OPINION: Corporate criminal liability as a tool for mandatory human rights/ESG due diligence and disclosure – a missed opportunity

Friday 2 June 2023

Vladimir Hrle

Hrle Attorneys, Belgrade


Environmental, social and governance (ESG) has been traditionally used by investors when making investment decisions, but more recently ESG factors have also been examined by companies when managing risks in their operations, including in their value chain. Much has been written recently on the new ESG-related European Union instruments, namely the European Corporate Sustainability Due Diligence Directive (CSDD)[1] proposal and the Corporate Sustainability Reporting Directive (CSRD)[2], adopted recently.

CSDD aims to mainstream ESG sustainability considerations into company operations and prevent and mitigate potential or actual impacts on human rights and the environment, while also making entities accountable for such impacts. This is achieved by establishing a due diligence process, used by companies to identify, prevent, mitigate and remediate the principal actual and potential adverse impacts connected with their activities and determine how to address those adverse impacts.

On the other hand, the CSRD aims to make companies report on ESG processes including due diligence to hold them accountable and legally responsible for providing non-financial (sustainability) ESG information. The primary users of ESG information published in annual company reports are investors, companies with a supply chain, business partners, non-governmental organisations (NGOs) and other stakeholders. They want to better understand the risks and opportunities provided by issues of sustainability relative to their investments and business relationships, as well as the ESG impact of those investments on people and the planet, ie, on human rights and the environment. Until recently, there was no legal obligation for investors or companies to produce any kind of report on how they manage their ESG risks.

What is often overlooked is the impact of corporate criminal law in the implementation of due diligence requirements and sustainability/ESG disclosure obligations. Increasing disclosure requirements alongside the respective obligations of directors for accuracy of non-financial/ESG statements suggest the implementation of due diligence and a ESG compliance programme, as they can provide a potential due diligence defence and also mitigating circumstances.

In order to have proper ESG disclosures and produce a non-financial ESG (sustainability) report, companies need to first set up relevant ESG practices and procedures that would underpin those disclosures, including human rights due diligence, but also procedures regarding environmental and social factors, including those relating to employees, as well as to anti-corruption and bribery.

So, introducing these non-financial ESG reporting obligations could encourage companies to bring in due diligence requirements as an integral part of their ESG operational procedures, which, once established, would allow a meaningful ESG sustainability disclosure.

Disclosure represents a final link in the chain and one cannot imagine a company making a meaningful ESG disclosure on, say, anti-bribery matters, without first setting up a proper compliance programme. The same goes for companies’ human rights obligations – in order to make meaningful disclosures on their human rights efforts, companies need to first set up a proper human rights due diligence framework.

Unless companies have already established due diligence procedures, they will not be able to identify their risk areas and as a corollary will not be able to produce a proper non-financial ESG sustainability report. This is particularly true with regard to the section on due diligence process implemented with regard to ESG sustainability matters and a description of the principal risks to the undertaking related to these sustainability matters, including the company’s principal dependencies on such matters, and how the company manages those risks.[3]

How to actually better ‘motivate’ companies to introduce due diligence processes that would later underpin a proper ESG sustainability reporting

One of the solutions would be to introduce a corporate criminal liability regime for certain ESG breaches (ie, grave human rights breaches) in the supply chains of companies (through CSDD), or to introduce a criminal liability offence for false ESG disclosures (through CSRD).

Introducing corporate criminal liability in the sphere of ESG or sustainability matters (ie, corporate human rights breaches) is not a new thing. It was already heavily advocated in 2016 by the Council of Europe (COE) in its Recommendation CM/Rec(2016)3 of the Committee of Ministers to Member States on criminal (or equivalent) liability for business-related human rights abuses.[4] With this Recommendation, whose primary purpose was to contribute to the effective implementation of the UN Guiding Principles on Business and Human Rights (UNGPs) at the European level, the COE recommended that Member States consider applying certain legislative measures (including criminal liability) to ensure that business enterprises can be held liable under their respective criminal law for the commission of, inter alia, crimes under international law caused by business enterprises and other offences constituting serious human rights abuses involving business enterprises. This could also improve access to remedy for victims of business-related human rights abuses and fulfil their obligations of judicial cooperation with each other or with third countries, including criminal investigations.

However, the practical application of this very progressive recommendation, to date, remains very low.

