Building a Fortress Against Exploitation: Leveraging ISO 37301 for Compliance Programmes under Canada's Forced and Child Labour legislation

The arrival of the Fighting Against Forced Labour and Child Labour in Supply Chains Act (the Act) in Canada on January 1, 2024, signifies a turning point in the country's commitment to ethical sourcing and eradicating exploitative practices within its borders and across its global supply chains. The Act mandates that a significant portion of Canadian businesses with international operations establish and maintain robust compliance programs to fulfill their reporting obligations and effectively mitigate the risks of forced labour and child labour within their supply chains. In navigating this new legal landscape, businesses can leverage the robust framework of ISO 37301:2011, Compliance management systems – Requirements with guidance for use, to build a comprehensive and effective compliance program.

The Urgency of Compliance

The Act casts a wide net, encompassing businesses that meet specific size and revenue thresholds. These "reporting entities" are obligated to submit annual reports detailing their efforts to identify and address forced labour and child labour risks within their supply chains. Failure to comply with the Act's reporting requirements can result in administrative penalties and reputational damage.

Beyond the legal imperative, ethical considerations compel businesses to take a proactive stance against forced labour and child labour. Consumers and investors are increasingly demanding transparency and accountability from the companies they interact with. A well-designed compliance program, built on the principles of ISO 37301, demonstrates a company's commitment to ethical sourcing and responsible supply chain management.

Why ISO 37301?

While the Act doesn't prescribe a specific framework for building a compliance program, it emphasizes the importance of a systematic and risk-based approach. This is where ISO 37301 steps in. This internationally recognized standard provides a comprehensive framework for establishing, implementing, maintaining, and continually improving a compliance management system (CMS). By adopting ISO 37301 as a guiding principle, Canadian businesses can build robust compliance programs that effectively address the requirements of the Act and mitigate the risks of forced labour and child labour within their supply chains.

The Benefits of an ISO 37301-Based CMS

Here's how aligning a compliance program with the ISO 37301 framework can empower Canadian businesses under the Act:

• Structured Approach: ISO 37301 outlines a clear and well-defined process for establishing a CMS. It guides businesses through all stages, from identifying relevant compliance obligations to implementing controls, monitoring performance, and taking corrective actions. This structured approach ensures a holistic and effective compliance program.
• Risk-Based Focus: The standard emphasizes the importance of tailoring the compliance program to the specific risks faced by the organization. Businesses can leverage their risk assessments conducted under the Act to identify areas requiring heightened compliance focus. This risk-based approach ensures that resources are directed towards the most critical areas.
• Continuous Improvement: A core principle of ISO 37301 is the concept of continual improvement. The standard encourages businesses to regularly review and update their compliance programs as the legal landscape evolves, new risks emerge, and the organization's operations change. This ensures that the compliance program remains relevant and effective over time.

Building a Compliance Program with ISO 37301

Let's delve into the key elements of an ISO 37301-based compliance program in the context of the Act:

• Compliance Policy: The program should be anchored by a clear and comprehensive compliance policy that outlines the organization's commitment to complying with the Act and other relevant laws and regulations related to forced labour and child labour. The policy should also establish the roles and responsibilities of various stakeholders within the organization regarding compliance.
• Risk Assessment and Identification: Building upon the risk assessment conducted under the Act, the compliance program should further identify compliance obligations arising from the Act and other relevant regulations. This comprehensive risk assessment allows for the development of targeted compliance controls. The sue of ISO 31000 Risk Management Standard could be used as a guide on risk assessments.
• Compliance Controls: Based on the identified risks and obligations, the program should establish a range of control measures to mitigate those risks. These controls may include implementing a supplier code of conduct that prohibits forced labour and child labour, conducting supplier audits to assess compliance with the code, and developing procedures for reporting suspected forced labour or child labour within the supply chain.
• Information and Communication: Effective communication is crucial for a successful compliance program. The program should establish clear communication channels to raise awareness among employees about the Act's requirements, reporting procedures for suspected forced labour or child labour, and their individual roles and responsibilities within the compliance program.
• Monitoring and Evaluation: The program should include mechanisms for monitoring the effectiveness of the implemented controls. This may involve conducting periodic audits, reviewing supplier audit reports, and analyzing internal reports of suspected forced labour or child labour.

Companies in Canada that are bound by the legislation should consider using a comprehensive programme like ISO 37301 to help with compliance.