Mandatory human rights due diligence legislation has been adopted by several European countries, with EU-wide requirements likely to be adopted in 2024. On the other side of the world, mandatory human rights due diligence also may be coming to Asia.
National Assembly members from the Democratic Party of Korea recently proposed the Act on Human Rights and Environmental Protection for Sustainable Management of Companies, which would require subject companies – including in some cases foreign multinationals doing business in South Korea – to assess and address human rights and environmental risks and adverse impacts in their operations and supply chains.
Under the Act, subject companies would also be required to implement specified management systems, publish information on their due diligence and respond to interested parties’ information requests.
In this post, we provide an overview of these and other aspects of the proposed Act.
As proposed, a company would be subject to the Act if it:
- Has its headquarters in South Korea; or
- Is a foreign company that has established a business place in South Korea pursuant to Article 614 of the Commercial Act.
- 500 or more employees; or
- Revenue equal to or greater than KRW 200 billion in the previous financial year (approximately US$150 million as of the date of this post).
In addition, the scope of subject companies could be incrementally expanded by presidential decree.
Subject companies would be prohibited from engaging in business activities, either through domestic or foreign business activities, that violate the human rights of another person or cause environmental harm.
Management systems and policies
Board committee: The board of directors of a subject company would have to establish a committee to oversee human rights- and environmental-related deliberations. The committee also would be responsible for approving plans for and the results of human rights and environmental due diligence. If a committee with responsibility for human rights and environmental matters already exists within a board, that committee would fulfill this obligation under the Act.
Responsible manager: Subject companies would need to designate a person as the responsible manager for compliance with the Act. This would include responsibility for overseeing due diligence and reporting obligations, which are discussed below.
Annual plan: The company’s chief executive officer would need to establish an annual plan for the implementation of human rights and environmental due diligence. The plan would need to address matters concerning the operation of due diligence, and would also need to be approved by the board of directors. Under the Act, additional requirements for the plan may be prescribed by presidential decree.
Human rights and environmental due diligence policy: Subject companies would be required to have a policy that formalizes their human rights and environmental due diligence program. The items to be included in the policy, in addition to the duties and authority of the responsible manager, would be prescribed by presidential decree.
Grievance mechanism: Subject companies would need to have a grievance reporting mechanism that is available to all interested parties. Interested parties would include employees, suppliers, community residents where the company operates, shareholders, investors, consumers, agencies that have been affected or are likely to be affected by actions of the company and individuals, or organizations acting on behalf of any of the foregoing.
The grievance mechanism would be required to allow interested parties to submit grievances anonymously. Subject companies would need to keep the identity of the reporting person confidential, unless disclosure is essential for the prevention, elimination or mitigation of the identified risks and the reporting interested party gives his/her consent. Companies would be prohibited from retaliating against a reporting person for a complaint made in good faith.
If a company receives a substantiated report, the company would need to follow mitigation procedures for the risks identified in the report, as described below. Under the Act, additional grievance mechanism requirements could be prescribed by presidential decree.
Risk identification and mitigation
Risk identification: A subject company would need to at least annually assess human rights and environmental risks arising from its business activities and the activities of its supply chain, taking into account the business sector and regions in which such activities take place.
Covered human rights and environmental risks would include actual or potential adverse impacts on the following rights due to business activities:
- Human dignity, worth, liberty and rights as guaranteed by the Constitution and laws of South Korea, or as recognized by international human rights treaties or customary law.
- Labor rights guaranteed by the Constitution and laws of South Korea, or by International Labour Organization conventions ratified by South Korea.
- Environmental protection and health and safety rights guaranteed by the Constitution and laws of South Korea, or by international environmental conventions ratified by South Korea.
Other instances where adverse impacts on human rights or the environment are serious or likely to occur, such as a climate crisis, would also fall within the scope of the Act.
Risks related to the following would be required to be immediately assessed and addressed (severe risks):
- Acts against humanity (e.g., war crimes and genocide).