In addition, the EU Parliament, in its resolution of 25 October 2016 on corporate liability for serious human rights abuses in third countries (2015/2315(INI)) (2016)[5], advocated that when human rights violations are perpetrated by corporations, these actions may include personal criminal liability. It called upon Member States to prosecute those responsible for such crimes at the appropriate level and for the establishment of rules defining such criminal offences.

Fast forward to 2022, and we have the two aforementioned EU directives that could have given teeth to the progressive approach of the Council of Europe’s 2016 Recommendation and that of the EU Parliament, but ultimately failed to do so, as the final texts did not recommend the introduction of criminal liability for companies.

Due to the various shortcomings raised by stakeholders and the slow administrative process, it is very unlikely that the CSDD will enter into application anytime soon. In addition, the European Commission did not accept the recommendation of the Committee of Foreign Affairs and the Committee on Development to extend the proposed liability regime to include criminal liability.

On the other hand, the recent legislative trends have resulted in a significant broadening of board power and responsibilities – non-executive directors are required to control the company in a growing number of areas. For example, board members bear responsibility for the correctness of certain corporate governance statements (ie, financial statements). Members of the board who can be associated with the production of a false statement either directly or by omission where a statement disclosure is required under the law shall be criminally liable, which would further trigger the liability of the company itself, due to the basic principles of corporate criminal liability. The same should be applicable to non-financial reporting – the recent trends show that directors should be liable for misleading or false non-financial ESG statements, in the same way that they are liable for financial ones. The CSRD has been recently adopted, however, and its final text does not include any reference to criminal liability for false ESG reporting.

The CSDD mentions that directors must take into account the consequences of their decisions for ESG ie, sustainability matters (where applicable, relating to human rights, the climate crisis and environmental consequences), including in the short, medium and long term. The recent cases have also shown that the company and its directors are likely to be held accountable where there is some reliance by third parties on the misleading ESG statements produced with their annual fillings. This is of particular concern, as most directors who ultimately bear responsibility for these forward-looking disclosures do not have adequate knowledge of ESG issues.

As mentioned, having a separate ESG offence for false reporting would significantly ‘motivate’ companies to firstly introduce proper ESG procedures (which include due diligence) enabling them to subsequently have a solid ESG non-financial disclosure in line with the CSRD.

This new offence would underpin the need to establish a due diligence process due to a typical corporate criminal liability mitigant – which could eventually form the basis of a due diligence defence – proving that said company did in fact establish a proper ESG procedure (ie, taking all practical steps to ensure that the ESG sustainability report was faithful and adequate) including the existence of a functional due diligence process that could potentially exonerate the company in cases of false ESG disclosures.

This would also prevent greenwashing as seen recently in the EU in several cases – the term refers to a manipulative sustainable statement (usually in a company’s annual reports) that suggests that a certain activity can be considered as a sustainable activity, whereas the opposite is true. Greenwashing can also occur inter alia where companies/investors do not yet have any criminal compliance incentive to actually set up relevant ESG practices that would potentially prevent greenwashing.

Lastly, as stated, there is a growing need for capacity-building in companies with regard to ESG related issues, so having a separate ESG fraud related offence would also significantly motivate companies (and directors) to raise their internal ESG capacities, in order to mitigate litigation risk.

The applicable EU legal standard indicates that sanctions need to be appropriate and that they should be clear, effective, proportionate and dissuasive. It is left entirely to Member States to choose the appropriate measure for non-compliance, ie, false reporting. In this sense, this was a missed opportunity for the EU, particularly given the several observations made in this regard during the consultative process. The final text of the directives did not include any reference to criminal liability. It is yet to be seen whether this will change, in line with the growing body of cases and the trends coming from the UK and the US.

NOTE: The views and opinions of Vladimir Hrle expressed here are personal, and do not necessarily represent the views and opinions of the International Bar Association, the author’s current or past employers or colleagues, or professional associations or organisations with which the author has collaborated.

[1] https://commission.europa.eu/publications/proposal-directive-corporate-sustainability-due-diligence-and-annex_en

[2] https://finance.ec.europa.eu/capital-markets-union-and-financial-markets/company-reporting-and-auditing/company-reporting/corporate-sustainability-reporting_en

[4] https://edoc.coe.int/en/fundamental-freedoms/7302-human-rights-and-business-recommendation-cmrec20163-of-the-committee-of-ministers-to-member-states.html

[5] https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A52016IP0405