Integrating ESG into risk management

April 2024  |  FEATURE | RISK MANAGEMENT

Financier Worldwide Magazine

April 2024 Issue

Environmental, social and governance (ESG) considerations are changing the business world as stakeholders increasingly expect companies to make their operations more sustainable. Today, having a clear ESG strategy is unlikely to be optional for most businesses.

For a start, boards need to keep their companies up-to-date with mandatory ESG-related disclosure requirements. Regulatory authorities such as the US Securities and Exchange Commission, the European Commission, and Canadian Securities Administrators, including the Ontario Securities Commission, are frequently publishing updates and notices of changes to their disclosure regimes.

“Multiple countries have either passed or are considering legislation that would require greater supply chain transparency concerning efforts to fight modern slavery or would necessitate human rights and environmental due diligence, including France, Germany, Norway, the Netherlands, Australia, Canada and the UK,” says Beth Sasfai, a partner at Cooley LLP. “To comply with these laws, companies should begin mapping their supply chains to identify the potential for ESG risks, including forced labour, and putting robust due diligence processes in place.”

Ultimately, ESG strategies have become vital to modern risk management, notes Anita Punwani, ESG group chair at the Institute of Risk Management. “ESG should be viewed in the wider context of global governance of environmental and social matters as, in the modern organisation, ESG strategies are increasingly being linked to the achievement of sustainable development goals.

“Organisations can effectively incorporate environmental and social considerations into their own risk management frameworks by ensuring the leadership make a formal commitment to sustainable development, develop strategies for its achievement and then ensure the frameworks are aligned to its delivery in addressing risks related to social as well as environmental matters,” she adds.

Stakeholder expectations

As Heather Gagen, head of dispute resolution at Travers Smith, points out, not only is there a non-negotiable regulatory imperative, ESG issues are also being understood as broad, with an increased emphasis on the ‘social’ impacts and the correct governance response. “Whereas a few years ago ESG risk was assumed in some quarters to affect only certain high-risk sectors, such as extractives and the energy industry, ESG regulatory and litigation developments over recent years show that all sectors can be touched by ESG risk,” she notes. “Notably, the emphasis on human rights in ESG discourse, including regarding climate and access to natural resources, as well as on issues such as gender-based discrimination and violence, underlines the fact that no business can be immune from ESG risk.”

Indeed, failing to account for critical ESG elements in today’s business world can negatively impact a company and undermine its success. “The significant drivers of ESG include financial implications, regulatory compliance, reputational risk and demand from third parties, such as investors and debtors,” says Myron Mallia-Dare, a partner at Miller Thomson LLP. “Financial implications are shaped by significant transformation, as consumer consciousness, spending habits, employee demands, regulatory environments and industry perspectives have all shifted toward ESG considerations.

“The growing impact of climate change on the operations and value of companies has prompted a significant shift in investment, as ESG trends continue to gain traction,” he continues. “Natural disasters, which caused an estimated $280bn in losses in 2021 alone, have made the risks associated with ESG all the more tangible and quantifiable, affecting M&A activities. In addition, businesses must also consider the impact of ESG on financing, as poor ESG ratings and performance can restrict access to capital. Lenders and institutional investors have made it clear that prioritising ESG is now a must for businesses, or they risk losing access to funding.”

The range and scope of ESG regulation already in force and on the horizon can be dizzying.

On the flip side, companies that actively incorporate ESG into their operations can unlock competitive advantages – creating value, mitigating risk and becoming more resilient.

ESG strategy – getting it right

It is imperative that organisations integrate ESG factors into their DNA, including decision making and risk management. In an ESG-focused age, companies need to dedicate sufficient time and resources to putting ESG at the heart of their operations.

For Sarah-Jane Denton, director of operational risk & environment at Travers Smith, managing ESG risk is, in many ways, not too different from managing any other key business risk. “Incorporating ESG issues into the overall risk management framework – where in place and effective – should facilitate proper prioritisation of ESG risk in the context of the broader risk landscape,” she observes. “What does make ESG risk more challenging is the fact that companies are increasingly being compelled to disclose their ESG strategy and performance publicly, meaning that minimising ESG risk may well be prioritised over other risks.”

In light of ESG’s growing profile, companies must appropriately integrate considerations into their risk management processes. But there is no ‘one size fits all’ solution. Identifying, managing and reporting on ESG risks requires a top-down strategy that evaluates the full scope of a company’s operations, activities and impacts.

“Key strategies focus on compliance and governance,” explains Ms Sasfai. “Companies should perform a complete inventory of existing ESG regulatory obligations relevant to them, followed by ongoing ESG horizon-scanning to proactively monitor future regulatory changes to ESG reporting requirements and to human rights and environmental due diligence obligations. They should create a cross-functional ‘ESG task force’ charged with operationalising ESG risk considerations across the business and with ongoing reporting requirements. ESG task forces often lean on legal counsel and other advisers to assist them with horizon-scanning, identifying gaps against emerging regulatory obligations, recommending changes to company policies and processes, and implementing regulatory-specific training throughout the business.

