Canada’s Modern Slavery Act: How to Enhance Workplace Safety and Supply Chain Integrity

Mallory Hendry [00:00:07] Hello, everyone and thanks for joining us today. I'm Mallory Hendry, Senior Content Specialist with Canadian Occupational Safety. And I'm pleased to introduce today's webinar, Canada's modern slavery act Strategies and Technologies for enhancing workplace safety and supply chain integrity. Our presenter today is Katie Martin, and over the next hour, she will outline the Act and what it means for your operations as well as share real world insights cutting edge technologies and best practices for successful compliance. At the end of the presentation, Katie will participate in a question and answer period. So be sure to type any questions you have into the q&a box within the webinar software. And also, just one note, the on demand video recording of this presentation will be available on the Canadian Occupational Safety website within the next few days. I'll turn things over to Katie now to begin the presentation. Take it away, Katie.  

Katie Martin [00:01:00] Thanks, Mallory. And hello, everyone. Thank you for joining a pleasure to be here. As we get ourselves kicked off, and I kind of transfer over to the SlideShare of which we Yes, we will be sending the slides out after and this is recorded and accessible. So you'll have both avenues to access after we're done. So don't worry about needing to screen cap as we go along. But I wanted to put a quick poll in front of everyone just to better understand who's in the room and where you all see yourselves in terms of your readiness for mitigating forced labor risks and responding to Canada s 211. So we're asking how would you rate the current state of your force labor mitigation program currently, and you have four options there, you can only choose one. But if you feel you're advanced, and you don't really have any concerns about meeting these requirements, develop, do you think you have good processes in place, but likely need to do a little bit of refinement emerging, you have kind of the basics in place, likely have a modern day slavery policy and a code of conduct, but don't really have a supplier engagement or supplier relationship management in this space. And then beginning where we're developing policies and controls pretty quickly here, someone in response to the act, but also to, you know, make sure that we're staying compliant and in best practices. So we'll give folks a few seconds here. And we will be showing the results to the group. So you can kind of get a sense of camaraderie, and who's in the room with you. But it looks like we have a pretty big split here, with about half of the folks feeling like they're in the beginning space, they're just developing policies and controls pretty rapidly with that may 31 date, probably keeping you up at night a bit. And then about 20% and emerging 15 and developed and 50%. Feeling pretty comfortable. But glad you're here as well, just to make sure that we have all of our ducks in a row from a compliance standpoint, as we all try to ensure that we're ready to meet the bills needs. So I'm going to take us through some of this content a little faster in some sections, just to make sure that we have some really good time to sink into some of the critical application framework pieces. My hope is that you leave this session feeling like you have some action items and some idea of frameworks in order to structure your response and ensure that you're meeting all of those compliance requirements. So when you hit that questionnaire, um, hopefully sometime in May you feel well prepared to answer, I will say you may feel a little pinch of frustration on what is not going deep in certain aspects. And I'll say this intentionally, because as we'll go through, you'll realize, based on your industry, your vertical and material elements, some of these things have to be a little bespoke, not only to the where you occupy, in the global kind of landscape and supply chain, but also to the unique context of your organization. Um, so In instances like that, I'll try to call that out. And I'll also be sure to share as much as I can, that there is, you know, need to look at third party or support services as we go forward. But what I want to do first is kind of set the stage as to why your acts like these starting to become the global norm, and some of the labor impacts driving that. And then get into what as to 11 is looking to cover some of the requirements, the eligibility triggers, there might be some folks on the phone that feel like we are under that, you know, that threshold, but I'm here to learn and it's great to be in that space. But also you may be getting pulled into these requirements from other supply chains that you're a vendor to who identified you as a high risk supplier. So we'll talk about that kind of two sided marketplace. We'll go through actual mitigation and managing of forced labor, both frameworks and activities and try to ground them in reality. We'll be walking through a lie of modern day slavery policy and document as we map against that just to make sure that there's some experiential connection there. And then we'll talk briefly about some technology enablers entering the space, and things that could help you with economies of scale. They may not be deployable in the next 60 days for this May 31. But as you think about scaling your program over time, they may be things you want to invest in as you move forward. So one thing I always like to start with is grounding us in this aspect of sustainability. And I'll say, jokingly, there's going to be a lot of wheels today, as we talk about frameworks, you know, we'll send a an Amazon gift card to the person who correctly tells us the number of wheels that we presented today at the end of the end of the showing, but really trying to make sure that we are talking about the same thing. And this is a very broad landscape, we're going to be really hyper focused on the modern day slavery and forced labor aspect today, but just wanted you to understand when we talk about sustainability at Avetta. And as we approach it, this is kind of the holistic aspect, as we think about the broader frameworks that we're all kind of trying to meet like CSRD. Or if you're getting hit by more regional things like here in the States, the SEC, there's a lot of components that are coming in, especially from the occupational health and safety, environmental health and safety side. And just a little bit about me before we move forward, and my context and perspective. So I am the director of sustainability and Innovation at Avetta. We're a supply chain risk management platform. So we have about 135,000 suppliers globally, and a couple of 100 clients that we work with vetting risk in their supply chains. And we started out in the health and safety side, but as the nature of risk and business has evolved, so to have leaves, so we have a full sustainability offering. And a lot of what I hope to share with you today is kind of data and context and baselining from the suppliers that we have internally that have gone through this type of due diligence process, how they're coming out on the other side from a scoring perspective, and hopefully place you in kind of a sense of less anxiety, but a lot of motivation as we think about how the entire business landscape is evolving to take broader sustainability considerations into consideration. But specifically, of course, the social pieces. So let's talk about, you know, coming out of the global pandemic is the effects that have had, I'm just holistically on all aspects of work. In this instance, unfortunately, what we've seen as the return to work, and the reopening globally, has actually just exacerbated some challenges that we already were seeing across the board. The one thing I always