id - SNGLR

8 downloads 211 Views 2MB Size Report
Mar 11, 2018 - Panoptes was a giant in Greek mythology who had hundreds of eyes to observe everything happening in the w
id: 5aa599d3b170f60004b9ae34 hash: 8B78D3392C5EEA1367A268033B6294D7A320EF3F7CC356B63F423C91789EA0AF token: c4f3e151e3b981d time: 2018-03-11 21:04:19.603 receipts: eth: 1473, btc: 10473, etc: 1473 ltc: 10473

II.01

Reputation ..................................................................................................................... 6

II.02

Regulation ..................................................................................................................... 6

II.03

Investors ....................................................................................................................... 7

III.01 Internal audits ............................................................................................................... 8 III.02 External audits ............................................................................................................... 8 III.03 NGOs ............................................................................................................................ 8 III.04 Unions ........................................................................................................................... 8

IV.01 How are we going to do it? ............................................................................................. 9

Physical devices ......................................................................................................... 9 Blockchain technology ...............................................................................................10 Smart Contracts ........................................................................................................11 IV.02 How does it work?........................................................................................................ 11

Functional description ................................................................................................11 Technical solution ......................................................................................................12 Data protection .........................................................................................................14

2

Panoptes was a giant in Greek mythology who had hundreds of eyes to observe everything happening in the world. Inspired by Panoptes, English philosopher Jeremy Bentham crafted the idea of a Panopticon, a system designed to systematically observe everything in a penitentiary system. Bentham’s aim was to keep an eye on people who regularly broke the law, keeping them locked with a central point of control.

Our Panopticon is a twist on Bentham’s idea. Our aim is not to keep an eye on criminals but on contractors and suppliers along cross-border supply chains of multinational companies, to level the playing field for factory workers where their basic human and labor rights would otherwise not be guaranteed.

Our mission is to enhance cross-border supply chain compliance with labor standards and human rights through blockchain and smart contracts. Our multidisciplinary team includes four lawyers specialized in several areas of law and four engineers. One of the team members is part of the Cuatrecasas1 cross-border supply chain compliance team, which specializes in improving legal standards throughout clients’ supply chains, including human rights and employment rights that contractors should guarantee.

Traditionally, there has been a disparity between the legally binding clauses agreed upon a company and its contractors regarding human rights and employment standards and the reality inside the contractor’s factories. Companies have tried to tackle this problem by performing regular factory audits, but this system has proved to be expensive and results are poor.

Panopticon aims to drastically narrow the gap between contractually agreed employment standards and real employment standards at theses factories by monitoring conditions through automated data, creating a mechanism through smart contracts to immediately stop payment to contractors that infringe the agreed standards.

1

Cuatrecasas is a leading international law firm present in over 10 countries, with over 900 lawyers. Cuatrecasas represents

several of the largest international companies, advising them on their investments in the major markets in which we operate. Cuatrecasas’ experience, its business focus and the top quality skills and continuous training of its lawyers are the foundation of its excellent legal services.

3

This LegalTech solution solves the recurrent headache of multinationals with cross-border supply chains. Our multidisciplinary team can provide a comprehensive technology solution addressing the legal implications of this multi-jurisdictional, global problem.

4

In April 2013, 1,134 people died when the Rana Plaza garment factory collapsed in Dhaka. Within the wreckage of the factory, products of almost every international fashion company were found. Furthermore, investigations revealed that the working conditions of the employees who died that day were almost unbearable. Most of the companies accused of manufacturing their products under miserable labour and health standards were not even aware of manufacturing in that country. The majority of those products were manufactured by suppliers of which the main company had no knowledge.

Rana Plaza put employment conditions, and supply chain transparency and traceability, under the spotlight. Awareness of company responsibility for their business partners’ actions has

In April 2013, 1,134 people died when the Rana Plaza garment factory collapsed in Dhaka, Bangladesh. In the factory wreckage, products sold by almost every international fashion company were found. Investigations revealed that the working conditions of the employees who died that day were almost unbearable. Most of the companies accused of manufacturing their products under miserable labor and health conditions were not even aware their products were being manufactured there, since most of those products were manufactured by suppliers of which the main company had no knowledge.