“Organisations also need to build out their ESG reporting knowledge and capabilities as well as ESG data management processes to ensure they are using reliable data for risk monitoring and reporting compliance,” she adds.

Governance is often the key to meeting ESG obligations. Those companies that get the ‘G’ right are much less likely to struggle to manage the ‘E’ and the ‘S’. “Strategically driven, well documented, fully implemented and top-down-driven governance structures are an absolutely critical risk management tool, and ESG is no exception,” says Ms Denton. “Unexpected incidents can and inevitably will occur, but a company with such a framework in place is well positioned to get early warning of such incidents, which it can manage appropriately. Such systems are also likely to stand companies in good stead should they ever be scrutinised by regulators or other stakeholders.”

Going forward, boards must establish and implement a framework for managing ESG concerns to avoid potential issues that may negatively impact the company or its stakeholders. For example, failure to adequately address an ESG issue may result in poor market performance, a decline in company share price, or regulatory or legal action.

To effectively address ESG, a board must have mechanisms in place to ensure that it understands how ESG issues may impact the company. “This does not mean that directors and boards must be involved in day-to-day risk management, but rather that directors must fulfil their role in risk oversight,” explains Mr Mallia-Dare. “Proper risk oversight of a company requires directors to be accustomed to the company’s ESG risk management policies and procedures.

“If directors do not disclose material ESG risk and maintain proper oversight, they may face discontent among shareholders, potential litigation, damage to their reputation, or regulatory investigation,” she adds.

Implementation hurdles

Companies are, however, likely to face a number of challenges when implementing an ESG strategy.

According to Ms Sasfai, the biggest challenge for most companies is determining who will take responsibility for the ESG agenda. “Boards of directors and senior management need to create an ESG governance function with clear line of sight across many business departments,” she suggests. “Usually this involves designating an ESG lead and forming a cross-functional ESG task force. Integrating ESG into strategic planning, enterprise risk management processes, budgeting and forecasting involves unprecedented levels of collaboration and interaction across departments and functions.

“Accountability for setting and meeting public ESG goals requires visibility across multiple business units to make sure that goals are understood, resources are being deployed and progress is being measured,” she continues. “Ongoing and expanding ESG reporting obligations require information flow from numerous departments, data systems and actors in the value chain, as well as support from legal, internal audit and finance personnel, who in short order find that they need to develop an in-depth understanding of regulations, substance and disclosure risks to help guide their company’s reporting.”

The range and scope of ESG regulation already in force and on the horizon can be dizzying. It can be problematic for a business to understand what is legally required of it, and to then determine how those obligations affect strategic risks and opportunities.

“Organisations will want to show different levels of leadership on ESG issues,” says Ms Gagen. “For some, they will need and wish to comply with mandatory regulatory requirements, whereas others will want to go further because they see business and competitive advantage in being ESG leaders. Balancing the business’s own ESG ambition with the views of diverse stakeholders is an additional complicating factor, particularly considering that ESG remains a polarising issue in some groups.

“Implementing a cohesive ESG strategy against this backdrop can take a great deal of internal bandwidth and will require organisations to upskill and invest in the relevant expertise,” she continues. “Once a strategy has been developed, its successful implementation depends on integrating it fully with other decision making and operational functions, at speed. This is no small task.”

Since many ESG risks may materialise over a longer time frame than financial risks, translating them into quantifiable risks can also be difficult. But regulators are beginning to provide tools for this exercise, according to Ms Denton. “In particular, the European Commission’s standards under the Corporate Sustainability Reporting Directive explain how the ‘materiality’ of a particular sustainability risk should be decided,” she says. “This remains a somewhat subjective determination, but assessing factors such as the likelihood of occurrence, scale and severity of likely impacts within specific areas will be useful.

“Who within the business leads this process is likely to vary between companies, but we see legal and compliance, ESG, finance, HR and procurement as all having a key role,” she continues. “Given the cross-cutting nature of ESG, there is definite benefit in ensuring that representatives from across the business have a seat at the table when discussing the management of ESG risk.”

According to Ms Punwani, the need for greater accountability and transparency to a wider group of actors, both internal and external to the organisation, presents a challenge in terms of the expectations such stakeholders may have in relation to governance. “These risks are ones which the leadership of organisations need to identify, assess, manage and monitor.

“Whether a particular organisation will embrace the opportunity to actually integrate ESG thinking into their risk management thinking will depend upon the nature of the organisation – notably whether it is a purpose-driven or a profit-driven organisation – together with the leadership’s true commitment to greater sustainable development,” she adds.

As ESG risks become more prevalent, related concerns have greater influence on a company’s strategy and success. Addressing these risks through expanded risk management frameworks allows companies to overcome many of their biggest ESG challenges.

© Financier Worldwide

BY

Richard Summerfield

©2001-2024 Financier Worldwide Ltd. All rights reserved. Any statements expressed on this website are understood to be general opinions and should not be relied upon as legal, financial or any other form of professional advice. Opinions expressed do not necessarily represent the views of the authors’ current or previous employers, or clients. The publisher, authors and authors' firms are not responsible for any loss third parties may suffer in connection with information or materials presented on this website, or use of any such information or materials by any third parties.