like to make sure to mention too, even in social conversations is we think of climate as the E and an over there thing. But climate is actually driving a lot of global migration. So we've seen I believe about 30 million people in the Asian Pacific Region already, by 2022, have started their migration because of loss of arable land because of loss of actual land. And that's moving people globally into new regions. It's affecting the availability of human capital in the workforce and the demands on those new economies. And we expect about 100 million more folks to complete this type of climate driven migration in the next 10 years. So as we think about some of the risk factors that lead to forced labor and child labor, and exploitation in the workforce, we start to see that, you know, kind of exacerbated by this piece, obviously, somewhat in response to that we see a hyper evolving regulatory system. So obviously, we're all here today to talk about s 211. There's been a lot of forced labor, child labor mandates passed recently in Australia and France in the US even so, a lot of these things are coalescing. And what a lot of countries are trying to do, especially like Canada is is catch up. So we have parity, because the demands of an international community and international supply chain are causing some challenges. They're also the drive for transparency. And really, unfortunately, what we're seeing as we come out of the pandemic is just exploding forced labor and child labor, and also a change as well in terms of where those risks lie. I think traditionally, folks may have had a very built out risk matrices of geographical and supplier classification. And all of that has been turned upside down by the pandemic. Right now. We've seen a four and 5x increase in child labor in the US and Canada alone in the last two years. So the idea of where those issues typically lie and concentrate has to be reevaluated and reconsidered and acts like these are propelling that. So we're going to switch terminology He gears here. And I wanted to just make sure that we had nomenclature and context because there is a different global approach to these pieces. And when you look at the act itself for us to 11, it is called the forced labor and child labor act. And the reason for that is modern day slavery is a very large global term that encompasses all of these aspects of, of modern day slavery essentially. So under that includes forced labor, and child slavery and child labor. A lot of folks don't like child labor, because they don't believe there's the consent aspect there and saying Child Labor makes it seem consensual. So again, a lot of nomenclature, will adhere to the terminology utilized in the act itself today, but wanted to give people that context, because I know we actually had some inbound questions around the taxonomy here. 

Katie Martin [00:10:52] So when we drill down, and we're focused now on that one main heading under the under the modern day slavery umbrella, we're talking about forced labor, the International Labor Organization has broken it down into 11 key indicators that help us understand the breadth and the depth we need to go to make sure that we have adequate coverage and what is considered forced labor. So there are these Lebanon's indices here that been created and vetted by them. A little later in our chat today, we'll go through specifically how you can burn down those risks, both to meet the internally based requirements that are being asked as to how your organization has prepared to defend against these risks, mitigate them, manage them, and respond to them. And then also how you can play that, apply them to your supply chain, and operationalize them so that you're removing these risks from your suppliers as well. And just again, to kind of orient us and contextualize us just like to put these numbers up, because there really is a growing urgent need that's propelling a lot of this legislation. And for me, as I manage the response needs for sustainability for my organization. And I'm kind of, you know, struggling and overwhelmed with the data and you know, shaking my fist at the sky, it's helpful to kind of reorient as to why this is happening, why it's important, and why we play this critical role and being able to disrupt this unfortunate reality that lives in our supply chains. And again, just a significant amount of these elements coming into the public space, affecting consumer concerns and how they are approaching brands, and product selection. And we know that to be true. On the environmental side, there's increasing, you know, consumer concerns, especially for those that are consumer facing groups. And now child labor, forced labor and being able to assure consumers that this is not in your supply chain is becoming really critical. And it's also becoming very newsworthy with Tyson, Dunkin, and a few others, recently coming under, under scrutiny in the news. And again, just to put this into perspective, and also some of the challenges that we're trying to combat when we're thinking about what is pushing this type of Commerce and Labor, a little over 9 million people are moved into a situation of forced labor every year. And right now we estimate that's about 46 million people worldwide. The reason for this is, most of this is lying in supply chains. And when we critically pull back the layers of our supply chains that are businesses, a significant amount of our economies rely on slave labor and forced labor, is I think it's important to keep that in mind, because there is always this kind of push pull. And I'm sure for folks who've been in the EHS OHS procurement space for some time are well familiar with this. But you know, there's the bottom line. And then there's the double bottom line when we think about sustainability factors. And so all of this is to say, this is prompting nations to put this into a regulatory perspective in order to try to drive the change around this piece. Alright, so let's talk about the bill itself. Some things probably already familiar with you, as you've been, you know, diligently preparing for response here. But just to make sure we're on the same page, the bill went into effect the first of this year. And the first reporting requirements are for the 31st of this year. There is some back and forth as to the level of depth and efficacy required in that reporting, that we'll talk about a bit more, but technically, the way it's worded is the requirement is to report on your activities to mitigate this not that those activities have to be in place have to be best practice have to be executed. So I'm not recommending that at all. But as we go through this and some of the critical feedback that's been levied against the bill. And as we compare it to other legislation from the US and Australia and others, that is the kind of push pull component that folks are looking for, for the meritless legislation that we have in the US, the onus is on the business, who is pulling in supplies, versus the suppliers from high risk regions of the world or high risk products to prove that there is no forced labor rather than respond to a claim of forced labor. So I would stay coming out of this, you will have everything you need to be not only compliant, but also best practice with S211. For those that have, you know, multiple legal entities, good news is you don't have to do this planning process or the questionnaire for each one as long as you're under the same governance structure. And there are some implications and repercussions to your executive leadership in terms of needing to have this be assured by them. So as you're thinking about planning, and submitting your questionnaire, make sure that you're also aware of the fact that it does need to be executed and signed off by your governing body, whether that's your senior