How to manage ESG risk across your third-party ecosystem

What organizations can do now to mitigate environmental, social and governance (ESG) risk amid accelerated change.

Business leaders increasingly indicate that third-party risk and resilience are the key issues keeping them up at night. This, combined with the current environment of multiple pressure points driving the change agenda, is why a growing number of business leaders are asking these four questions:

• How will the ongoing pandemic and future disruptions impact the resilience of the organization’s third parties?
• How will today’s challenges affect the financial health of the organization’s global third-party ecosystem?
• How will environmental, social and governance (ESG) issues impact the organization’s third-party risk management (TPRM) going forward?
• How will the organization focus ongoing monitoring to keep pace with the shifting landscape?

One topic noted above — ESG considerations — is top of mind for many leading organizations, but it has received limited attention in relation to TPRM. Although interest in ESG matters continues to grow, leaders must also consider a holistic approach to bring their ESG commitments to life through their TPRM programs beyond the focus of supply chain sustainability and transparency — enabling the business to recognize the upside opportunity to lead the way toward a sustainable future.

Heightened stakeholder focus on ESG matters

Many predict that heightened stakeholder focus on ESG matters will continue and cascade to a company’s broader third-party ecosystem. According to the EY Climate Change and Sustainability Services (CCaSS) fifth global institutional investor survey, 72% of investors conduct a structured and formal review of nonfinancial disclosures, while approximately 40% said companies do not adequately disclose ESG-related risks. Investors surveyed say that there is a missing connection between ESG reporting and mainstream financial information provided. This connection is crucial, as it provides investors with insight into how companies plan to create, measure and communicate long-term value.

The survey also found that usage of nonfinancial information to determine value has been trending upward. 

Beyond disclosures, financial institutions and consumers are increasing their focus on ESG matters. According to the EY Future Consumer Index, about 33% of consumers surveyed said their choices would be guided by environmental or social concerns, while over half of banks cited environmental issues and climate change as key emerging risks — up over 40% year over year.¹  While stakeholder focus is increasing, the degree of disclosures and related quality is lagging. Per the 2019 EY Global Climate Risk Disclosure Barometer, 54% of the 970 companies surveyed disclose climate change-related risks, with only 27% of those disclosures across governance, strategy, risk management and metrics considered high quality. This demonstrates a significant gap in the integration of climate risk and associated impacts into the overall enterprise risk management process, including the third-party ecosystem.

This increased focus on ESG considerations, along with investor concerns that companies do not adequately disclose ESG-related risks, should put an organization’s third-party ecosystem front and center.

The need to integrate ESG matters into TPRM and procurement life cycles

Every ESG commitment the organization makes should be embedded across the three lines of the business and supported by respective third parties, and leadership should be able to validate that these third parties are aligned with its ESG posture in the market — supporting the organization’s strategic priorities. For example, if the organization commits to reducing its carbon footprint, abiding by global modern slavery acts, or improving diversity and veteran inclusiveness, it is imperative for its third-party ecosystem to be aligned with these principles to manage the respective transition (e.g., brand, regulatory) risks. This will facilitate compliance with applicable laws and regulations, while mitigating the risk to the brand around accusations of “greenwashing,” “social washing” or similar forms of misrepresentation.

At least 125 countries, including half of the G20 international forum, have committed to net-zero carbon emissions by 2050, underscoring that sustainability efforts and ESG thinking are here to stay. This is why organizations must confirm that their third parties’ approach to ESG matters is aligned with that of the organization. Leading by example to help build a better working world, the global EY organization will be carbon negative in 2021 and net zero in 2025, requiring 75% of its third-party suppliers (by spend) to set science-based carbon reduction targets no later than fiscal year 2025 (click here to learn more).

Increased transparency and awareness of ESG-related third-party risks also improve end-to-end visibility and resilience of the third-party ecosystem. For example, a company with social or climate risk trend visibility across its third-party ecosystem may be better prepared to respond and recover from an incident by shifting activities to another location and/or third party in advance of or in response to that incident. In early 2020, companies struggled to adapt when third parties were unable to provide services due to production shutdowns, and countries around the world faced shortages of essential supplies.

There are three key steps to embed an ESG mindset in an organization’s TPRM program to facilitate alignment and integration with its strategy and objectives:

Leading ESG practices for the road ahead

Organizations that incorporate an ESG posture into their TPRM programs stay one step ahead of the game and minimize negative impacts as investors, regulators and consumers place increasing focus on ESG concerns while also recognizing the upside opportunity of ESG programs. For instance, this approach may improve lending terms and enable the global growth of sustainable finance (e.g., financial services that incentivize the integration of long-term ESG criteria into business decisions). ESG-incentivized loans have grown in popularity around the world, including within Europe, Australia and Singapore. Conversely, a reduced focus on ESG considerations may adversely impact access to capital as this lack of insight may drive investors to raise an organization’s risk profile, ultimately hindering growth.

Regulatory developments are indicating future trends

Regulators who championed increased banking regulations and legislation in the past are looking at enhancing ESG oversight, signaling what is to come across both the financial services and nonfinancial services sectors that may further impact TPRM-related regulation. For example, in the European Banking Authority (EBA) 2018 Annual Report, the EBA identified sustainable finance as a key focus area in the coming years, including “how ESG considerations can be incorporated into the regulatory and supervisory framework of EU (European Union) credit institutions.”

In the United States, the New York Department of Financial Services (NYDFS) issued guidance on how financial institutions should address climate change. In a letter issued on October 29, 2020, the NYDFS highlighted several climate-related risks for consideration, including transition risk, physical risk, risks to depository and non-depository institutions, and the possibility that traditional risk management tools may not sufficiently address the distinctive characteristics of climate change.

Social risks are also of concern to regulators. When questioned about the importance of representation of people of color and women in the insurance industry, NYDFS Superintendent Linda Lacewell stated, “To the extent that we as a regulator oversee the safety and soundness of financial institutions under our purview, it’s well within our prerogative to say — and we do — how are you doing on diversity? Because that makes you a stronger institution, and it’s of interest to us as we look at how you are dealing with all the evolving risks and challenges.”²

At the same time, in August 2020, the US Securities and Exchange Commission (SEC) adopted final amendments to modernize Regulation S-K disclosures. One amendment to Item 101(c) requires registrants to provide a description of their human capital resources to the extent that such disclosure would be material to an understanding of their business.³ This includes the number of persons employed by the registrant, as well as any human capital measures or objectives that the registrant focuses on in managing the business. While the amendments also addressed other disclosures relating to business, legal proceedings and risk factors, then-SEC Chairman Jay Clayton noted that he was “… particularly supportive of the increased focus on human capital disclosures, which for various industries and companies can be an important driver of long-term value.”⁴ Other ESG factors and requirements have been around since 2010, with the last Regulation S-K updates covering climate change. The new presidential administration in the US has shifted the focus to further enhance these requirements to cover human capital, and there will likely be enhanced scrutiny of these topics in the future.

Beyond meeting investor and regulatory expectations, organizations should be prepared to face evolving consumer attitudes toward ESG considerations. According to the EY Megatrends 2020 report, Gen Z identified climate change, pollution and the loss of natural resources as important global issues. The report predicts that Gen Z activists are likely to continue to emerge and demand action from businesses and governments around the globe. Consequently, adoption of ESG business practices will not only boost an organization’s brand image but will also enhance its ability to attract and retain talent as future generations join the workforce.