Checking Your ESG Blind Spots under the ‘Duty of Care’

Legal obligations accelerate ESG integration in risk management
Checking Your ESG Blind Spots under the ‘Duty of Care’
Publ. date 24 Oct 2018
We can no longer deny it: no matter the industry, each company faces a wide range of environmental, social and governance (ESG) risks found both within the business operations and throughout the value chain that need to be identified, monitored and managed. Although the benefits of good ESG risk management seem obvious, there are still companies claiming that some of the most important ESG risks such as human rights or climate change do not concern them. What European lawmakers have shown in 2018 through the EU Non-Financial Reporting Directive and the French “Duty of Care” law is that ESG risks affect all companies, albeit to a varying degree. In all cases, it is necessary for them to broaden the scope of ESG risks to avoid potential blind spots, and to be transparent towards stakeholders on the risks that are most prevalent.

Keeping a close eye on all ESG risks

Increasing maturity has shifted the question from why companies should be involved in the protection of human rights or the environment to how to best manage the many ESG risks they may face in both the short- and long-term. According to the 2018 World Economic Forum’s Global Risks Report, ESG risks account for four of the top five risks to companies in terms of impact. Most industries are for instance likely to be impacted by risks such as climate change and cyber threats which not only affect tangible assets (i.e. infrastructure damage due to rise in sea levels) but also intangible assets (i.e. loss of reputation if data security is not properly managed).

Given the impact of ESG risks, it is in a company’s best interest to think ahead and design strategies to face these challenges. In reality, it has been observed that most companies have been slow at incorporating ESG scenarios and metrics in their (financial) risk management and decision-making, causing governing bodies to take action.

New laws accelerating ESG risk management

From 2018 onwards, the EU Non-Financial Reporting Directive has come into effect through adoption in member state’s legislation, requiring large companies to disclose information on the way they operate and manage social and environmental challenges. The objective is to help stakeholders such as investors, consumers, and policy makers evaluate the non-financial performance of large companies and encourages these companies to develop a responsible approach to business.

In addition, French legislators have enacted a law describing exactly how French companies are expected to manage ESG risks. The so-called ‘Duty of Care’ or ‘Duty of Vigilance’ law, which has also come into effect in 2018, is an obligation for companies to disclose, manage and prevent ESG-related risks by having a ‘duty of care plan’ that identifies and mitigates environmental, human rights, health and safety and corruption risks all throughout the supply chain, which includes those of their subsidiaries, subcontractors and suppliers, in France and abroad. Failure to comply with the law or to implement such a plan may in receiving a fine amounting to up to € 30 million. Concretely, French companies are required to publicly disclose the following:

  • a risk mapping aimed at identifying, analyzing and classifying the risks
  • procedures for regular evaluation of the situation of subsidiaries, subcontractors and suppliers
  • appropriate actions in order to mitigate the risks and prevent serious harm
  • a warning mechanism and a compilation of all the reports and alerts related to the existence and materialization of such risks
  • a mechanism for monitoring the measures taken and an evaluation of their efficiency

Basic building blocks of ESG risk management

Although the requirements of the ‘Duty of Care’ law and EU Directive on Non-Financial Reporting seem extensive, there are a few basic steps you can start taking to be proactive and efficiently address ESG risks. First, determine which ESG risks are most material for your company and its value chain from a holistic perspective (impact on own operations as well as impact on people, the environment and society). Doing a materiality assessment is a good first step to gaining an understanding of the issues that matter to your stakeholders and have a significant business impact.

Second, outline and publish your company’s commitments in a clear and straight-forward way. This can, for instance, be in the form of a human rights policy or environmental statement. Organize a mature due diligence process to track and monitor whether ESG risks are materializing, and if necessary, put in place remediation plans.

Finally, publicly report the results of the risk assessment, monitoring, and remediation actions taken. Make sure the process is not a one-off exercise but rather a continuously ongoing process that is embedded within the company’s enterprise risk management, supported by stakeholder engagement and has the opportunity for remediation by external parties.

Working on strengthening your ESG risk management?

Whether you are a company working on addressing the ‘Duty of Care’ law or the EU Non-Financial Reporting Directive or trying to stay ahead of the curve, start reinforcing your risk management framework today by updating your materiality matrix. Indeed, the material issues uncovered in the materiality assessment can serve as crucial input for your ESG risk management. If you would like to discuss how to successfully integrate ESG risks into with your enterprise risk management, please contact Josée van der Hoek, via or +31 6 28 02 18 80 and get serious about risk management.

Image source: Catherine Kolodziej, Flickr

Privacy Notice | Finch & Beak © 2024. All rights reserved.