Implementing the Voluntary Principles on Security & Human Rights – Practice Note

The VPs are of paramount importance to extractives companies in low governance jurisdictions, and they are increasingly relevant to companies in other sectors. In fact, new members to the Voluntary Principles Initiative (VPI) are increasingly operating in the manufacturing, energy, agriculture and chemical production sectors.

Ithaca Impact both advises companies how to effectively implement the VPs, and audits existing implementation practices. In our engagements, we have identified some shared lessons that are valuable to the broader business community. 

Implementation Risks and Challenges

Whilst every company and every context is different, our observations suggest that there are three key areas—irrespective of maturity of engagement with the principles—where companies are challenged or could seek to better align their implementation with the Voluntary Principles:

ONE : In general, companies that have committed to the VPs are committed to good security practices that uphold to human rights . Are they perfect? No. Do they strive to do better? Yes, many do. The companies who are engaged or corporate members of the VPI investigate where they could potentially do harm and seek to protect communities’ human rights. However, we often observe a disconnect between the corporate level intent and practice on the ground. This disconnect is often explained by three key factors —all of which can be addressed with the right approach: A) Systems, B) Insights, C) Governance.

A) If systems are not tailored to context, or do not evolve as operations change, companies are unable to effectively control security practices in contexts where the rule of law or good governance is absent.

B) If insights are not localised, companies do not have the timely information they need to adapt to the context and understand their potential harm.

C) If A company’s governance structure is not attentive to security and human rights, nor will be its management structure; what gets measured and monitored gets managed, most especially when it comes to human rights impacts.

TWO : Companies almost always have a system and process for risk analysis, but it is often centralised rather than informed by triangulated local content and a range of sources. As humans, our point of reference naturally reflects our professional background—our known knows and unknowns. The unseen risks—unknown unknows—take companies by surprise. Effective risk analysis requires the inclusion of risks not immediately apparent or relatable to the assessor. The potential human rights harms attributable to a company’s satellite operations may be difficult to identify from headquarters, but its inclusion in risk assessments is a central requirement of the VPs. Our recent work suggests companies would be well served to review their risk analysis with an eye to:

A) The perspective taken : Key question: Does the company assess risks to communities—as opposed to risks to the company—and does it have the technical skill to accurately do so?   

B) The sources of information utilised : Key question: Are multiple, localised information sources used or is the company accepting information provided to it along what we term the ‘path of least resistance’?

If a ‘risk to company’ perspective predominates and non-localised single sourced information is used, the company is flying blind and may be contributing to harm. The consequences escalate with more stringent expectations—evident in the revised GRI Mining Standard, the final EUCSDDD text, and the most recent US National Action Plan on Responsible Business Conduct— which increasingly require companies to mitigate negative human rights impacts across their supply chains. Incorporating community risks and localised information sources into company decision making is essential to meet rising requirements. 

THREE: To a significant degree, companies operating in remote and contested spaces still struggle to understand the relevance and value of gender analysis, and how it can support risk management and tangibly benefit the company and local communities. As a result, companies are leaving themselves and women and marginalised communities exposed to substantial risk. There are two crucial reasons to address gender meaningfully. The first is that women and marginalised groups are at heightened risk of human rights abuses. It is well established in research and analysis that women and girls living in conflict-affected areas, militarized settings and other high-risk environments (e.g., refugee camps) face a disproportionate risk of gender-based violence—particularly conflict-related sexual violence—compared to men and boys. There are several well document cases of security personnel persecuting grave human rights abuses on local populations, in particular women and girls, including mass rape, intimidation, gender-based violence and extra-judicial killings. It’s one of the key reasons the VPs were developed. To implement the VPs effectively companies must consider the heighten risks to women and girls. There is also now, however, ample analysis supporting the investment in women thesis: women often hold informal power, possess untapped capability, and enable social cohesion and stability. Women can be both highly valuable employees and powerful and positive partners in community engagement, facilitating long-term peace positive development in emerging and fragile economies. Where companies seek a positive legacy, engaging women is key to intergenerational change. 

 Even as other mechanisms have emerged and consider merging including The Copper Mark, ICMM, Mining Association of Canada (MAC), the World Gold Council (WGC) the Voluntary Principles for Security and Human Rights is a standard more relevant than ever. The VPs set a clear expectation, and companies, regardless of sector, need to clear it.

For support assessing your VP’s implementation, or planning your approach, contact Scott Carnie, Lead, Security and Human Rights sc@ithacaimpact.com or Elizabeth Armstrong ea@ithacaimpact.com to discuss your company’s needs.