The data demonstrates that compliance leaders are conscious of how a robust ESG program can support their business; four in five (81%) compliance leaders believe that integrated ESG programs will positively impact their organization’s reputation.

Indeed, ESG risk poses a very real and urgent threat. Organizations cannot afford to leave themselves open to the potential reputational damage, legal proceedings and compensation demands they could incur by mishandling their own ESG impact or falling short in their due diligence of third parties. Securing investment and developing ESG protocols that compliance leaders can effectively integrate with their existing compliance frameworks is therefore critical to the protection of an organization’s brand.

Intentions are good

ESG compliance is rapidly rising as a board-level concern, with 82% of compliance leaders identifying ESG risk as a current and future priority in their business strategy, and the same number identifying ESG risk as an active priority for their compliance team.

Our research also finds that 70% of compliance leaders view AB&C and ESG risk management as aligned programs, rather than competing priorities, in their organization, and only 22% think there is a failure to appreciate the clear links between AB&C violations and ESG abuses (e.g., environmental, and human rights issues).

When it comes to ESG it is very difficult, if not impossible, to put a monetary value on it due to the reputational risk and advantages that also come with it. There is a huge risk of reputational fall out if suppliers get caught in hot water, but a lot of how we approach AB&C due diligence can also be applied to ESG. If everything is combined, it creates an efficient process and reduces the chances of anything slipping through the net.

Deborah D’Aubney
Group Head of Ethics and Compliance, Rolls-Royce

Legislation is on its way

The regulatory risk in relation to ESG is closing in, particularly with the introduction of new reporting obligations (including the EU Corporate Sustainability Reporting Directive), and due diligence obligations (including the proposed EU Corporate Sustainability Due Diligence Directive, in which third-party engagement is a key feature).

The UK Government have proposed a criminal offence of failing to prevent human rights abuses - if that proposal is adopted by the government it is likely to be modelled on the UK Bribery Act offence of "failing to prevent bribery" with a possible compliance defense. There are strong parallels between past development of AB&C regulation, and the emergence of ESG regulations, indicating that ESG will increasingly be viewed as a compliance issue like AB&C.

ESG reporting and due diligence regulations (including the EU Directives and national legislation such as the German Supply Chains Act, UK Modern Slavery Act and French Duty of Vigilance Law) are leading to a greater need to understand third-party relationships and transparency. In parallel, there is an increasing risk of companies being civilly liable for the actions of subsidiaries, agents and suppliers in respect to human rights and environmental violations.

Legislation is similarly developing in the U.S., but the nature of federal and state obligations make the landscape complex. Proposed federal and state ESG disclosure mandates may entail varying reporting requirements, use different methodologies, or apply to different entities. For example, the Securities and Exchange Commission (SEC) is increasingly focused on ESG disclosure obligations, such as requiring public companies to provide detailed climate-related disclosures in their annual reports and registration statements. In addition, the SEC is pushing for greater transparency to investors about the specific risks associated with ESG-focused investment products. At the state level, places like California are focused on requiring businesses operating there to make ESG-related climate disclosures to regulate emissions and set environmental targets. It is important that ESG compliance programs of multi-national companies are designed to keep pace with the evolving legislative landscape in the countries where they operate.

Hogan Lovells insight
Liam Naidoo, Partner, London

There is a growing corpus of legislation across Europe in particular, which is focusing on mandatory duties to conduct human rights due diligence. More critically, there is a parallel movement in some European jurisdictions (e.g. France and Sweden) to make corporates criminally liable for complicity in human rights abuses. Even in the UK we may soon see legislation modelled on the UK Bribery Act which could impose criminal liability on companies that fail to prevent human rights abuses carried out by their employees, agents and subsidiaries.

Christian Ritz, Partner, Munich

As of 1 January 2023, large companies in Germany will be under a mandatory duty to ensure that their global supply chains are properly analyzed with regard to human rights- and environment-related risks. In addition, they are obliged to implement further due diligence obligations, such as a specific risk management system including preventive and remedial measures and a broad grievance mechanism. The proposed EU Directive on Corporate Sustainability Due Diligence will lead to additional countries throughout the EU enacting probably even broader supply chain due diligence laws. Thus, it is going to be critical for companies to check on their existing supply chain due diligence processes and implement updated and robust human rights and environmental compliance processes in compliance with these upcoming regulatory demands.

The time is now

Despite compliance leaders alleging that ESG risk is rising up their agenda, there is little indication of significantly increased appetite to invest in ESG programs, with more than half (53%) of compliance leaders anticipating that their level of investment in ESG programs will have only increased by 1-5% in 12 months’ time.

Given that 61% of compliance leaders currently believe that the effectiveness of both AB&C and ESG programs is being diluted by limited resources, this increased investment is unlikely to be sufficient. ESG risk is already a very real reputational threat, and compliance leaders and their boards must wake up to the potential damage their organizations are exposed to.

Hogan Lovells insight
Stephanie Yonekura, Partner, Los Angeles

Developing an established ESG program – and integrating its risk assessment into other areas of compliance and due diligence – is key to reaping the benefits and effectively protecting your organization.

For organizations with mature and embedded compliance programs, risk assessment will be an entirely familiar concept; a process conducted and refreshed periodically in relation to its key risk areas, for example AB&C, anti-money laundering, human rights and modern slavery. Whilst the specific risks for each of these topics will differ, there will naturally be overlap which will be led by the commercial profile of an organization.

ESG will invariably impact every business, whatever its size, however not all of the topics within the wide spectrum of environmental, social and governance will be relevant in the same way. The key to a relevant and proportionate ESG strategy, one that achieves the very best possible impact on an organization, its stakeholders and the community it serves, is an assessment of risk.