Although it is difficult to generalise the risk assessment measures that will be applicable to all types of deals and financing, this toolkit aims to describe a logical, generic approach to risk assessment in investment and lending operations which is aligned with the UNGPs and the financial sector guidance of the OECD.

FIs should screen and assess risks at two different levels: at portfolio level, as well as at transaction level for each given operation, project, asset, or company and its value chain (depending on the case).

Portfolio and transactional level risk screening and assessments are interconnected and mutually reinforce each other. For example, findings at the portfolio level can inform how to improve risk assessment at the transactional level, and impacts identified on specific transactions can help to inform and update findings at the portfolio level. The lessons from both processes should be integrated into other relevant internal functions and processes, and contribute to continued improvement of the overall E&S due diligence processes to make them more effective.

  • For the portfolio-level risk assessment, FIs should identify and prioritise areas where there are significant risks of adverse human rights impacts across the portfolio based on, for example, client types or nature of transactions. By definition, portfolio-level risk assessment is post-financing, as it relates to existing clients / investments.
  • For the transaction-level assessment, FIs should identify and assess human rights risks for a specific transaction, asset, or project. In practice many banks adopt two-tiered process (first and second screen) for the identification and assessment of actual and potential adverse human rights impacts in pre-financing E&S risk assessment. Based on this practice, the Toolkit suggests how a human rights approach can be integrated into this process.




 


    

    

    
    
    
    

    
    
    
            
    
            
    Human rights risk assessment at the portfolio level
    

    The OHCHR has noted that: ‘where possible a bank would be expected to first develop an understanding of its overall risk picture, including areas (e.g. activities/sectors/relationships/clients, countries) which are likely to pose the most severe risk, and then to prioritize those areas for more detailed analysis’. This entails an initial portfolio-wide risk scoping exercise, to identify high-level risks of adverse impacts related to sectors, geography or enterprise-specific risk factors (e.g. known instances of misconduct related to a specific company) across the portfolio (or investment universe). The objective of these efforts is to develop an accurate understanding of human rights risks, in order to develop appropriate mitigation and actions.      
    
    

    
    
    
            
    
            
    The following steps can be undertaken as part of initial scoping and risk assessment:
    

    


    
Key Steps
Description
Resources

    
    


    


    Scope relevant financial operations and geographies
    
    		


    Relevant operations might include:
    

      

    • Corporate banking
      • 

    • Business banking
      • 

    • Investment banking.
      • 

    
    		


    UNEP FI, Impact Protocol
    
    		

    

    


    Map the portfolio composition by sector and sectoral value chain
    
    		


    Objective is to:
    

      

    • Perform a basic level of screening for all the portfolio and value chain
      • 

    • Develop a general understanding of the sector
      • 

    • Identify the role of the FI in the value chain.
      • 

    
    		


    UNEP FI, Tools for Impact Analysis
    

    FMO, Decent Work – Examining the quality of the jobs we create
    

    Dutch Banking Sector Publications (e.g. in relation to Human Rights in palm oil or analysis of gold value chains)
    
    		

    

    


    Undertake a minimum level of risk screening for all types of activities
    

    Identify high-risk areas in the portfolio and value chain considering red flags that increase the likelihood of human rights harms
    
    		


    Objective is to identify red flags on the basis of key factors, including:
    

      

    • Country context (e.g. operations in conflict affected areas, in areas with high poverty levels, in countries where national law is inconsistent with human rights standards)
      • 

    • Sector/economic activity (e.g. sectors with high water consumption, with large land footprint, business models that rely on cheap labour)
      • 

    • Client specific factors (e.g. client involved in prior human rights abuses/controversies; open human rights related court cases against a client; legacy impacts).
      • 

    
    		


    Shift, Business Model Red Flags
    

    UN PRI, How to identify human rights risks: A practical guide in due diligence
    
    		

    

    


    Undertake in-depth human rights assessment in high-risk areas (clients or transactions)
    
    		


    Prioritise clients for further assessment on the basis of:
    

      

