Modern slavery is a pervasive global issue all businesses must be aware of to ensure fair working conditions, liveable wages, and safe labor practices exist across their supply chain. Some organizations may be surprised to find out that slavery is still a global concern, as individuals often use the term in a historical context. However, this does not change the fact that victims of modern slavery continue to suffer behind closed doors around the globe.
In cybersecurity, modern slavery can be fought by increasing supply chain visibility through effective mapping and vendor due diligence. Keep reading to learn more about the UK Modern Slavery Act and discover strategies to ensure your supply chain is free of all modern slavery issues.
What is Modern Slavery?
Modern slavery occurs in many shapes and forms. The term modern slavery is often defined differently in various contexts. Still, all definitions involve the exploitation of people, forced control, loss of freedom, and the denial of fundamental human rights.
The Global Slavery Index (Walk Free) estimates that 49.6 million people are living in modern slavery around the world. Global estimates of modern slavery are highest throughout Asia (North Korea, China, India) and Africa. However, the risk of modern slavery is also prevalent in English-speaking countries, such as the United States, England, and Canada.
The most common forms of slavery today are:
- Human Trafficking: The forced movement and control of people to achieve labor or sexual exploitation. Criminals may use violence, manipulation, or the promise of a paying job to lure victims.
- Forced Labour: The practice of using violence, manipulation, or other criminal means to coerce an individual to complete acts of labor, including but not limited to product manufacturing and sourcing raw materials.
- Debt Bondage: Forcing victims of poverty to borrow money and work to pay off the debt. Debt bondage is the most common form of modern slavery worldwide.
- Child Slavery: The illegal exploitation of a child by any means, including child labor, marriage, military service, or trafficking.
Specific demographics, including children, migrant workers, and women, are more vulnerable to modern slavery practices. These groups possess a higher risk of exploitation due to knowledge gaps, gender inequality, and lack of personal freedom.
Recommended Reading: The International Labour Organization’s (ILO) Indicators of Forced Labour
What is the UK Modern Slavery Act 2015?
The UK passed its Modern Slavery Act in 2015 in response to civil society’s growing awareness that slavery was still an issue across the public sector. The act places compliance requirements on all companies that do business in the UK and achieve an annual income of over £36 million.
There are two main compliance requirements included in the 2015 Modern Slavery Act:
- Prevent and mitigate instances of modern slavery across supply chains
- Publish an annual modern slavery statement (must be published within six months of the organization’s financial year ending)
The UK’s Modern Slavery Assessment Tool
The British Government introduced the Modern Slavery Assessment Tool (MSAT) to help public-sector organizations fight modern slavery across their supply chain.
Organizations answer the questions included within the MSAT to assess the risk of modern slavery in their third-party relationships. In addition, organizations can invite vendors to complete the MSAT evaluation themselves.
How to Comply with the UK Modern Slavery Act 2015
To comply with the 2015 UK Modern Slavery Act, organizations need to create an action plan to prevent slavery across their global supply chain, conduct a modern slavery risk assessment, and publish an annual report that details the actions they took and the results these actions produced.
Organizations must remember that the UK Modern Slavery Act requires organizations to be vigilant year-round and publish these actions in a statement ANNUALLY. Conducting a singular risk assessment and publishing one annual slavery statement is insufficient.
Penalties for Non-Compliance
The UK Modern Slavery Act does not currently outline any penalties for compliance. However, reforms are underway, and government officials have submitted multiple proposals to strengthen the act’s penalties for non-compliance.
The penalties suggested include fines and imprisonment for committing the following criminal offenses:
- Knowingly or recklessly publishing a false or incomplete modern slavery statement
- Continuing to source items or services from a supplier that fails to adhere to the minimum standards required by the act
How to Conduct a Modern Slavery Risk Assessment
Performing a modern slavery risk assessment is necessary to ensure your organization is not unknowingly funding instances of slavery across its supply chain. By conducting a modern slavery risk assessment, your organization can use common risk indicators, security questionnaires, and other risk tools to assess its suppliers and achieve compliance under the UK Modern Slavery Act.
When completing a modern slavery risk assessment, organizations should follow these steps:
- Identify Common Risk Indicators
- Send Security Questionnaires
- Address Identified Risks
- Implement Continuous Monitoring
- Communicate Results to Stakeholders
Identifying Common Risk Indicators
Modern slavery encompasses various criminal practices, and risk factors vary across organizations, supply chains, and industry sectors. Your organization should select risk indicators most relevant to its supply chain.
Examples of common risk indicators for modern slavery include:
- Geographic Location: Modern slavery is more prevalent in certain countries and regions.
- Product or Service Provided: The risk of modern slavery varies from one product to another based on the raw materials used to produce the product. If a company sources the raw materials needed to make a product from an area where modern slavery is prevalent, the product could be a high-risk factor.
- Labor Skill Needed: Case studies on modern slavery reveal that products that require skilled labor are less likely to be produced by forced labor victims.
- Industry: The United Nations and ILO provide lists of high-risk industries. However, industry categories can be broad, so this indicator should be weighted lower than other risk factors.
- Governance: Suppliers with human rights policies and mitigation protocols are less likely to participate in modern slavery.
Sending Security Questionnaires
While your organization should use a modern slavery questionnaire to mitigate slavery risks during vendor procurement and onboarding, you should also periodically reassess vendors throughout the vendor lifecycle.
Given that modern slavery is a severe issue, your security questionnaire should require certifications, audit reports, and other evidence rather than just a “Yes” or “No” response. Keeping track of these additional documents and distributing questionnaires across an extensive supply chain can be difficult, and your organization may need a vendor management solution. UpGuard’s questionnaire library and vendor management workflows make it a convenient and effective questionnaire distribution and reception option.
