In complex environments, businesses often rely on public security forces assigned by the host government to guard their operations.

The Challenge

In complex environments, businesses often rely on public security forces assigned by the host government to guard their operations. These arrangements can be complex, especially in conflict-affected and high-risk areas where state governance mechanisms and national institutions may be weakened and face a trust deficit. Host governments and public security may have complex inter-relationships and opaque hierarchies; national records for vetting of public security may be missing or difficult to access; training and equipment may be insufficient, monitoring and oversight mechanisms may be non-existent.

In the absence of effective regulation and clear agreement on roles and responsibilities, public security operating inside and/or in the vicinity of company sites can pose significant human rights risks to local communities as well as corporate staff and assets. These risks include increased exposure to conflict-related violence, arbitrary detention, harassment of vulnerable groups, or excessive use of force in crowd control situations or against protestors.

A Memorandum of Understanding (MoUs) is a well-recognized good practice that supports risk mitigation in a situation where a company works with public security. However, MoUs are difficult to agree and implement. Identifying the barriers to negotiating and signing MoUs, as well as monitoring their compliance is essential for companies to leverage their influence effectively and exercise due diligence over public security providers.

Challenges include:

• MoUs take significant time and resources to negotiate, especially if the company is pursuing an MoU alone and not coordinating with peer companies operating in the sector or region. As a result, the company faces a steep climb towards building trust with public security and the host government.
• Host governments may consider it unnecessary to include references to human rights in the MoU.
• MoUs do not usually have a legally binding effect and compliance relies on the parties’ good will. There is often a need for continuous negotiation and re-negotiation in response to political or regulatory change or due to developments in the operational context.
• Lack of public transparency and community trust may create tensions with communities, often exacerbated by the fact that the latter are rarely consulted and MoUs on security-related issues are rarely made public.
• MoUs may give security forces and/or companies the impression of legal immunity or protection from prosecution.
• The host government and company may have conflicting interests regarding the goal of the MoU. As an illustration, security forces may prioritize the government’s political agenda over the company’s operational needs, potentially leading to tensions or compromised security arrangements.
• Developing an Mou with public securtiy forces tainted by allegations or a history of human rights abuse can tarnish a company’s reputation, leading to public backlash, financial sanctions, and even legal consequences.

MoUs: What Should Companies Do?

Navigate limited commitment from host governments and public security management:

• Conduct a stakeholder mapping of the host government and identify entry points for dialogue. Strengthen interpersonal relationships with government stakeholders.
• Ensure the MoU has a basis in national laws or regulations.
• Ensure the MoU includes references to human rights. If there is too much sensitivity around the notion of human rights, be specific and define the concepts further.
• Coordinate with peer companies operating in the region or country to adopt a similar approach to MoUs. When multiple companies advocate for similar MoU clauses and bring the same arguments to the negotiating table, they have greater leverage.
• In discussions with host governments and public security leadership, demonstrate the benefits that MoUs can bring to the public security force, for example by emphasizing values of service, operational excellence, stability, ease of communication, prevention of security issues, and professionalism. Include provisions that address the practical needs of public security (e.g. training).
• Use the different initiatives and commitments that the government participates in (such as the Voluntary Principles on Security and Human Rights) as leverage to advance standards that are in line with security and human rights.
• If it is not possible to agree on a full MoU from the start, develop specific agreements around key areas of concern such as training, equipment transfers, or the working relationship between the company and public security forces. Continue working towards the development of a comprehensive MoU using these agreements as a basis. Alternatively, include clauses related to security and human rights in other MoUs and agreements developed with the government.
• Use language that public security forces can relate to. Appeal to values such as ‘operational excellence’ or ‘leadership.’

Cultivate multi-stakeholder support for the MoU:

• Ensure broad, gender-balanced and inclusive stakeholder engagement when designing the MoU; this could take the form of consultative discussions via in-country working groups on security and human rights (when such working groups exist) or via local civil society platforms with community representation.
• Endeavor to be as transparent as possible, for instance by making the MoU available to the public. If needed, ensure that sensitive critical operational details like security guard movements are redacted, while still making transparency a key goal of the process.
• Build broader political support for the MoU from embassies of home state governments.
• Get the right persons for the job. Ensure that the company staff responsible for government and public security engagement possess adequate understanding of the local context, are willing to listen, and have a long-term commitment to the role.
• Coordinate with other companies. If an industry association or in-country working group on security and human rights is in place, it would be the ideal environment for discussing challenges. Otherwise, consider setting up ad hoc meetings with security and government relations staff from other companies, or consider initiating such a forum.