Rana Plaza put employment conditions and supply chain transparency and traceability on the spot. Awareness of company responsibility for the actions of its business partners has grown since then, and new cases have been hitting the news. For example, UK food inspectors discovered horsemeat in Findus beef lasagna sourced from a supplier, and French police found dozens of undercover factories where products were manufactured under unlawful conditions in the outskirts of Paris.

5

The Business Continuity Institute recently published a report2 on supply chain resilience showing that almost three-quarters of organizations have reported having business continuity arrangements related to supply chain management, of which 63% do not use any technology to analyze, track or monitor the performance of their supply chains and 51% do not have insurance coverage against supply chain disruption at all.

In this regard, companies are urged to take control of employment and human rights standards along their supply chain, for the following reasons:

The report mentioned above concludes by underlining two important aspects in supply chain resilience. Firstly, reputation is an important aspect in supply chain disruption, which requires organizations to become more aware of the issues around their supply chain and communicate effectively in times of crisis. The second is the element of collaboration, which still faces challenges in being implemented, but represents a great resource for effective supply chain management.

Regulators have also increased their scrutiny on employment and human rights standards along cross-border supply chains in the last few years. Since the Rana Plaza incident, new laws focused on improving the transparency of cross-border supply chains and extending responsibility for infringements of subsidiaries to parent companies have been approved.

For instance, among other states such us California in the US or the UK, in 2017, France enacted a bill on the duty of care of parent companies. Under this law, parent companies with i) more than 5,000 employees worldwide at group level, and with headquarters in France, or ii) 10,000 employees worldwide at group level, can be considered liable for their subsidiaries’ labor and environmental infringements, when they do not implement necessary measures to prevent these infringements.

In addition, the European Union enacted Directive 95/2014 on disclosure of non-financial and diversity information by certain undertakings and groups. This aims to provide shareholders of

2

Supply Chain Resilience Report, November 2017, Business Continuity Institute. More information.

6

public-interest entities employing more than 500 people with more complete social and environmental information. It requires those companies to disclose in their management reports information on their environmental commitment, social and employee conditions, respect for human rights, anticorruption and bribery issues, and diversity policies in place.

Investors are one of the most pressing reasons why companies are interested in cross-border supply chain traceability and human rights. In the last few years, they have shifted their investment criteria, focusing on long-term growth and profit instead of pursuing short-term investment. The DOW Jones Sustainability Index (DJSI)3 has become one of the most influential investment and analysis tools for investors. Human rights and employment standards along the supply chain are part of the criteria that the DJSI analyzes. Specifically, the DJSI requires companies to control and trace their supply chains and their conditions down to the third tier.

In addition, leading investors are specifically asking to include this as investment criterion. For instance, BlackRock’s CEO stated in its annual letter4 to invested companies that one of the main investment criteria of the group for 2018 and 2019 would be human capital management, particularly health and safety issues, labor relations and supply chain labor standards.

Multinationals find themselves at a crossroad. The high cost of an efficient auditing system could push them out of the market and the absence of control could endanger their brands and those of their investors, maybe forever.

Research shows us that the tools used today are good in theory but inefficient in practice . A good example is the common auditing system that companies implement to supervise

3

Review for instance the DJSI Review Results 2017. Human Rights is one of the criteria, updated and separated from Labor

Practice Indicators and now comprises a new criterion in line with the UN Guiding Principles on Business and Human Rights. 4

Larry Fink’s letter to CEOs. More information.

7

compliance with contract clauses. The limitations of the four current auditing options are briefly described below.

On the one hand, internal or local audits are very expensive and not objective. Since the audit system is supposed to be a mechanism through which an auditor makes unannounced factory inspections, the need to rely on local auditing entities based in countries with high corruption levels makes it very difficult to ascertain the reality inside those factories5.

For their part, external or foreign auditors are easily recognizable in the town where the factory is located, sometimes as soon as they set foot in the town. Therefore, factory managers quickly hide any signs of breach of contract obligations, dismiss workers who do not have the minimum required age, and falsify or hide records of misconduct. In addition, said auditors lack the cultural background and local connections needed to discover, investigate, and punish misconduct, i.e., they cannot communicate with workers, making it impossible to effectively fulfill their task.

