Back to RiskCrisisManagement Rankings

GLOBAL-WIDE: An Introduction to Environmental, Social & Governance Risk (Agencies)

Who cares? Why the right ESG strategy can spell business success

What are a company’s responsibilities to society as a whole? What is our broader purpose? How do our personal values factor into setting priorities?

The answers to the questions above will differ from one company to another. But using corporate purpose as a guiding principle will assist in orienting an organisation to what is important for multiple stakeholder groups – its employees, customers, regulators, the communities in which it operates, and ultimately its shareholders.

In January 2020, Larry Fink, CEO of BlackRock, the world’s largest asset manager, raised the bar on sustainable and inclusive capitalism when he established that a necessary criterion for his company’s potential investments going forward will be how they perform on a series of Environmental, Social, and Governance (ESG) metrics.

In his view, the companies that will deliver outsized returns to their shareholders over the long term will be those that serve the interests of their broader stakeholder groups. The pandemic has accelerated interest in the ESG agenda and raised recognition that ESG adoption is both socially and financially profitable and, in certain cases, critical for a company to surface and sustain a business platform demanded by their consumers and investors.

With this recognition has come pressure to conform and to be seen to address the disruptive forces at play in the world today that fall under the ESG banner – including the impact of climate change, availability of resources, supply chain issues, workplace diversity, and corporate reporting and assurance, among others.

Such disruption can reshape or wipe out entire businesses and companies. The AlixPartners Disruption Index, released in April 2021, revealed that disruption is the primary strategic challenge confronting businesses and society, with environmental and social concerns high on the list of CEOs’ greatest concerns. Indeed, just 43% of C-Suite executives surveyed for the report said they were “very confident” in their company’s ability to withstand disruptive forces.

To meet these challenges, companies must adapt their strategies. ESG considerations should be integrated into the heart of corporate strategy and performance initiatives supporting an organisation’s purpose and growth, creating intrinsic and economic value. By incorporating more considerate environmental behaviours, better health and safety protocols, broader diversity requirements, and governance around corruption and unethical labour practices, companies have the opportunity to increase their market relevance and appeal, and contribute broadly to a more sustainable future for society. Similar imperatives apply for banks, private equity firms, and others in financial services. Integrating ESG considerations into business strategy, capital allocation, and operations can prevent the outcome of stranded assets and augment long-term profitability.

However, with opportunity comes risk, and appropriately understanding how ESG risks can impact organisations provides a platform for value creation.

For example, knowing an organisation’s vulnerability to specific ESG risks such as carbon emissions, labour sanctions, disclosures and board independence also allows a company to track opportunities to mitigate and enhance value by implementing ESG performance initiatives. Such initiatives could include:

• Tracking key performance initiatives to strategic goals and financial outcomes within ESG risk management;

• Documenting strategy in relation to disputes and negotiations to clearly understand the cost-benefit ratio of different options for addressing issues that arise from employees, consumers, suppliers, investors, and other stakeholders; and

• Implementing compliance controls that not only mitigate the risk of bad behaviour often resulting in investigations, but those that proactively prevent and alert to the potential for employee and third-party misconduct, financial leakage, and transparency / disclosure issues.

Below we detail the risks and opportunities associated with developing an ESG strategy, specifically in relation to initiatives in risk management, dispute resolution, investigations and compliance.

Risk Management 

Critical to developing a powerful ESG strategy is understanding an organisation’s risk profile with respect to environmental, social and governance goals. ESG risks should be integrated in the organisation’s overall risk registers and a wider Enterprise Risk Management (ERM) framework.

The first step is understanding which risks are inherent in an organisation’s business profile and operations. Such transparency is critical for a robust assessment of whether appropriate controls are in place to monitor and quickly respond to issues and enhance growth in relation to meeting strategic milestones. Adequately addressing ESG risk will also require the addition of new skills to the risk management profile: Many facets of the environmental and social spheres require a different understanding of technical and physical aspects than the more traditional financial and operational risk drivers.

At a foundational level, risks should be organised into environmental, social and governance categories, as they impact a company’s reputation, operations, legal liability, and financial health. In some cases, existing controls may sufficiently mitigate ESG risks. For example, many companies have developed Know Your Client (KYC) and Know Your Supplier (KYS) risk review programs as part of overall client and supplier onboarding, which directly supports anti-corruption governance and can be leveraged to also address human rights aspects like working conditions.

As for other types of risk, risk owners should clearly define an individual or a team who will be responsible for developing ESG action plans that have specific steps and deadlines for mitigating residual and emerging risks. Such individuals or teams are typically seen as a part of the wider risk organisation and work in concert with other traditional risk reviewers, such as credit, market, regulatory and operational. Accordingly, consolidated risk reporting should be provided to all relevant business stakeholders – including executive sponsors and board members – to establish consistent reporting lines and effective risk governance.

