Vendor Risk Management and ESG: Is Your Program Ready?

Environmental, social and governance, or ESG, is more than a trending topic. Many shareholders, employees, investors and the community are increasing their demands for organizations to conscientiously minimize negative impacts on people and the planet resulting from their operations. Organizations are under pressure to move beyond traditional corporate social responsibility (CSR) programs and become more transparent through public disclosure and reporting of ESG metrics. If it weren’t complicated enough, organizations are being driven towards ESG disclosure and reporting in a rapidly evolving regulatory environment without a globally recognized reporting standard.

Corporate Social Responsibility and Environmental, Social and Governance: What’s the Difference?

While ESG evolved out of CSR, the two shouldn’t be used interchangeably. Let’s review some of the key differences between these two terms:

• Corporate social responsibility is based on the notion that an organization should be accountable to its employees, investors, customers and the public. It’s primarily designed to contribute to societal goals of a charitable, philanthropic, volunteer-oriented or influential nature. These goals are achieved by engaging in or supporting practices or causes that are socially, environmentally and ethically oriented. Corporate social responsibility issues or objectives are interpreted, structured and controlled by the organization. Many CSR programs have been criticized as more “feel good” than “do good,” and ESG has evolved as a result.
• Environmental, social and governance takes a more formalized approach, as the organization’s goals and objectives are paired with metrics to measure progress and outcomes which are then publicly reported. ESG disclosure and reporting is the practice of translating CSR and other issues into reportable factors using metrics that objectively measure and report the organization’s status and progress. Furthermore, environmental, social and governance data attempts to measure the intangible assets within an organization and covers a broad spectrum of issues traditionally excluded from financial analysis. The investment community has embraced the theory that an organization’s valuation is incomplete unless its social capital and sustainability are included in the calculation.

Expectations vs. Regulations

In the U.S., the Securities and Exchange Commission (SEC) requires all public organizations to include material risks in 10-K reports. Materiality is typically defined as information that could affect an informed investor’s decision making. Today, materiality is more or less at the organization’s discretion. More stakeholders are now considering environmental, social and governance risks in the long-term financial viability of organizations and it’s anticipated that the SEC will issue new ESG disclosure rules sometime in 2022.

The UK and the EU have several existing ESG related regulations, which are, for now, primarily focused on transparency and reporting. However, proposed changes may soon create stricter rules for those regulations and introduce heavy penalties.

Despite the small number of evolving regulations, organizations are responding to investor expectations around ESG disclosure and reporting. Ninety-two percent (92%) of S&P 500 Index companies and 70% of the Russell 1000 Index companies published sustainability (ESG) reports in 2020 (Governance & Accountability Institute’s 2021 Sustainability Reporting in Focus). For now, public opinion and investor interest are the current driving forces behind ESG. Despite the sparse regulations and the lack of a single reporting standard, organizations currently working on or actively delivering ESG reporting are already ahead of the game.

ESG and Vendor Risk Management

It’s clear that vendor risk management has an important role to play in an organization’s ESG efforts, especially for specific industries. Still, knowing how to plan for and integrate vendors into an ESG program is not that straightforward.

Consider the following tips:

1. Define the scope: To get started, you must first understand your organization’s commitment to, and scope of, ESG. And you’ll need to collaborate with the individual or team responsible for your organization’s ESG efforts to identify which of your vendors (products or services) should be included. What will you expect from your vendors when it comes to ESG? Most organizations focus on transparency and reporting vs. setting any goals, so start there. The requirements for your vendors should mirror those for your organization.
2. Prepare your vendors: Vendor participation and compliance are required to integrate ESG into your program effectively. You’ll need to understand where your vendors are in their respective ESG maturity. That information will help you determine what you can realistically require from your vendors at present and how much work it might take you to get to where you want to go. You must be sensitive to the potential changes required from your vendors. Be prepared to communicate frequently, offer training and ensure you have a healthy and realistic timeframe for vendor compliance.

ESG is not a “flavor of the month” or trendy issue. ESG disclosure and reporting are already impacting businesses worldwide in a very urgent and measurable way. ESG is here to stay, and the regulations, reporting standards and expectations of investors and the public will continue to evolve and change along the way. Savvy organizations realize that credible ESG disclosure and reporting must incorporate their vendors. Now is an excellent time to learn all you can about ESG, including the various issues covered as well as the existing and proposed regulations and reporting standards. That knowledge can only help you prepare for or improve your vendor ESG integration. Whatever your approach, integrating ESG into your vendor risk management program requires careful consideration, thoughtful planning and excellent change management.