Analyst Insight: Sustainability-bound regulatory development is adding a new dimension to ESG governance and supply chain risk management. As ESG garners increasing media attention and public opinion, the “G” in ESG is often not a topic of concern. However, as the teeth in ESG are sharpened, focus for formal corporate ESG metrics, data collection, and analytics/reporting process implementation and compliance relies heavily on an effective governance structure.
A new wave of European and U.S. regulations is making businesses of all sizes legally responsible for their environmental and social impact. The German supply chain due diligence act (LkSG) and the European Union’s Corporate Sustainability Due Diligence (CSDD) directive are recent developments in the EU zone. The Stock Exchange Commission (SEC) in the U.S. is studying public feedback after proposing a climate-related financial disclosure mandate last year and is widely expected to publish its final policy in the first half of 2023. These are prime examples of regulatory regimes strengthening the guardrails for ESG and sustainability governance globally.
A closer look at these new regulations reveals two emerging ESG trends: 1) businesses’ legal obligation in fulfilling their environmental and social responsibilities; and 2) mandatory disclosure of ESG-related topics, including strategy, impact, risks, and governance. Corporate Social Responsibility (CSR) is not new, and many businesses, large or small, adopt CSR as a common practice. However, the LkSG, the first of its kind, dramatically upgrades this responsibility as a legal requirement by compelling companies to develop due diligence measures to protect human rights and eradicate poor working conditions for workers. These due diligence procedures are not only applicable for a company’s own operations, but also apply to its extended supply chain. Therefore, the LkSG and the like further expose global companies’ vulnerability to supply chain risks and regulatory compliance, and have an impact on branding, both positive and negative.
A second development aims to enhance the standards for ESG and sustainability reporting and public disclosure. Voluntary ESG reporting is commonly guided by a variety of NGO-bound standards frameworks such as GRI, SASB, CDP and others. Nonetheless, they lack uniformity when it comes to companies reporting ESG performance consistently and comparably. It is also difficult for investors and other stakeholders to analyze peer performance. Fortunately, with the Corporate Sustainability Reporting Directive (CSRD) approved by the European Parliament in November 2022 and the Climate-related Financial Disclosure proposed by the SEC in March 2022, this is about to change.
The International Sustainability Standards Board (ISSB) is responsible for developing reporting standards/requirements under the CSRD, and the SEC is expected to publish its final disclosure mandate for public companies by mid-2023. Both regulations aim to standardize sustainability (ESG) reporting and mandate businesses to disclose their relevant performance in a consistent manner.
To address these incoming regulatory requirements, companies need to take the following actions:
Traditionally, ESG governance addresses topics such as corporate ethical standards, board diversity, executive pay and transparency. With the new “socially” enabled, sustainability-bound (ESG and DEI) regulations, the governance must expand to focus on material impact and related ecosystem risks associated with the company’s own operations as well as those in the ecosystem value network. This will require a board-led effort to perform a new round of materiality assessment, formulate new strategies and governance structure, and set up policies governing operations such as the transformation of supply chain operating models to a supply ecosystem network operating model and economics.
From the board level down, companies must appoint a leadership team accountable for addressing these regulatory and social branding requirements. The German LkSG and the EU’s CSDD both aim for human rights protections, safe working conditions and sound labor practices concerning supply chain operations. Companies subject to either jurisdiction are required to establish due diligence procedures and practices for preventative measures as well as remedial actions. The leader of accountability should partner with compliance and other business functions such as supply chain to ensure that due diligence procedures and risk mitigation measures are in place, and that relevant disclosures are in full compliance with the regulatory bodies.
Risk identification is a critical process, as the global supply chain often has hotspots where local laws are lax, and businesses are prone to violations such as modern slavery and unfair labor practices. Companies of all sizes can have vulnerability in the supply chain and are potentially liable for penalties, such as fines up to 2% of a company’s annual revenue, and deprivation of a government contract for an extended period, if they are non-compliant. These legal ramifications require an understanding of the full extent of the regulations, and the step-by-step due diligence procedures necessary to mitigate the supply chain risks.
Company associates in key business functions such as procurement must be fully equipped to deal with risks in the extended supply chain. This will require policy updates and knowledge of the relevant regulations and geographies/jurisdictions where key supply bases are located. In addition, real-time risk monitoring applications and analytics should be available to these associates who are in the frontline of risk detection and mitigation.
Companies are most vulnerable when they lack supply chain visibility. This is a major hurdle when dealing with a multi-tiered supply network, especially among sub-tier suppliers. Nonetheless, faced with potential legal liability, companies must take steps to map supply chain visibility and identify where potential risks are. Suppliers in jurisdictions that are lax in human rights and labor protection are especially vulnerable and risky. As a risk-mitigation measure, supply chain visibility and analytics are critical.
Along with risk identification, companies need to examine where process and data gaps exist. Adopting digital technology and a cloud-based platform are key enablers to simplify data gathering and streamline supply chain risk management processes. Since the bulk of supply chain data (a corporate asset) comes from outside an enterprise, engaging direct suppliers and their sub-tiers to onboard to a digital platform are key success factors for building a connected ecosystem, and visibility thereafter. Supply chain visibility not only facilitates risk mitigation but also provides opportunities for resiliency.
Regulatory developments globally represent a new facet of ESG compliance, and reflect the increase in both investor and public scrutiny. Companies must act now to ensure a digital infrastructure, compliant behavior and industry-consistent policies. They must implement processes and metrics that are “now” ready, and suitable to become “future” ready compliant. Further, companies must leverage their new ESG narratives to begin achieving the sustainable and circular economy consumers demand.
Timely, incisive articles delivered directly to your inbox.