Develop and agree on content:

- Create a standard MoU template and adapt it to local contexts. Include clauses on:

• Establishing a collaborative working relationship with the joint objective of respecting human rights and, where applicable, international humanitarian law (IHL).
• Setting out reporting channels to the company through points of contact and regular meetings.
• Itemizing the roles, responsibilities, and limitations of public security forces.
• Specifying the use of force rules, including a commitment to use the least force necessary to address a security threat.
• Agreeing to a protocol to manage equipment transfers in a manner that aligns with the most relevant guidance in this sector, the Voluntary Principles on Security and Human Rights (VPs) (e.g. a company’s payments should not be used to procure lethal weapons).
• Agreeing to a system of coordination and transparency around sharing of security information.
• Including references to company security and human rights policies and procedures, including the VPs, if relevant.
• Agreeing to a training program, for example on conflict sensitivity, IHL, human rights.
• Including modalities for company contributions to salaries, goods, or services, if relevant.
• Including vetting provisions to ensure that no security officers credibly implicated in past human rights abuses (i.e. there is a conviction, pending case or very strong evidence) be deployed to protect the company’s operations.
• Ensuring first aid and medical care to any persons injured from confrontations with the security forces in the project area.
• Including clarity on chain of command, processes on investigation of security incidents and referring to appropriate remediation (through operational level grievance mechanisms, host government judicial systems, or public security processes).

Monitor and ensure respect and compliance with the MoU:

• Support coordination between national, regional, and local government agencies to ensure proper implementation of, and respect for the MoU.
• Foster coordination with other stakeholders, for instance via in-country working groups on business, security, and human rights.
• Seek and maintain regular and constructive relationships with the local leadership of public security forces, enabling an early warning system for tensions, violence or conflict.
• Reassess and update the MoU regularly, particularly in the event of significant changes in the security environment (such as outbreak of an armed conflict, escalation of violence or other such developments).

Human rights due diligence is a process for identifying, preventing, mitigating and addressing human rights impacts, including both actual impacts occurring in the present and potential impacts that could occur in the future.

Why is it important in relation to security and human rights risk mitigation?

Artisanal and small-scale mining (ASM) activities are frequently intertwined with large-scale mining (LSM) operations in numerous contexts around the world. The probability for conflict and security and human rights incidents to occur between LSM mining operators and ASM mining communities, unless specifically addressed, is high and increasing. ASM is often cited as a major cause for security and human rights incidents that seriously threaten the rights and dignity of individual miners and their communities.

Security and human rights challenges in in LSM – ASM contexts:

• In some countries, national or local laws and regulations lack clarity regarding where, how and how much artisanal mining can legally be undertaken. This ambiguity may result in local miners trespassing or accessing mining concessions illegally. Companies, through their public or private security providers, sometimes respond with the use of force and this creates company-community conflicts;
• Limited socio-economic development and unemployment can narrow alternative economic options for local communities. Under these circumstances, local populations tend to continue to engage in ASM, even if it is illegal, and companies in reaction occasionally seek to take restrictive measures;
• The discovery of minerals that can be extracted through ASM can create a “gold-rush scenario” where there is a large in-migration of people into existing communities in search of economic opportunity. This causes strain on community resources and conflicts with residents.

ASM is a reality in many mining contexts. The approach a company takes to manage community relationships, and in particular the role played by its security set-up vis-à-vis artisanal miners, can exacerbate or mitigate the escalation of conflicts.

ASM-LSM : What should companies do?

In situations where the company manages an ASM site on its concession, engage with ASM actors and representatives before organizing security arrangements to ensure that community concerns are addressed, and human rights of artisanal miners are respected.

When companies do not manage an ASM site on their concession, but ASM nevertheless takes place around the company premises, wider security dynamics can be complex. Some minerals that are mined through ASM outside of the concession might nevertheless make their way into a company’s supply chain. In such cases, companies have a responsibility to ensure human rights are respected even outside of their direct control.

Implement gender differentiated policies. Develop all policies keeping in mind that a large percentage of ASM workers are women, who suffer specific human rights impacts.