leadership or your official board. So make sure you leave time for that because as you can see, the fines are pretty significant for failing to comply. So who's eligible? Again, you're likely here because you already have checked several of these boxes and are preparing to respond. But on the left, we have the function and on the right, we have the size. And I'll say for a bill of this size, the thresholds are relatively low for year one, typically, we see pretty high thresholds, and then they are brought down year over year to better encompass the business community. This has started on the lower end, which is a really strong indication of the level of rigor that's likely to be attached to the attestation and the review of these components. But if you have 20 million in assets have at least 40 million in revenue, or have at least 20 or 30 250 people, you are up to respond to this by the 31st. So let's talk about the Act requirements. Right now, in order to meet the 31st deadline on first you have to prepare a report as annotated by the requirements in the act itself. So you need to map one to one to each one of those questions sets, a lot of them are internally facing and some are external in terms of your supply chain management. So we'll talk about those nuances in a second. And also ensure that you have the connectivity you need to the correct data sources to get that information in order to be able to respond or at least have a you know continuing improvement narrative as to why you don't have access to this data, but the pieces in place for this year so that in the 2025 reporting, you're able to respond appropriately. The approval and attestation piece I just alluded to, which is your appropriate governing body, a legal binding authority of your organization needs to approve and sign off to it and they carry liabilities in so doing so are likely going to want to have a significant review process, you then have to complete the online questionnaire, which asks for all of that report information to be ported into the questionnaire. And then they asked you to upload the report is well in PDF, and you're gonna really want to make sure there's a matching and data of one to one between your report and the questionnaire. Likely you're tackling that questionnaire, either piecemeal, or maybe various stakeholders have different responsibilities. So really make sure that, you know, I'm going back to my geometry classes where you check your proofs, but check your homework, because if there isn't a reconciliation there, that's likely to get kicked back to you. And it could trigger a non compliance if you have to wreak submit, and you don't get it back in before the 31st deadline. And then the biggest piece is public publication. So a lot of this is about illustrating externally to various stakeholder holders, the level of assurance and process that you go through to protect your supply chain and your products and services from modern day slavery. And I think the idea behind this too, is because the act is a little less proactive and more reactive. The thought is by creating transparency and visibility, it will better stimulate stakeholder engagement and push for more reporting in this space and for more assurance from the from brands, products services. 

Katie Martin [00:19:48] So this is a top level breakdown of the activities and components you need to report on and I've put them into internal and external for a couple of reasons. One, it is where the Data is likely to be pulled from and manage. And internal pieces are likely going to need some third party support from consulting groups or compliance consulting groups that are able to help you audit your current processes. Let you know about your specific risks unique to your sector, and ensure that you have the right controls in place. I'm going to provide a lot of that information for you today to empower you to do that type of work independently. But I will say I am by no means saying this should be your process that this fully covers your liabilities, we're just trying to make sure people are armed with as much information as they can to get into the best place. And we are recommending in year one, whether it's, you know, like I said consulting or, for instance, I run our advisory practice here at Avetta. And we provide this type of service to our clients, that you engage with another party if you don't have certification. Or if you'd like you have to recreate training or experience in this place to really make sure you have all of your risks covered. The external pieces are mostly about gathering data from your supply chain. And when we think about the due diligence components there, the onus is on you the entity to determine what suppliers pose this risk by geography by category by size, etc. And then engage with them to extract the data necessary to understand how they are preventing and mitigating forced labor risks. And in so doing blocking you from kind of cascading risk, we think about two, two and beyond suppliers. So use this to kind of help you map out again, when we're thinking about where are we pulling in these data points, and recognize that the external pieces will likely require a significant amount of a calm cycle, and make sure that you get those in place in ample time. So again, we're up on another wheel here. But essentially, when we think about needing to fully address both the letter and the spirit of the law, as it is it so unfolds with Bill us 211 We have this full processes that's best, both for making sure that you have full transparency within your organization and covered, but also for gathering that component and verifying that with your suppliers. So of course, this all starts with your risk analysis, and really identifying which components of risk are particularly attached to the organization. And the work that I do on the sustainability side, we call that materiality analysis, you may have heard of that world and materiality mapping, again, you likely already have a general sense of what that risk matrix C looks like for your organization. But a secondary pass, taking into account some of the trends that I've mentioned, have emerged in the last few years. And the shifting layer of risk, may want you to expand your parameters there, maybe moving beyond high spend in tier one, and really starting to dig down into, you know, those locales and things that are really pulling in risk. And for Canada, a significant amount that of that lies in electronics and agriculture in some of the high value imports that I have in the appendices here. So you'll have access to that after, of course, you want to have a policy and statement in place. So if you don't have a modern day slavery policy, we'll chat a bit about what the components of one are in a second. But in that policy want to have a description of this, we'll essentially so what are your risk management systems and strategies? What risks have you identified for your organization, and then how you're burning down those risks both internally with your employees and stakeholders, and externally with your supply chain. And then we talk about preventative measures, how folks can notify you of risk within the supply chain, if it does occur and within your own organization, how you're monitoring that risk with your suppliers and within your own organization. And the biggest piece I think sometimes we save for last but I sometimes recommend thinking about first is what is your action plan if you find instances of forced labor and child labor, both within your own direct employee group and stakeholders, and also within your suppliers. And for those that may be a little more familiar with this space. You may recognize the complexity of the question here because as we've seen, this happened in the news. And you know, 2030 years ago with the big