenging for UK-domiciled defendants to challenge jurisdiction (or apply for a strike out) in these types of claim, albeit (and importantly) the limits of this alleged form of liability are yet to be established at trial, with Vedanta having settled in early 2021. (For a detailed discussion of Vedanta and other associated cases, please see our article in the Dispute Resolution Yearbook 2021).

  • Breach of contract. The Report also considers that a breach of contract claim could be brought in certain jurisdictions. However, (and as the Report acknowledges) this type of claim is not likely to be workable under English law due to the requirement for third parties to be specifically identified in the contract by name or description in order to benefit from any right created by a contract.

  • Modern Slavery Legislation. The Report speculates that in extreme circumstances (e.g. when a Social Audit Firm is complicit in modern slavery or human trafficking), Modern Slavery legislation could be invoked. In our view, and considering the factual reality of social auditing mandates and practice, this seems to be a highly ambitious suggestion to advance.
     
  • Consumer protection legislation/"greenwashing"/"fairwashing" claims. Finally, the Report also considers that consumers could bring claims against a Certification Body on the grounds that they had breached consumer protection legislation by misleadingly claiming that a business is "green" or "ethical" after obtaining a certification. The report notes that one claim has already been brought in the US against a high-profile Certification Body (the Rainforest Alliance) on this basis and speculates that other State and Federal laws could enable these claims to be brought2. Since the Report was written, another consumer protection claim has been issued against the Rainforest Alliance in relation to certifications it issued to cocoa farms in the Ivory Coast3. These types of claim are illustrative of a growing trend in attempts to bring "greenwashing" or (as the Report characterises them) "fairwashing" claims in various jurisdictions, although the form and viability of such claims remains dynamic and uncertain.
Mandatory human rights due diligence

As the summary above illustrates, many of the legal strategies which the Report identifies in fact have inherent challenges and/or do not reflect the practical realities of typical social auditing relationships. The authors of the Report suggest, instead, that a more appropriate route towards social auditor liability lies in regulation, rather than in the development of the law through litigation: namely, by means of a more robust regime of mandatory human rights due diligence ("mHRDD"). 

Proponents of mHRDD see it as critical to protecting human rights as it requires businesses to identify, mitigate and account for their adverse impacts on society and the environment. Indeed, it can be argued that the EU's recent proposed mHRDD regime (outlined in our recent article here) does precisely this by requiring qualifying entities to identify and assess human rights, environmental and governance risks and establish due diligence strategies, whilst introducing civil penalties (potentially up to 10% of global turnover). Exclusion from public procurement, state aid schemes and/or government-backed loans are also potential sanctions that member states may impose under the current proposed EU regime. The authors of the Report see a mHRDD regime as a way of avoiding both existing procedural barriers to bringing claims (by simplifying the process by which claims can be brought in the Global North) and also introducing new responsibilities/duties on businesses such that an actionable claim could be made directly against an auditor. 

The authors of the Report argue that Social Audit Firms must also be subject to mHRDD laws and corresponding liability mechanisms. In addition, the companies that the Social Audit Firms audit would, themselves, fall under this regime and would therefore have a strong interest in ensuring that any audits are carried out to a high standard. Critics of Social Audits often point that that audits alone are not the answer to safeguarding human rights. With a mHRDD regime, companies that use audits will be obliged to go beyond what would traditionally be comprised in a Social Audit and focus more closely on human rights risk assessment. As such, the Report arguably presents mHRDD as something of a "silver bullet" to the perceived failings of Certification Schemes and Social Audits.

Looking forward, securing the legal accountability of social audit firms should complement efforts to hold global buyers and suppliers accountable for human rights abuses and demand effective approaches to human rights due diligence which go beyond social auditing.

Business and Human Rights Resource Centre: Social Audit Liability Report

It is right that, by definition, the scope of existing or proposed mHRDD national and international regimes would be wider than that of Social Audits and would be targeted on human rights risk. To that extent, they have the potential to cure some of the adverse consequences that the Report alleges are connected with corporate use of Social Audits. mHRDD regimes could also be designed to overcome some of the legal hurdles which might well be encountered in attempts to found social auditor liability through the Courts. Further, a high-quality mHRDD regime (developed by regulators and/or elected representatives) would be likely to involve a broad stakeholder engagement process (and democratic input), and so might more fairly and holistically strike the right policy-based balance, which could operate functionally across a wide range of sectors, than could ever be achieved by examining the issues and developing the law through the lens of any individual case.   

That said, mHRDD regimes will not necessarily solve many of the issues associated with attempts to found social auditor liability in the way the Report considers necessary. Very few mHRDD regimes have been established to date, and it is not clear whether they will be able to deliver the robust oversight that the authors of the Report assume (or hope) they will achieve.  Nor is it clear that they will apply directly to all Social Audit Firms or Certification Bodies (i.e. they may only apply to the companies the social auditors audit). Further, we expect that mHRDD regimes will not offer the broad scope that proponents seek (in both Germany and France, for example, national mHRDD regimes have been designed to exclude SMEs). mHRDD regimes may raise standards and may provide additional means to bring Social Audit Firms to account for perceived failings, but whether they will provide a complete solution remains to be seen.

The UK Government has previously indicated an interest in introducing a mHRDD regime. However, there have been no recent announcements and the proposal appears to have stalled.  A "failure to prevent" offence, akin to that already found in respect of bribery and the facilitation of tax evasion, has recently been proposed in respect of human rights by the UK's Corporate Justice Coalition. This would include elements of mHRDD for all companies and would have an impact on social auditor liability. For more on this, see our recent article here.

Conclusion

As the Report shows, businesses should be mindful of the perceived weakness of Social Audits and Certification Schemes in the context of identifying and addressing alleged human rights abuses in global operations and value chains. These criticisms are being used as one argument in support of calls for the introduction of mHRDD regimes in the UK as well as in the EU. 

There is a demonstrable appetite in the UK and elsewhere for ambitious and novel claims relating to businesses' ESG activities to be brought, and to push the boundaries of established legal liability frameworks in order to do so. Expanding the scope of such claims to include social auditor activity is a further illustration of that appetite. Businesses should pay particular attention to the idea that Vedanta principles can be applied outside of the multinational context: this would represent a significant expansion of the existing law. At the same time, however, attempts to do so raise important questions about whether the threat of such ambitious and potentially misconceived claims, which nevertheless can have material reputational consequences for businesses, could be counter-productive and promote a risk-averse corporate culture in relation to ESG activities. It also begs the question as to what policy-based response courts in various jurisdictions will take if presented with claims which would call upon them to expand the scope of liability frameworks to a potentially radical extent. 

Given the criticism levelled at Social Audits (in the Report and elsewhere), businesses should not be overly reliant on the results of Social Audits in terms of demonstrating, in particular, their compliance with human rights frameworks, and should carry out additional due diligence measures to help ensure that that they are comfortable with the human rights standards applied in their business and supply chains. Businesses should also consider whether they should be strengthening or rethinking existing (voluntary) compliance mechanisms. 

Further, businesses should be aware of attempts to characterise Social Audits as a form of "greenwashing/fairwashing", and should therefore take care when describing the activities on these audits (or any reliance placed on these audits) in order not to inadvertently make a misleading statement in a corporate disclosure.

For further information, please contact

Read Doug Bryden Profile
Doug Bryden
Read James Danaher Profile
James Danaher
Back To Top