Post By :Kristy Grant-Hart, Chief Executive Officer, Spark Compliance Consulting
The hottest three letters in the corporate world are “ESG.” While we’ve all heard of ESG, there is very little information about who should take on this new blended responsibility in companies. No one has a degree specifically in ESG (yet). In most companies, no singular function has been tasked with managing these new initiatives. Since few companies are hiring new people to run ESG, the question becomes which person or department should oversee it? The answer is Compliance. Why?
- Compliance Knows how to Create the Framework
- Compliance Already Reports to the Board and Handles Governance
- Compliance has Always Worked Cross-Functionally
- Compliance Already Runs Third-Party Due Diligence
- Compliance Already Handles Code Violations/Investigations
- Compliance is Used to High-Stakes Problems
Let’s look at each reason in detail as we build the case that Compliance should be the home of ESG initiatives.
Compliance Knows how to Create the Framework
The US Federal Sentencing Guidelines sets out the seven elements of an effective compliance program…which it just so happens can be used incredibly effectively to create an ESG framework.
While there are many standards for ESG out there (e.g., SASB), the standards don’t typically explain how to create a program to meet the standards. For example, SASB states that its framework “sets out the basic concepts, principles, definitions, and objectives that guide SASB in its approach to setting standards for sustainability accounting; it provides an overview of sustainability accounting, describing its objectives and audience.” The standards help companies to set their ESG goals and identify areas that should be tracked based on industry but don’t describe how corporations can create the structure to meet them.
Compliance officers know how to do this. Create policies and procedures, give training where necessary, send communications, create metrics and measurements, apply third-party and employee due diligence, report to the board/management on the initiative, perform investigations and apply discipline where required…all activities that the Compliance team does all day long.
Compliance Already Reports to the Board and Handles Governance
A compelling reason Compliance should be tasked with ESG is because Compliance is already in the boardroom (or at least, it should be according to mountains of regulatory guidance and statements from the US Department of Justice). Compliance already reports to the board about new laws, regulatory trends, investigations data, and more. Adding ESG elements is a natural evolution of the current remit of the Compliance Officer with respect to board engagement and reporting.
Additionally, in many compliance programs, Compliance manages governance or is involved in corporate governance. Compliance officers are expected to have relationships with board members and are frequently included in non-executive sessions. Expanding these to include ESG just makes sense.
Compliance has Always Worked Cross-Functionally
Compliance has always been tasked with cross-functional work. Whether instituting training or getting the business on board with the due diligence program, Compliance’s job has always involved getting other functions to work with them to facilitate the compliance program.
Recently, new laws have come about intensifying this trend. The European General Data Protection Regulation (GDPR) and new state laws in the US have created the need for cross-functional participation to comply with data privacy regulations. Compliance is frequently tasked with managing data privacy issues. Compliance works with Information Technology, Information Security, Legal, HR, and others to ensure compliance with these laws. Compliance with modern slavery laws is frequently assigned to Compliance to manage, as are conflict mineral laws and others requiring a cross-functional approach.
Because of Compliance’s experience running multi-functional teams to comply with these types of laws, Compliance is uniquely situated to take over the ESG program and to run it similarly to the ways it runs programs to comply with complex laws.
Compliance Already Runs Third-Party Due Diligence
Most ESG frameworks have a strong focus on third-party relationships. This includes requiring third-parties to fill out supplier questionnaires, sign onto Supplier Codes of Conduct, sign attestations, fill out due diligence questionnaires, and report on their environmental and social activities. In most companies, Compliance owns the anti-bribery third-party due diligence process, which means it is uniquely situated to expand that process to include ESG-related third-party due diligence into its remit.
Adverse media searches can be expanded to include terms relating to environmental and social issues. Enhanced due diligence can be applied to higher-risk third-parties using existing third-party management processes and technology. Compliance is already doing this work, so expanding it will be a much easier answer than setting up brand new systems to manage ESG risk.
Compliance Already Handles Code Violations/Investigations
In most companies, whistleblower hotline calls and reports of violations of the Code of Conduct are routed through Compliance. Many calls relate to HR issues that are included in the Social remit of ESG. These include discrimination (diversity/inclusion), bullying, and harassment. There may also be reports of health, safety, and environmental misconduct.
Compliance departments typically handle investigations. Even where the investigations are handed to another department to execute -say HR or Audit – Compliance still typically oversees the investigation and case management software to ensure that the cases are closed out. Thus once again, Compliance is the hub of activity affecting ESG priorities.
Compliance is Used to High-Stakes Problems
Compliance officers are used to high-stakes situations. From handling bribery concerns to regulatory investigations, they know how to manage the potential for large fines and reputational damage. To a very real degree, Compliance already handles higher-risk activities than most ESG initiatives. Should a disaster strike, Compliance is ready.
ESG initiatives are an important area of growth for companies. Holding companies responsible and accountable for their management of environmental, social and governance concerns is a noble undertaking. Because of Compliance officers’ unique skillset and pre-existing responsibilities, Compliance is the best place for ESG to sit in any organization.
Whilst ESG is the latest acronym it shouldn’t be anything new to an organisation. The elements it is looking at already exist within most organisation (social = effective people management and community engagement; governance is around risk management and an effective corporate structure; environment is about understanding and managing environmental impact), the challenge is consolidating information in a structured way.
Whilst I agree that compliance is well placed to be a coordinating function I don’t agree with the reasons given for this other than the experience of facilitating across functions. What is needed is the development of reporting metrics e.g. use of GRI standards, and presenting these within existing reports. The elements covered in due diligence and through speak up is only a very small element.
An element not covered is around integrity and ethics i.e. the integrity and confidence in the external statements being which is where ethics and compliance department can add real value.
ESG should not be about changing how an organisation operates. It is about recognising where within existing operating frameworks ESG elements are managed and reported – a coordinating role that should leverage current operating principles rather than establishing new frameworks.
Thanks for your insights. While it is true that some companies have maturity in environmental, social and governance, many do not. For those companies especially, I think Compliance is a good ringleader to pull together the various stakeholders to coordinate a program.
Many of our clients are using their third-party due diligence procedures extensively to support the sustainability and social elements of ESG because supply chain due diligence is critical for their ESG programs. Perhaps that has not been true at the companies with which you’ve been associated.
I agree with you that someone needs to coordinate the ESG elements at a company, and my article advocates that the department best qualified to do that is Compliance. Where do you think it should live? Have a nice weekend.
Comments are closed.