Published

Risk and Compliance Management Includes Oversight of ESG

In the last year, there has been much discussion about upcoming regulation of Environmental, Social and Governance (ESG) public reporting because of the financial impact of socially responsible investing on the capital markets. There has also been considerable discussion in the compliance community about whether compliance should “own” ESG oversight.

Some are very much for it and see the synergies. Others believe that adding this responsibility will strain the already limited resources available to compliance functions adding risk to their organizations if the compliance function is further diluted. And to be frank, adding the need to become knowledgeable of a totally new and complex topic like environmental management is daunting.

All that said, oversight of ESG belongs with risk and compliance because overseeing ESG involves both risk management and compliance expertise and we will continue to see these responsibilities converge.

Risk and Compliance’s Role in Managing ESG

Risk and compliance leaders are already heavily involved with the social and governance management of ESG. Providing mechanisms for reporting wrongdoing, tracking data on human and social capital, identifying and managing third party risk, and handling the legal and regulatory aspects are all commonly the responsibility of risk and compliance professionals.

In addition, a recent OnePoll survey of corporate compliance leaders across the U.S., U.K., France, and Germany shows 89% of respondents already include ESG reporting as part of their compliance program. And of the 11% of organizations that do not include ESG as part of their compliance programs, 71% strongly or somewhat agree that compliance should be involved with ESG management.

Chief Compliance Officers (CCOs) are a natural fit to be leaders of ESG programs because of their demonstrated ability to engage with multiple stakeholders and leverage cross-functional teams to ensure compliance with various regulations, and to report on the most pressing risks the business faces. For example, CCOs already engage with multiple departments on issues of discrimination, anti-bribery or creating an organizational culture that supports compliance with policies and regulations. Likewise, the scale and complexity of ESG drives the need for multiple stakeholders from across the organization to be involved and for this oversight to be managed.

A converging ESG and risk and compliance program does not assume CCOs become subject matter experts or tactical operators in bringing the three pillars of ESG together, but rather that CCOs leverage their existing line-of-sight across key business issues and tap into the experts who have the required information.

Increased Investor Attention and Disclosure Regulation Driving Need for Oversight Expertise

Consumer and investor attention to ESG matters in organizations, as well as in their supply chains, are at an all-time high. Upcoming regulation from the SEC around ESG disclosures will formalize the need for companies to define, track and report on their ESG progress with regulatory consequences for misleading or falsified information. Avoiding these risks and managing these requirements necessitates high-level and consistent oversight.

The historical lack of a standardized disclosure framework has led to organizations responding to requests for ESG information on an individual basis. Now, the formation of the International Sustainability Standards Board (ISSB) – announced at the 2021 COP26 summit – has a mandate to create ESG disclosure rules for companies in response to growing demand by stakeholders for greater standardization of ESG data. It’s expected the new ISSB will issue its first set of standards in the second half of 2022.

The main objective of creating standardized ESG disclosure is so investors and other stakeholders have decision-useful, comparable metrics to measure performance. As jurisdictions determine the level of regulated disclosure informed by the ISSB, risk and compliance teams are well advised to organize their processes and prepare now to meet the requirements.

Mitigating Risk and Creating Value Go Hand-in-Hand

In practice, there is no single approach that will work to manage ESG because, just like with compliance issues, the ESG risk profiles of organizations vary widely. Risk and compliance functions are well versed in conducting risk assessments which identify and help mitigate issues that could have a negative impact on the business. Similarly, in the world of ESG, materiality assessments are meant to identify direct and indirect economic, environmental, and social impacts by the business. While the language may differ, risk and materiality assessments are effectively the same process that CCOs know well.

ESG risks are now recognized as financially material to the business. Common examples of material ESG topics include monetary losses from legal proceedings associated with employment discrimination and labor law violations – both of which are compliance and ESG issues. Negative environmental impacts and supply chain sustainability can pose significant risks to the business, as well as the direct effect on the environment by those involved throughout the supply chain.

The role of the risk and compliance function in reducing risk for the business is also one that creates value for the organization. Risk and compliance leaders who oversee ESG programs make material impacts to the business and bring consistency to the approach and processes, thus reducing risk and ensuring unified management of critical risk mitigation functions.

Turning Plans into Action

Driving meaningful change in ESG programs also necessitates a cultural adoption across the organization. While there is no one “owner” of culture within the business, compliance is often the driving force that ensures the company code of conduct is upheld, and that regular employee training takes place – all of which are fundamental to the organization’s culture. And, of all factors impacting company culture and employee engagement, performance against ESG factors may be the most important especially as the organization’s own employees demand it.

Examples of how compliance can advance ESG efforts include improving adherence to ESG protocols by performing due diligence, determining corrective actions, and tracking progress on sustainability and environmental impact. Another example is a partnership with Human Resources to improve company-wide diversity, equity and inclusion efforts. Analysis of the baseline, development of a strategy to make improvements, and tracking and reporting progress are top priorities for most businesses and should be present in a unified ESG strategy.

Clear and meaningful examples of how ESG impacts the culture of the business help to reinforce the importance of prioritizing ESG as a long-term initiative and investment in the future of the company. Not only are dedicated leadership and transparency necessary for ESG programs to make an impact, but they will also become table-stakes with upcoming disclosure regulations.

2022 Prediction

Organizations will continue to see increased public attention to ESG matters and will need to act quickly to get ahead of the disclosure regulation curve. Compliance’s role in ESG management will and should continue to grow as organizations prioritize the creation and growth of ESG initiatives.

Visionary CCOs will see ESG responsibility as an opportunity for more resources, more organizational influence and impact, and a chance to further shape an ethical business culture. CCOs can be the leader, communicator, and coordinator. However, this cannot be just an “add-on" responsibility. This ownership must come with the appropriate resources, access to subject matter experts and overall authority to be successful. On the positive side, the right tools and technology exist to centralize and simplify the consolidation of subject matter expertise, benchmarking of goals, and compliance requirements.

CCOs who recognize the significant overlap that already exists between ESG, risk and compliance will be well situated to take their organizations – and their careers – to the next level as ESG and risk and compliance continue to converge.

Download the Full 2022 Top 10 Trends in Risk and Compliance


Chat with a solutions expert to learn how you can take your compliance program to the next level of maturity.


Scopes 1, 2 and 3 Defined

Building a Better Response for Ransomware

Businesses need to do better at reducing the threat of cyberattacks - which means compliance and risk officers need to understand what ransomware truly is. Here are practical steps your organization can take to identify and neutralize cyber threats.

Previous/Next Article Chevron Icon of a previous/next arrow. Previous Post

The New Normal Workplace (pt. 1) – R&C Management

Each year, NAVEX publishes the Top 10 Trends in Risk and Compliance. This publication features trends and predictions for the year to come and features contributions from experts in the industry. In this article, Matt Kelly outlines how risk and compliance management is evolving in the “new normal” workplace.

Next Post Previous/Next Article Chevron Icon of a previous/next arrow.

Subscribe Now!
Exploring the Future of ESG
Download the Webinar