Train private security providers, and/or ensure that public security providers are trained on how to interact with ASM miners and communities. Security personnel are in a complicated position, at times under threat when ASM workers insist on entry or might be offered bribes and asked for favours by ASM workers, which may be hard to resist especially when coming from their own communities (see 4.4.e).

Engage with and participate actively in multistakeholder working groups on business and human rights. These working groups can support monitoring security and human rights issues in ASM-LSM contexts and mediating conflicts.

Support ASM formalization efforts that establish and monitor extraction standards and promote peaceful coexistence of industrial and artisanal mining and economic and social development for communities.

Engage with and implement initiatives that seek certification of minerals, or with other standards/benchmarking measures.

Examples of good practices:

To limit risks to the security and human rights of ASM actors and surrounding communities, companies that take constructive steps as early as the exploration phase of project development are more likely to build and maintain a trusting relationship with the ASM community.

In Ghana, ASM activity takes place in close proximity to the Tarkwa Gold Fields mine. When the mine transitioned from underground to open pit format in the mid-1990s, reports indicated tensions between ASM actors and the company, including:

• security providers reportedly permitted the trespassing of ASM workers into mines leading to thefts of product and equipment ;
• hundreds of illegal miners occupied a portion of the concession ;
• there were disagreements between the company and ASM on village relocations.

The company worked to resolve these tensions and implemented open dialogue and clear and predictable arrangements by signing an MoU in 2012 with ASM actors, village chiefs, and district assemblymen regarding the land concessions. That same year, the Gold Fields Sustainable Development team also commissioned a baseline social study of ASM activities near the mine. This included further direct engagement with local communities and small-scale miners.

The study informed the development of an ASM strategy for Gold Fields Ghanaian operations. The strategy included a focus on security and stakeholders and aimed at ensuring the company and its employees engage with ASM communities with respect and transparency. As a result of these strategies, the company’s Community Relations and Sustainable Development team has described the relationship between ASM actors and the Tarkwa Mine as characterized by greater trust and non-violent interactions.

Human rights due diligence is a process for identifying, preventing, mitigating and addressing human rights impacts, including both actual impacts occurring in the present and potential impacts that could occur in the future.

What is human rights due diligence and why is it important in relation to effective security and human rights risk mitigation?

Human rights due diligence (HRDD) is a process for identifying, preventing, mitigating and addressing human rights impacts, including both actual impacts occurring in the present and potential impacts that could occur in the future. HRDD not only identifies the impacts that the company directly causes, but also pinpoints the impacts that the company contributes to or is directly linked to through its business relationships, operations, products and services. Engaging with stakeholders—especially affected groups such as workers and communities—is a key component of HRDD.

In conflict-affected and high-risk areas, companies should escalate their human rights due diligence processes according to the level of security and human rights risks. This means that HRDD should be heightened and should incorporate a conflict-sensitive approach. Heightened human rights due diligence emphasizes effectively preventing, managing and risks in areas affected by violence or conflict, including by seeking to understand wider conflict dynamics and related risks in the operating environment. The key message is that HRDD must be guided by proportionality: the higher the risk, the more responsive the HRDD process.

Companies can carry out HRDD in a number of ways, including through conducting a standalone human rights impact assessment or by integrating a thorough human rights evaluation into existing environmental and social impact assessment processes. Additionally, human rights due diligence can both inform and be informed by the company’s other assessments and analyses (e.g. risk assessments, situation analyses, needs assessments).

Responsible management of all security-related dimensions of a company’s operations is a central building block of an effective human rights due diligence process. This is increasingly being recognized as not merely good practice, but a requirement. Effective human rights due diligence requires early identification of potential security challenges and their proactive management, in order to prevent impacts such as use of force against community members.

In the decade since their adoption in 2011, the UN Guiding Principles on Business and Human Rights (UNGPs) have set out the expectation that companies implement human rights due diligence to proactively manage potential adverse human rights impacts created by their operations. The endorsement by the OECD of this concept (first in its 2011 Due Diligence Guidance for Responsible Mineral Supply Chains, then in the 2018 Due Diligence Guidance for Responsible Business Conduct) has further contributed to the prominence of human rights due diligence.

Although adopted over 10 years before the UNGPs, the Voluntary Principles on Security and Human Rights remain the leading international standard that provides guidance to companies on how to identify and mitigate security and human rights risks. Ensuring that a company’s security policies respect the Voluntary Principles is a foundational exercise for human rights due diligence efforts. Whereas human rights due diligence requires a company to assess its impacts on people, the Voluntary Principles require companies to ask who is responsible for those impacts. Whether the responsibility lies with their contracted private security providers or the public security assigned to their operations, the companies are equally responsible for identifying, mitigating, and redressing those risks.

