ESG – It’s Time to Up Your Game
Why Every Organization Should be Focusing on ESG
I recently wrote an article for Aravo’s new publication, Risk & Resilience. Their inaugural issue focused around the important topic of ESG, and is jampacked with great thought leadership content from a variety of experts and perspectives. I invite you to read the article I included below, but also to check out the publication as a whole and learn from the great thought leadership included.
ESG – Environmental, Social, Governance – is a dominant focus in organizations right now getting board-level scrutiny and attention. Organizations around the world and across industries are challenged to define, implement, and report on ESG. These pressures are coming from all directions: investors, customers, employees, regulators, and activists. The reality is that ESG has teeth, and organizations must do something about it.
Previous iterations of ESG were Corporate Social Responsibility (CSR) and Sustainability. These were often passed around the organization like a hot potato and often landed in the lap of marketing as a branding exercise. This is not the case with ESG; the risk exposure to the organization is too great. I find that the Corporate Compliance and Ethics Officer (CECO) is the most common role leading the coordinated/federated ESG strategy in the organization. The goal is to be an organization of integrity to ensure that the values, ethics, statements, commitments, relationships, and transactions are a reality in practice, process, relationships, and transactions.
However, understanding ESG is complex. What is happening in organizations is like the parable of the blind men and the elephant. One blind man touches the tail and thinks it is a rope, another touches the body and feels a wall, and another touches a leg and says it is a tree. The same is happening with ESG as different functions/departments see what impacts them. Some focus on the E for the environment and think that is the most important since it leads the acronym ESG. Others are focused on the S, and others the G. All three are critical and intersect with each other.
As a guide, but not exhaustive, ESG covers:
- Environment. Climate change, natural resource utilization, pollution and waste, biodiversity, certification, carbon footprint/emissions.
- Social. Child labor, forced labor, socio-economic inequality, privacy, personal data use, diversity, inclusion, working conditions, health and safety, product liability.
- Governance. Corporate governance, fraud, anti-bribery and corruption, anti-money laundering, internal controls over financial reporting, security, corporate conduct and behavior, anti-competitive practices, tax transparency, ownership, and structure.
The reality is that ESG does not start and stop with traditional brick-and-mortar walls and employees. To address ESG requires that organizations address ESG in the context of the extended enterprise of third-party relationships.
Martin Luther King Jr stated, “Whatever affects one directly, affects all indirectly. I can never be what I ought to be until you are what you ought to be. This is the interrelated structure of reality.” This statement is true in our individual relationships, and it is true in an organization’s relationships in the extended enterprise in the context of ESG.
That is because the structure and reality of business today have changed. It is not the same as it was a few decades back. The modern organization is supported by an interrelated structure of business relationships. It is an interconnected and interdependent web of suppliers, vendors, outsourcers, service providers, contractors, consultants, temporary workers, brokers, agents, dealers, intermediaries, partners, and others. Business today relies and thrives on third-party relationships; this is the extended enterprise, and it is the challenge of business today to manage ESG across these relationships.
The saying “Show me who your friends are, and I will tell you who you are” translates to business: show me who your third-party relationships are, and I will tell you who you are as an organization in the context of ESG. The integrity and ability of the organization to comply to act with integrity in the context of ESG, comply with investor and regulatory requirements, and ensure that ESG commitments and values are followed through in relationships is no easy task. The actions and behavior of these third parties impact and shape the reputation and brand of the organization. Their risk issues are the organization’s risk issues.
Third-party risk programs are about to change significantly. In the past, there was a dominant focus on information security and privacy risk in these relationships. They also were fragmented where different departments monitored and managed their silos of risk without seeing the big picture of risk across a third-party relationship. This is changing. The focus on ESG is restructuring how organizations define and manage risk in the extended enterprise.
Particularly, there are pending directives and legislation that have an expansive scope that is expected to be passed this summer. This is the EU Directive on Mandatory Human Rights, Environmental, and Good Governance Due Diligence alongside Germany’s corresponding Corporate Due Diligence Act.
These laws are more than reporting requirements; they will have teeth. They are not like the United Kingdom Modern Slavery Act and California’s Transparency in Supply Chains Act. These new laws are expected to have significant enforcement penalties and sanctions and large administrative fines (similar to anti-trust and GDPR fines). They require thorough and continuous due diligence of third-party relationships in the context of environmental practices, social and human rights, and governance to address corruption.
This is going to fundamentally change and restructure TPRM programs to address ESG in the extended enterprise. Organizations need to move beyond scattered silos of third-party risk oversight to create an integrated third-party governance program that addresses ESG throughout the extended enterprise. This unifies a single approach to govern ESG in third-party relationships and delivers a 360° contextual awareness of ESG risk in relationships.
The writing is on the wall, organizations need to fundamentally change how they approach ESG internally and across the extended enterprise. Organizations should start defining an integrated strategy for ESG to address these forthcoming requirements and stakeholder demands in a unified and consistent approach.
Thank you again for reading my contribution to Risk & Resilience! Again, I invite you to explore other great articles and interviews in the publication to gain a well-rounded understanding of ESG’s importance.
Upcoming Webinars
- Third-Party Risk Intelligence: Delivering 360° Situational Awareness to the Extended Enterprise
- Accountability & Compliance in the Modern Enterprise
- The Supply Chain and ESG
- GRC 5.0 – Cognitive GRC: Leveraging A.I. to Make GRC Efficient, Effective & Agile
- Addressing ESG Risk in the Enterprise: Focus on the Social
4.5