ESG Regulations on the Horizon and How They Will Impact TPRM
May 27th, 2021
Environmental, Social, Governance (ESG) is becoming top of mind for risk professionals around the world. These initiatives, designed to increase focus and accountability on sustainability, human rights, and inclusion within organizations are also gaining the attention of regulators, leading to new ESG regulations on the horizon.
ESG programs, an evolution from more traditional Corporate Social Responsibility (CSR) programs, have broad scope and accountability:
The “E” in ESG stands for environmental and focuses on organizations’ monitoring and reporting on environmental issues like pollution, climate change, carbon emissions, and similar initiatives. With ESG, organizations can liable if their actions negatively impact sustainability, but also if the actions of their third parties do.
The “S” stands for social and places focus on how organizations treat people through customer and employee relationships, diversity and inclusion, privacy, working conditions, human trafficking, forced labor, and human rights. ESG programs must examine unethical practices within their companies, as well as within third parties and supply chains.
Finally, the “G” in ESG stands for governance and examines organizations’ commitment to financial transparency and accountability, anti-bribery and corruption, and more. All of these initiatives and potential risks apply to third-party activities in addition to what’s going on in your own organization.
Governments are focusing on ESG as well. According to NASDAQ, U.S. President, Joe Biden’s head of Securities and Exchange Commission (SEC), Gary Gensler recently stated, “[The Administration is] likely to heavily reform and broaden ESG investing and corporate disclosure rules in the U.S.” This increased scrutiny will continue to trend towards ensuring that companies are compliant with ESG expectations.
Existing ESG Regulations Around the Globe
ESG has moved up regulator and board agenda over the last several years and there is currently a range of global legislation already in effect that acknowledges the importance of ESG and places accountability on the actions of companies and their third parties. Examples include:
California’s Transparency in Supply Chains Act requires that large retailers and manufacturers disclose information to consumers regarding their efforts to eliminate slavery and human trafficking from their supply chains. This act came into effect in 2012 and applies to any company doing business in California that has an annual worldwide gross of more than $100 million and identifies as a manufacturer or retail seller on its California tax return. While it does require companies to make the mandated disclosures, it does not require companies to take action against slavery or human trafficking within their supply chains.
Europe’s Sustainable Finance Action Plan & EU Green Deal work together to provide more framework for sustainable finance regulation and calls for financial players to prioritize sustainability in their post-pandemic recovery plan. The EU Green Deal provides an action plan for encouraging efficient use of resources, biodiversity, and cutting pollution, with a goal to cut greenhouse gasses entirely by 2050.
UK’s Modern Slavery Act requires organizations to transparently publish annual statements confirming steps to ensure that slavery and human trafficking are not present within the business or supply chain. The Act was first enacted in the UK in 2015, and since then, other countries have adopted similar legislation- such as Australia in 2018.
Conflict Minerals Rule in the United States Dodd Frank Act requires publicly traded companies to report on their use and sourcing of tin, tantalum, tungsten and gold (3TG). These companies need to ensure that the materials they use in their products are not tied to conflict, by tracing and auditing their mineral supply chains.
ABAC Regulations: There is also a range of anti-bribery and corruption (ABAC) regulations that are designed to keep companies accountable for their ethical finance activities, and the activities of their third parties. Examples include the United States’ Foreign Corruption Practices Act (FCPA), Sapin II in France, and the United Kingdom’s Bribery Act.
Upcoming ESG Regulations to Pay Attention To
If ESG is not top of mind for companies’ TPRM programs, it should be. As regulators and governments continue to focus on the sustainability and human rights impacts that companies pose, more compliance concerns will rise as well. There are multiple examples on the horizon for 2021 and beyond already.
Europe’s ESG for Due Diligence for Supply Chains will require companies to prevent, monitor, and remedy risks to the environment and human rights in operations, supply chains, and business relationships- including third parties. It is expected that companies will be required to adopt this legislation by the end of 2021.
In Germany, its upcoming Due Diligence Act will introduce fines for companies procuring parts or materials abroad from suppliers who fail to meet minimum human rights and environmental standards. This would enter into force on January 1, 2023.
In addition to specific acts of legislation, the United States Securities and Exchange Commission (SEC) has launched a new Climate and ESG Task Force that will focus on increasing enforcement and ramp up compliance. The task force is set to examine multiple initiatives, including possibly policy and rule changes for environmental and diversity disclosures, and political spending disclosures. The task force will also seek to increase enforcement for existing legislation where it applies to ESG and sustainable finance.
What to Expect from New ESG Legislation
Unlike some laws in effect that seek to shine a light on modern slavery and human trafficking in supply chains, many new acts are not just a reporting and transparency requirement. These newer acts are trending to action. Organizations need to conduct the appropriate risk-based approach to due diligence and address issues, or face penalties.
If your company meets the requirements of upcoming ESG guidance, you may need to closely examine the impacts of your operations, your third parties’ operations, and each step in your supply chain. Some key considerations of new and upcoming regulations include:
Global implications: Many of these new acts and guidance will be broad in nature, meaning that companies within the region will be affected, but also if companies are headquartered elsewhere, but have operations and employees within the affected region. Properly examining all of your third parties and supply chains is necessary to determine which global or regional regulations will apply to your business.
Liability: These new and upcoming regulations will have teeth. The new EU ESG regulation, for example, will give victims of human rights violations the right to take EU companies to court and that remediation proposals by companies cannot prevent stakeholders from bringing civil proceedings to court. Extensive documentation and reporting for audit trails and compliance will help ensure that you’re meeting requirements and avoid serious consequences.
Increased Due Diligence: Extensive due diligence, initial, and continuous monitoring of all activities are a key component to many new ESG-related regulations on the horizon. Having an effective TPRM program that performs this level of due diligence will be critical in addressing issues.
ESG Considerations for Your TPRM Program
As seen in upcoming and existing legislation, ESG does not just apply to your organization, but also the activities of your supply chains and third parties. Keep these considerations in mind when examining how to integrate ESG into your TPRM program.
Identifying the Risks: Understanding the ESG risks that your third parties represent is critical to your TPRM maturity. Examining what product or service your third party provides, where they operate, and any potential ESG risks they bring to the relationship must be considered prior to onboarding, and on a continuous basis.
Initial Due Diligence: Prior to entering an agreement with a vendor, an analysis of the vendor and verification that they will meet a company’s needs is conducted. This helps identify any potential ESG risks prior to onboarding, allowing you to look elsewhere if necessary.
Continuous Monitoring: This provides real-time data on a third party’s activities and indicators if a security incident or similar risk is developing. Continuous monitoring helps identify any ESG risks as they occur, allowing you to remediate and report as needed.
Ability to Report on ESG Posture: Reporting is a critical component of many examples of ESG legislation. Dynamic reporting and dashboards allow you to provide needed documentation for any compliance needs, and also helps support you during an audit trail.
If you’re unsure where to get started, TPRM automation software such as Aravo’s award-winning platform helps companies manage due diligence deeper into the supply chain, support better supply chain resilience, and compliance. TPRM automation tools take out a lot of manual legwork, allowing you to focus on strategic activities rather than wading through data points. If you’re interested in learning more, check us out!
Get in touch for a better approach to third-party risk management
The Definition of Better Business
Better business is built on acting with integrity. It commands better performance, delivering better efficiency, collaboration, and financial outcomes. It inspires trust. But better business is more than that – it’s about lifting the ethical standard of an entire business ecosystem to build a better world.