Firms are being pushed to pursue a cleaner, greener, more equitable and ethical world. But it’s not easy being sustainable
If you’re a risk management leader, your job is stressful. There is a steady – and growing – drumbeat of new environmental, social, and governance (ESG) regulations coming into effect from within some of the world’s largest economies.
These new regulations impact risk management leaders across the entire supply chain ecosystem, both direct and indirect.
Conflict minerals legislation. Modern slavery laws. Environmental and sustainability regulations. Labor protection laws. Social justice provisions. Business functions – from supply chain and procurement to general counsel and enterprise risk management – have been pressed into service in pursuit of a cleaner, greener, more equitable and ethical world. But it’s not easy being sustainable.
It can be difficult for business leaders whose jobs involve managing risk to remain in lockstep with new ESG regulations and the changing business requirements happening underfoot, much less to do it in harmony with the rest of the enterprise.
Here is how you and your team can do it – and not burn yourselves out.
Align with the rest of the enterprise
Governance, risk management, and compliance affect distinct parts of an enterprise and in different ways.
Business leaders whose functions manage risk, such as general counsel, IT, procurement, and supply chain, need to collaborate and align their business processes with each other as new ESG laws and regulations are introduced so they drive enterprise-wide compliance.
Joint working groups can assess and verify a law’s relevance, apprise members of key points (eg, enforcement dates, requirements, penalties for non-compliance, etc.), and identify gaps in response measures.
Ideally, each team affected by a law or regulation aligns their compliance efforts with the next to drive organisational efficiency and harmony.
Know your team’s legal requirements
Change happens fast. Decision makers must continuously identify new or changed ESG regulations (eg, the Uyghur Forced Labor Prevention Act, SEC Climate change disclosures) and understand their teams’ legal requirements. They can use sources of regulatory insight to stay informed.
Insight can come from internal sources, notably general counsel’s offices; but also, third-party legal data and risk intelligence providers. These data sources can integrate with automated risk intelligence dashboards, ESG compliance solutions, and third-party risk management solutions; or they can be delivered as standalone resources.
Get informed, stay informed, and know your team’s ESG requirements. Enforcement measures can be swift, expensive, and can jeopardise the financial stability of businesses.
Ditch spreadsheets for automated solutions
Tracking ESG laws and regulations, compiling third-party data and information sources, and assessing organisational impact cannot be done well, or comprehensively, with spreadsheets. This is an archaic approach that invites employee burnout, organizational non-compliance, and ultimately disaster.
Digital, automated ESG compliance tools can make your job – and your team’s jobs – easier. They can automate and integrate every step of your ESG program, so you no longer need to complete each task manually or independently of one another.
They can assess suppliers and third parties to determine whether they help you meet your company’s compliance obligations. They can enable you to streamline your ESG programs with risk intelligence, and intelligently drive continuous risk monitoring and assessment.
Conduct regular supplier assessments
Conducting supplier due diligence and performing risk assessments in compliance with ESG requirements is not only the law, but also a sound business practice.
What’s more: with so many ESG laws and regulations on the books, companies must assess suppliers against different due diligence and risk criteria in order to comply with each one.
Companies need automated solutions that can store and track various regulatory assessments, including for the same supplier. Additionally, they need tools that facilitate reporting to governing bodies and are auditable by compliance officers and third-party auditors.
Beyond initial checks and assessments, risk management teams should continuously monitor their supplier base for ESG compliance and violations. Continuous monitoring is the gold standard.
Adopt solutions that are flexible and scalable
Businesses also need flexible ESG compliance solutions that track changes to all relevant laws and regulations, apply them to supplier assessments, and scale across the extended enterprise.
After all, companies will be bound by multiple different laws, regulations, and standards across different jurisdictions (eg, states, countries, and economic blocs) that could impact some or all parts of their extended enterprise.
For example, a procurement team in a US manufacturer may need to track and assess its supplier base for conflict minerals, human rights violations, and environmental impact in the Democratic Republic of Congo to follow three different ESG laws. The team would need compliance solutions that are flexible and holistic and can keep them organised and on track to fulfill each law’s requirements.
They also need solutions that drive enterprise-wide efficiency and synergy, because other teams within that manufacturer, such as general counsel, may also need access to that information.
The proliferation of ESG laws and regulations across the globe continues. Businesses need to be able to keep pace with these changes and conserve their and their team’s energy.
This is a marathon, not a sprint. Leaders can enable their entire value chain by automating their processes and thinking long-term about ESG compliance.
Eric Hensley is chief technology officer and chief security officer at Aravo
No comments yet