The UNGPs, VPs and OECD Guidance are “soft law” standards that provide recommendations to companies, but in most jurisdictions are not backed by legislation to drive compliance. Recent years have seen a steady increase in laws that require companies to undertake human rights due diligence. These laws encompass a range of issues – from general human rights concerns to environmental matters, child labour and modern slavery.

Mandatory human rights due diligence laws are growing across the world and may apply to companies’ supply chains and contractors, including security providers, and may have extra-territorial application. In 2024, the European Union adopted the long-awaited Corporate Sustainability Due Diligence Directive (CSDDD) that makes human rights due diligence mandatory for about 5’500 companies domiciled in the EU, as well as companies that sell or provide services in the internal market.^[1]

Security and human rights and human rights due diligence: what should companies do?

Put human rights compliant security arrangements at the core of efforts to undertake human rights due diligence. This means that security is a key consideration in impact assessments, conflict analysis, mapping of stakeholders, grievance procedures and processes. Ensure a wide consultation process both internally (across the different functions within the company) and externally (with stakeholders, including affected communities). Only wide consultation processes are likely to build an accurate picture and ensure that remedial or preventative actions taken by the company meet their objectives.

Include security and human rights due diligence in corporate divisions that address corporate compliance and enterprise risk management: Many companies see risk management as the evaluation of risks to the viability and profitability of the company’s operations. By linking the security and human rights of host communities more closely in all relevant departments, this will ensure that all relevant company staff are aware of human rights due diligence obligations and that security and human rights risks are identified with relevant mitigation and redress plans.

Ensure that human rights due diligence processes include a specific analysis of the impacts of both public and private security providers. Specify in contracts with private security providers that they must undertake human rights impact assessment themselves. Specific guidance for private security providers on how to develop this assessment can be found here.

In conflict-affected regions, ensure that human rights due diligence efforts are informed by a conflict analysis and clear mapping of all actors involved in and affected by the conflict. Identify how the company’s security arrangements impact the existing social tensions and/or create new tensions or conflicts. Ensure that human rights due diligence, conflict analysis and stakeholder mapping are managed as ongoing exercises given rapidly changing circumstances in complex security environments.

Ensure that human rights impact assessments are acted upon, with impacts either mitigated and remedied or proactively prevented. Track and communicate the company’s efforts to ensure effectiveness.

Examples of good practices:

In 2014, Finnish lumber company Stora Enso carried out a human rights impact assessment covering its production units and forestry operations as a first step in undertaking human rights due diligence. The assessment included a transversal examination of security issues across its operations. Amongst its 43 recommendations, the report urged Stora Enso to:

• ensure security providers are trained in the implementation of relevant human rights standards;
• require all security actors to conduct background checks on their personnel and prohibit anyone who has been credibly linked to past human rights abuses from working on Stora Enso operations;
• actively monitor security arrangements and ensure security-related incidents (in particular those involving use of force) are reported, investigated and appropriately acted upon, including taking necessary disciplinary or remedial measures;
• develop and communicate its policy regarding the treatment of suspects apprehended in security incidents involving Stora Enso operations in police custody.

Stora Enso’s 2020 sustainability report expands on its efforts to provide ongoing human rights training to its security providers in Veracel, a joint venture entity in Brazil with heightened human rights risks as part of its comprehensive human rights due diligence and mitigation efforts there.

The term ‘human rights defenders’ refers to a range of people, who peacefully stand up in defence of human rights whether individually or collectively.

Why is this issue important in relation to effective security and human rights risk mitigation?

The term ‘human rights defenders’ refers to a range of people, who peacefully stand up in defence of human rights whether individually or collectively. The United Nations Declaration on Human Rights Defenders recognizes the important role they play in promoting human rights and sets out the special protections human rights defenders deserve as a result of increased risks they face.^[1]

Companies often have a tense relationship with human rights defenders. Many cases have been documented of companies and their security providers implicated in targeting human rights defenders with harassment, intimidation and violence. This targeting includes illegal surveillance, intimidation, threats, kidnapping, and killing, and is particularly common in relation to the extractive sector and agribusiness.^[2]

The social licence of companies to operate depends on good relations with civil society and constructive engagement with human rights defenders. Human rights defenders can also support a company’s human rights due diligence. Lack of dialogue with CSOs and human rights defenders and failure to genuinely address their concerns will generate tensions and may escalate to social conflicts. Furthermore, companies that are complicit or tacit regarding violence against human rights defenders by their security providers or contractors can face criminal sanctions. Furthermore, companies associated with attacks on human rights defenders experience reputational impacts that reinforce long-term negative relationships with and responses from communities, investors and financiers.

