While many companies have placed environment, social and governance (ESG) risk high on their agenda for decades, others have only just begun to recognise the importance of ESG risk mitigation. Both the urgency and visibility of ESG risk is growing – whether through increasing regulatory and investment pressure, activist sentiment and reputational considerations, or by the additional light the COVID-19 pandemic has shone on health and safety, workforce relations and sustainability.
Corporations have seen ESG risk manifest in shareholder and employee activism as well as landmark court cases that have placed additional responsibilities on businesses to manage their outward impact. Organisations have struggled to catch up by establishing and expanding their ESG teams and investments.
As organisations maintain or deepen their focus on ESG issues, they shouldn’t neglect the link between ESG and security. This link is critical in two senses. Firstly, how an organisation manages ESG topics can raise or lower their security risk profile. If an organisation does not appropriately identify and mitigate the impact of their operations on the environment or on communities and workforces, security risks such as social unrest, criminality and insider threat will likely become more prominent. As a number of recent examples demonstrate, companies can also face significant backlash when they are known or even merely perceived to have harmed the environment, promoted unfair working practices or left community expectations unfulfilled.
Secondly, when it comes to ESG, security is part of the solution. The implementation of measures such as community engagement and employment strategies, worker welfare systems, environmental sustainability initiatives and transparent management of governance risks may complement or substitute for traditional security mitigation measures. A modern security approach goes beyond guards, gates and guns; it engages a diverse group of stakeholders, looks outward as well as inward and integrates and aligns with ESG priorities. Successful ESG risk mitigation can reduce security costs, minimise the likelihood of crisis and provide benefit for the whole organisation.
What needs to be done?
Security teams need to appropriately incorporate ESG issues into their existing risk assessment frameworks and processes. In doing so, they need to account for risks the organisation faces as well as risks the organisation poses to its workforces, communities and the environment. Security teams should consider proven, traditional mitigations as well as measures that solidify their social license to operate. These measures will change over time and should be considered throughout the project lifecycle. For instance, proactive community expectation management early in project development can help ensure success later, and considerations given during project operations will contrast with those during project closure.
To achieve successful incorporation of ESG issues, security teams in most organisations will need to coordinate with other departments, such as HSE, community relations, sustainability, human resources or corporate social responsibility. Organisations should also consider how their partners and supply chain approach these issues and how they might encourage better ESG risk management amongst these third parties.
Security departments also need to think very directly about how their own processes and teams contribute to ESG considerations, drawing from guidelines such as the Voluntary Principles on Security and Human Rights, the International Code of Conduct for Private Security Service Providers or IFC Performance Standard 4. Security personnel need to be vetted, trained and managed so they are prepared to operate ethically with no undue impact on the surrounding community or environment. These personnel should be aware of their role in protecting human rights and have appropriate working conditions themselves. Ideally, front line security personnel will be from the areas in which they operate, contributing to positive community engagement and broader local content initiatives.
ESG risk management – has anything really changed?
Some security and risk managers perceive the current hype around ESG to be overblown. ESG risks are also just that – risks – and organisations have been identifying and mitigating ESG risks all along. How much value can an acronym add?
Quite a lot. Focusing on ESG now is an opportunity for security departments to reflect on how inclusive, holistic and creative their risk assessment and treatment practices have been. Has there been a focus on more obvious and immediate risks, with a lesser focus on an organisation’s relationship with their surroundings over the long term? Have security managers been including input from community relations, sustainability and HSE teams in their risk assessment process? Are there more innovative ways to mitigate identified risks that might sit outside of a security department – through community engagement strategies, for instance? Improving the ESG risk management process can significantly reduce security, operational and reputational risks on a large scale.
By making the link between security and ESG, security departments highlight their value to strategic sustainability initiatives: by improving relationships between organisations and their community, environment and workforce; by ensuring their organisations are compliant with applicable legislation and standards; and by averting costly ESG missteps through the stages of a project lifecycle. When a security team clearly articulates the link between ESG and security, they demonstrate yet another way that they can help their organisation achieve its strategic priorities.