cases like Nike and others, the reaction of the company was to immediately disconnect from the supplier that had this instance of forced labor, child labor. And while that is an approach, what we've come to find is that oftentimes, the context, the societal challenges and the regulatory challenges, pushing people into labor that's exploitative, is only exacerbated when that connection is broken. So a lot of times they're operating in economies or we have child laborers in areas of the world where if they're not working in this factory situation, they still need To be owners in a much more dangerous situation. So how do we mitigate that risk? How do we work with the supplier to ensure the child is in school for multiple hours of the year, etc. So I just want to make sure that's top of mind for folks too. Because once you know about it, you're liable and need to be able to respond. So thinking about that activities absolutely critical. And of course, your documentation, your reporting, how you're going to start to publish your results. So I know that was a lot of me talking. us take a second here, I see some, there's some questions coming in. But also, I think my screen share is a little limited here. So I'll try to get to those as we go through. But definitely want to take some time to speak now, specifically to now that we understand the reasoning for this legislation, what the requirements are of us. Let's talk about then how do we put this into practice. So what you're seeing here is basically, if you think about that wheel, we just saw kind of broken down into a lateral space, how you can specifically go through with your external partners, so your supply chain, in order to both mitigate risk and then have controls against it. So we're both trying to prevent, manage and mitigate at the same time. So as we go through aspects of this journey, what I'm going to do is kind of tee up, how you could approach it and operationalize it. And then we'll look at an example from an actual modern day slavery policy. And I'm utilizing Cisco's here, because it's a quite developed, I am by no means saying this is what you should do exactly, or copy. And to be quite frank, if you're looking for modern day slavery templates, or whatnot, as you'll come to find that defeats the purpose of having a modern day slavery policy, because the internal review process and controls that are necessary to build your own is part of the value of having that policy and doing that exercise, understanding where your risk points are, and then putting components in place to address them specifically, if you were kind of looking at others in the industry, and, and definitely, you know, take that as something to help you kind of frame up your thinking. But it could leave you exposed in ways that are unique to your particular band classification, geography, or just your unique offering. So keep that in mind, I think in the world of you know, chat, GPT and whatnot, everyone's trying to maximize time. I also will talk about well, there are technology enablers in this space, this is an extremely high risk space to not have direct expert, human capital oversight. So especially in this first year, recommend a little more elbow grease when it comes to this if you're creating these for the first time. 

Katie Martin [00:27:51] So the first piece of that that lateral framework that we talked about was engaging your partners and stakeholders. And this is across all myriad aspects of your business. Every single organization has some risk for forced labor. I mean, obviously, if you're in a construction sector, or manufacturing sector, or even facilities management, it's likely to be much higher than if you're in finance or in professional services. But there still is risk. And there's still a requirement for visibility. And sometimes we are surprised by how these things pull into our supply chain. And a lot of that has to do with venting out contract work too. So getting visibility is really key. But to do this, both internally and externally, a big piece is going to be about educating your internal stakeholders, your employees, especially your sourcing team, any of your supplier management team, any of your line workers as well, and getting them aware of what the forced labor risks look alike specifically for your organization and how they can report potential instances. So many folks on the line are probably really familiar already with compliance training, you may have had to go through it for anti corruption practices or, you know, DEI work or, you know, sexual harassment. So a lot of those service providers have started to build forced labor CIT training as well, that you can likely capitalize on. Some groups prefer to build it internally and have it managed and the compliance function, but this really works in I pulled in an example here from a manufacturing corporation that started e-learning classes in their overseas on prem factories that were sharing with the workers the importance of workplace safety, workplace rights, and how they can report instances of non compliance in within I think it was 30 days of having that compliance training. Completed, they saw a 50% increase in the number of health and safety incoming messages that they were getting through the channel. so that they built for people to get feedback. And at first blush that may be like, well, that's not good. But in a sense, it is we're collecting the data we need, we're getting insight on the ground into these risks live from a safety perspective and from a forced labor and workers rights perspective. And we're able to address that with that renumeration plan that we've built out in advance to handle cases just like this. It also helps reinforce and gives you reportable data on how you're building a culture of safety and compliance and providing opportunities for your workers to engage, which is one of the requirements that we need to report on in s 211. So an example of this in practice, and I pulled this out from again, that Cisco modern day slavery policy and from some of their supplier facing content that they have to orient and update their suppliers on their code of conduct and their expectations around ESG considerations. But on the left, what you'll see here is that they've a sub segment of all of the different global frameworks that they adhere to, that are particularly relevant to the products that they make, and the different labor policies, ethics policies, vulnerable groups, responsible minerals policy is applicable to them. So part of that engaging with stakeholders is examining in your space, who are the major frameworks, oversight bodies, etc. Whether it's like the responsible sourcing Alliance, or the responsible textile Institute as it applies to you. And one benefit from the good work they've already done in identifying these risks by the vertical. And also give yourself a little more compliance coverage, if it aligns with your organization's culture and compliance needs to and relate that to your external stakeholders, like your suppliers so they can be in alignment. The second piece you see here is they have a really robust champions of sustainability page. So that encompasses their environmental concerns as well as their socials. And folks own different pieces of that narrative and champion it within the organization. They able to bring a global and regional localization that way. So while you may not, you know, dedicate website, real estate to it, think about ways to stand up and engage working teams within your organization as you roll out this training and start to bring people up to speed in terms of elements that are signalers of risk within your org. And again, right now we're talking more process. And I'll talk content after we get through this. So you can kind of start to plug it into this framework. 

