Increasing maturity has shifted the question from why companies should be involved in the protection of human rights or the environment to how to best manage the many ESG risks they may face in both the short- and long-term. According to the 2018 World Economic Forum’s Global Risks Report, ESG risks account for four of the top five risks to companies in terms of impact. Most industries are for instance likely to be impacted by risks such as climate change and cyber threats which not only affect tangible assets (i.e. infrastructure damage due to rise in sea levels) but also intangible assets (i.e. loss of reputation if data security is not properly managed).
Given the impact of ESG risks, it is in a company’s best interest to think ahead and design strategies to face these challenges. In reality, it has been observed that most companies have been slow at incorporating ESG scenarios and metrics in their (financial) risk management and decision-making, causing governing bodies to take action.
From 2018 onwards, the EU Non-Financial Reporting Directive has come into effect through adoption in member state’s legislation, requiring large companies to disclose information on the way they operate and manage social and environmental challenges. The objective is to help stakeholders such as investors, consumers, and policy makers evaluate the non-financial performance of large companies and encourages these companies to develop a responsible approach to business.
In addition, French legislators have enacted a law describing exactly how French companies are expected to manage ESG risks. The so-called ‘Duty of Care’ or ‘Duty of Vigilance’ law, which has also come into effect in 2018, is an obligation for companies to disclose, manage and prevent ESG-related risks by having a ‘duty of care plan’ that identifies and mitigates environmental, human rights, health and safety and corruption risks all throughout the supply chain, which includes those of their subsidiaries, subcontractors and suppliers, in France and abroad. Failure to comply with the law or to implement such a plan may in receiving a fine amounting to up to € 30 million. Concretely, French companies are required to publicly disclose the following:
Although the requirements of the ‘Duty of Care’ law and EU Directive on Non-Financial Reporting seem extensive, there are a few basic steps you can start taking to be proactive and efficiently address ESG risks. First, determine which ESG risks are most material for your company and its value chain from a holistic perspective (impact on own operations as well as impact on people, the environment and society). Doing a materiality assessment is a good first step to gaining an understanding of the issues that matter to your stakeholders and have a significant business impact.
Second, outline and publish your company’s commitments in a clear and straight-forward way. This can, for instance, be in the form of a human rights policy or environmental statement. Organize a mature due diligence process to track and monitor whether ESG risks are materializing, and if necessary, put in place remediation plans.
Finally, publicly report the results of the risk assessment, monitoring, and remediation actions taken. Make sure the process is not a one-off exercise but rather a continuously ongoing process that is embedded within the company’s enterprise risk management, supported by stakeholder engagement and has the opportunity for remediation by external parties.
Whether you are a company working on addressing the ‘Duty of Care’ law or the EU Non-Financial Reporting Directive or trying to stay ahead of the curve, start reinforcing your risk management framework today by updating your materiality matrix. Indeed, the material issues uncovered in the materiality assessment can serve as crucial input for your ESG risk management. If you would like to discuss how to successfully integrate ESG risks into with your enterprise risk management, please contact Josée van der Hoek, via firstname.lastname@example.org or +31 6 28 02 18 80 and get serious about risk management.
Image source: Catherine Kolodziej, Flickr