Navigating the Complex World of ESG-Driven Compliance

Not long ago, compliance within many companies was viewed exclusively through a regulatory lens. However, over the past decade, as ESG (Environmental, Social, and Governance) factors have gained traction as a way to do good in the world and drive shareholder value, that approach has evolved into one based increasingly on ethics and reputational concerns.

This shift has been driven by increased stakeholder interest in responsible business practices, pressuring companies to approach compliance more holistically. Today, compliance is not just about ticking boxes but about demonstrating a positive impact on stakeholders and the environment. However, as ESG continues to evolve, the complexities of compliance today have become increasingly evident.

New complexities

This complexity is particularly apparent under the “E” of ESG. Stakeholders are more interested than ever in how companies address their impact on the environment, from carbon emissions to stewardship of natural resources. This interest has led companies to make voluntary pledges, such as achieving net-zero emissions, where human-caused emissions are balanced by an equivalent amount being removed through various means. However, with the explosion of disclosure and reporting requirements worldwide, which often vary, these pledges have become riskier and more complicated, prompting new questions about navigating this shifting landscape.

Company activities under the “S” have also underscored the complexity of compliance today. The backlash against Diversity, Equity, and Inclusion (DEI) activities offers one of the most striking examples. Buoyed by the Supreme Court’s decision last year ending affirmative action for undergraduate admissions, the movement has created new litigation risks from organizations that scrutinize DEI programs for unlawful use of race in decision-making. These risks have prompted companies to review their DEI programs to confirm their legality and bolster the judgment that they benefit the business.

Human rights are another area creating compliance challenges, especially in supply chain management. Traditionally, companies have conducted business-focused due diligence to identify and address risks to the company itself. Due diligence, whether on suppliers or an acquisition target, was an act of self-interest to protect shareholder value. Today, it also aims to identify risks of human rights violations suffered by third parties, such as workers in the value chain or indigenous people affected by infrastructure projects. This more altruistic due diligence is driven by reputational concerns as well as the recent growth of legal regulations worldwide.

ESG has also transformed traditional compliance areas by embedding them into a wider framework of ethical behavior, adding more emphasis on transparency and long-term sustainability. Anti-bribery compliance, for example, is not just about meeting legal requirements but about creating high-integrity cultures with sound reporting systems. ESG’s influence on cybersecurity is similar, encouraging companies to adopt comprehensive strategies that encompass prevention, detection, and response to cyber threats.

Risk from three perspectives

In this new ESG-driven world of compliance, companies need to tell a story that does justice to their current efforts, satisfies regulatory requirements, and positions them for future developments. Fundamental to this approach is identifying risks from three perspectives.

Internal

The first is internal, which addresses whether companies have their houses in order.

• Do we have procedures for monitoring and reducing environmental impact?
• Do we have mechanisms to identify, assess, and mitigate ESG-related risks?
• Do we have clear corporate governance structures, ethical guidelines, and codes of conduct to guide business practices and decision-making?

External interactions

Second are interactions outside the company that can impact the accuracy of disclosures, create legal liability, require expensive investigations or litigation, or result in reputational damage. The inquiry hinges on questions like:

• Who are our intermediaries?
• What kind of M&A activity are we engaged in?
• What are we investing in?

ESG activities

Third are ESG activities themselves. After all, they are just another business activity and require the same risk assessments.

• Are we using local partners with sustainability initiatives?
• Are we funding projects in countries considered high-risk for corruption or human rights violations?
• Are we using business intermediaries or local agents?
• Are we interacting with local governments (possibly through partners or intermediaries)?

ESG has raised the bar on compliance, but it has also created new challenges and opportunities. By addressing these areas, companies can ensure that they not only meet ESG compliance requirements and mitigate risks, but also distinguish themselves from competitors by demonstrating their commitment to responsible and sustainable business practices.