Reading Time: 6 minutes

In his blog post summarizing the contents of the new Dutch Responsible Business Conduct strategy, Jurrien van Rees writes on the difficulties of turning due diligence into binding legal provisions:

Due diligence should be appropriate to a company’s circumstances and can be adapted to deal with the limitations of working with business relationships. On the other hand, this may leave norms open and companies have expressed a need for legal certainty in the case of a due diligence obligation. How can the dynamic nature of the OECD Guidelines be combined with more detailed legislation and a need for legal certainty?

In order to gain insight into the concrete challenges associated with operationalising due diligence obligations in a (semi-)judicial setting, I have been looking into ARISA – C&A Nederland, the first published decision on a complaint raised in the context of the Sustainable Garment and Textile agreement. This is one of the 9 sectoral agreements which have been entered into under the current voluntary Responsible Business Conduct scheme. The agreement includes the establishment of a three-member Complaint and Dispute Committee, which is competent to issue binding decisions on disputes between parties to the agreement (or between parties and the secretariat) as well as on complaints raised by “parties adversely affected by a business that has signed the agreement”. As a typical arbitral panel, the CDC is composed of an independent member, one member appointed on behalf of the employers, and one member appointed on behalf of employee and civil society organizations.

The first complaint to be decided upon in this context – the decision was published on 7 January 2021 – was raised by ARISA (Advocating Rights in South Asia), a Netherlands-based association with a statutory mission to support human rights compliance in South-East Asia, against the popular brand C&A. The complaint concerned several alleged malpractices by a supplier for C&A located in the Tamil Nadu region, Southern India. ARISA claimed, on the one hand, that C&A had failed to sufficiently address the supplier’s reprehensible conduct, while on the other hand it had refused to provide the NGO with sufficient information between  4 November 2019 and 9 April 2020 (para 2.5), before the complaint was officially brought to the CDC. An interesting corollary of this side of the dispute is that ARISA only found out during the procedure that C&A had, in fact, already decided to terminate the contract with the concerned supplier in late 2019, with effect at the end of 2020.

Reading the decision – and ARISA’s reaction to it via its website – is first of all instructive in showing the need for clear procedural rules and a shared understanding on the role of the panel. A sizable part of the decision, in fact, concerns the lack of standing of ARISA as “mandated party”, acting on behalf of innominate employees at the company. According to the panel (section 5.3), ARISA did not provide enough “evidence of the mandate issued by interested party”. The panel, in other words, was unable to verify the mandate since the issuers were not identifies and not available for communication. The CDC spends a couple of pages explaining how ARISA could have gone about sharing necessary information about its anonymous assignors while demanding that their identity remain confidential; ARISA, however, objected that they could have received the same instructions during or before the proceedings, and that this information should be clearly indicated on the CDC’s website. While publishing the information seems a pretty uncontroversial idea, the first complaint – that the panel could have instructed ARISA to fix their application before issuing a decision – goes to the heart of procedural rules: should the panel be passive, like traditional civil courts, or should it come to embody the more active role of courts that has become more common in certain areas of national civil procedures? This is a question that any legislation opening up to more disputes should address.

More to the substance of the dispute, however, are questions concerning the concrete obligations imposed on participating companies in their due diligence activities. A significant point of disagreement seems to emerge between ARISA and the CDC concerning the company’s duty to investigate their supplier’s compliance with labour and other standards covered within the scope of the due diligence framework.

Should companies that detect malpractice by their suppliers consult the supplier’s employees to investigate the implementation and adequacy of the supplier’s remediation plans? C&A claims this falls beyond the scope of its obligations since “it has no contractual relation to the employees, but only to the supplier”. The CDC subscribes to this view. ARISA, in its response to the decision, challenges this conclusion as being at odds with the OECD guidelines on due diligence in the garment industry, which require stakeholder involvement and consultation in the context of remediation plans. It is, however, not entirely clear that the addressee of these specific steps in the guidelines are the purchasing companies and not their supplier. In a less informal context, solving this difference would require taking several steps; first, what is the role of the OECD guidelines? Do they fully exhaust the company’s obligations or just provide, well, guidance on the interpretation of an open norm? Can the company, and not only their supplier, be considered the addressee of the specific rule of conduct? And who is the final interpreter of the guidelines?

While companies ask for legal certainty, I do not think that these questions necessarily need to be addressed in a way that turns the due diligence obligation from an open standard into a series of precise rules of conduct. After all, private law is full of general clauses which are interpreted and applied to specific sets of circumstances. However, working well with open standards would still require a certain degree of sophistication. The CDC’s conclusion does not expressly engage with the OECD guidelines, and hence provides no interpretation thereof. Nor does it provide any account of why not having a contractual relation with the supplier’s employees would mean that the company does not have to consult such employees. In fact, elsewhere it is stated that employees are regularly interviewed in the course of auditing procedures – would the auditors need to have a contractual relationship with them? The claim can hold with reference to a possible duty to monitor the conduct of individual employees (eg oppressive managers) within the supplier’s operations, but there seems to be no reason why lack of a contractual relationship would stand in the way of employee consultation.

A similar point can be made with reference to a different element in the dispute, namely ARISA’s claim that the supplier failed to put in place an effective complaint management system, inter alia (para 5.31) because the dropbox to leave a paper complaint was put in a place where it would not be possible to file a complaint without being seen. The CDC finds that a full system was officially in place, but it had never recorded receiving a complaint. Since several forms of malpractice had in fact been observed at the Supplier – to the point that, as mentioned above, C&A had decided to terminate its relationship with the supplier – the CDC observes that a total absence of reported complaints likely points to serious shortcomings in the complaint management system. The CDC thus concludes (para 5.34) with a non-binding recommendation for C&A and, we are allowed to infer, other companies in similar positions: when suspicions of misconduct are present but no complaints are filed in spite of the ostensible presence of a complaint management system within the supplier’s operations, it would be wise to consider this discrepancy suspicious and investigate. Can a complaint management system that records no complaint despite of recorded infringements be considered as effective, or even as an actual bona fide institution? Quite possibly not.

Also in this case, it is probably not necessary to formulate a precise rule that demands investigation when suspicions emerge (or should emerge) that a complaint management system does not, in practice, operate as required: a general standard of negligence will suffice if it is sufficiently clear that monitoring the handling of complaints by the supplier is also part of the company’s remit. In spite of the CDC’s caution in framing the recommendation in this respect as non-binding, the content of the recommendation itself mirrors little more than basic common sense – something which, in other words, seems not impossible to expect of a company that does audit its suppliers, collect information and monitor progress. Placing similar expectations on smaller companies may be less reasonable – but this is a matter for a different post.

The core point that I have tried to make, and that I would like to repeat in closing this short post, is that legal certainty should not be fetishized; this is not just because of the dynamic nature of OECD rules and not even just because of the relatively unexplored status of due diligence obligations, which may require flexibility to adapt to different geographies, sectors and moments in time. It is the very characterization of due diligence as (also) a private law obligation that calls for a degree of open-endedness, while on the other hand providing a considerable conceptual apparatus for specifying the open standards in their application to individual cases. This does, however, require channeling dispute resolution into the “regular” legal system – while legal certainty is the dream of auditors, a healthy degree of legal uncertainty requires (active?) courts to deliver justice.

(Photo: Eva Blue)