Sponsored by ?

This article was paid for by a contributing third party.More Information.

Building resilience into ESG risk management

Building resilience into ESG risk management

Risk and resilience continue to play an important role in the navigation of an increasingly uncertain world. Fusion Risk Management explores why it is equally crucial for technology to support organisations in addressing pertinent environmental, social and governance (ESG) issues

Businesses today are facing greater unpredictability and becoming more vulnerable to emerging risks relating to ESG issues. Most recently, the global impact of the Covid‑19 pandemic has thrown such topics into sharp relief, encouraging consumers, investors and shareholders to prioritise concerns such as climate change, transparency, equality and ethical living.

The pressure on financial services firms to integrate ESG issues into systems, processes and overall decision-making is growing on all sides. Shareholders, investors and pension funds are all starting to make their voices heard on the link between corporate attention to ESG matters and business sustainability and resilience.

Consumers are also increasingly prioritising these concerns. Nearly half (44%) of banking customers across Europe see ESG issues as an “especially important” factor when choosing a bank or financial services provider, according to a May 2021 survey of 6,500 European banking customers by consultancy Kearney. One in four of those surveyed said they would switch institutions if they felt their bank was not engaged in these issues.

Furthermore, research by the Global Alliance on Banking Values shows banks that perform well on material ESG issues – for example, data security and customer privacy, and systemic risk management – outperform others lacking in these areas.

Most organisations already recognise the need to respond to these concerns. In fact, it is becoming increasingly clear to business leaders that a strong focus on ESG not only drives more sustainable, fair and community-minded enterprises, but is also good for the bottom line. As such attitudes permeate the business world, organisations are looking within to find teams and develop strategies that can help integrate this attitude into decision-making systems and processes.

Recent research reveals risk management teams are often charged with monitoring and managing such risks. According to a September 2021 poll of 250 attendees at a Fusion webinar, risk, resilience and compliance functions were tapped to lead these efforts at 65% of organisations. However, 61% of these have not yet started or are only starting to explore ESG issues.

For risk professionals in the early stages of establishing an ESG agenda for their organisations, the initial focus should be on determining what exactly it means for the company, its stakeholders and third-party suppliers. Finding the right tools to support a more sustainable and responsible approach in this area will also be crucial.

ESG and operational risk

From an op risk perspective, the impacts of environmental issues tend to stem from the potential for damage to physical assets. For instance, an extreme weather event might cause an oil refinery shutdown, or rising sea levels could compromise an organisation’s office space over time.

Social issues can range from data security at one end of the spectrum to issues of equality, social cohesion or labour relations on the other. “Social issues have really taken shape in a number of ways during the pandemic, particularly in relation to diversity, inclusion and the social obligations of enterprise to the broader community, as well as a new focus on employee health and safety, and mental health,” says Paula Fontana, senior director of product marketing at Fusion Risk Management. “But also, the thinking around the broader context of data security has evolved. Many companies are entrusted with customer data – how do we ensure we are being proper stewards of that information?”

A solid approach to managing and protecting the customer data flowing through internal systems is required, from both an ethical standpoint and to prevent the reputational risk arising from being at the centre of a data breach.

The ‘G’ in ESG – governance – typically relates to the policies and procedures in place to manage risk and support overall decision-making within a business. It encompasses issues such as conduct risk and fraud but, more than that, it is rooted in the transparency and fairness of a company’s operations in relation to its stakeholders and the wider world.

The interplay between risk and resilience

For many businesses, the Covid‑19 pandemic brought home the impact unprecedented events can have on businesses and their stakeholders. Similarly, organisations are increasingly being adversely affected by unexpected situations such as extreme weather events or political unrest. All of this has led to the need to have transparent, ethical and robust strategies in place to maintain operations. Risk managers have the skills and experience to scan and plan for ESG threats and opportunities.

Undoubtedly, regulation also plays an increasingly important role in encouraging organisations to create ESG-focused strategies. Risk and resilience professionals will need to keep current and upcoming requirements and standards in mind when developing strategies to manage ESG‑related risk.

The environment element of ESG regulation has been a particular focus for regulators over the past few decades. Globally, there are now more than 2,400 laws and policies relating to climate change alone, according to the London School of Economics’ Grantham Research Institute on Climate Change and the Environment. There was a 25-fold increase in climate-related laws and policies between 1997 and 2019, according to research from Herbert Smith Freehills.