NGOs that live and work with the families of the factory workers report to the multinational companies all employment and human rights infringements they are aware of. In this case, the challenge faced by the multinationals is twofold: the heterogeneity of these organizations makes it complicated to know who to trust; and their geographical reach is not worldwide, so it would be necessary to have an organization in each town where each factory is located.

Unions normally do not dispose of enough legal protection in those countries where there are most needed. Therefore, they normally fail in their task due to fear of being persecuted by the factory owners.

5

Zero Tolerance Success Stories. Story 4: eradicating forced labor. Amfori. More information.

8

Our team, after conducting a thorough study of all the measures implemented by companies, has concluded that, despite the great importance multinationals place on controlling labor conditions in the supply chain, a truly effective and transparent solution has not yet been adopted.

Panopticon is a technological solution designed to provide an automatized, objective and reliable system to allow multinationals to monitor respect for human rights and labor conditions along the supply chain.

Panopticon aims to be the definitive tool for multinationals to automatically control labor conditions in their suppliers’ factories as agreed in their contracts. Our multidisciplinary team is committed to creating a truly cost-efficient win-win solution in which: (i) workers win with a leveled playing field and safer workplaces where their rights are guaranteed and protected; (ii) multinationals win by freeing themselves from legal responsibility and preventing irreparable brand damage; and (iii) investors win by investing in socially responsible corporations.

Our Minimum Viable Product (MVP) has three main elements: (i) on-site physical devices that collect data along with a database; (ii) a blockchain mechanism to upload, track and secure data related to the anomalies detected through the physical devices; and (iii) a system of smart contracts aimed at automating payments between multinationals and their contractors, depending on compliance of human rights and employment standards at the factories.

The first step of our solution requires on-site devices, sensors –for instance, cameras–, at the factory to collect data. The type of on-site devices will depend on the employment standards clients want to monitor and control, varying also in number and cost. However, the more data Panopticon receives, the more accurate the system is.

The non-employability of minors at the factory is the first labor condition that we have chosen to be measured in our MVP. This would require face or fingerprint recognition or other biometric

9

systems to identify workers at check-in and check-out. We would recommend our clients the implementation of two mechanisms to allow a two-factor authentication, such as image and fingerprint. For instance, the installation cost of cameras and fingerprint scans is relatively cheap. For instance, the installation cost of eight biometric access control devices and a camera, including the hermetic supports and the network electronics, amounts to around 4,500 euros. However, for this first MVP we have chosen the image sensor only.

Health conditions in contractors’ facilities is another example of data that can be easily monitored. A physical device that measures humidity and heat would make it possible to know if employees are working in unhealthy conditions.

The set of private nodes and peer-to-peer decentralization network wrapped in a cryptographically robust ecosystem provides data integrity and transaction tracking to ensure the reliability of the data processed in the smart contracts.

Once the information is collected, it will go to a database, where it will be bundled and hashed. The database will identify if there is any infringement and upload it to the blockchain, where it will be immutable, trackable, and automatically-autonomously-and-instantly checked in the verification of compliance with the contract clauses. This allows companies to trace every infringement at any time and also to implement smart contract to enforce payment to suppliers and contractors.

There are different types of blockchains in the market and depending on the needs of client the blockchain we implement may differ. If a sole multinational would like to implement Panopticon, we would use the Ethereum Enterprise blockchain together with Quorum, the JP Morgan protocol for Ethereum Enterprise and IBTF consensus. A semi-public blockchain would allow Panopticon to have the benefit of traceability and public control, but also the advantage of big transaction capacity thanks to the existence of validating nodes and IBFT instead of a Proof of Work mechanism.

If an industry decides to use Panopticon through a consortium, we would use for these case IBM’s Hyperledger Fabric. This blockchain allows the different companies to validate the transactions without making them public, together with a huge transaction capacity.

All non-infringement related data will be stored in a database and will also be available to the company. 10

For our first MVP we have opted for the Ethereum Blockchain, enabling a system of smart contracts aimed at automating payments between the multinationals and their contractors, which now only considers the age of employees to determine the payment.

