Getting ESG due diligence right

Why relying on ESG ratings may be the quickest way to undermine your own reputation for ESG compliance

ESG is at the top of the agenda for companies considering new business opportunities, prompted by a need to protect their reputation in front of increasingly demanding stakeholders and an uptick in regulatory-compliance requirements. Responding to these demands is not easy despite the emergence of new tools that assist in compliance. At Control Risks, we believe that ESG compliance for compliance’s sake is the swiftest way to break your ESG strategy and damage your reputation among stakeholders. There are simply no ESG quick fixes. Here’s why.

An alphabet swamp of frameworks and ratings


The ad hoc way the regulatory landscape has developed has created a complex set of requirements, accompanied by a multitude of voluntary frameworks, targets and standards. Intended to provide guidance, they can generate confusion over which framework is relevant for what kinds of businesses.

Adding to the confusion are the rating agencies that offer ESG screening programmes. Although they are often data-based to give clarity to decision makers, public criticism is increasing because of their failure to identify egregious (and often obvious) ESG missteps, for example, giving high rankings to firms subsequently accused of modern slavery. Traditionally, reputational due diligence, based on discreet enquiries with multiple on-the-ground sources, can be slow and costly – but it works, giving insights into internal dynamics and behind-the-scenes shenanigans. Publicly available data and self-disclosures by an investment target only tell part of the story. Companies buying quick-fix ESG screening solutions are making themselves vulnerable by making decisions based on insufficient or inaccurate information.

Our clients are asking what they need to do to obtain a “good rating” from ESG rating agencies and which is the most friendly for them to target. The current system is highly exposed to abuse, and we predict a shift in the acceptance that a data-driven ESG rating assessment is fit for purpose.

Get your own house in order first


The abundance of information and guidance about ESG is a major risk for companies starting new business relationships – relying on the wrong guidance or making decisions with incomplete information. Increasingly in the headlines are stories of companies with theoretically robust ESG compliance programmes being fined for making misleading statements or for not complying with their business ethics or investment decisions.

For companies that screen potential investment targets or suppliers, the first action begins at home: What is your company’s attitude towards sustainability? What are the “red lines”? At what point does an opportunity become a risk? We are often asked by the Client to “do some ESG searches”, with little or no indication as to what is considered ethical or appropriate, given their sector or internal positioning. For example, an oil and gas major will have different priorities from a healthcare provider.

Finding this article useful?

Good ESG due diligence is reputational due diligence in a new coat

There are three ways to gain insights into your new business partner or investment target:

  • Self-disclosed information from the target, either in the form of a completed standard questionnaire or on-site interviews
  • ESG rating information
  • Discreet and targeted reputational due diligence

  • Your ability to demand disclosures and ESG compliance details from a potential investment target or supplier will vary depending on your influence in the relationship. However, in both cases, there is unfortunately a strong motivation for the counterparty to present half-truths to secure the investment or business. While it is difficult for a company to conceal, for example, a weak management culture or recorded environmental enforcement actions, the most reputationally damaging actions will only come to light when it is too late.

    For low-value or non-strategic relationships, ESG ratings, taken together with a healthy interrogation of a company’s representatives, may be sufficient to make decisions on whether the supplier conforms to your sustainability standards. If the ratings are largely based on the company’s self-disclosures, please re-read the previous paragraph.

    For any relationship that could make or break your reputation, walking the extra mile to gain a 360-degree perspective on their operations – as firms routinely do in their due diligence to address anti-bribery and corruption (ABC) concerns – is the only way to gain assurance about a partner’s integrity.

    Taking a risk-based approach will help you determine whether your potential partner is deserving of this additional scrutiny. For example:

  • Where are they based? The publicly available data in developing markets is typically insufficient to inform major decisions – and ratings for companies in high-risk jurisdictions are unlikely to based on a broad range of reliable data.
  • What do they do? If the company’s activities raised concerns from an ABC perspective, it should also do so from an ESG viewpoint.
  • What is the significance of this relationship for you? How important is this relationship in your supply chain or to your portfolio? How crucial is it for this piece of your stakeholder jigsaw to be an exact fit? 

  • The interconnected nature of poor internal governance controls and weak organisational culture, along with the readiness to turn a blind eye to unwelcomed practices such as corner-cutting or kickbacks, will undermine the sustainability and integrity of the company. Understanding whether such practices exist through an in-depth reputational due-diligence approach tailored to reflect the specific jurisdictional and sector risks and regulatory pressures will give the full story of the counterparty.

    Don’t stop there

    Once you are satisfied with the reputation and ESG compliance of your partner and decide to proceed with the relationship, don’t become complacent. Routinely monitoring the partner and making changes to its operating environment can make a big difference. For example, the routine environmental shutdowns of suppliers in China (or other COVID-related delays) poses a major global challenge. Understanding – and being able to regularly verify – these suppliers’ environmental compliance will help you to quickly respond to disruptions linked to closures in a specific area and to predict how these closures could affect your business.

    As a result, companies need a coherent and efficient framework to assess their suppliers’ exposure. Finding issues does not mean you have to walk away; monitoring, training or other contractual stipulations may help resolve the issue as well.

    In conclusion, by failing to consider the mission of the company, complying with regulations alone, or relying solely on ratings data, companies are leaving themselves heavily exposed to regulatory risk. Attaining a coherent position on the potential ESG risk exposure of a partnership could require a significant investment in time, people and systems. However, the impact on your business in ensuring sustainable and reliable relationships with global counterparties is often worth the cost.