What are the ESG trends that should be on a compliance team’s radar?
ESG Integration and ownership: Compliance teams are becoming more involved in creating and managing Environmental, Social, and Governance (ESG) programmes and determining reporting standards. They are also responsible for identifying and managing overlapping risks and reducing blind spots that may arise from varying reporting standards. New sustainability regulation requires senior-level commitment and C-suite accountability, which legal and compliance teams are helping to navigate. However, since ESG and sustainability are relatively new and evolving concepts, compliance teams are also involved in educating senior leaders on compliance requirements, subject matter, and how to measure performance through existing control frameworks.
Anti-greenwashing: At the same time there has been some backlash against ESG. Efforts to eliminate greenwashing in reporting are gaining pace as investors, civil society, and regulators increase pressure on businesses to accurately report their sustainability performance. Changing consumer attitudes towards sustainable products and services have driven claims of greenwashing, making it necessary for brands to market their sustainability credentials accurately with data to back up claims, as has been seen through recent scrutiny by advertising standards bodies and regulatory authorities. To address the concerns around greenwashing – and the requirement for ESG data more broadly – compliance teams will play an increasingly central role in ensuring accurate and accountable data in sustainability reporting.
Incoming due-diligence laws: The biggest trend in sustainability disclosures is the shift from voluntary to mandatory ESG reporting, with the scale of that reporting increasing. The EU’s Corporate Sustainability Reporting Directive (CSRD), which replaces the existing Non-Financial Reporting Directive (NFRD), will require companies with significant operations in EU jurisdictions to report on sustainability beyond current requirements. The CSRD came into effect in 2023, but the reporting standards are yet to be finalised, so large companies will need to start preparing information in 2024 to report in 2025.
The CSRD, and many of the national supply chain Acts, such as Germany’s LkSG, encourages companies to think about ‘double materiality,’ which means understanding the impacts not just on the business itself, but also impact directly caused or contributed to by the company's operations, products, or services in the company's upstream and downstream value chain. This will require compliance teams to not only understand the reporting requirements of individual legislations, but also to ensure data collection is appropriate to support this.
Audit-ready information: Data availability and quality remain the biggest challenges for businesses when it comes to ESG data disclosure, driven in part by increasing demand from investors and stakeholders. The accuracy and 'audit-ready' quality of ESG data are crucial but difficult to ensure due to manual and inconsistent evidence collection and multiple requests for the same data. Technology can help simplify evidence collection and reporting by using ESG data aggregation tools and maintaining records on data provenance. However, many companies are struggling with data quality and access issues, citing access, accuracy, and completeness as the main challenges faced.
ESG risk management: ESG risks are increasingly becoming a top priority for organisations worldwide, with boards of directors aligning their risk strategies with ESG concerns. However, many businesses have not yet integrated material ESG issues into their Enterprise Risk Management (ERM) framework. The challenge lies in capturing the impact of ESG risks on stakeholders within the current methodology of an ERM framework. Emerging laws that require companies to understand the impact of risk in different ways, considering not just the impact on the business but also on rightsholders and ecosystems, are adding to the complexity of integrating ESG risks into ERM. Despite this, there is an opportunity for risk and compliance professionals to include ESG as part of their risk management programme and advise on ESG risks and opportunities. Challenges such as resource constraints and a lack of enterprise-wide views on risk and mitigation plans for ESG-related risks remain to be addressed by many companies.
Where do compliance teams start?
You don’t have to fix everything, everywhere, all at once.
In response to Human Rights Due Diligence (HRDD) laws, senior leaders are often concerned that every human rights risk needs to be mapped and fixed overnight. The HRDD laws recognise that eliminating all such risks and impact in the value chain is not possible. However, being able to demonstrate that appropriate steps have been taken to identify and remediate salient human rights impacts and a commitment to ongoing improvement is crucial. Companies are therefore preparing for HRDD compliance by taking a risk-based approach to mapping their supply chain, using lessons learned from existing compliance and due diligence approaches, and getting closer to their suppliers.
It takes more than a policy…
Compliance teams will be critical in establishing or adapting audit programs for supply chain compliance. Traditional tools such as policies, codes of conduct, and supplier audits are important for a company's risk management. However, in the upstream supply chain, these tools face challenges as a risk control measure, as they are often ineffective or unenforceable beyond the initial onboarding of a third party. This is due to a lack of knowledge or understanding of the policy by suppliers, the impracticality of implementing supplier codes and policies, and the absence of a direct relationship with the company. Effective supply chain compliance therefore requires a new approach that addresses these challenges and focuses on collaboration, engagement, and transparency with suppliers, and risk-based due diligence that dives below the surface of self-assessment questionnaires.
Requests for data and report formats may vary but the data is the same.
As in other areas of compliance, compliance teams face the challenge of complying with non-aligned and contradictory regulations in the ESG space, including voluntary and mandatory reporting requirements and multiple requests for information from customers and partners. However, moves towards standardisation and evolving sustainability reporting standards like SASB and GRI help address this issue. Compliance teams should focus on the provenance of data and its application to meet various regulations, using a similar approach to other risk types. Most of the new supply chain regulations are based on the OECD Guidelines for Multinational Enterprises and the UN Guiding Principles on business and human rights and are broadly aligned. This provides opportunities for consistency in the data collected, even if a company’s stakeholders request information in different ways. Nonetheless, comparable ESG data across asset classes remains limited, posing a challenge for investors and asset managers.
Framing ESG in the language of risk helps to create buy-in
The role of ESG has evolved from corporate social responsibility for many companies, and the lack of universal definition or integration of the chief sustainability officer role has posed a challenge. However, mandatory reporting requirements are driving integration of ESG into risk management and traditional due diligence. Companies should view sustainability as the flip side of the same coin as resilience and make sustainability and ESG part of the risk management conversation. This helps to address sustainability challenges in a risk language that different stakeholders understand, such as emphasising the financial impact of non-compliance with due diligence laws, litigation for climate-related impacts, and opportunity cost of new customers or market segments.
Tech is part of the solution, not ‘the’ solution
Companies are increasingly investing in ESG reporting technology and tools in response to increasing regulatory requirements for standardised reporting formats. However, the sheer number of available platforms can be overwhelming, and companies need to carefully evaluate which ones are suitable for their needs, particularly where there is a high reliance on self-reporting. Self-reporting has the potential for biased responses, but by adapting third-party risk management systems can help guide deeper due diligence.
Key takeaways for compliance teams
- Compliance teams play a critical role in creating and managing ESG programmes, identifying overlapping risks, and reducing blind spots caused by varying reporting standards. They also educate senior leaders on compliance requirements and help integrate ESG into risk management frameworks.
- The trend towards mandatory ESG reporting and the shift towards double materiality requires compliance teams to understand reporting requirements, ensure data collection is appropriate, and provide assurance to senior leaders that due diligence is conducted to identify and address potential risks.
- Compliance teams also face challenges in complying with non-aligned and contradictory regulations in the ESG space; moves towards standardisation and evolving sustainability reporting standards help address this issue. Companies should view sustainability as part of the risk management conversation, and compliance teams can help ensure the accuracy and audit-ready quality of ESG data.