On April 13, 2015, California Attorney General Kamala Harris issued “A Resource Guide” for companies subject to California’s Transparency in the Supply Chain Act (the “Act”). This resource guide was published in conjunction with the first efforts by the State of California to enforce the Act which took effect in 2010. The recent enforcement effort took the form of what is reported to be the issuance of about 100 letters, primarily to retailers, seeking a report about how each is complying with the requirements of the Act. It is understood the companies selected are among the approximately 1,700 who reported on their Franchise Tax Board filings they were either retailers or manufacturers doing business in the State of California.

Those subject to the Act are companies doing business in California with worldwide gross receipts of more than $100 million and are, as noted, reported as either retailers or manufacturers on their state tax returns. Per the Act, these companies must post disclosures on their Internet websites about their efforts to comply in the areas of verification, audits, certification, internal accountability and training. Companies are not required to provide proprietary or trade secret information, or to even make any effort to comply. What they are required to do, however, is share their compliance efforts to the extent they exist. Companies without websites are required to respond to any written requests within 30 days of receipt. The language of the statute – California Civil Code Section 1714.43 – can be found at http://codes.lp.findlaw.com/cacode/CIV/5/d3/3/s1714.43.

The Resource Guide (“Guide”) is stated to be designed to “help” covered companies with “model disclosures and best practices.” The Guide is divided by reporting categories, and then within each, states the statute, key requirement(s) and model disclosures. Language from actual website postings is included for illustration purposes. The Guide can be found at: https://oag.ca.gov/sites/all/files/agweb/pdfs/sb657/resource-guide.pdf? It starts with where the notice should be placed on the company’s website. The requirement of the Act is the notice be “conspicuous [and] easily understood.” The Guide indicates the best practice is to place the link at the top or bottom of the homepage, with an obvious title such as “California Supply Chains Act.” The Guide also holds placing the data on a company’s Corporate Governance or Corporate Compliance page or otherwise requiring multiple links is inadequate. The preferred form of publication is a dedicated page which links directly from the button on the homepage. The Guide goes on to recommend the use of prominence and/or font size to make the link “conspicuous.”

As to verification, the Guide goes on to say a company should clarify whether it verifies all of its supply chain or only certain routes. Also, are third-party monitors involved, how are risks identified and evaluated, and how does the company use any resulting assessments? Companies are encouraged to explain to the consumers reading their information how frequently such verifications occur, and also whether labor brokers or third-party recruiters are used by their supply chain partners. The goal of the Act is to aid companies in minimizing the likelihood of human trafficking in their supply chains, and the use of labor brokers and/or third-party recruiters heightens the occurrence of human trafficking and slavery, often due to the large debts and miserable working conditions imposed on those workers.

Another required reporting element is whether or not audits are performed. Here, again, the Guide recommends the company explain its methodology or review process, whether there was advance notice, whether the review was conducted by company personnel or independent auditors, how suppliers are prioritized for review (if not all are audited each year), what number or percentage are audited (again, if not all are audited annually), and whether such audits are broken down by the components in the supply chain.

When it comes to certification, the next required element, are direct suppliers required to certify their compliance with the trafficking laws in the country/countries in which they do business? The Guide acknowledges this is often initially accomplished by a clause in the commercial agreement between buyer and seller, and then backed-up with yearly certifications, but also asks, what records are kept? The example used to illustrate best practices includes a supplier certifying he has (1) proof of age for every worker; (2) payroll records and timesheets for all employees; (3) written documentation of employment terms and conditions; (4) local health and safety evaluations or documentation about any applicable exemptions; and (5) records of employee grievances and suggestions (and employer responses). Companies are expected to disclose whether they have internal procedures for determining compliance, including any efforts by the company to assist its own workers to understand the company’s fair labor requirements.

Lastly, there is the training component. Here, the Guide points out the key is what efforts the company makes to train its own employees who directly oversee the supply chain about human trafficking and slavery, with the goal to reduce potential risks. As with all the other reporting elements, the exact requirements are somewhat vague. However, the Guide recommends including the curriculum’s content, and the duration and frequency of training, including whether outside experts or internal staff present the training.

Enforcement under the Act is limited to injunctive relief which can be sought only by the California Attorney General. Nonetheless, there can be other consequences to companies regarding any published information. However, first, a company engaging in international trade at any level will need to decide whether it reveals its membership in the Customs-Trade Partnership Against Terrorism and relies on its provisions for supply chain security assurances. Its supply chain partners will also need to decide if they wish to reveal they are an Authorized Economic Operator. Many companies chose not to reveal such status out of concern it makes them a higher risk target. Whether or not there is reference to a recognized supply chain security program, there can be other fallout to consider. For example, if the company states it has a certain policy or procedure and does not, it could find itself on the receiving end of a lawsuit typically stated in California to be for unfair business practices or fraud/misrepresentation. A company is at similar risk if it states it has a given practice, but has since changed it or fails to follow it as stated on its website. In summary, to be compliant, a company must decide what it is going to say, make sure any statements are current and accurate, and then do what it says it does, and keep appropriate records. All of this, of course, also translates into the company’s business partners doing the same.