Katie Martin [00:32:43] The second piece here in that linear component is get a sense of your supply chain risks and the impact they pose as a baseline. So I know we're all running, you know, at breakneck speed now to meet the 31st May 31 deadline. And so some of this may need to be a little more top level than you'll likely get to in year two. But you know, our supply chains are inextricably linked. They're incredibly complex, they're very volatile. Now, for reasons we've already chatted about. And there's a lot of disruption still coming out of the pandemic and other instances depending on the, the vertical you're in. So we definitely want to keep lines of communication open with suppliers. But we also need to ensure that we're using that line of communication to extract data and verification that they are operating in a way that protects them from risk and by proxy asked as a contractor with them. So a couple of weeks ago about that. Some of you may have already had like the Uighur force, labor considerations hit you as well coming out of China. But there are a significant mound of databases that already exists that are listing entities that already have presumption of using forced labor based on a variety of well vetted indicators. And I put the Uighur one here, the UF LPA even if you're not vending out of the, like Southeast Asia region, still likely a good database to look to because it also shows a lot of trends in terms of supplier classification, and other instances that you can start to map against even if you may not have a one to one match with your supply chain. There are other databases that you could utilize as well that I've included in the appendices. When you have kind of a sense of you know, the suppliers that are likely falling into high risk buckets. And you can do this yourself or you can engage with vendors like Avetta and others that actually do this rapid risk analysis for you as well. And what this allows you to do is start to map out your supply chain both upstream and downstream to start looking at where those hotspots for forced labor and child labor and better understand what your exposure points are. And this is important one to give you the full landscape and baseline of your risk. But also so you can start to select which suppliers need to go through a deeper due diligence process that is mandated by this law. You may be in a space where you have both budgets, time and a low enough supplier count that you could just put everyone through a due diligence process and to cover your bases. Which is of course, like what we would like to see but with the realities of business, we likely need to burn down risk in accordance to its leveling. So this helps you understand who are those absolutely critical suppliers that I need to have questionnaire responses from in order to submit my own proof that I have thoroughly vetted these high risk suppliers. And that's where the tech capabilities come in. I know a lot of folks are trying to manage this in house or have been managing, like supplier pre qualifications or contract engagement and relationship management in very complex, you know, Excel spreadsheets. Given the nature of how quickly we need to move here, this is where we're really recommending investing in technology and third party services, they let you do this at scale, they have pre vet questionnaires, like we built one that's completely mapped directly into it. So you're extracting the exact information from suppliers that you need in order to then, you know, fulfill these requirements. There are a lot of vendors out there that have done so as well, you likely may already be engaged with a relationship map or supply chain relationship management or risk management product that has this capability to so really look at alleviating a lot of this manual data process, take it off yourself and utilize those tech pieces. We'll talk more specifically about tech enablers and a little bit but this what this does is allow you to quickly integrate this data into your screening as well on your business structure. So we've seen a lot of our clients move into a space where they've been collecting sustainability from suppliers. And it is now considered in some of the RFP weighted materials that are non financial, both in terms of whether suppliers can secure contracts because they have de risk themselves in a way that makes them extremely attractive and also meets our spend needs. Or that we need to put them on a continuous improvement plan and start to work with them over time because they're a high spend highly valued supplier, but they are high risk as well, and don't have the functions that we'd like to see in place to mitigate this risk. And so, as I mentioned, what we've seen with a lot of our clients is when they have put their suppliers through a vetting process that asks all of the s to 11 questions that we need to know from them, they come back with score and data and they're able to just take that ingest it into their existing supplier relationship, and supplier management platforms to kind of be able to one, meet the reporting requirements, but then also leverage that data and insights to make business and purchasing decisions. And so I pulled out a couple of components here, on the left, you'll see how Cisco has approached this, where they've got their supplier list that they actually make public and their global suppliers that fall into these high risk categories here. And they showcase kind of what the main classification levels are for their particular material risks. They showcase the self assessment component that they do, where they ask suppliers to self report data, which is quite common and still very acceptable for this bill. And we'll talk about escalating assurance components you could take to get deeper layers of protection, but self reported data is where a lot of folks are landing right now. And I also put in a shot of the kind of rapid risk assessment process that I alluded to before. We're companies like Yvette and others can ingest your supplier list and based on a significant number of subcategories linked to this risk, be able to kind of push them out with a grade so you can understand, okay, these are the ones that are high risk and very high risk, we need to pull them into this process. Here's how we'll do Phase Two for the medium risks and your 2025 and eventually determined if we need to go deeper based on how the legislation is maturing or whatever methodology you choose. So moving to the next piece, then, you know we've done the due diligence to kind of set up which frameworks we want to adhere to and how we're going to assess our suppliers against the risks they pose. We've identified which suppliers they need to get that assessment. Now you need to let those suppliers know that this assessment is coming and also prepared to train them to move up the ESG and the forced labor maturity