The shift from corporate social responsibility (CSR) initiatives to environment, social, and governance (ESG) programs creates even more pressure for third-party risk management. CSR programs have been around since the 1970s when social changes such as the environmental movement inspired organizations to consider their impact on their communities and society as a whole. Responsibility for these programs, which generally focused internally and on local communities, were often managed by marketing or HR departments.
ESG, on the other hand, is often managed by compliance and risk departments, demonstrating a broader approach to ethics and acknowledging that an organization’s responsibility for negative externalities (the economic term for a cost caused by a producer that isn’t paid for by the producer, such as the impact of pollution or forced labor) extends throughout their supply chain. The business community and regulators have come to accept that organizations are not only responsible (ethically, if not legally) for the externalities they create directly, but also those created by the third parties they choose to partner with.
ESG as a Regulatory Mandate
Joining a number of countries, the EU is likely to be the next jurisdiction to enact regulations requiring organizations to conduct ESG due diligence of their supply chains to address human rights violations and environmental impacts. Reporting on these proceedings indicates that the EU plans to back up the legislation with enforcement mechanisms and sanctions for non-compliance, including failure to implement appropriate due diligence plans. Expected to be passed in 2021, the proposed EU regulations are anticipated to resemble France’s 2017 Duty of Corporate Vigilance Law, which requires preventative and remedial action to address a number of serious human rights violations and environmental impacts.
Reform of Switzerland’s Swiss Code of Obligations and Criminal Code is also expected to be adopted in 2021. These regulations would extend current financial reporting requirements to include reporting on environmental issues, social issues, human rights, and anti-corruption efforts. Less likely to happen in the short term, the United States Congress is also reviewing the Slave-Free Business Certification Act, which would also require greater supply chain due diligence.
These regulations would expand the list of international regulations organizations must already comply with. The 2010 California Transparency in Supply Chains Act, the UK 2015 Modern Slavery Act, and the Australia Modern Slavery Bill 2018 have set compliance and enforcement precedents related to forced labor. In effect since January 2020, the Dutch Child Labor Due Diligence Act requires companies that sell goods and services to consumers in the Netherlands to identify and prevent child labor in their third-party ecosystems.
Despite the fact that a number of these regulations have been in place for some time, many organizations may be unprepared for the evolving ESG regulatory landscape. In a survey conducted by Dun & Bradstreet, 43% of respondents admitted that they struggled to identify ESG factors as part of due diligence processes. These organizations face significant exposure to regulatory action, in addition to being unable to ensure that third parties in their supply chain meet the ethical standards set forth by senior management and the board.
Compliance is Just the Starting Point for ESG
While legal requirements to protect human rights and the environment require third-party risk management assessments, many organizations view ESG through a broader lens when onboarding new third parties. They recognize a responsibility to raise the ethical bar of the entire business ecosystem and assess third parties on other sustainability factors, such as:
Diversity – Are people of all genders, races, ethnicity, ages, and sexual preferences represented across the organization, including leadership positions?
Employee policies – Are employees treated equitably, given safe working conditions, and paid fairly?
Third-party management – Are third parties and beyond (your fourth and nth parties) subject to adequate ESG due diligence to maintain the integrity of the supply chain?
Climate – Is the organization conscious of their impact on the environment and contribution to climate change (such as CO2 emissions) in addition to having plans for adapting to climate change?
Community – Does the organization strive to have a positive impact on the communities it’s part of, such as charitable giving/sponsorships or volunteer time off for employees?
The Business Benefits of ESG Assessments
Incorporating ESG into your third-party risk management assessments doesn’t just avoid regulatory action and tick off the boxes required by ethics leaders; it’s also good business. Many of the ethical behaviors included in third-party management assessments are indicative of the qualities that you want in the third parties you rely on:
Financial viability – A commitment to the environment and human rights generally demonstrates a long-term approach to the business and signals sustainable business decisions, making them a more reliable partner. And research suggests there is a close correlation between sustainable business practices and company performance. In 80% of the organizations studied, good sustainability practices had a positive effect of business performance.
Quality – Organizations that treat workers fairly, including pay that is an equitable proportion to executive pay, have a more committed workforce. Employees are more likely to have high morale and take pride in their work, and there is less turnover. This increases the likelihood that the third party will deliver products and services that reflect that pride and experience.
Innovation – Organizations that follow sustainability principles foster innovation with diverse workforces and high levels of engagement. They are also better positioned to attract top talent with 9 out of 10 American professionals across industries and pay levels indicating that they would trade some percentage of lifetime earnings in exchange for greater meaning at work, and many find purpose and meaning in sustainable practices.
Agility – Third parties that take a sustainable approach to their business are less likely to be disrupted by factors like regulatory changes or environmental impacts because they are prepared for these contingencies. An agile partner is more likely to be able to maintain a continuity of supply over time.
Reputation – A partner that is committed to ESG principles is less likely to create situations that can create negative publicity for your organization, such as human rights violations or environmental impacts. For many organizations, sustainability is an important part of the value they sell to their customers, and research shows that one-third of consumers choose to do business with an organization based on their stance on social issues. Maintaining this goodwill requires that you avoid association with third parties that could damage your reputation.
Growth – Sustainability is increasingly a driver for purchasing decisions, so being able to demonstrate that commitment across the supply chain is a compelling value driver. Nearly half of consumers indicated that they would “definitely” or “probably” change their consumption habits based on environmental impact. This trend is expected to continue to grow as younger generations increase their buying power, such as the 83% of Millennials surveyed who reported that environmental sustainability is extremely important to them.
Incorporating ESG into Your TPM Program
As CSR programs are eclipsed by ESG initiatives, most organizations will be looking for guidance on and examples of robust ESG programs, including the appropriate metrics. “Toward Common Metrics and Consistent Reporting of Sustainable Value Creation” from the World Economic Forum (WEF) proposes a core set of metrics and recommended disclosures to align mainstream reporting, reduce fragmentation, and speed progress towards a systemic solution. The European Banking Authority (EBA) has also published a Discussion Paper on ESG risk management and supervision that includes a comprehensive proposal on how ESG factors and ESG risks could be included in a regulatory and supervisory framework.
Incorporating third party ESG due diligence into your third-party management solution lets you leverage the data you already have in your third-party system of record, rather than creating another information silo. Without a robust, flexible system that can automate the ESG assessment and monitoring processes and share data across functional areas (e.g. making diversity certifications available to the procurement team), it will be difficult to comply with ESG regulations, support sustainability initiatives, and drive better business outcomes.
Many organizations manage third-party ESG processes within their Aravo systems, including diversity certifications, responsible sourcing assessments, and monitoring for changes in sustainability practices. In some cases, Aravo clients validate assessment responses with data from third-party risk intelligence providers like EcoVadis. Helping organizations meet their goals for ethics and sustainability is part of Aravo’s larger purpose. If you’d like to learn more about how you can raise the ethical standard of your third parties, contact us for more information.
Get in touch for a better approach to third-party risk management
The Definition of Better Business
Better business is built on acting with integrity. It commands better performance, delivering better efficiency, collaboration, and financial outcomes. It inspires trust. But better business is more than that – it’s about lifting the ethical standard of an entire business ecosystem to build a better world.