    • How their policies, processes and mechanisms for preventing and addressing human rights align with UNGPs
      • 

    • How they manage salient human rights issues and the real-world outcomes of this management
      • 

    • Existence of real-world impacts to people, allegations of human rights abuses, and effectiveness of responses
      • 

    • Existence of business model red flags that increase the likelihood of human rights harms.
      • 

    

    Prioritise transactions for further assessment based on: 
    

      

    • Actual and potential adverse human rights impacts associated with the financed activities
      • 

    • How the activity and associated business relationships might have adverse human rights impacts on individuals or groups and the relevant human rights standards involved, with special attention to people and groups at heightened risk of vulnerability or marginalisation (this should consider the different risks faced by women and men).
      • 

    
    		


    Shift, Business Model Red Flags
    

    UN PRI, Human rights benchmarks for investors: an overview
    

    Dutch Banking Sector Publications (e.g. in relation to Human Rights in palm oil or analysis of gold value chains)
    
    		

    

    


    Identify human rights salient issues
    
    		


    Where it is necessary to prioritise actions, prioritise severe impacts. Severity can be assessed based on:
    

      

    • Scale (i.e. the gravity of an impact)
      • 

    • Scope (i.e. the number of individuals impacted)
      • 

    • Irremediability (i.e. the ease at which the impacts can be remediated)
      • 

    

    Among those most severe, identify those impacts that have a greater likelihood of occurring.
    
    		


    Shift, Introduction to Salient Human Rights Issues
    
    		

    

    


    Engage stakeholders
    
    		


    Engage with stakeholders throughout the process, including potentially affected or affected communities / rightholders or other relevant actors. Stakeholders, and especially human rights and environmental defenders, can provide essential insights into salient risks.
    
    		


    Working Group on Business and Human Rights, Taking stock of investor implementation of the UN Guiding Principles on Business and Human Rights
    

    Shift & Forvis Mazars LLP, UNGPs Reporting Framework – Stakeholder Engagement
    

    UNDP, Heightened Human Rights Due Diligence for Business in Conflict-Affected Contexts
    
    		

    
    

    

    

    Case study: Development of sector studies
    

    Given the importance of the shipping sector to ABN AMRO, the Bank initiated a study into the working conditions of seafarers on deep-sea vessels. They gained insight into the types of human rights impacts that tend to occur in the sector, related to decent working and living conditions, hours of work, rest and harassment. They are now in conversation with shipping clients and other actors in the sector (e.g. crew management companies and the Global Maritime Forum) to discuss perspectives on and approaches to seafarers’ rights. They are currently working with industry experts to enhance their client engagement and due diligence processes on this topic with an objective to improve labour conditions within the shipping industry.
    

    

    
        
    
            
    
            
    

    Based on an understanding of negative impacts and risks to people, FIs should seek to identify the most salient human rights issues in their lending and / or investment portfolio. In this context, saliency refers to the human rights impacts which most severely impact rightsholders such as workers, customers, or the broader community. This includes both potential and actual impacts. Once an FI has identified the most severe impacts based on their scale, scope and irremediable character, they are expected to further prioritise the impacts that have a higher likelihood of occurring. Identifying salient issues makes it possible to prioritise resources on mitigating an FI’s most serious impacts (see also section on ‘Taking Action’).  Meaningful consultation with the FIs’ internal and external stakeholders is key to identifying human rights salient issues (see also section on ‘Stakeholder engagement’).
    

    What factors should FIs consider to determine saliency?
    

