Boards are required by company law and exchange listing requirements to oversee the firm’s risks, risk responses and risk management processes. This means boards have a responsibility to ensure that management is following best practices for ESG risk. We recommend the following four-step framework.
STEP 1 - Identify ESG Risks: Since ESG risks can be viewed as stemming from corporate effects on and interactions with stakeholders, executives should begin the risk identification process by considering their companies’ impact on stakeholders throughout the supply chain. The importance for corporate management of taking into account the interests and concerns of a broad set of stakeholders — including the environment and future generations — becomes especially important when one recognizes that nine of the top 10 risks cited in the 2023 World Economic Forum’s Global Risk Report relate to environmental, social and governance threats.
The following eight prompts can be used to identify potential sources of ESG risk:
In addition, estimating the likelihood of an ESG risk event occurring and its duration is challenging as ESG risks may materialize overnight (e.g. #metoo events) or take longer to surface (e.g. excessive GHG emissions). It is common for companies to think about and communicate their sense of their material risk events using ‘risk heat maps’ (such as those proposed by ISO’s 31000 release issued in 2018). However, risk heat maps are not optimal for capturing the dynamic materiality of ESG risks, because risks with low scores are not displayed on the heat map and thus may fly under the board’s radar. ESG risks judged to have a medium-to-high impact and a low likelihood in the short term may not be displayed or prioritized, but still may quickly creep up on the firm and cause real financial damage.
To prevent the directors from losing sight of the ESG risk events estimated to have a low likelihood of occurring, we recommend the use of a “risk radar map." Such a map shows different time horizons (e.g. short, medium and long) and displays ESG risks based on their impact (colour-coded based on severity). A map for petrochemical industry, for example, would display a ban on single-use plastics may be coded bright pink since its impact is judged to be extreme and shown in the outermost concentric circle of the risk radar map, reflecting the expectation that a ban on single-use plastics may occur in the next five to 10 years.
STEP 3 – Mitigate ESG Risk: Once the firm’s ESG risks are identified and scored, management develops risk responses or mitigation strategies for managing material ESG risks and presents these to the board for approval and/or as part of the oversight of its ESG strategy. One proactive risk response that companies can undertake is voluntary self-regulation. For example, Apple stated it will have a carbon-neutral supply chain by 2030 and Nestlé committed to spending $3.6 billion in the next five years to become carbon neutral by 2050. Maple Leaf Foods’ voting agenda uses internal carbon pricing to encourage its managers to prepare for a low carbon future and Unilever pledged that all its employees as well as its suppliers’ employees will be paid a living wage by 2030.
If a company’s negative ESG impacts are easily discernable by third parties, self-regulation can be effective, especially if rivals are not able (or willing) to follow suit. But if a company’s negative impact is difficult to distinguish from that of its competitors (say, the focal firm cuts its emissions into a local river by 99 per cent while its upstream rivals continue to pollute the same river,) then collective action is a better alternative for managing that risk.
Companies intent on pursuing collective action can form industry or trade associations in which all members of the association voluntarily agree to reduce their harmful ESG effects, disclose their impact and achieve certification. For collective action to be a successful tactic to manage ESG risks, companies must agree to third-party audits of their ESG performance. One advantage of self-regulation is that companies may avoid stricter regulations in the long term. A possible disadvantage is that it may decrease the firm’s profitability in the short term, and even place it in an unfavourable competitive position relative to those rivals who refuse to join the industry association and self-regulate. However, the risk of being at a competitive disadvantage is low if there is a large potential for new regulations, such as the introduction of carbon taxes.
Some kinds of ESG risks, such as those associated with failure to achieve expectations for equity, diversity and inclusion, can prove to be not only material but resistant to direct mitigation efforts. Research has found evidence of what appears to be a near-universal unconscious cognitive bias: Most of us seem to prefer to hire and work with people like us. Although most companies claim to be merit-based when recruiting, mentoring and promoting employees, cognitive bias tends to work to reinforce rather than reduce inequality. To limit this risk, companies should consider the use of targets, disclosures and third-party audits to address the unconscious bias hindering minorities from being hired, mentored and promoted in firms. Boards can set the tone at the top by mandating that the nomination committee improve the diversity of their directors, with the aim of having boards that mirror the diversity of their stakeholders. Canadian railway CN has announced its intent to have at least 50 per cent of its independent directors mirror its customers and the communities in which it operates.
To support the success of ESG risk responses, boards should review their corporate incentive plans to ensure alignment. Corporate incentive systems send strong signals to stakeholders about what is important to the firm and motivate executives to improve the firm’s ESG performance. To demonstrate that ESG risk management is critical, boards should revise the firm’s executive incentive plan to include metrics relating to material
ESG risks such as carbon emissions or diversity targets. As two examples, McDonald’s now ties 15 per cent of its CEO’s bonus to success in achieving diversity goals among its senior leadership team, and Shell Oil has included emission reduction goals in its CEO’s bonus since 2018.
STEP 4 – Monitor ESG Risks: All identified ESG risks should be assigned to senior executives who then become responsible for the implementation of approved risk responses. The board then regularly monitors emerging risks and the effectiveness of the approved ESG-risk responses.
To be sure, effective monitoring of ESG risk is likely to prove challenging for most board members. Consider, for example, the emerging ESG risk that now surrounds the use of AI to enhance employee decision-making. As more companies introduce AI, boards need to understand how AI works, its data sources, how the third-party AI provider shares companies’ data, and any systemic biases that AI may introduce into the firm’s decision-making.
To address the lack of ESG risk oversight expertise, boards should consider using a skills matrix to assess what expertise and risk literacy they require to effectively oversee ESG risks. Once identified, boards should train existing members in risk literacy and ESG issues or actively recruit new board members who possess these capabilities as well as reflect the diversity of the firms’ stakeholders.
A second challenge for boards is that the responsibility to oversee ESG risks is typically spread across different board committees, many of which lack the time to effectively address them. Environmental risks are typically dealt with by the Audit and Risk Committee, while social risks relating to employees and executives are often dealt with by the HR or Health and Safety Committee. Given that existing board committees have full agendas, boards should evaluate the merits of establishing a separate ESG committee that focuses on overseeing the firm’s ESG risks, performance and reporting. The ESG committee should engage with stakeholders on a regular basis to continuously reassess the materiality of ESG risks, anticipate emerging ones and ensure that the firm’s risk responses are working to keep it within its overall risk tolerance.
ESG risks such as those associated with climate change, water scarcity and concerns about diversity and inclusion are growing in materiality, posing increased financial risks to companies. In the near term, boards and executives must collaborate with corporate stakeholders to identify, assess, manage, oversee and report material ESG risks. In the longer term, corporate survival is likely to depend on fully integrating ESG risks into the firm’s ERM system, business model, capital allocation process and operations.
As the Canadian Pension Plan Investment Board recently stated, “companies that integrate consideration of ESG related risks and opportunities are more likely to preserve and create long-term value." Many companies have a long way to go to achieve such integration. But make no mistake: failure to responsibly manage ESG risks may result in a loss of public confidence, and ultimately in the loss of the company’s social license to operate.
First Published: Aug 07, 2024, 14:51
Subscribe Now