Human rights defenders: What should companies do?

Treat human rights defenders as valued partners by engaging with them early, consulting them regularly to understand a company’s impacts on the ground.

Address the specific protection of particular groups of human rights defenders (such as: Indigenous Peoples and women) in policies, impact assessments and reporting. These groups indeed face higher threat levels (including sexual violence or familial violence) and additional barriers to protecting themselves (lack of resources to find safety or reach out for help). For example, grievance mechanisms are not always available for women human rights defenders.

Formalise a policy commitment to respect the rights of human rights defenders in areas of operations and expect the same of business partners, including contracted security. Make sure this policy is developed with input from human rights defenders and that this commitment is shared with security providers. The policy should include zero tolerance for attacks on human rights defenders and should include the following provisions:

• Publicly condemn attacks against human rights defenders.
• Support independent fact-finding missions to assess the situation of human rights defenders where they are operating.
• Withdraw, where appropriate, from business relationships with subsidiaries, suppliers or subcontractors involved in attacks on human rights defenders.
• Ensure senior-management buy-in for the policy commitment. Publicize and communicate the policy externally, including to host-state contacts, public and private security providers assigned to operational sites.^[3]
• Use leverage to convey an expectation that mitigation of risks and impacts will be required wherever relevant across business relationships. This may include requiring or setting incentives for private security providers to carry out human rights due diligence focusing on human rights defenders.

Within human rights impact assessments, include an analysis of potential direct and indirect impacts on human rights defenders, in particular by security providers, and set out a policy and plan for preventing and addressing these impacts.

Encourage the participation of human rights defenders in local working groups on business, security and human rights and contribute to an inclusive and constructive dialogue (see incountry working groups). More sensitive engagements (with women human rights defenders or in severely conflictual situations) may need to take place in a protected and confidential space.

Pursue genuine attempts to remediate harm where efforts to prevent abuse against human rights defenders have failed. Publicly report all abuses and violations of the rights of human rights defenders that happen on operational sites and within the supply chain, including by public security forces.

Examples of good practices:

In its 2019 “Guide to Respecting Human Rights”, Newmont publicly and formally acknowledged that “human rights defenders are a potentially vulnerable group and the company’s core value and responsibility supports its commitment to respect human rights defenders. The company states that “it does not condone any form of attack against human rights defenders or anyone who opposes its activities, and it expects its business partners to do the same.

Source: Research Insight Human Rights Defenders RMF 2020

Compared to men and boys, women and girls experience disproportionately the potential negative effects of business operations in complex environments.

Why is gender important in relation to effective security and human rights risk mitigation?

Compared to men and boys, women and girls experience disproportionately the potential negative effects of business operations in complex environments. Both industrial and artisanal business operations can trigger specific gendered impacts and underlying gender inequalities are often compounded and made more acute with the growth of business activities in a wide range of sectors.

There are two main gender-related dimensions to company operations – the impacts on women and girls in the community and the impacts on the workforce. Where a company’s workforce is drawn from the local community, these two elements are often linked.

In many operational contexts, security providers have negatively impacted women’s day-to-day lives: from blocking access to means of livelihood, farming or other work areas and water sources, to cases of sexual and gender-based violence. Furthermore large footprint businesses can cause a change in the characteristics of the local population, as for example in the case of new mining sites when they result in the in-migration of a transient male workforce, thereby changing gender dynamics in the community and potentially leading to social problems such as domestic violence or increase in sex work.

Gender and Security: What Should Companies Do?