Much of this legislation was triggered by government commitments to the Paris Agreement on climate change, which aims to limit global temperatures to 1.5° Celsius above pre-industrial levels. The agreement, which was adopted at the 2015 UN Climate Change Conference, COP21, underpinned the recent COP26 talks in Glasgow. This event is likely to further stimulate environmental policy-making efforts worldwide.

At present – particularly in areas such as climate risk – regulators’ focus is largely on disclosure and data collection. Current requirements will likely inform future ESG policies and evolving regulatory requirements. In line with this, most companies are focused on assessing the impact, working out vulnerabilities and testing responses. These strategies will develop in line with regulation and wider public interest, however.

Above all, technology will play a crucial role in underpinning the new operating model for modern enterprises that must increasingly ensure ESG is a central business consideration.

As ESG moves beyond mere compliance, organisations must develop better ways to anticipate and prepare by leveraging the information and insights that exist both within and outside of the organisation. Identifying these ESG risks and adding them to an organisation’s risk register will ensure they are prioritised at board level, with this focus filtering throughout the rest of the organisation as a result. Consideration of these issues must be integrated into systems and processes to influence decision-making as part of an organisation’s overall strategy.

Next-generation tech for ESG intelligence

Artificial intelligence (AI) and machine learning tools can support a fully automated strategy or a hybrid approach to ESG risk monitoring and management. “These tools can support a new operating model for the modern enterprise, which provides organisations with the ability to sense, prevent, prepare, test and respond to events,” Fontana explains. “By learning over time, these tools support a broader form of operational intelligence.”

Next-gen technology platforms can provide real-time data insights on ESG issues by drawing on internal information. External sources can also feed into these tools – not just third parties such as suppliers, but also regulators, market data providers and news sources. When combined with an organisation’s own enterprise data sources, this information provides a clear picture of how an organisation operates and its vulnerabilities, as well as testing and scenario-planning activities.

These tools can be used to address three major types of ESG-related concerns:

Risk sensing, registers and controls

AI and machine learning tools can be used to alert an organisation to material changes to the business environment and the likely impact on operations. Organisations can catalogue climate, social and governance risk to identify relevant issues, measure their impact and set relevant controls.

The ability to isolate relevant patterns, both internally and externally, supports a better understanding of the relationship between these material signals and an organisation’s risk position. This helps ensure the proper controls are in place to enable organisations to monitor and mitigate ESG issues over time.

Third-party assessment and collaboration

These tools can also strengthen connections with third-party organisations. This will further strengthen an organisation’s ability to plan for and react to uncertainty as ESG issues impact the primary business and its network of suppliers.

When onboarding and managing relationships with third parties on an ongoing basis, these tools can support a new level of collaboration that goes beyond simply sending out a survey to suppliers. This is critical to managing risk in an ESG world in which organisations must hold third parties to their own standards. Third-party vulnerabilities – whether reputational, or climate- or social-related – are essentially an extension of the organisation’s own operating fabric. Being able to detect those issues and work together on mitigation is crucial. As ESG climbs corporate agendas, considering the entire footprint of the organisation in this way – including third-party connections – will ensure resilience is fully integrated into the operational structure of the business.

Scenario-testing and incident management

Finally, risk and resilience teams can use technology to enhance stress-testing and incident management for ESG purposes. As organisations respond to climate-related, or political or social situations and events, it is crucial to have a plan of action in place that is based on quality data and analysis.

Technology can also be used to define important business services and map dependencies, as well as identifying key or at-risk assets in relation to specific scenarios such as extreme weather events or social unrest situations. Once any gaps or issues have been identified by these tools, they can also be used to create workflows to address these elements. This will strengthen the organisation’s risk management insights and potentially boost its compliance efforts.

Securing a resilient future

Having the ability to conduct identification, monitoring and testing activities – by integrating AI and machine learning platform solutions – will certainly strengthen an organisation’s approach to ESG. It can also provide organisations, as well as key stakeholders from investors and shareholders to consumers, with the confidence in business resilience and sustainability.

Cutting-edge technology and innovative tools are available for organisations that want to act now to implement a robust approach to ESG. This will pay dividends well beyond the benefits of preparedness and the ability to react quickly to emerging risks. This technology can provide a route to resilience as organisations try to understand and integrate changing ESG priorities in an increasingly uncertain world, and risk management can provide the best navigation system.

 

Take the next step towards operational resilience today

You need to sign in to use this feature. If you don’t have a Risk.net account, please register for a trial.

Sign in
You are currently on corporate access.

To use this feature you will need an individual account. If you have one already please sign in.

Sign in.

Alternatively you can request an individual account here