- Direct or indirect involvement in child labor.
- Conducting, or intending to conduct, business activities in a conflict or high-risk area.
Mitigation measures: Under the Act, subject companies would be required to establish and implement measures to address and/or mitigate identified risks. To the extent subject companies cannot address all identified risks at once, they may prioritize those identified risks based on severity and probability and address them in order.
Risk mitigation would depend on where in the value chain human rights and environmental risks are identified:
- If the risk is identified in the company’s own business activities, the company would need to (1) suspend or modify its applicable business activities to mitigate the risk; (2) prevent the recurrence of the risk; and (3) provide remedies to victims.
- If the risk is identified at the company’s direct suppliers, the company would need to (1) notify the direct supplier of the risk; and (2) request the direct supplier to establish and implement measures to address the risk. If a direct supplier fails to address the risk, the company would have an obligation to terminate its contract or relationship with the supplier.
- If the risk is identified at an indirect supplier, the company would need to use leverage to encourage the supplier to implement measures to address the risk.
Periodic evaluation of mitigation measures: Subject companies would be required to periodically evaluate the measures implemented to address and/or mitigate human rights and environmental risks to ensure their effectiveness.
Subject companies would need to publish a report describing identified human rights and environmental risks, the resulting mitigation measures and their evaluation of those measures.
The report would be required to be submitted to the Human Rights and Environment Corporate Committee (further discussed below) if:
- An interested party raises an appeal to the Committee regarding the adequacy of the company’s human rights and environmental due diligence or the factual findings in its report; or
- The company is conducting business activities in a conflict or high-risk area.
Even if the above conditions are not met, depending on the importance, the Committee may independently decide to investigate the adequacy of the measures taken and the accuracy of the report prepared by a subject company.
Third-party engagement and right to information
Subject companies would be required to take into account the views of interested parties throughout the due diligence process. The Act also would expressly provide that companies may request the cooperation of interested parties to ensure the effectiveness of the company’s risk assessment.
The Act would give interested parties the right to request information regarding: (1) identified actual or potential human rights and environmental risks; (2) risk mitigation measures taken; and (3) the evaluation of the risk mitigation measures. A company may decline to disclose information that is confidential or private. However, a company may not decline an information request if disclosure of the requested information is necessary to protect life, health or property. If a company declines to provide information requested by an interested party, the interested party would be able to make an appeal to the Committee.
Further standards and guidance
Under the Act, the government would be required to establish standards for the disclosure of required information. It also would be required to prepare and disseminate due diligence guidance.
The Act would establish a Human Rights and Environment Corporate Committee, under the control of the Prime Minister, to monitor companies’ compliance with the Act. The Committee would designate conflict and high-risk areas, support companies’ human rights and environmental due diligence, investigate complaints under the Act and issue penalties for violations.
If the Committee finds that a company violated its obligations under the Act, the Committee would be authorized to issue a corrective order to the company. The Committee also could seek to prohibit the company from participating in a bid for public procurement via a corrective order.
In addition, the Act imposes both criminal and civil penalties for violations. For example, the Minister of the Ministry of Economy and Finance could impose administrative fines of up to KRW 10 million (approximately US$7,700 as of the date of this post) for the following:
- Failing to submit the annual report to the Committee;
- Failing to identify a human rights or environmental risk;
- Failing to implement a risk mitigation measure;
- Making a false claim in the company’s report; or
- Failing to listen to interested persons’ opinions.
In the case of a severe violation of the Act (i.e., a failure to identify a severe risk or fulfill a corrective order), a criminal penalty – including imprisonment up to five years or a fine of up to KRW 50 million – could be imposed.
Subject companies would also be required to compensate interested parties for damages caused by their violation of the Act, including by third parties acting on the company’s behalf. If the complainant is able to prove the possibility that their damage is related to the business activities of the company or the activities of the company in the supply chain, the burden of proof would be on the company to prove that it either (1) did not violate the Act or (2) compliance with the Act would not have prevented the damage.