Key considerations for Risk Management in ESG:

1. Robust ESG risk identification: Align efforts to clarify and systematically identify ESG risks across the organisation, including strategic, financial, operational, legal and regulatory, and people. Integrate them into the existing enterprise risk assessment and register structures, taking into consideration cross-cutting likelihood and impacts. Once ESG risks are considered a part of the enterprise risk register, holistic risk assessments are conducted and maintained on an annualised basis.

2. Rubric for developing inherent and residual risk calculations and controls: Develop a consistent approach for assessing and calculating ESG risk scoring that is aligned and comparable to the assessment of other risk types. Build a holistic picture across all risk types to re-balance prioritisation and design an effective monitoring program. Clearly differentiate between inherent risks and residual risks after mitigation measures are taken into consideration. Where necessary, develop new controls to manage ESG risks and prioritise their inherent risk in order to adequately mitigate the potential for issues.

3. Proactive measures designed to catch issues efficiently: Considering the dynamic nature of the field, remain vigilant for emerging ESG risks. For example, continuously scan competitor behaviour and social media discussions, and integrate an ESG risk assessment into new product development and marketing processes. Rigorously review regulatory developments as a minimum threshold for standards frameworks, but also consider “softer” stakeholder requests and be extremely cautious of the perception of greenwashing approaches.

Compliance  

The level of concern about ESG and its risks depends on various factors specific to each business, such as the industry, nature of products/services, and the geographical locations where it operates. Whether the risk is viewed as low or high along this spectrum, management teams may find it necessary to review an organisation’s compliance program to ensure it adequately addresses and prevents ESG risks.

This may be unwelcome news to compliance teams, who are already accounting for fraud, money-laundering, corruption, and anti-competitive practices. In an environment where compliance budgets were declining even before the pandemic, expanding the scope of audits will cause concern. It helps to recognise that many of the legacy compliance areas are already included in Governance and – considering the recent boost of ESG concerns in public and business debates – broader ESG compliance has the potential to improve the overall position of the compliance function. Just as the pandemic upended the notion that complex businesses could not effectively rely on remote video technology to efficiently run their operations, a push on ESG compliance could trigger a refresh of the perspective on process and technology for compliance purposes.

Evidently, ESG compliance is particularly challenged by the complexity of unstructured and diverse sources of information that need to be considered for due assessments. The last decade has seen a significant evolution in the way that information can be obtained and handled, and these tools and processes are ripe for deployment on compliance functions. The first such evolution is taking a greater number of data sources into account for monitoring. It is now relatively straightforward to consolidate content from internal databases, websites, online content, and internal communications into a single analysis database. This is because the tools necessary to normalise the data (convert documents to searchable format, translate languages, transcribe multimedia content, etc.) are now more readily available and less costly. This process requires more effort, but the additional data means better accuracy and a single monitoring process that clearly shows how data enhances, complements, or contradicts other data. Sample data sources include:

a. Marketing materials (websites, articles, speeches, online ads): Summarising how the business is represented around the globe and highlight outliers.
b. Internal communications: (email, internal memoranda): Describing internal areas of focus or concern as they appear “on the ground”.
a. Internal relationships: Identifying customers, suppliers, investors, regional contacts and other relationships that are relevant in the context of ESG.
b. Social media discussions (e.g., Facebook, Twitter): Describing public perception about the business on relevant topics and highlighting any areas of support or concern.
c. International news sources: Summarising the range of public information known about a potential impact on the company’s ESG focus.

This monitoring process would offer critical assistance, for example, to an organisation responding to a dawn raid at a processing plant operated by a foreign subsidiary suspected to have unlawfully disposed of hazardous chemicals. It might need to quickly understand relevant internal communications, the company’s outsourcing arrangements for the disposal of hazardous materials, the company’s official position about environmental protection as expressed by local executives, and the nascent response from the public in social media. A better application of this platform, however, would be to have identified that one of the firms onboarded to handle waste disposal was recently found to have a record of illegal dumping.

The second evolution is the ability to harness machine learning. This enables the development of predictive models and is no longer complex to run or costly. The implementation is more demanding, however, but it should nonetheless constitute an essential part of compliance processes. Machine learning is also particularly useful on large data sets: Unlike traditional models, adding data does not require more human resources. It would therefore help take advantage of the additional valuable data sources, as discussed above.

To illustrate the benefit, you might not need a GPS when driving along a road you know well, but should it be closed due to an emergency, GPS can tell you which of the alternative paths are available, and which have the least traffic. Similarly, machine learning could help stitch together the various details of the issue being examined, whether or not they contain the same references, words, or languages.

The opportunity to take advantage of such evolved capabilities does not relate specifically to ESG. The better way to think of it is that ESG is cementing the importance of the overall compliance imperative, and that this function should therefore adapt and modernise to take on a challenge that will continue to grow in importance.

Investigations 

With increased global ESG transparency and accountability requirements from regulators, misconduct and cultural issues resulting from poor governance are more visible. Companies will need to demonstrate they are appropriately investigating concerns around ESG and remediating identified issues to protect against significant reputational and financial damage.