Addressing Identified Risks
Modern slavery risks typically fall into one of three categories: abusive practices, abusive policies, and policies or practices that create the potential for modern slavery.
- Abusive Practices: These include any situation where your organization has identified an instance of modern slavery or has noted a high risk of modern slavery occurring.
- Abusive Policies: These include any policy that abuses workers. Example: A policy that requires workers to work excessive hours.
- Policies or Practices that Create the Potential for Modern Slavery: These are any policies that deny workers fundamental rights or limit their freedom.
Risks in the first category should be prioritized and reported, but your organization should address every risk category. The United Nations and the UK Home Office suggest organizations work alongside suppliers to manage risks and improve working conditions. Sometimes, this is not applicable, and your organization may need to stop working with the supplier altogether.
Implementing Continuous Monitoring
Modern slavery is an ongoing risk, and your organization should monitor it continually throughout the vendor lifecycle. The best way to surveil a vendor's security posture and governance is by implementing 24/7 continuous monitoring.
UpGuard’s third-party risk management (TPRM) solution, Vendor Risk, provides real-time notifications and around-the-clock risk updates when a vendor’s security posture changes.
Communicating Results to Stakeholders
The final step in performing a modern slavery risk assessment is communicating the results to relevant stakeholders. During this step, you should notify stakeholders of any actions taken to mitigate slavery risks and any suppliers who violated your organization’s modern slavery policy.
How to Write a Modern Slavery Statement
There are a few things your organization must note when writing its modern slavery statement (also known as a Transparency in Supply Chains (TISC) statement). First, the annual statement must be published six months before the financial year ends. Second, the modern slavery statement must include the following sections:
- Supply Chain Mapping and Structure
- Modern Slavery and Human Trafficking Policies
- Vendor Due Diligence
- Actions Taken to Prevent Modern Slavery
- Modern Slavery Training
Supply Chain Mapping & Structure
The first section of your organization’s modern slavery statement should define the methodology used to complete an internal risk assessment and map its supply chain. This section should answer the following questions:
- How does your organization map its supply chain?
- How soon are vendors added to the supply chain map after procurement?
- How does your organization trace fourth-party vendors?
- What industry sectors does your supply chain include? Do any present high-risk factors for modern slavery?
- What countries does your supply chain cover? Are any at a higher risk for modern slavery?
- Is your organization’s map factored into your risk profile?
Successful supply chain mapping can also help your organization mitigate additional risks related to ESG and sustainability.
Modern Slavery & Human Trafficking Policies
The next section of your modern slavery statement should outline your organization’s internal modern slavery and human trafficking policies. In this section, your organization outlines the details of its slavery policy and any other grievance mechanisms relevant to human trafficking, whistleblowing, and human rights abuse. The statement should include the following policy information:
- When should personnel use the modern slavery policy?
- How should personnel raise issues of modern slavery?
- What happens when personnel uncover a modern slavery issue?
- How are potential instances of modern slavery reported to law enforcement?
- What protections does the policy outline for whistleblowers?
Even if your organization included its modern slavery policy in a previous annual statement, it should still outline the policy in the current statement. Feel free to note any changes or additions your organization has made to the policy since its last report.
Vendor Due Diligence
This statement section should outline your organization’s due diligence process and detail how your procurement protocols ensure labor exploitation and unfair employment practices do not occur across its supply chain.
The vendor due diligence section should answer the following questions:
- What criteria does your organization use to assess vendors?
- What tools (security questionnaires, ratings, etc.) does your organization use to evaluate vendors?
- What happens when a supplier is non-compliant?
- How are audits of high-risk vendors completed differently?
Actions Taken to Prevent Modern Slavery
This section of your organization’s modern slavery statement is the most straightforward and will likely overlap with other sections. In this section, your organization should include all its actions to prevent modern slavery from occurring throughout its organization and supply chain.
Examples of actions your organization could reference include:
- Developing or making changes to a comprehensive modern slavery policy
- Regularly reviewing suppliers to ensure ongoing compliance
- Ensure vendors recruit workers and suppliers ethically
- Establishing open communication channels for workers to express concerns
Modern Slavery Training
The training section of your organization’s modern slavery statement should include notes on how your organization trained staff, vendors, and subcontractors on slavery issues. This section can also detail the resources your organization made available to staff (training portals, grievance mechanisms, etc.) or resources your organization made staff aware of (helplines, referral mechanisms, regulatory contacts, etc.)
How Can UpGuard Help Fight Modern Slavery?
UpGuard provides organizations access to a robust security questionnaire library, including a modern slavery questionnaire. In addition, UpGuard Vendor Risk helps organizations elevate their third-party risk management and vendor risk monitoring programs by providing 24/7 surveillance of a vendor’s security posture.
UpGuard Vendor Risk includes a complete toolkit of powerful features:
- Vendor Risk Assessments: Fast, accurate, and provide a comprehensive view of your vendors’ security posture
- Third-Party Security Ratings: An objective, data-driven, and dynamic measurement of an organization’s cyber hygiene
- Vendor Security Questionnaires: Flexible questionnaires that accelerate the assessment process and provide deep insights into a vendor’s security
- Stakeholder Reports Library: Tailor-made templates allow personnel to communicate security performance to executive-level stakeholders easily
- Remediation and Mitigation Workflows: Comprehensive workflows to streamline risk management processes and improve security posture
- Integrations: Easily integrate UpGuard with over 4,000 apps using Zapier
- 24/7 Continuous Monitoring: Real-time notifications and around-the-clock risk updates using accurate supplier data
- Intuitive Design: Easy-to-use vendor portals and first-party dashboards
- World-Class Customer Service: Professional cybersecurity personnel are standing by to help you get the most out of UpGuard and improve your security posture