ladder here for those that come out kind of underperforming through this first SAS summit and makes sure that they have the access to collateral and education necessary to show them how to move more into compliance. So a lot of companies, like I said, are doing this either with existing compliance platforms that are, they're able to leverage for these types of trainings, developing things in house, if they have sustainability leadership, or whomever is owning this reporting and compliance process, integrating with whatever supplier relationship management processes that you have now, and using this as a way to kind of continue conversations, deepen them, and expand the suppliers understanding of what good looks like for your organization. And also, think about the fact that in doing the kind of supply chain mapping, the hope is to see kind of end to end, a lot of times we call that, you know, cradle to grave on an environmental standpoint, but I'll use it here too, for a social standpoint. But a lot of times, we already have the data or connections with our tier one suppliers, those that we're vending with directly, and an in social risks. The challenge is that those suppliers vend, out labor and which and contracts, and then they vent out and then sometimes bend out further. And that tier two and beyond is where a lot of the social risks lie. So I think in what we've been seeing in year one for this reporting schema, there isn't an expectation to have a full supply chain map viewpoint into your tier two, tier three. But I think a lot of folks are going to want to see on an attention and awareness of that need, and thoughts on how you're going to invest in additional technology or processes to get to that, because that's where a lot of the risk lies, the tier ones have their process in place. They have a great modern day slavery policy, they have a great interaction with your code of conduct, but then they vent out to others that may not. And so you, a lot of what we're seeing here is that the requirements are asking you to ask your suppliers, Hey, are you translating our code of conduct or mirroring it in your own to those vendors and providing risk? How are you looking to mitigate these with your supply chain that eventually pulls into ours? 

Katie Martin [00:42:18] So again, just some examples of this. And yes, another wheel has made an appearance if you're keeping track, but this is just pulled from the Cisco website on trading resources. There are like I said, there's a lot of frameworks and standard setters at a global level like GRI. And I, I SRF, that's gone through some name changes. But then there are sub ones that are specifically attuned, if you're in minerals, mining, oil, and gas textiles, and they oftentimes provide training resources for suppliers that are likely attached to a supply chain like yours. So responsible business alliance here is one. And they're the vendor that Cisco utilizes. And what you see here is their stakeholder engagement wheel, specifically for engaging with suppliers that are in the high risk space and may require remediation as well. Something has to kind of keep in track, like maybe reverse engineering. While we hope all suppliers go through this due diligence process and come out as exemplars in the industry. What you'll likely find, unfortunately, if it's not in this first round in your second year, is that you're going to have an instance if not several of forced labor, and child labor in your supply chain, because it's quite pervasive. And this is an attempt to bring it into the light so that we can address it. So that kind of brings us then to we've gone through this process with suppliers, we have our initial baseline data, some are doing well and compliant. Some are in a medium risk threshold, and some are not meeting the standards that we need them to meet. So how do we monitor that status for our entire supplier group over time, work to remediate violations, and ensure that we always have kind of our finger on the pulse of the risk level. Because a lot of times these are annual check ins. And while we hope that, you know, green compliant folks stay in that space, continuously, the way the you know, supply a supply chain network shifts so frequently, we need to make sure that we have some type of continuous monitoring where we are able to and that's again, why a lot of folks are moving into kind of supply chain risk management platforms that have built on sustainability and forced labor capabilities. They can do that at scale, take the onus of the data management off your plate so that you can come in and just insights and then action them where needed. So we talked about forced labor being hidden that it's often in the tier two and tier threes. And a lot of risk triggers are if you're sick hire or their subs really rely on agencies to provide workers they do a lot of contractors versus, you know, FTE or like on prem employees, that can be a risk trigger, as well as, of course, a lot of the other pieces we talked about, like geography. So, interestingly, audits recently in what I've been ingesting, have been getting a lot of I'll say, like bad press or just push back that they're insufficient, and they're not a control mechanism. And I think my response to that is, they are not the only control mechanism. But we're talking about building a pathway of assurance, and audits of the next piece of that we shouldn't stop at auditing. And I'm sure folks who are familiar with auditing process already know how challenging, complex, flawed, prone to corruption that process can be. So when we talk about the technology enablers, and a bit, we'll talk about how that's actually helping us mitigate a lot of that. But being able to conduct audits, whether you're doing it with direct headcount through third party groups, etc, is still a piece of the puzzle and gives you that greater assurance, especially for those super high risk suppliers that either aren't meeting compliance requirements. But that popped up on one of our databases for being very high risk, or even having incidents of forced labor, they passed our compliance, but we still want to do this extra level of assurance. And they also start to dig into their tear to use. And of course, as I mentioned, it is a building and cascading series of assurance. So how can we move beyond audits and start to work directly with suppliers get that direct access, access and communication, monitor their progress over time around our continuous improvement plans, and also recognize the realities that are prompting this challenge. Anecdotally, what we've been seeing from, from businesses that have been found to have incidents of forced labor, and child labor, the challenge that they're addressing is that they scoped out a certain amount of production at a certain cost at a certain volume and delivery timeline. Business circumstances have changed, whether