How can compliance officers help their companies tackle ESG?

Overview of ESG

What is ESG?

ESG stands for Environmental, Social, and Governance and is commonly incorporated by companies as three pillars of a framework focused on the non-financial risks and opportunities inherent in the company’s business.
 

These terms are relatively new buzzwords and as a compliance officer you could be forgiven for thinking there is a whole new set of considerations you need to take into account. 

The good news is that many of these risks and areas for potential fraud or misconduct are topics that compliance professionals are already familiar with and have been addressing for some time. This means that you do not have to start from scratch, but instead can enhance your existing procedures to ensure a robust compliance framework which encompasses ESG.

Where did ESG come from?

In 2004, in response to an invitation from the United Nations, a group of 18 financial institutions published a report containing recommendations on how to better integrate environmental, social and corporate governance issues into business. Initially targeted toward companies in the financial industry, the principles of ESG have since taken root in the global conscience, awareness has grown rapidly over the years and now the principles and concepts behind ESG are being applied in all aspects of consumer behaviour (e.g., investing, purchasing decisions, etc.) as well as by companies across all industries to demonstrate their commitment to acting responsibly.

Five key topics to consider when incorporating ESG into compliance

1. Know your ESG fraud risks

The process of identifying ESG risks is not unique. As with all types of risk, the first step is to gain a deep understanding of your business and the universe around it and to perform a risk assessment. Focusing on ESG risks and areas for potential ESG-related fraud or misconduct may exist internally (e.g., pressure to meet metrics tied to renumeration) or externally (e.g., dishonest suppliers keen to make your preferred list and hence are tempted to overstate their ESG credentials). Although there is no global standard ESG framework, a good starting point to identify potential risks and areas of fraud are the 21 core metrics (and 34 expanded metrics) published by the World Economic Forum. These metrics are a result of efforts to develop a core set of common metrics and are based on various existing standards including the frameworks developed by the Global Reporting Initiative (GRI) and the International Sustainability Standards Board (ISSB). On 26 June 2023 the ISSB issued its inaugural standards for sustainability related disclosures which will be effective for reporting periods beginning after 1 January 2024¹.

Additionally the Task Force on Climate-Related Financial Disclosures (TCFD) has developed a framework to help public companies and other organizations more effectively disclose climate-related risks and opportunities through their existing reporting processes. Whilst this started as a voluntary initiative, it is now mandatory in an increasing number of countries and will become mandatory for large public-interest companies in Switzerland as of 1 January 2024².

In order to identify ESG related risks, gaining a comprehensive understanding of the business may involve approaching a wider audience of people and functions than you might typically do during a risk assessment. This may also enable you to identify another part of your company that is monitoring third parties for ESG purposes. Approaching this team to discuss fraud risks could present you with the opportunity to combine forces and minimise the number of back-and-forth interactions with third parties. Additionally, your ESG-focused colleagues may greatly benefit from your experiences conducting third party audits in the supply chain (e.g., anti-bribery and corruption audits).

2. Update existing processes and procedures to cover ESG concerns

Once your risks have been identified, review your processes, procedures, policies, and controls, and consider how they might be extended to cover ESG-related fraud risks. For example, if you are already sending questionnaires to suppliers for anti-bribery purposes, updating these questionnaires with some additional questions to cover the most pressing ESG concerns would be a quick win. Or if you are currently overseeing the execution of anti-bribery and corruption audits (or conducting any other compliance review), consider how such audits and reviews might be extended to also cover ESG-related topics. Additionally, you might also consider whether your whistleblowing policy could benefit from the addition of an ESG-related example of a topic to bring to management attention.

3. Regulatory developments concerning due diligence in the supply chain

ESG regulatory developments are taking place rapidly and it is imperative that companies stay on top of them. Many of these developments focus on due diligence requirements (particularly with respect to child labour and other potential areas for fraud and misconduct) and therefore it is critical that compliance officers are up to date. These regulations not only impact the governance aspect of ESG (ensuring appropriate due diligence is conducted) but also the social aspect (for example, by ensuring potential human rights abuses are not overlooked).

For Swiss companies, three recent regulatory developments focused on due diligence requirements have the potential to greatly impact business.

First, the Ordinance on Due Diligence and Transparency in relation to Minerals and Metals from Conflict-Affected Areas and Child Labour came into effect in Switzerland on January 1, 2022. This Ordinance regulates the due diligence and reporting obligations to be complied with by companies in relation to minerals and metals from conflict-affected and high-risk areas and in relation to child labour. Sectors expected to be likely impacted are those which work with raw materials, for example, mining companies or companies in the luxury goods sector. The provisions of the ordinance begin to apply in the 2023 financial year. As a first step, companies need to determine whether the ordinance applies to them. Specifically, a company needs to evaluate whether it imports or processes certain minerals or metals from conflict-affected or high-risk areas or offers goods or services for which there is reasonable suspicion that child labour might have been involved in the manufacture or provision³.