ESG issues span not only the workplace environment and employee misconduct, but across consumer and community impact. Accordingly, an organisation’s ESG initiatives and performance must be considered in strategic and operational decision-making, including at Board level. Given the breadth of involvement by an organisation's stakeholders into ESG, protocols around related investigations should include a specific review of independence of reviewers / investigators and a preliminary understanding of how investigation reporting will be rolled out to relevant internal and external stakeholders.

Increasing country-specific regulation will ignite many internal investigations and could lead to regulatory reviews. The US SEC has indicated that ESG disclosure regulation will be a central focus for them, and UK regulators are likely close behind. There will be increased pressure on companies to demonstrate that any resultant internal investigations are robust, independent and of a standard acceptable to regulators.

Key considerations for Investigations in ESG:

1. Do not solely focus on reputational risk avoidance: Companies can demonstrate the value of their ESG objectives by finding ways to use these principles to build sustainable growth, and therefore resilience, in the long term.

2. If your compliance controls fail, consider an internal investigation to right the ship: Be proactive and use an independent and objective body to examine processes and procedures. Include remediation measures as part of the investigation follow-up.

3. Ensure that ESG reporting and risk monitoring is aligned with legal and compliance areas, so that swift action can be taken on investigations and remedial actions: ESG initiatives that are implemented into operational areas such as supply chain must have a monitoring approach to address the limited transparency and mitigate the risk from third parties. For example, suppliers that are part of a diversity initiative.

Dispute Resolution 

Large-scale ESG disputes go to the heart of a business’ relationships with its stakeholders and can have a major impact on its reputation. To date, this has been most apparent in the context of environmental disputes, but increasingly we are seeing social issues coming to the fore. The way in which companies choose to resolve disputes is a vital part of the risk management process.

However, disputes don’t need to be about ESG issues to have an ESG risk impact. Disputes are an integral part of every business and will have always occurred across a range of issues, only some of which will be identified as specific ESG risks within the ESG risk management process.

The disruptive influence of the pandemic, coupled with increasing awareness of the benefits of aligning strategy and operations with ESG goals, means that few major disputes will avoid being viewed through an ‘ESG lens’ by a range of different stakeholders. Consequently, businesses that hold themselves out as strong ESG performers, yet then cast their stated ESG principles to the wind when a crisis hits, risk destroying trust in the whole organisation. This loss of reputation can severely impact an organisation’s brand, which inevitably will have cost a great deal to build over many years. This is why dispute resolution processes are an essential element of ESG risk management.

There is much written about ESG-related disputes stemming from increased regulation, reporting requirements and shareholder activism, but it is vital that organisations understand how dispute resolution – regardless of the subject matter – can impact ESG goals and reputation.

Businesses faced with a major dispute need to manage the related risk in the context of the organisation’s purpose, values, beliefs, and strategic direction. No dispute should be handled in a vacuum. No matter how unreasonable the substance of the dispute – or the other party’s stance – may appear, it is critical to consider:

• What are the business’ core values and beliefs? Will this dispute expose weaknesses in the ESG strategy set forth?

• What is the stakeholder environment? Who will care about this and what do they think now?

• What else is happening in this industry? What is the business’ reputation in this context?

• What are the dispute resolution options and the pros and cons of each?

• What could be the real costs – both monetary and reputational? Consider the transparency of the dispute resolution process, the case being presented, and its strengths and weaknesses.

• Will the proposed approach damage business relationships, customer loyalty, or investor interest?

• How much negotiation power is there? Understanding the value of any chosen course of resolution, as well as the associated risks, can help inform whether or not to take a more conciliatory approach.

The British Institute of International and Comparative Law (BIICL) has developed a set of practical guidelines designed to encourage a more conciliatory approach to the resolution of contractual disputes, regardless of their subject. Their aim is to avoid or minimise protracted legal disputes without altering the parties’ legal rights. The guidelines set out how corporations who are conscious of ESG requirements can manage disputes responsibly while protecting their reputations.

It is hoped that these guidelines will be adopted universally as companies around the world struggle to recover from the impact of the pandemic and disputes continue to develop relative to ESG disclosures, misstatements and omissions, ESG performance and ethical considerations, and ESG regulations. Importantly, companies with good ESG performance need to be aware that they can quickly reverse their ESG ratings if they fail to behave in accordance with their stated values when resolving disputes, regardless of what those disputes relate to.

Conclusion 

AlixPartners Disruption Index highlights the increasing magnitude and frequency of disruptive forces, affecting organisations globally from five perspectives – economic, environmental, technological, societal and regulatory. Each one of these areas directly correlates to – and multiplies and magnifies – the challenges that businesses today must overcome from an ESG standpoint and the capabilities they need to build.

In such an acutely scrutinous and digitally enabled environment, the need for corporate introspection and subsequent transformation at pace in relation to ESG has never been greater. The rewards – stewardship, intrinsic and external value – are significant for businesses that truly bring their purpose and values to the fore, not just for the organisations themselves but also the many other stakeholder groups that they serve.