Smart contract allow for the automatic enforceability of payments to contractors and suppliers if said parties comply with the labor conditions and human rights requirements agreed in the contract. The smart contract will be coded to automatically-autonomously-and-instantly execute their clauses, either to release payment if the established conditions are met, or to withhold it when there is a breach.

The infringements registered in the blockchain will be linked to a specific contractor or supplier and to its factory where the infringement took place. Payment to the contractor or supplier will occur to a smart contract at a set date.

11

This use case analyzes how the system would work to avoid child labor. As we can see, the identity of workers will be validated when they access and leave the production area of the factory. In the case of the fingerprint scans, the fingerprints of all workers would be matched to a picture and an official document which would identify them. Panopticon will process the data and store it in the database.

Panopticon will then analyze the input data to detect irregularities according to the clauses defined in the contract. Each irregularity will be registered in the blockchain guaranteeing the integrity and the traceability of each incident, and the associated alarm will be sent to the smart contract and visualized by the multinationals in the platform. This feature has not been yet included in the demo, but it is our next step.

If the agreed conditions are met, the smart contract will make the payment. If they are not met, the smart contract will determine the penalty defined in the contract depending on the irregularity detected.

12

For identification purposes, all workers will be registered in an encrypted database including a photograph of the worker’s national ID card, which will be associated with their fingerprint. We are considering two levels of authentication, face and fingerprint recognition, which will determine the worker’s age with 94% accuracy.

Factories will be given a multi-factor authentication profile, enabling them to upload their workers’ names to the database and complete other information required.

Punitive measures will be embedded in the contract in the form of penalty clauses in case the factory manager falsifies the uploaded information, without prejudice to sanctions provided under governing law.

Other sensors can also measure the number of workers entering the production area of the factory, the humidity and temperature of the building, or the working time of each worker. All the data of all sensors contrasted should give a coherent image of the factory.

Panopticon will register all the access control information and process it to create alarms. If alarms determine non-compliance, they will be registered in the blockchain as an incident and become input data for executing the smart contract clauses.

To guarantee the integrity and the traceability of the data processed by the different devices, we will install network equipment for the service in each factory, and we will control it remotely, using a network access control that will allow us to recognize each device. This means that at any time a single auditor or independent party will be able to check all incidents related to the access control for each factory.

Once uploaded, the information will be stored. It is automatically protected and processed separately to determine whether any contractual obligations have been breached. A report will be provided to the multinationals and factories with the data collected and breaches identified.

13

This combination of information, subject to data analysis algorithms, will (i) produce a base for detecting malpractice and wrongdoing; (ii) provide multinational companies a due diligence to monitor their suppliers’ fulfillment of their contractual obligations; (iii) create in the future a rating system under which factories with fewer incidents will have better scores; and (iv) offer multinational companies the possibility of a fast overview of factories that implement better conditions for employees, which would be very useful information when they are deciding who they want to work with.

Of all registered information, the infringements will be uploaded to the blockchain to have a traceability of the number and type of infringement for every factory, but also to allow the deployment and enforcement of smart contracts for the payment to contractors and suppliers.

We believe that once a significant number of factories have registered, Panopticon will become a quality seal.

It is worth mentioning that we will begin implementing smart contracts that automatize conditions that we are able to track and validate with the sensors implemented or other given information. If the criteria established in the smart contract matches the data collected, the terms will be executed. Firstly, a report will be sent to the factory explaining any problems raised and how to fix them, if applicable in accordance with the agreement between the parties and governing law. It is important to develop a process that helps factories improve their conditions and workforce in accordance with the terms agreed by the parties.

Our team understands the importance of complying with data protection regulations, and one of the lawyers on our team specializes in this area of law.

To comply with data protection regulations and to establish the privacy by design requirements, all communications will be encrypted, and the data will be stored in a cloud system, with most of the security and compliance measures relying on the Microsoft Azure Certifications with its global scalability.

We will ensure that agreements between the factories as data controllers and Panopticon as data processor are adopted, and that all the security requirements are implemented.

14

In addition, factories will have a dashboard in the Panopticon platform to manage employees’ requests for information on their data protection rights.

For now, our MVP includes de specific names and ages of the employees just to make the demo more comprehensible. In the real solution Panopticon will not have access to the names and, regarding the ages, we will only now if they are of working age.

