Skip to main content

Partnering with customers in search of lost trust in the new risk environment

A guide for consumer products and services companies

Environmental, social and governance (ESG) issues have been moving upward on senior executive agendas even before the Covid-19 pandemic. The past two years have accelerated that movement, particularly for consumer products and services companies.

ESG concerns find expression in consumer purchasing decisions, which are increasingly influenced by perceptions of organisational postures towards environmental stewardship, social justice and good governance. These concerns are also shared by current and potential employees, investors, suppliers, business partners, activists, the media and other stakeholders.

This means that companies in the consumer sector can build trust, gain competitive advantage and better manage risks by understanding stakeholders' ESG concerns and strengthening their controls accordingly. Those steps should be part of the organisation's journey to the Future of Controls.

However, strengthening ESG controls can present challenges. Controls have traditionally been geared mainly towards financial activities, product quality, and employee performance—not to ESG issues. Also, consider the broad range of ESG issues, which includes:

  • Sourcing, production, packaging and distribution practices that can impact the environment, with product content, waste management and carbon footprint being common concerns
  • Human resources matters, such as the presence of indentured or slave labour in the supply chain and issues of diversity and inclusion within the company and its partners
  • Regulatory compliance and matters related to executive compensation, investment policies, insider trading, bribery and economic sanctions
  • Treatment of animals in research and development and production activities, and company impacts on ecosystems and endangered species
  • Uses of customer data, including practices regarding data privacy, monitoring of behaviour and messages, and use of artificial intelligence and other evolving technologies
  • Executive and employee statements and behaviour in both their official and private lives, and support of specific political positions across the spectrum

Given this range of issues and the emotional weight they carry for many consumers, how can a company best respond?

This article begins to address that question in the context of responsible business and the required NextGen control environment.

Partner with consumers

Companies in the consumer sector rely on creating experiences and relationships that engage customers, preferably at an emotional level. Meanwhile, customers increasingly want to do business with companies that reflect—or at least do not contradict—their values.

Many consumers see themselves as "voting" with their purchases when they buy from companies with ESG practices that align with their values. Many will avoid buying from companies they see as not aligned with their values, and some try to "punish" them with negative reviews, social media messaging and word of mouth.

In this context, how can an organisation "partner with the customer" in practice?

Let's start by viewing the customer as playing a role in ESG risk management.

A fifth line of defence

Partnering goes beyond learning about your customers' buying behaviour and preferences for receiving alerts. It means engaging at a deeper level. One approach is to view your customers as participants in your risk management initiatives.

For example, the three lines of defence model of risk management has been widely adopted, to varying degrees, across most industries. It was supported by the Institute of Internal Auditors (IIA) in 2013 and by the Chartered Institute of Internal Auditors in 2017.

The three lines of defence are: the business (first line, which owns and manages risk), risk management functions (second line, which assists the first line with data, guidance, and tools) and internal audit (third line, which provides assurance regarding risk management effectiveness to senior leaders and the board). This model has been expanded to include external auditors (fourth line, which provides assurance to the organisation, investors and the public).

We propose that customers, in effect, constitute a fifth line, which provides the "last line of defence" in risk management. Customers provide that last line of defence through positive or negative buying behaviours, ratings, social media messaging and word of mouth.

Unfortunately, customers are often activated by a real or perceived breach of ESG standards. The breach may be regulatory, for example, when the organisation is censured by a government agency. Or it may be "unofficial" as when the media report that a CEO is unsupportive of diversity and inclusion. Even an incident at a vendor far down the supply chain can present risks in the form of consumers' responses to an event.

Partnering with customers enables you to get closer to them and to monitor and manage these risks more proactively.

Four steps to consider

Engagement around ESG enables you to enlist customers as participants in your approach to ESG risks.

Here are four steps to consider:

Customers in different demographic groups and geographies will have different ESG concerns, reflecting your industry, business model and markets. So, proactively engage customers and prospects to learn about specific concerns. Tools of engagement include brief surveys, focus groups, data analytics and social media monitoring, among others.

Identify the key ESG risks your organisation faces from the perspectives of regulators, suppliers, investors, the media and activists. These parties are not only important in themselves—they also influence consumers' views of an organisation. Additionally, regulators and investors are increasingly focussed on ESG risks and ongoing engagement will enable you to track their evolving concerns.

Your control environment may need to be updated to address the full range of ESG risks to your organisation. This process should include a review of your controls framework and extending the framework to account for specific ESG risks. Then you can design and embed the right controls into the relevant processes. You will also need data collection, analysis and reporting mechanisms to support your ESG risk management strategy. That strategy should be closely aligned with your business strategy.

Data collection and visualisation, voice recognition and artificial intelligence (AI) technologies can enable your organisation to integrate and automate controls. Embedding controls into processes enables employees to use them seamlessly as they do their jobs. Yet unless they are well-governed, those technologies can add new risks, for example when an AI system "learns" to discriminate against certain customer segments or potential employees. Given that data is intrinsic to digital technology, adequate cybersecurity and data privacy controls are essential.

Your stakeholders are at stake

Risks are now so interconnected that an ESG event can damage brand and reputation in ways that quickly translate to significant financial risks in the form of lost revenue, higher costs and hits to market value.

The pandemic and its impacts have intensified stakeholders' focus on ESG, but it is not the only issue or concern. Therefore, companies that sell to consumers should waste no time in assessing their approaches not only to addressing ESG risks, but the full range of applicable regulations. In that way, controls can demonstrate compliance with all applicable regulations and act as an enabler for winning and retaining consumers over the long run.

Your organisation's relationships with customers—and other stakeholders—are at stake.