Conduct gender-sensitive human rights due diligence and integrate a gender-sensitive approach in the business practices. In particular:

• Conduct a gender risk and impact assessment that can either be part of a wider human rights impact assessment or a separate exercise. The gender and security risks and impacts identified should inform the security assessment and subsequent plan.
• Explicitly include women in the stakeholder engagement strategy. Efforts should be made to accommodate specific needs women may have in order to participate (e.g. appropriate communication channels; female interlocutors).
• Formalize the company’s commitment to equality and non-discrimination in its policy documents. This can be done by developing a standalone gender or anti-discrimination policy and/or integrating gender considerations within existing policies in all sectors.
• Consider if the actions of company security providers – be they public security or private security – have a disproportionately negative impact on women.
• Ensure that training of security providers includes specific modules as well as cross-cutting references to gender-sensitivity, prevention of sexual exploitation and gender-based violence, and reporting on incidents.
• Ensure gender accessibility in grievance mechanisms, noting that women may have different or additional barriers to access to remedy than men (e.g. women enjoying less independent financial means; women being more prone to retaliation within their families; women suffering higher percentages of illiteracy; women benefiting from less time or capacities to access the grievance mechanism procedures).

Implement policies for non-discrimination and gender equality with respect to access to employment and working conditions, including gender-sensitive labor conditions for women employees. Ensuring equitable and nondiscriminatory hiring practices prevents grievances and labor disputes which may intensify and evolve into security incidents. Additionally, there is mounting evidence of the vast benefits in business performance thanks to having more women in the workforce.^[1] Furthermore, women should be included as part of the security forces deployed around company operations. Experience from the public security sector is evidence that a more diverse workforce is more effective, and that women can bring particular skills to security work.^[2]

Examples of good practices:

With respect to gender impact assessments, a main street fashion brand undertakes an annual process to identify the most salient human rights impacts in its supply chain. The brand has identified gender, security and human rights issues as one of its top challenges, noting particular countries and regional hot spots where it seeks to take action. This risk identification and mitigation exercise has led the brand to undertake various actions to increase women’s financial independence and raise awareness on health and safety, reproductive health, malnutrition, and gender-based violence.

In the extractives sector, the Responsible Mining Foundation conducted a study of the results of the Responsible Mining Index and noted isolated cases of progress on business, gender and human rights. For example, it found that BHP, Newmont, Goldcorp, AngloGold Ashanti, and Anglo American all had set gender parity targets, either across their companies or at the management level; it also found that three companies (CODELCO, AngloGold Ashanti, and Exxaro) followed through on their commitment to provide gender-appropriate personal protective equipment (PPEs) to women miners; it additionally found that Barrick Gold Corporation developed systems to prevent sexual violence. Further efforts should be pursued to monitor and encourage companies to improve their gender and human rights approaches and to share their experiences as a means of encouraging other companies to do the same.

Source: Gender Research Insight RMF 2019

This Toolkit uses the term “complex environments” to capture a range of operational contexts where social tensions or armed conflicts occur and where governance and the rule of law are weak or serving narrow interests.

Why is this issue important in relation to effective security and human rights risk mitigation?

As a starting point for any risk assessment and mitigation strategy, companies should analyse the operational context in order to understand the risks to their operations and personnel also the risk of exacerbating conflict and contributing to human rights abuses.

This Toolkit uses the term “complex environments” to capture a range of operational contexts where social tensions or armed conflicts occur and where governance and the rule of law are weak or serving narrow interests. The term incorporates the following concepts:

• Conflict-affected and high-risk areas (CAHRAs): ‘CAHRAS are identified by the presence of armed conflict, widespread violence or other risks of harm to people. Armed conflict may take a variety of forms, such as a conflict of international or non-international character, which may involve two or more states, or may consist of wars of liberation, or insurgencies, civil wars, etc. High-risk areas may include areas of political instability or repression, institutional weakness, insecurity, collapse of civil infrastructure and wide-spread violence. Such areas are often characterized by widespread human rights abuses and violations of national or international law.’^[1] Recently, the European Union’s Conflict Minerals Regulation has been requiring EU companies importing tin, tantalum, tungsten and gold from CAHRAs to conduct heightened due diligence. A list of CAHRAs has been developed for the European Union and is available here.
• Armed conflict situations: Regions or countries experiencing international armed conflicts, (opposing two or more States), and/or non-international armed conflicts, (between governmental forces and non-governmental armed groups, or between such groups only).
• Fragile and conflict-affected States/settings: States/settings in which the political environment is extremely polarised and divided due to a lack of trust among political actors. This lack of trust often has its origins in violent conflict.
• Fragile/weak/failed states: Political and social scientists use a range of terms to describe countries with weak rule of law and governance.

