With so many shocks to global supply chain operations, corporations must continue to raise their efforts to assess the different forms of risk to their business continuity, operational effectiveness and overall profitability.

Third-Party Risk Management in today’s regulatory landscape is difficult and is becoming even more challenging with growing consciousness around environmental, social and governance (ESG) issues. Yet, the highest performing businesses recognize the business case for ESG; a report from Morningstar found that 88% of organizations with high ESG index ratings outperformed their market equivalents for five years through the end of 2020.

At the same time, a recent study shows that only 45% of companies actively track ESG risks in their extended ecosystem. ESG-related issues carry significant reputational and operational risks. Traditional supply chain risk factors encompassed technical quality, cost effectiveness, speed of delivery and reliability. However, ESG factors are increasingly gaining in importance and span a variety of topics:

• Environmental pollution – waste management, power consumption and energy use, transportation and shipping

• Shortages of raw materials and natural resources

• Workforce health and safety incidents

• Labor disputes

• Corruption and bribery

• Geopolitical considerations

Current and emerging disruptions underscore the importance of being able to respond to systemic shocks, while the COVID-19 pandemic has exposed weaknesses across the third-party ecosystem (e.g., suppliers, vendors, consumers, partnerships, alliances, fourth parties).

Without focused management of these risks, investors and consumers may lose trust, which spur greater reduction of sales and funding, as well as increased difficulty in attracting talent. It can’t be assumed that vendors hold themselves to the same standards as the organization. At the same time, ESG-related risk in your organization’s third parties can be easily overlooked while the organization focuses on its own ESG initiatives. 

Remember, a third party’s ESG risk is the organization’s risk. The world has turned its attention towards the key issues ESG addresses – climate change, human rights abuses, responsible resource use and more – making it mission-critical that organizations understand their vendors’ practices. Affiliation with an organization that violates ESG regulations can directly impact the organization’s profitability and continuity.

Key questions for business leaders to explore as they face increasing ESG pressure points:

• How will the pandemic and future shocks impact the resilience of third parties associated with my organization?

• How will current supply chain issues and other global challenges affect the financial health of my third-party ecosystem?

• How will ESG issues impact my organization’s third=party risk management (TPRM) going forward?

• How will the organization focus ongoing monitoring to keep pace with the shifting landscape?

ESG reporting mandates today

Business leaders must understand the most prevalent ESG reporting mandates to be on the lookout for in the years to come to make sure their vendors’ ESG practices are aligned with their own to prepare for emerging ESG mandates.

• US Foreign Corrupt Practices Act: Improves corporate governance practices by requiring companies listed in the US to keep records and maintain internal accounting controls to detect transactions that could be considered as bribery

• European Corporate Due Diligence Act: Aims to unify European Union (EU) member states’ approaches to enforcing human rights and environmental laws at the weakest points in organization’s value chains—their third party relationships

• Dodd-Frank Act – Section 1502 (US Conflict Minerals Law): Requires US publicly-listed companies to check their supply chains for tin, tungsten, tantalum and gold, if they might originate in Congo or its neighbors, take steps to address any risks they find, and to report on their efforts every year to the US Securities and Exchange Commission (SEC). Companies are not encouraged to stop sourcing from this region but are required to show they are working with the appropriate care—what is now known as “due diligence”—to make sure they are not funding armed groups or human rights abuses

• UK Bribery Act: Encourages companies to validate supplier anti-bribery practices with external verification and monitoring

• UK Modern Slavery Act: Designed to combat modern slavery in the UK and consolidates previous offenses relating to trafficking and slavery. Organizations must produce a transparency statement that includes details of any steps taken during the relevant financial year to ensure that modern slavery does not occur in the organization and its supply chains

• Dutch Child Labor Due Diligence Act: Requires companies selling goods and services to Dutch end-users to determine whether child labor occurs in their supply chains. If so, companies must set out a plan to combat it and issue a due diligence statement on their investigation and plan of action 

• Australia Modern Slavery Bill: Requires large Australian and foreign entities operating in Australia to report annually on the risks of modern slavery in their operations and supply chains and the actions taken to address those risks

• California Transparency in Supply Chains Act: Geared towards providing consumers with critical information about companies’ efforts to prevent and drive out human trafficking and slavery in their supply chains – both domestically and internationally.  Organizations that operate in California are required to disclose on their website their efforts to eradicate slavery and human trafficking from their direct supply chain for tangible goods offered for sale

These mandates don’t paint with a broad stroke across every organization’s focus, size and location, but they are important to be aware of. Organizations should understand their third party’s practices around these mandates to protect against ESG-related risk.