that was poor projecting, or disruptions in the supply chain, or rapidly escalating costs of raw materials. They're no longer pacing against that deliverable. And they are unfortunately, then taking much higher risks with how they're getting human capital to satisfy sorters. So in that type of context, how do we work with those suppliers to recognize the realities and constraints also foster dual communication so that they feel comfortable and addressing challenges and deliverables without feeling like they're gonna lose the contract and making poor staffing decisions as a result, and really kind of just unraveling this value chain of complexity, similar to how we mentioned, incidents of child labor are extremely unfortunate and challenging. But an immediate decoupling may cause more harm and only exacerbate what we're trying to correct. And again, this is where having third party support and developing your remediation plans in some of these stages can be supportive or unhelpful. There's a great group out of the UK called 2050, that has a really strong, really strong reputation in this space and in delivering on this piece, you may already have others in mind as well, that could be helpful to you. And again, it may be kind of a short turnaround to get to May 31. And to get budget to have this engagement and deliver in time. But as you think about the lessons learned when you go through this first questionnaire and compliance response, and the data gaps in these that you have, how can we address them in the second year and build up our iterative risk mitigation here. Um, so here's just an example again, pulling from that that Cisco modern day slavery policy about how they monitor compliance over time and then also deal with remediation. And fortunately, sorry, some of it got cut off behind the second picture. But again, you'll have access to the full report, modern day slavery policy for them. But how they are connected to both external thought leaders and monitoring bodies and how they bring that expertise in, they have an internal committee that helps with reviewing compliance misses in this space. And then they're also part of those specific initiatives that they ask their suppliers sometimes to get certified in if they're from very high risk. sectors that helps again, give a different an extra layer of assurance. I also showcase your some of the things that we offer through our platform and are likely again available in a variety of offerings but I'm a little biased and thinking ours is the best approach but when you're putting suppliers through due diligence process and you know, going through these data requirements steps with them And there's ways that you can ask for additional documentation and upload so that one, not only do you have that documentation and reporting directly from the suppliers for reference and review, but we also score that documentation against what we know good modern day slavery policy looks like and the components it should encompass, and what a good remediation plan looks like and what good controls should be put into place with your suppliers. So not only are they responding and providing you data, but to understand the quality of that data as well and can again, move into continuous improvement. 

Katie Martin [00:50:35] So I know we're coming up on time here, and I really apologize. It's really a dense and a subject I'm passionate about. But I'll get us through to the end here. So we can try to get to some of these questions too. And we'll also be following up after with questions, I'll drop my contact information in the chat too, if you want to have additional discussion, but reporting performance and engagement. Again, things that are likely already kind of clear to you because there's somewhat dictated by the structure mandated by us to 11. But think beyond the data piece, and you know, if the next 60 days, you can't think beyond the data, we're just trying to collect it, and report it and make sure we're meeting compliance needs. That's great. But scheduled time after where you can have a chance to kind of digest what that data is showcasing and start to maybe integrate some of that data and KPIs into your existing business dashboards, into procurement, into your health and safety into your compliance training. Because there's going to be a rich story that's coming through and a lot of opportunity to capitalize on it. And again, this is just a quick snapshot from the Cisco piece where, you know, the are in a narrative format, speaking about some of the actions that they took to address instances of forced labor risk, and also different types of risks that they started to identify. And then kind of talking about what are our KPIs and critical indicators and our remediation plan and how are they rolling out year over year? Are we moving folks out of this space in into compliance and having these numbers go down as we like to, and you'll see here too, a big piece that's coming in from SU 11 is if you find forced labor, and you do need to immediately decouple and that your remediation plan, do you have a renumeration plan so that the employees who are affected by that decoupling that are the vulnerable forced labor folks or children aren't losing income in the interim, or aren't negatively impacted. And that's one of the questions that's asked for AES 211, you don't necessarily have to say you are going to, you know, compensate. But that could be part of your plan. And something they want to know you've taken into consideration. And you see here in fiscal year 22, they had 1.7 million that they paid out because they found instances and decoupled in 23, it went up to 2.2 million. And again, not surprising as we see this rising. So I'm going to move through these kind of quickly. Again, you're going to have these to review on your own time. What this is allowing you to do is now as we're thinking internally, as an organization, we're being asked what we're doing to mitigate these components. This is a checklist against those 11 layers of risk in the wheel, the first wheel, that you can make sure that you have a keen eye on some may not be applicable to you. But at least this way, you can kind of burn down I hate to say a checklist because I really don't think it should be checklist oriented. But in this case, we should have checklists to make sure these are all the components of this type of forced labor. Here's how it either applies to us or it doesn't. And we've incorporated that into our controls. So I've included that across all of those 11 layers. And again, things like withholding wages are challenges across both your supply chain and with your direct engagement with contract labor, you can burn down with certain strategies that you see here, getting copies of places digital wage, and same across all 11 of these. So again, I'll go pretty quickly through these but I think there's more global