ESG is the Third Party Risk Management Category You Can No Longer Afford to Ignore

By Jag Lamba, Founder, Certa


As “once-in-a-century” storms happen more and more frequently, droughts proliferate, and energy prices soar to keep up with a rapidly changing climate, the writing is on the wall: we need to adapt to a new way of living on this planet. Notably, customers want to see steps taken by businesses to combat climate change, and increase sustainability, at home and across the country.

Many businesses have taken steps in recent decades toward sustainability, but the pressure to do so has never been as intense or as urgent as it is now. Half of companies in a 2021 Crowell survey responded that brand reputation and image are among the most significant factors driving their company to adopt and meet environmental goals.

These considerations are the E in ESG–which stands for Environmental, Social, and Governance–and is used when referring to any company-wide initiative that aims to address progress made toward these goals. Sustainability and environmental stewardship get the most notice and attention, though, and we’re starting to see more and more regulations put in place that businesses need to be aware of.

The first big ESG regulation put in place was the EU’s Corporate Sustainability Reporting Directive (CSRD). The CSRD puts in place clear rules on what ESG and sustainability disclosures will be required by law by firms doing business in that region, similar to how public companies disclose financial details. These come into effect in 2023, and it wouldn’t be a stretch to assume we’ll see similar policies put in place in the United States soon—in fact, earlier this year the SEC laid out their plan for similar rules that they propose businesses here adhere to in order to promote more sustainable and equitable business practices.

The shape of those rules, regulations, and penalties for not meeting them may be blurry right now–and the timeline is in flux–but it’s unlikely we go much longer without businesses needing a solid plan for tracking and reporting their ESG efforts.

Those potential penalties, not to mention the reputational hit companies could take, for not taking steps toward sustainability and properly tracking and reporting them represents an enormous risk category for businesses in the very near future, one that should not be ignored.

Most of the responsibility for managing this risk will fall to the same people that handle many third-party relationships: the procurement team. There are a couple of reasons why this is the case. First off, procurement departments have evolved in recent years to become a multi-function hub that goes beyond just managing spend—everything from information security, legal and compliance, privacy, and many finance functions now pass through the hub of procurement, and third-party risk management is a big aspect of each of those functions.

Second, as it turns out, most emissions that need to be tracked and reported for ESG regulations come from the supply chain partners that procurement works with—up to two-thirds of them. These are known as “Scope 3” emissions, with Scopes 1 and 2 coming from sources closer to the company itself. Per the EPA, “Scope 1 emissions are direct greenhouse emissions that occur from sources that are controlled or owned by an organization (e.g., emissions associated with fuel combustion in boilers, furnaces, vehicles). Scope 2 emissions are indirect GHG emissions associated with the purchase of electricity, steam, heat, or cooling.”

Proper risk management going forward requires a heavy focus on ESG, and means going through procurement first and foremost, as that department is in the best position to gather, store, and report data across functions. Avoiding fines and reputational damage that can result from ignoring or haphazardly going about ESG initiatives will be priorities for the coming decade, which means starting work on them today.

How can businesses prepare their teams now for the ESG regulations of the future? Five years down the road, it’s going to be painfully obvious which companies took a proactive stance and are leading the sustainability charge, and which operated in a reactionary way to whatever the issue of the day was.

Data collection is the most glaring need. Everything else follows from being able to collect master data around a company’s emissions, and it’s not something that can be enabled overnight. Transparency into the sources of emissions, how much is being produced, and managing them all in a single platform is crucial. Various departments and functions need to be able to report to one software system in procurement that can collect and analyze this formerly siloed information.

This only gets more complex as businesses factor in the emissions coming from their supply chain, which still need to be reported under the Scope 3 category. While there’s only so much a business can do to influence and encourage members of its supply chain to move in the right direction on reducing emissions and bettering sustainability, incentives and penalties such as increased or decreased spend with a supplier might be very effective. Alternatively, the company can take steps to replace suppliers that have poor ESG performance with others who score better on those metrics.

To sum up: preparing for the risks of an ESG-regulated future is not something companies should drag their feet on. It will take intentional and structural changes, particularly around procurement technology and processes, to build the data collection and reporting capabilities needed. But companies that start on these initiatives today will find themselves in a strong position relative to their competitors when regulations come into force, be less open to unforeseen risks, and can get a lot of mileage out of their sustainability work in the public eye.





Please enter your comment!
Please enter your name here