Our future revenue model will be subscription-based. We will offer PaaS (Platform-as-aService). The premium option will provide all the resources, including advanced reporting.

Regarding costs, the initial technological investment for a prototype could be covered with the team’s investments. We do not require additional funds for the initial service infrastructure. The cost of the network equipment for each factory could be covered with fixed payments from multinationals for the integrated service.

In addition, with respect to human resources, we have four engineers on our team who can define and execute the platform’s configuration and four lawyers specialized in different areas of law which can address the legal complexity of the project, as well as the support of Cuatrecasas.

We aim to create a resource for large corporations, to help them supervise the working conditions of their subcontracted suppliers anytime, worldwide. We will focus on developing a scenario that is in the interest of both multinationals, factories and workers: multinationals will see their costs reduced and their reputation protected, while the system will guarantee the protection of the human rights and labor standards of workers.

In this regard, we believe this project has great scalability. As mentioned in the Supply Chain Resilience Report mentioned above, almost three-quarters of organizations have reported having business continuity arrangements related to supply chain management. This solution is not geared towards a particular business sector; it can be implemented in many different industries,

such

as

the

textile

industry, the

telecommunications field.

15

automotive

industry

and

even the

Our solution has no competitors in the market at the moment.

AuditChain6 is developing a decentralized continuous audit and reporting protocol ecosystem. However, this solution does not focus on helping companies comply with employment standards and human rights in cross-border supply chains. In this regard, we are specifically focusing on labor conditions in supply chain management, which, to date, has no competition. This means we have a real competitive advantage to introduce our solution to the market and to integrate our solution easily in the companies’ systems.

Currently, one of our main goals is to develop the prototype with all the functionalities mentioned and to create a database with sufficient data to start making reporting under fake assumptions and with fake workers, multinationals and factories. This will allow us to show the product at its best. In addition, we have started to approach the market in order to validate the idea and we will do the same with the prototype and its future iterations. We believe it will be relatively easy to make our project known among key players such as the textile industry given the great need for a solution like Panopticon, and our direct contact with important players. We aim to partner with one of the textile multinationals we currently advice.

Once the first partners and investors have joined the project, we will begin deploying the infrastructure needed to provide the service. We highlight that the physical devices to be used in the factories will be audited, and their installation supervised so data reliability will not be compromised.

This phase will be followed by implementing the main code and program dependencies. At that point, the resources needed to implement our solution will be clear, and we will determine the number of professionals our team will need to integrate. As it is common practice in the technology sector, we will have a full-time core team of engineers, computer scientists, data

6

For more information visit https://auditchain.com/

16

analysts and lawyers, while counting with the support of extra staff on an as-needed-basis, either from the firm, or by hiring external services.

Our first pilot will be with a multinational during an interim period in which we will filter our results, acquire experience, and improve our services sheet.

Regarding product validation, when speaking with relevant clients about our solution they have stated the following7:

Director at a telecommunications multinational: “When the Panopticon Team introduced me to their idea, I thought that it could fit perfectly as a feasible solution of our concerns towards enhancing living conditions and improving transparency. As a telecommunications company we are especially interested in solutions that use innovative connectivity technology, such as IoT or blockchain”.

Risk advisor at a textile multinational: “Panopticon may help improve human rights and employment standards through technology, wherever a traceable supply chain exists”.

Blockchain project manager at one of the top Spanish financial institutions: “It is already well known that blockchain technology combined with IoT has the potential to be a game changer for the supply chain industry. But current efforts are mainly focused on testing these technologies for logistics (e.g. Maersk and IBM Joint Venture), food traceability (e.g. IBM, Nestlé and Walmart) and financing (e.g. we.trade). Panopticon is tackling an obvious but less confronted problem: labour conditions, which not only benefits companies by reducing audit costs, increasing transparency, improving control on suppliers and protecting the companies’ reputation but more importantly it helps protecting human rights and working conditions.”

In-house consultant and project manager at a textile multinational which thrives to provide the necessary framework for the company’s product lifecycle management team to deliver the best products towards their customers: “In efforts of making supply chains more sustainable, retailers are facing the challenge of obtaining full transparency and traceability within their supply chains without sacrifice in scalability and flexibility. Here is where Panopticon steps in. Panopticon is developing an auditing system helping retailers to obtain greater transparency and traceability throughout their supply chain by bringing IoT, smart contracting and blockchain

7

The validation letters with the name and position of those who validated can be handled at the jury’s request.