takeaways here than things that are driven down. But things that you can start to explore as you get a little more runway to address these pieces. There are three main tech enablers in this space that are really driving value for folks and mitigating this, especially if you have a car, a city, a consumer facing good if you're in, you know retail or consumer packaged goods, and that's blockchain. IoT, which is the Internet of Things and AI. So the first blockchain again, we talked about audits and all of their flaws. Blockchain is actually becoming a really strong tool to mitigate a lot of the risks that we have with our audit process, both in terms of how slow and labor intensive they are, how prone they can be, sometimes to corruption or to editing in flow that doesn't reflect true accuracy. The way blockchain works is it protects the data. It's On edible, editable, and immutable so that you can trust the efficacy of it both when you're reviewing it and when your auditors are going through that process as well, which can reduce the risk of fraudulent activity of the human risk of corruption that comes in with auditing, and a lot of other components even beyond what we're talking about in forced labor here that are laid out in the visual around, you know, track and trace, and flexibility in your stakeholder management. And I put a little example here. Seaquest is a fishing company that utilized on blockchain and RFID enablement, so that as a consumer, you can come into the grocery store, scan the RFID, see exactly where your fish was pulled out of the sea, and it was in a sustainable, allowed space, it traveled in this way, it didn't, you know, go through regions where there was highest incidence of forced labor or moved at a pace that we know is aligned with proper supply chain management. And consumers can now take that with them. And know that that purchase is, is aligned with their core values and needs. And that's one example that we're actually applying much more broadly across different verticals. But to give you a sense of how that's helping us with kind of that unrolling of the supply chain. Of course, we can't leave without talking about AI. I know folks have mixed feelings here as to why especially in this context, but this I think is one of the keenest examples, we have the power of AI being coupled with the human necessity really driving change. So as we think about all of the complex data that we're bringing in, from suppliers, and globally from around the world, we have tools now like the forced labor risk determination and mitigation platform, which is FRDM, that allows users to track the risk in your supply chain, and detect the likelihood for forced labor issues based on a myriad of data points that we know contribute to forced labor. And it also lets you level set and baseline against folks in the same classification to understand if your suppliers are performing well average below. And this is what I definitely recommend you look at, um, it's made by made in a free world, which is both a watchdog and technology platform. But this could be something that's really helpful too. And just kind of that constant risk mitigation and analysis or an identifying even which suppliers are kind of posing that risk for you. And of course, I've mentioned it a couple of times, there are specific alliances, certifications and bodies out there attuned to your specific sector, I put a shortlist of those in there for folks, you likely already know some of yourself, but just want to make sure that you're connecting with the rigor that is necessary to make sure that you have coverage. So I know that we have some questions coming in here. I can Yes, provide a link to the questionnaire. It's also have it available and I think that Canadian Parliament site, but we'll send that out to you mentioned that we should post a report on the website, is that applicable to private and public companies? Yes, I believe there's any demarcation between private and public. If you are at the revenue levels, and are in that eligibility criteria, the expectation is that you have a PDF version of that available. I'll share the Cisco full modern day slavery policy too. So you can kind of see what that looks like. The point is to give people a little bit of exposure anxiety, what you're likely feeling to hopefully push people to invest more in good practices here, since they know this is now going to be transparent data. We have someone asking once the report is submitted when we get a response on if it was approved, accepted or get any feedback on it. How would they be submission looked at the following year? Um, great question. I don't know about the return deadline on getting a response. I mean, I'm based in the US. So I would say like the wheels of our government move, move as they do. I assume that similar in Canada as well. But you will get kind of a go or no go from what we've been hearing. And if it is kicked back to you, you'll get a specific indicator as to why in which component didn't pass muster. supplier of suppliers. I think we chatted about more. I think in this year one, there's not an expectation to get to tier two and tier three. But you should have that on your data map for 2025 submission. I think there will be requirements for that since we all know that's where a lot of the risk is. How acceptable is self assessment? I think I spoke to that self assessment in this case from what I have been reading it from suppliers self performing data is acceptable. But again, you're going to want to have a remediation and an audit plan for those that are high risk and not passing likely. You already have audit functionality built in, you would need to just apply it to this broader group of folks. 

Katie Martin [01:00:06] Being certified to standards is great. Specifically like the CSR Sai 8000 Forestry Stewardship Council. That is, hopefully you have data that helps you get certified for that, that you can repurpose and replicate here. But that's for your own illustration of compliance. I, from what I've reading, that's not sufficient, unless the categories that are requested under those certifications map to the app themselves. So you'll likely still want to have supplier engagement in a questionnaire there. We have a few more here, but I recognize I am being rude to my hosts and going a bit over time. So I'll pull up so we can do some wrap up. Apologies again, group I always get a little on my soapbox in this space, but I'll drop my contact information in and we'll be sending out the slides and pieces after so we can continue conversating but Mallory, I'll send it back to you and many thanks again. 

Mallory Hendry [01:00:58] Absolutely. Katie. Yeah, thank you so much for sharing your insight, your expertise. And thank you so much to everyone in the audience for joining us today. Keep an eye out for other upcoming webinars and enjoy the rest of your day.