      

    • Most severe: based on scale, scope and irremediable character, i.e. how grave and how widespread the impact would be and how hard would it be to remediate the resulting harm?
      • 

    • Potential: those impacts that have some likelihood of occurring in the future, recognizing that these are often, though not limited to, those impacts that have occurred in the past.
      • 

    • Negative: placing the focus on the avoidance of harm to human rights rather than unrelated initiatives to support or promote human rights.
      • 

    • Impacts on human rights / double materiality: placing the focus on risk to people, rather than on risk to the business.
      • 

    

    Source: Human Rights Reporting and Assurance Frameworks Initiative, Salient Human Rights Issues
    

    

    

    Further reading
    

    

    


    

    

      

    • UN PRIHow to identify human rights risksGuidance on human rights due diligence, including sources on sector and country level risk. 
      • 

    • World Benchmarking AllianceCorporate Human Rights Benchmark Investor GuidanceGuidance for investors to support internal engagement on human rights issues. Includes targeted questions to support prioritising sectoral risks along key themes (e.g. living wage, working hours, responsible sourcing, water and sanitation).
      • 

    

    

     
    

    

    

    

    Case study: Human rights saliency assessments
    

    BNP Paribas has published its Human Rights Risk mapping, which has identified the bank’s salient human rights risks. With respect to financing and investment operations, workers’ rights and rights of local communities have been identified as the most salient risks. In 2020, ABN AMRO established a ‘Human Rights Risk Register’, to identify, manage and address the bank’s human rights risks. ABN AMRO identified four salient issues related to its investment services operations: Labour rights; Land-related rights; Right to life / right to health; and Right to privacy / freedom of expression. ABN AMRO describes these four issues in detail in their Risk Register, and links them to sectors, such as agri-commodities, big tech and energy, in which investment services clients can invest. Before prioritising the most salient issues, a longlist of risks was compiled, and for each risk it was determined how robust the bank’s mitigation efforts were. This way, ABN AMRO was able to identify gaps in human rights risk management and inform senior management.
    

    

    
        
    
            
    
            
    

    The result of the portfolio-level saliency assessment can be the basis for evaluating existing systems, updating processes, and taking specific measures, including:
    

    

      

    • Revising policies, procedures, roles and responsibilities, to reflect key risks and develop appropriate responses and commitments (see section on ‘Policy‘)
      • 

    • Identifying stakeholders with knowledge of high risk segments of the portfolio to ensure that policies, processes, and approaches are appropriate and based on consultation (see section on ‘Stakeholder engagement‘)
      • 

    • Ensuring that transactional level due diligence is informed by an understanding of broader contextual risks (see section on ‘Screening and risk assessment‘)
      • 

    • Inform other banking functions of risks and measures as relevant
      • 

    • Ensuring that grievance mechanisms are accessible to affected stakeholders, including vulnerable groups, particularly in high risk segments of the portfolio (see section on ‘Grievance‘)
      • 

    

    

    

    

    Case study: Acting on saliency assessments
    

    Following an analysis of its activities and risks, Barclays have identified ‘Focus Areas for Progress‘ which summarises key actions. Relevant actions and themes include:
    

      

    • Corporate culture – including capacity building to support colleagues’ understanding of human rights risks and responsibilities
      • 

    • Saliency assessments – including extending saliency assessments to other areas of the Bank in collaboration with internal and external stakeholders
      • 

    • Policies and environmental due diligence – including reviewing sustainability policies and committing to engage with clients in relation to salient issues
      • 

    • Just transition – including updating the Bank’s Transition Plan and Client Transition Framework
      • 

    • Remedy – including engaging clients in relation to remedy approaches.
      • 

    

    

    

    
        
    
        
    
    
    

    
        
    
            
    
            
    Human rights risk assessment at transactional level
    

    In the financing context, policies and procedures, including environmental and social management systems (ESMS), often describe an overarching approach to environmental and social (E&S) due diligence which is applied to client / project assessment on a transaction-by-transaction basis and which integrates E&S considerations at key stages of the financing process. This process typically complements other transaction due diligence processes, including commercial, business integrity, and legal due diligence. FIs should ensure that transactional due diligence adequately integrates human rights considerations.  Many FIs use negative screening, such as exclusion lists, to remove severe risks from their portfolio. These lists exclude companies and activities in certain sectors / industries or operating contexts. While these strategies may help to prevent banks from being linked to severe human rights risks, further measures are required to implement a UNGPs approach. From a UNGPs perspective, HRDD is first and foremost an engagement process; therefore integrating human rights considerations in ESG approaches requires going beyond exclusion lists. It calls for implementing human rights due diligence in all sectors, contexts and  companies, understanding that severe human rights risks may be linked to all types of activities, including those with clear social and environmental benefits such as renewable energy projects.     
    