Secondly, on 1 December 2022 the Council of the European Union adopted the Corporate Sustainability Due Diligence Directive which lays down rules on obligations for large companies regarding actual and potential adverse impacts on human rights and the environment, with respect to their own operations, those of their subsidiaries, and those carried out by their business partners. Since this directive requires companies to audit their entire supply chain and not only their direct suppliers, Swiss companies are well advised to review this directive to determine whether they are affected by virtue of being a subsidiary or business partner of an impacted EU company. Furthermore, according to the directive, a non-EU company will fall under the scope of the due diligence directive, irrespective of whether it has a branch or a subsidiary in the EU, if the non-EU company fulfils the criterion regarding net turnover generated in the EU. Once the Directive has entered into force, member states will have two years to transpose it into national law. Therefore, it will be important for Swiss companies doing business in the EU to keep an eye on developments with respect to this legislation.

Thirdly, the German Act on Corporate Due Diligence in Supply Chains (“Lieferkettensorgfaltspflichtengesetz, LkSG”), enacted in 2021, also has a potential impact, as it applies to subsidiaries of Swiss companies in Germany and might become influential in Swiss policy-making. This act regulates corporate responsibility for compliance with human rights in global supply chains and includes, for example, provisions for protection against child labour, fair wages, and environmental protection. From 2023 the act will begin to apply to companies with at least 3,000 employees, and from 2024 also to companies with at least 1,000 employees in Germany. A central requirement is a risk analysis aimed at identifying, preventing, ending, or at least minimising human rights and environmental risks.

Swiss companies that are not directly affected by these regulations may still be indirectly affected, for example through being part of the supply chain of an affected EU company. Therefore, we recommend all Swiss companies to review their due diligence procedures to check whether they are sufficient to prevent or mitigate their potential risks.

4. Non-financial reporting 

Given the recent national and international regulatory developments (Swiss Transparency on Non-Financial Matters, the EU Corporate Sustainability Reporting Directive, EU Sustainable Finance Disclosure Regulation (SFDR) and SEC Proposed Rule on Climate Disclosure Requirements), companies need to determine which non-financial reporting obligations apply to them (or, in some cases, which non-financial reporting obligations the company has chosen voluntarily to comply with) and establish a reporting procedure accordingly. While the non-financial reporting required is not the direct responsibility of the compliance function, the risks arising from these new disclosures are and compliance officers are best placed to have an overview of these potential risks. For example, according to Art. 964b⁴ of the Swiss Civil Code, reporting on environmental concerns (in particular CO2 targets), social concerns, employee concerns, respect for human rights, and the fight against corruption must be integrated into the non-financial reporting and must be made publicly available (Art. 964c). A so-called "comply or explain"⁵ concept applies, which requires companies to report on the reasons for not reporting.

There are two main risks relating to ESG reporting requirements:

1. Firstly, greenwashing. Whether intentional or unintentional, providing inaccurate or misleading data to the public may cause fines or penalties and can result in reputational damage for the company. A topic we will further discuss in our next thought piece.
2. Secondly, the setting of new and potentially unrealistic key performance indicators (KPIs) could increase the risk of fraud if employees are incentivised to meet unreasonable targets and seek to do so perhaps outside the rules.

It is crucial that compliance officers recognise these risks, and that controls, processes and procedures are in place to ensure that any disclosures are defensible and auditable. Compliance needs to liaise with those responsible for setting targets and communicating ESG reports, such as Public Relations, Investor Relations, and Finance and Accounting.

5. Training and awareness

For the comprehensive and integrated management of ESG risks, it is important that those tasked with ESG matters throughout the company work together. For example, when addressing risks in the supply chain, colleagues from procurement as well as legal and compliance will need to work together to ensure a holistic approach is taken. Furthermore, if changes to the supply chain are under consideration, it makes sense to also include tax colleagues in the conversation as there might be tax implications (e.g., taxes related to carbon emissions or grants to encourage more ESG compliant business) which could help fund any changes deemed necessary.

In order to ensure awareness across the company and to facilitate collaboration, compliance officers must gain an understanding of the current level of awareness of ESG topics and associated risks across the different functions of the business and then define the types of training required. Such a training could include not just ESG in general but also those more specific topics such as environmental crime, human rights in the supply chain, minerals and metals from conflict-affected areas, modern slavery, child labour and stakeholder engagement (as relevant and appropriate to your business).

Embedding ESG in compliance

An ESG risk assessment is the first step towards understanding the impact of ESG and the potential for fraud and misconduct in your business.

Compliance officers will play a pivotal role in identifying and helping to manage risks, reducing the potential for fraud or misconduct related to ESG, and in helping their business to effectively seize the opportunities stemming from a focus on ESG whilst avoiding the potential risks.

Our experience helping compliance officers manage challenging topics means we have the skills to help you determine where the risks lie and how they can be mitigated.

If you have any questions or would like to discuss this topic, please do not hesitate to reach out to one of our experts below.

References

¹ IFRS S1 (General Requirements for Disclosure of Sustainability related Financial Information) provides a set of disclosure requirements designed to enable companies to communicate to investors about the sustainability-related risks and opportunities they face over the short, medium and long term. IFRS S2 (Climate-related Disclosures) sets out specific climate-related disclosures and is designed to be used with IFRS S1.

² Federal Council brings ordinance on mandatory climate disclosures for large companies into force as of 1 January 2024 (admin.ch).

³ Article 964j of the Code of Obligations.

⁴ SR 220 - Federal Act of 30 March 1911 on the Amendment of the Swiss Civil Code (Part Five: The Code of Obligations) (admin.ch).

⁵ Art. 964b para. 5