Risk Management
To comply with the high standards we have set for our business and supply chain, we are constantly reviewing and assessing our processes. We take a risk-based approach to identifying and eradicating modern slavery and human rights abuses. HEINEKEN UK has put in place a series of measures to mitigate risk associated with modern slavery and human rights infringements, the principal ones of which are set out below.
A. Supplier Code
We require all of our suppliers to abide by our Supplier Code which outlines the key behaviours we expect of our suppliers, including ensuring safe working practices, fairly remunerating employees, and complying with the standards set by the International Labour Organisation. Suppliers must confirm that they will abide by our Supplier Code before they are permitted to enter into any tender process to work with HEINEKEN.
Supplier Code compliance is reviewed by the HEINEKEN UK Head of Procurement on a monthly basis and performance is shared with the HEINEKEN UK Finance Director and HEINEKEN Regional Procurement Director for Europe on a monthly basis, and quarterly with HEINEKEN UK’s Managing Director.
B. Risk Assessing Third Parties
Since 2021, HEINEKEN has used a third-party due diligence program ‘SHINE’, to assess all new suppliers for the HEINEKEN UK business. SHINE is designed to identify, assess and remediate risks and automatically performs instant due diligence on suppliers across over 50 risk categories that include sanctions, watchlists and enforcements, corruption, human rights violations, terrorism and trafficking. A report and risk rating are assigned to each supplier, and these are then reviewed by our internal compliance teams to ensure that appropriate actions are taken.
The SHINE tool monitors suppliers on a real time basis to ensure that we only do business with suppliers who share our values and commitments to responsible business conduct. In the event of a supplier being deemed an Amber (Medium) or Red (High) risk, alerts are issued to our Procurement department, our Director of Legal Affairs and our Head of Assurance, Risk and Compliance to review and take appropriate action. As is consistent with the position at 2023 close, there were no outstanding Due Diligence Questionnaires for Suppliers as at the end of 2024.
C. Speak Up Policy
We have embedded a Speak Up policy across the HEINEKEN organisation. If anyone (whether it be an employee, supplier, customer or consumer) has a concern about a possible violation of our Code of Business Conduct, including any of the underlying policies, they can report their concerns anonymously online or over the phone. We actively promote our Speak Up policy across the
organisation and encourage individuals to report any concerns, including any possible human rights violations, through this channel.
D. SMART Outsourcing Audit
Adherence to our Human Rights Policy, Brand Promoter Policy and Supplier Code, as well as local laws, is vital to ensuring fair working conditions for everyone involved in the manufacture, distribution and promotion of our products, whether directly employed by HEINEKEN UK or not. Therefore, employees of Outsourced Service Providers (OSPs) are also covered under these policies.
In 2024, HEINEKEN UK embarked on a globally led program called SMART Outsourcing, which seeks to ensure that OSPs are compliant with human rights standards and meet our Brew a Better World (BABW) commitment: “ensure fair living and working standards for third party employees and brand promoters.”
Through 2024, HEINEKEN UK completed cycle 1 of this program which covered local governance and set-up, value chain mapping, baseline assessment and an external compliance audit of our operations at Manchester Brewery. While we are awaiting the final audit report, preliminary review of the audit findings from the external auditor confirmed that no UK labour risks were found and as such there are no follow-on actions arising.
Cycle 2 of the program will be initiated in 2025. This will be OSP facing, including a self-assessment questionnaire (SAQ) to be completed by management of OSPs and follow on OSP audits for the highest risk OSPs based on the completed SAQs.