    

    
    
    
            
    
            
    

    Initial screening is an opportunity to make an early assessment of E&S risks relating to a particular client, investee or transaction, including potential human rights impacts. This may entail:
    

      

    • Developing a basic understanding of salient human rights issues based on a potential investee’s / client’s operating context including geographies, governance capacity and rule of law, business model red flags, type of products and services and specific sectors.
      • 

    • Reviewing a potential investee’s / client’s track record of real-world human rights impacts and company specific human rights performance. This review should include an initial assessment of: how companies’ policies, mechanisms and processes align with the UNGPs expectations, how companies manage specific human rights issues and the outcome of this management and how it relates to stakeholders, especially potentially affected individuals, and to what extent meaningful consultation processes are implemented and trust is established with communities and workers.
      • 

    

    Banks may also complement the information with their own research and portfolio level screening to improve risk information. This can be done on the basis of desk review and public information. A non-exhaustive list of relevant sources are included below. Ultimately, risk information derived from the initial risk screening should inform the depth and intensity of second screening. Examples of sources are included below.
    

    


    


    Level
    
    		


    Examples of sources
    
    		

    
    


    


    Client / investee-level sources
    
    		




    

    


    Sector level sources (see also sector profiles for further sector specific information)
    
    		




    

    


    Country level sources
    
    		




    
    

    
        
    
            
    
            
    

    When human rights risks are identified in the first screening, it is necessary to follow up with a deeper assessment of these risks. Guidance on this process can be found in the OECD’s Due Diligence Guidance for Responsible Conduct, as well as suites of guidance on Operationalizing Responsible Business Conduct Due Diligence for the Financial Sector. In brief, second screening can involve:
    

    


    


    Additional context-specific assessments
    
    		


    Detailed contextual analysis of the local socio-political and economic context, including legal frameworks and compliance.
    
    		

    

    


    Further research, data collection and analysis
    
    		


    Further research and analysis based on a wide range of sources, including local reports, international human rights organisations’ publications, and expert analyses.
    
    		

    

    


    Further stakeholder engagement
    
    		


    Direct engagement with affected communities, local NGOs, trade unions, and other stakeholders. Maintaining open channels of communication with stakeholders, providing regular updates and ensuring responsiveness to their concerns.
    
    		

    

    


    Vulnerability assessment
    
    		


    Identifying vulnerable groups, such as women, children, indigenous peoples, and migrant workers, to ensure that their specific rights issues are considered.
    
    		

    

    


    Detailed policy and document review
    
    		


    Review and revision of policies and procedures that specifically address the risks identified to ensure that they are appropriately mitigated and addressed. This can include in-depth reviews of client documents, including existing Environmental and Social Risk and Impact Assessments, Human Rights Risk and Impact Assessments, as well as reports and assessments from independent third parties.
    
    		

    

    


    Evaluation of grievance mechanisms and remediation approaches
    
    		


    Establish accessible and effective grievance mechanisms and ensure that these allow for relevant risks to be identified and accessible to relevant vulnerable groups. Develop and implement comprehensive remediation plans to address any identified human rights impacts.
    
    		

    

    


    Collaboration and partnerships
    
    		


    Collaborate with other organisations to share best practices, due diligence information, and approaches to addressing systemic human rights issues
    
    		

    
    

    

    

    An evaluation of these factors can be undertaken in relation to the client itself as well as the operation, project, or asset concerned and should ultimately influence the potential transaction’s overall E&S risk rating.
    