Looking ahead – anticipated ESG reporting mandates

As ESG gains traction, more mandates are expected to be introduced as early as the end of 2021. This includes one of the most encompassing mandatory due diligence and disclosure mandates yet —   Mandatory Corporate Human Rights and Environmental Due Diligence from Europe. This regulation, and those below, set the tone for the most stringent regulations in the years to come: 

• Transparency In Supply Chains Act (Canada): Imposes obligations on Canadian businesses to take steps to prevent the use of modern slavery in their overseas supply chains and create reporting obligations on qualifying entities, including completion of a supply chain questionnaire on a company’s policies and procedures related to forced labor, child labor and human trafficking

• Uyghur Forced Labor Prevention Act (United States): Imposes various restrictions on China’s Xinjiang Uyghur Autonomous region, including prohibiting certain imports from Xinjiang and imposing sanctions on those responsible for human rights violations there

• Mandatory Corporate Human Rights and Environmental Due Diligence (Europe): Imposes requirements on companies to conduct environmental and human rights due diligence within their supply chains, including their operations, direct and indirect business relations and investment chains. The proposed rules would apply to any company that operates within the EU market, regardless of whether or not they are established in the EU

• Initiative Multinationales Responsables (Switzerland): Similar to the E.U.’s Mandatory Corporate Human Rights and Environmental Due Diligence, this initiative establishes mandatory due diligence for environmental and human rights issues. Firms would be liable for any human rights abuses, and environmental violations caused abroad by companies under their control

The growing list of mandates offers a taste of what’s to come for ESG reporting. Even if your organization has a solid ESG posture, there’s likely to be weaknesses within your vendor population. Organizations should prepare by taking a proactive approach to managing ESG-related risk in their third parties.  

With public scrutiny of ESG practices on the rise and the increase of related penalties, there is no shortage of reasons for leaders to leverage best practices for third-party ESG risk management. How can leaders get started? We’ve compiled a list of best practices to get started.

1. Create centralized program – Tackling ESG-related risk in your vendor population begins with a centralized third-party risk management program. Each vendor’s ESG-related risk areas should be determined and weighed before onboarding. ESG risk ratings can be leveraged to help the organization determine the frequency and scope of ongoing monitoring during the relationship. Depending on the organization’s priorities, it may be worthwhile to implement due diligence systems regarding key ESG-related risks in operations and the supply chain

2. Profile vendors to scope assessments – Categorize third parties based on industry, location, services performed, and regulatory profile can help to prioritize and plan ESG risk assessments

3. Perform initial due diligence – During the onboarding phase, check the new vendor against ESG databases such as watch/sanction lists, politically exposed persons list, security ratings, financial ratings and reputation/brand lists

4. Execute ongoing due diligence – Go beyond initial database checks by conducting automated third-party assessments that leverage regulatory-specific questionnaires and require evidence for validation

5. Reporting on key ESG requirements – Conduct regulatory-specific reporting and align ESG risks against cybersecurity, data privacy, and financial risks for a more holistic view of each third party

How can companies get started with ESG?

With more global leaders recognizing the risks related to climate change, expect to see all businesses come under scrutiny for their ESG practices. The best way to avoid any negative attention is to get ahead of the curve, by learning how to write a report before you are asked if you have one.

Where do you stand in your journey toward sustainability, climate leadership, and ESG investment/reporting?

See additional resources below:

• Getting Started with ESG

• Materiality Assessment

• Resources