ESG risk management is currently a relatively new, emerging territory, with legislation and standards yet to be fully developed. But although navigating this fast-changing landscape can be challenging, companies need to consider the very real risks if environmental, social or governance abuses are uncovered – not just within their organization, but also deep within their supply chains. ESG issues not only pose a significant reputational threat but also – increasingly – a clear regulatory threat too.

Third-party risk in particular is alarmingly under-acknowledged, with compliance leaders largely forecasting it as a concern for 12-18 months from now. While these projections may be linked to upcoming EU directives, compliance teams – already at stretched capacity – may also believe they need this amount of time to sufficiently develop their ESG programs, overcoming the complex challenges of embedding ESG into current practices, a shortage of established ESG knowledge requirements, and the difficulty of applying unstandardized ESG processes across international markets.

The stark reality is that organizations must act now to respond to the growing threat of third-party risk, or they may face serious setbacks in their ESG ambitions.