      

    • Guidance questions for assessing clients or investees are provided here (PDF)
      • 

    • Guidance questions for assessing assessing an operation, project, or asset are provided here (PDF)
      • 

    

     
    

    

    Case study: APFF’s assessment of human rights risks in investee companies
    

    

    The Local Authority Pension Fund Forum’s (APFF) 2022 Mining and Human Rights Report outlines the five main questions that they’ve developed to assess human rights risks in investee mining companies:
    

      

    • How does your board engage on human rights? Does the chair get involved and are human rights treated as a strategic issue?
      • 

    • Is input from affected community members heard at board level and integrated into board decision-making, including joint ventures? If so, could you provide examples?
      • 

    • Does the company undertake independent human rights impact assessments by credible experts and disclose the findings publicly?
      • 

    • Are the findings of these impact assessments integrated into company decision-making? Can you provide a couple of examples?
      • 

    • How do you assess the financial materiality of your human rights impacts, including through joint ventures?
      • 

    

    

    

    
        
    
            
    
            
    

    In certain cases, risk assessment may be supported by on-site assessments or visits. These can be conducted by team members and/or third-party consultants. Effectively incorporating a human rights focus can require specific considerations as summarised below:
    

    


    
Question
Description

    
    


    


    Does the site visit methodology clearly integrate human rights considerations?
    
    		


    Where third party consultants are engaged, terms of reference should make clear reference to the identification of human rights issues as well as applicable human rights standards and benchmarks. Specific issues and areas of investigation should be defined wherever possible (e.g. on the basis of desk review and initial screening).
    
    		

    

    


    Does the team conducting the site visit have appropriate expertise and knowledge?
    
    		


    It should be ensured that individuals conducting visits, whether internal or third party, have adequate expertise to identify and address salient risks.
    

    In some cases, individuals with generalist E&S expertise may suffice. In other cases, human rights specialists may be required (e.g. indigenous rights, resettlement, labour, health and safety experts).
    
    		

    

    


    Does the site visit methodology allow for human rights issues to be identified?
    
    		


    Effective identification of human rights risks and impacts typically requires specific methodological considerations. This includes:
    

      

    • Considering safeguarding and anti-retaliation measures (see below)
      • 

    • Ensuring that potentially impacted rightsholders are engaged through interviews or focus groups (e.g. workers, community members, women’s groups)
      • 

    • Ensuring access to all relevant facilities (e.g. accommodation) as well as documentation / records (e.g. grievance logs, pay records, permits).
      • 

    

    Where third parties are used, these methodological considerations should be integrated into relevant terms of reference.
    
    		

    

    


    Are adequate safeguarding and anti-retaliation measures in place?
    
    		


    Engaging stakeholders in relation to sensitive human rights issues may give rise to retaliation risks. This may include retaliation perpetrated by employers, businesses, or even state security forces against workers, community members, and other rightsholders. 
    

    Minimising risk of retaliation requires specific protocols and measures which are implemented in a manner that is consistent with good international practice. Specific guidance can also be found here.
    
    		

    
    

    
        
    
            
    
            
    

    Heightened human rights due diligence (HRDD) is a process that companies undertake to identify, address, and mitigate their impact on human rights in the context of conflict. It goes beyond the requirements of the UN Guiding Principles on Business and Human Rights (UNGPs) by incorporating conflict sensitivity into the analysis. The presence of conflict should influence the overall E&S risk rating of potential financing (thereby potentially impacting the overall financing approval process), and should trigger additional due diligence measures. Further resources, including guidance and authoritative databases on conflict areas, are included below.
    

    

    Further reading
    

    

    


    

    


    

    

    
        
    
            
    
            
     
    

    

       Further reading: risk assessment
    

    

    


    

    


    

    

    

    

     
    

    

    

    Further reading: corruption and governance
    

    

    


    

    


    

    

    

    

    

    

       Further reading: contexts where civic space is under pressure
    

    

    


    

    


    

    

    

    

     
    

    

    

    Further reading: vulnerable or marginalised groups
    

    

    


    

    


    

    

    

    

     
    

    

       Further reading: resettlement or expropriation
    

    

    


    

    


    

    

    

    

     
    

    

    

    Further reading: climate risk
    

    

    


    

    


    

    

    

    

    

    

       Further reading: labour influx