Fulfilling ESG responsibilities requires a paradigm shift – one that includes a more nuanced inward focus for a company to comprehensively understand itself as an organization and the role it plays in relation to its sector, the economy and society. It also requires an outward focus on the impact that the company has on the environment and people, and the aggregate effects of its actions and conduct.
Company leaders are expected to make decisions in line with a “we’re in this together” perspective, expanding their historical inward risk assessments in order to consider ways to limit the potential harm they cause, while also identifying opportunities that facilitate better outcomes for all.
The sheer scale of ESG metrics (for example the European Unions’ Corporate Sustainability Reporting Directive contains more than 1,000), a patchwork of global regulation, increasing shareholder activism and high expectations from stakeholders presents companies and their board members with multiple challenges. As an example, ESG responsibility is likely to extend to taking ownership for the impact on society of the company’s global tax arrangements.
This is a concern for many board members navigating the tensions between their ESG commitments and tax avoidance schemes. For more on this, see the article titled The missing T in ESG published in the Harvard Law School Forum on Corporate Governance. Board members play a central role in leading and providing strategic guidance on these complex and multi-faceted issues, and their decisions will shape companies for many years to come.
Wicked problems
“A ‘wicked problem’ is a term used in design, policy making and social sciences to describe a complex, dynamic and multifaceted problem that is difficult or even impossible to solve completely.
“It is a problem that is charactersed by high levels of uncertainty, multiple and conflicting goals and many interrelated and changing factors.
“With wicked problems, it is difficult to identify boundaries of their impact, or recognise all the variables that are in play (…)
“It can even be difficult to tell if a wicked problem has been solved until many years later because it may address long-term opportunities, obstacles and obligations”.
Source: The Open Compliance and Ethics Group (OCEG) GRC Capability Model
ESG is also about the identification and realization of opportunities, some of which will not only deliver ESG imperatives but also financial benefits to the company. Some examples referred to in the MSCI ESG rating methodologies include opportunities in clean tech, green building, renewable energy, access to finance, health care and communications.
The board and senior management will be expanding their view as innovation and growth come from new areas, relationships and products.
No ESG without governance and an effective board
Governance centres on how the company is directed and steered. It sets the context for corporate culture, strategy, risk management and compliance. Furthermore, it highlights the critical role of the “board as the cornerstone” of, and the ultimate responsible party for governance and value preservation. There is no credible ESG without good governance and an effective board.
ESG and GRC (governance, risk and compliance) have much in common. Leveraging existing GRC and financial crime compliance capabilities, as well as existing regulation and global best practices, can help address many ESG requirements.
GRC skills have matured considerably in response to increased regulatory pressure and the ever-changing corporate landscape. The extensive scope of GRC means that professionals in this space are well placed to participate in ESG initiatives – they understand the organization in its entirety and are well versed in the complexities of multifaceted organizational change.
Principles of governance
Let’s look at each component of ESG individually, and how it interacts with GRC. The same “governance”, and the same principles of ethics, leadership, independence, accountability, transparency as well as board structure and remuneration factors that apply. The OECD Principles of Corporate Governance first issued in 1999, have long served as a foundation for policy makers and companies seeking to embed good governance. The recent 2023 revised version now also includes recommendations on sustainability and resilience.
The “social” issues of diversity, privacy and data protection, and fair labor practices are common to both, and are part of the legal compliance obligations of the company.
When it comes to how a company designs, implements and embeds ESG in a manner that creates confidence and that can withstand scrutiny, the ISO management system standards offer some answers.
ISO defines a management system as “a set of interrelated or interacting elements of an organization to establish policies and objectives, as well as the processes to achieve those objectives”. Viewing organizations as systems provides some valuable insights that apply to all organizations irrespective of size, structure or activity:
- When an organization is viewed as a system, it becomes evident that every component interacts to build an interactive structure, and that changes made in one area affect other areas as well.
- Organizations are dynamic, open systems. They are a part of a network of social, legal, economic, and political relationships that are constantly changing.
- Organizational complexity must be viewed as a systemic characteristic. This complexity and the fact that there are so many variables is precisely what allows organizations to adjust to requirements and so continue to exist.
The generic elements of all ISO standards include the importance of understanding the context of the organization (both internally and externally) and identifying the interested parties and their requirements. An interested party is a person or organization that can affect, be affected by, or perceive itself to be affected by the organization’s decisions or activities. These elements echo the ESG inward and outward focus, the requirement for stakeholder engagement, and the company’s impact and the potential harm it may cause.
Game changer
The big game changer is the “environment” piece. Among the multiple challenges, how the board will meet ESG supply chain related obligations is a whopper of a wicked problem. However, while the EU’s Corporate Sustainability Due Diligence Directive is yet to define the requirements for due diligence, a lot can be borrowed from Anti-Money Laundering (AML), Counter-Terrorism Financing (CFT) and sanctions regulations and best practices.
Having worked extensively in financial crime compliance, I am convinced that the Financial Action Task Force (FATF) customer due diligence recommendations, AML regulations around the world and SaaS AML software solutions with their agile workflows and rich data sets can serve as a solid foundation for supply chain due diligence. And as with fighting financial crime, in order to be successful ESG will require extensive global collaboration. Similarly, lessons can be learnt from the evolving interconnected global AML landscape.
ESG implementation
A robust due diligence model can accomplish multiple objectives, including enabling the fulfilment of ESG supply chain responsibilities. It can simultaneously be used to address AML, CFT, sanctions, fraud, and conduct risk, but also human rights and environmental risk. At the same time, it creates opportunities to build better partnerships both up and down the value chain.
Boards could gain great benefit from including members that have extensive experience of the businesses that form part of a company’s value chain. This will enhance the understanding of the company’s potential impact and better inform stakeholder engagement.
Valuable lessons for ESG implementation can be gained from GRC failures. These include risk blindness, group think, deficient information, insufficient board expertise and lack of appropriate corporate action (consider the impact of Westpac’s AML weaknesses on the victims of child exploitation, or the 346 people who lost their lives in the two recent Boeing crashes).
Interdisciplinary approach
These examples highlight some of the many opportunities of an interdisciplinary approach between ESG, GRC and financial crime compliance. After all,“Solving wicked problems often requires collaboration, creativity and innovation across multiple disciplines and stakeholders.” (Source: The Open Compliance and Ethics Group (OCEG) GRC Capability Model)
ESG and GRC, while different in some respects, are overlapping and interconnected frameworks. Both run through the entire organization, weaving together corporate purpose and values through a wide range of activities and areas. These include the board, executive team, compliance, finance, legal, etc – all of which, together, serve to protect the organization, enhance corporate resilience and sustainability, while ideally fulfilling the organization’s role as a trusted partner to society.
Board members are the lead drivers of a company’s value preservation. In fulfilling their ESG responsibilities, they will need to challenge senior management even more to ensure the existence of a holistic and integrated view of the company context (both internal and external), and its existing capabilities. However, the reality is often a fragmented and siloed view with existing capabilities being missed. To quote Mark McCormack: “You don’t have to reinvent the wheel, just attach it to a new wagon.”
Gail Wessels is a GRC expert and lawyer with more than 20 years’ cross-functional experience in multiple sectors and jurisdictions. She is also a seasoned regulatory and financial crime compliance trainer and course designer. If you would like to get in touch, you can find her on Linkedin.