Despite compliance leaders recognizing that ESG compliance integration is increasingly critical to their organization’s business strategy, action and investment do not currently mirror their intentions, particularly with respect to third-party risk. Our data has shown that this is mainly due to the complexity of internal competing priorities as well as gaps in specialist ESG knowledge, compounded by the difficulty of working across different markets.

Organizations must wake up to the reality of third-party risk and act now – or face jeopardizing their business growth and exposing themselves to financial and reputational damage, as well as litigation risk in a growing number of jurisdictions. Successful ESG strategies look at a business’s whole ecosystem, including the third parties they do business with across the world, as they pose a potentially great risk.

Part one: Evaluating ESG third-party risk

Third-party relationships have a significant impact on an organization’s environmental and human rights footprint, giving rise to reputational and regulatory risk. The majority of compliance leaders – 96% – think that third-party relationships pose some degree of risk to their business with regards to ESG. But strikingly, only 1% believe that this risk is great and two-thirds believe that the risk is negligible, with third-party relationships posing either ‘a little’ risk or ‘hardly any’ risk.

Although the majority (56%) of compliance leaders anticipate their levels of third-party ESG risk increasing in the next 12-18 months, it is unclear whether this is due to impending regulatory pressure or because this is the timeframe compliance leaders hope they have to prepare their organization for ESG risk.

Organizations with more established ESG management protocols appear more likely to recognize the possible impact and ramifications of third-party risks: 32% of those with high-maturity schemes (vs. 23% with low-maturity schemes and 28% with medium-maturity schemes) believe they pose a ‘fair amount’ or ‘great deal’ of risk.

Part two: Headwinds

ESG management is largely uncharted territory, with a lack of established frameworks on which to build organizational processes and standards. This is making it difficult for compliance teams to develop their ESG programs.

82% of compliance leaders are struggling to embed ESG in existing risk practices, 78% cite a lack of established ESG knowledge and skills as a limitation, and 74% are hindered by the complexity of ESG risk management in different markets in which either they or their third parties operate.

Part three: The value of investing in ESG compliance programs

Despite the challenges compliance leaders are facing in terms of incorporating ESG into current practices, four in five (81%) compliance leaders recognize that integrated ESG programs can positively impact their organization.

And there are positive signs that integration is happening and that AB&C and ESG management are co-existing rather than competing for resources: 70% of compliance leaders view AB&C and ESG risk management as aligned programs, rather than competing priorities, in their organization.

It is imperative that organizations continue to focus on developing robust ESG protocols that can be integrated with existing compliance measures, simultaneously easing the strain on compliance teams and build on existing good governance and transparency.

Definitions of ESG program maturity

This report refers to the maturity of ESG programs throughout. Compliance leaders were asked to identify their organization’s level
of ESG program maturity according to the following definitions:

Low: Low awareness of ESG, no formal structure, no formal process of integration across the business or AB&C program. Individual policies exist for elements of ESG.

Medium: Good awareness of ESG and its benefits, formal structure, and processes in place but ESG still largely seen as an isolated activity and separate from the AB&C program.

High: ESG ownership assigned outside of leadership, ESG culture fully embedded throughout the business, full implementation in strategic and operational decision-making including AB&C program.

ESG stands for environmental, social and governance – a set of factors that assess how an organization impacts the environment and society. For the purposes of this report, we are looking at ESG as an approach to evaluating the extent to which a corporation works on behalf of social goals that go beyond its role of maximizing profits. However, it is important to note that there are various definitions of ESG, and that different organizations will have different priorities and focus areas.