17

together. Through the help of sensors within the supply chain Panopticon ensures healthy factory working conditions are meet, while infringements are directly sanctioned through smart contracting solutions. Hereby Panopticon is contributing to efforts of better working conditions and living standards throughout the world”.

Talent manager at a top talent platform: “Panopticon is a great project to measure and record data on parameters that define the employees working conditions. Applying technologies such as Blockchain and IoT may reduce the cost of large companies when it comes to controlling the conditions of employees working in the factories. It is fascinating that law firms like Cuatrecasas lead and get involved in projects like this to create a positive impact because we cannot keep turning our back on a problem of this magnitude.”

Our team was born out of the desire of some young lawyers and engineers from Cuatrecasas to provide a pioneering legaltech solution to a pressing and recurrent problem of our clients, who shared their efforts and experiences with us.

Panopticon was born with the ambition to work towards a win-win initiative capable of raising human rights protection and labor standards to new heights, while supporting multinationals in their efforts to find business-friendly solutions for their corporate needs.

Please, find some references of our professionals below:

Andrea Ortega Villalobos: Member of the International Advocacy Program (PPAI), a unique training program in the Spanish legal market designed for promising and young international lawyers. She currently works in the Intellectual Property, Data Protection and New Technologies department at Cuatrecasas. She also works as Innovation Project Manager, promoting, amongst other initiatives, Cuatrecasas Acelera8, Cuatrecasas Ventures and DTECH. She is also a representative of Cuatrecasas at Alastria Blockchain Ecosystem9.

8

Cuatrecasas Acelera is an acceleration program for startups. More information.

9

Alastria Blockchain ecosystem. More information.

18

Paula González Zatarain: Corporate-Finance lawyer at Cuatrecasas. She has an extensive experience in international corporate and financing transactions. Aside from her acquired legal knowledge, Paula is a very creative and highly motivated person. Passionate about photography, she was the winner of the Cuatrecasas 10th Photography Competition.

José Izquierdo Fernández: Corporate and M&A lawyer at Cuatrecasas. He is specialized in international business law and the legal framework of cross-border investments. He is also passionate about the impact of cultural and political variables on M&A transactions. José firmly believes that by better understanding the needs and particularities of the parties involved in a deal, it is possible both to foster efficiency and to promote their mutual interests.

Pedro Méndez de Vigo y Puig de la Bellacasa: Employment lawyer at Cuatrecasas, he has an extensive experience in international employment law and cross-border supply chain compliance. Part of his work consists in framing labor standards into supply agreements and assisting on the negotiation of Global Framework Agreements. He is also part of the firms DTECH group, which specializes on the legal consequences of technological disruption on employee management and human organizations.

Sergio Juárez Calvo: Information Security engineer at Cuatrecasas. Sergio has an extensive experience in providing technical advisory in order to help different organizations to define their information security strategy and implementing the most suitable controls identified in the main regulations related with Data Protection. Sergio has excellent skills in ethical hacking audits and a wide knowledge in corporative IT Risk Management and Business Continuity Plan definition.

Nabil El Alami Khalifi: Infrastructure & Cloud Consultant at Tokiota, S.L., he works as external system architect contributor at Cuatrecasas. Nabil has a degree in Telematics engineering and excellent skills in programming languages and operative systems and programs.

Dirk Hornung: Ph.D professional candidate at the Institute of high energy physics of the "Universitat Autònoma de Barcelona". During his academic career, he has been performing daily data analysis related to C++, Fortran and Artificial Intelligence within the physical framework of Quantum Field Theory. In addition, he is an experienced Full Stack Web / App Developer, working mainly within React, React Native, Swift and Amazon Web Services. Dirk is highly interested in democratizing the world with Blockchain technology.

19

César Martín: César has 20 years of experience in digital development. During his last four years he has worked on SAAS solutions for the legal sector. César is also a very enthusiastic entrepreneur, founder of two companies and investor in another one.

20