Indigenous Peoples have distinct rights protecting their survival, dignity and well-being and companies have a responsibility to respect these rights.

Why is this issue important in relation to effective security and human rights risk mitigation?

Indigenous Peoples have distinct rights protecting their survival, dignity and well-being and companies have a responsibility to respect these rights. There is also a strong expectation from clients, investors, market actors and other stakeholders that companies fulfil this responsibility. Given the extreme vulnerability of many Indigenous Peoples, companies should adopt a heightened level of due diligence when consulting and engaging with them.

Furthermore, companies that engage positively with Indigenous Peoples and work constructively in a framework of respect are more likely to avoid grievances or misunderstandings, gain community support and build a positive reputation. Escalation of conflicts can be prevented and potential security incidents can be managed responsibly.

Indigenous Peoples Rights include:

• Free, Prior and Informed Consent (FPIC): A specific right that is well established in international instruments and national laws and incorporated in most instruments relating to the rights of Indigenous Peoples. It allows them to give or withhold consent to a project that may affect them or their territories. Once Indigenous Peoples have given their consent, they can withdraw it at any stage. Furthermore, FPIC enables them to negotiate the conditions under which the project will be designed, implemented, monitored, and evaluated. FPIC is embedded in the right to self-determination, by virtue of which indigenous peoples freely determine their political status and pursue their economic, social and cultural development.
• Rights to property, culture, religion, and nondiscrimination in relation to lands, territories and natural resources, including sacred places and objects.
• Rights to health and physical well-being in relation to a clean and healthy environment.
• Rights to set and pursue their own priorities for development.
• The right to make authoritative decisions about external projects or investments.

Indigenous peoples: what should companies do?

• Ensure that Indigenous Peoples are appropriately identified and prioritized; when engaging with Indigenous Peoples, the company and its security providers should consider the specific cultural characteristics, governance structures, and traditional ways of interacting.
• Ensure inclusive decision-making that takes into account and responds to the concerns of Indigenous Peoples. This is crucial to maintain good community relations. The absence of consent and eviction of lands to which Indigenous Peoples have special connection for cultural, religious, traditional or livelihood reasons, have been a common cause for public demonstrations, social tensions, conflict and litigation.
• Understand the context of rights of Indigenous Peoples and include a relevant analysis tailored to each context as integral to the HRDD procedure.
• Include the recognition of Indigenous People’s rights and free, prior and informed consent in company policy commitments and ensure that company operations and security providers in complex environments are made aware of, and practice and seek FPIC on a continuous basis.
• Create and maintain appropriate grievance mechanisms that can respond to concerns and complaints of indigenous persons and trigger renewed analysis and engagement on FPIC.

Example of Good Practice

A gold mine project in Latin America is located on the traditional lands of a tribal group, recognized as an indigenous people/tribal people by the company and the international community. Afterwards, the company and the tribal group signed a letter of intent acknowledging that the gold mine is operating on the ancestral lands of the tribe. The company states that its engagement and agreement-making processes are “based on the principles of FPIC” but the company did not officially obtain FPIC.

In the coming years, the company and members of the tribal negotiating committee (appointed by traditional authorities of the tribe) negotiated and reached a cooperation agreement that stipulates the roles and responsibilities delineated in the letter of intent. The letter of intent included provisions for environmental monitoring, community health and safety, informal community mining, grievance mechanisms, and community information sharing. Afterwards, the company commissioned an NGO to gather an expert panel to consider issues of FPIC and make recommendations on their engagement with the indigenous groups in Latin America. The panel’s assessment highlighted both strengths and weaknesses in the implementation of FPIC principles and included recommendations for the company on how to better align its community engagement practices with the principles of FPIC within a human rights framework in the future. The process contributed to improving the company’s understanding of FPIC and strengthening community engagement.

Companies face heightened challenges managing their security arrangements and respecting human rights when operating in countries or regions experiencing armed conflict.

How does armed conflict impact responsible security management?

Companies face heightened challenges managing their security arrangements and respecting human rights when operating in countries or regions experiencing armed conflict. State security providers or armed groups protecting companies’ staff, assets and operations may engage in violations of international humanitarian law (IHL) or in serious human rights abuses.

Furthermore, factors such as weakened state governance structures, enhanced securitization, societal polarization, emergency measures, and a history of grievances or injustices increase the potential that a company’s actions may exacerbate the conflict.