Skip to main content

The Role of Compliance in ESG

A robust ESG Compliance strategy and roadmap are critical to accelerate financial institutions’ ESG Strategy

Given the increased attention on sustainability and the unique challenges for financial institutions of Environmental, social and governance (ESG) related risks there is a pressing need for the Compliance function to (re)define its role in order to ensure compliance with ESG regulation and manage ESG risks effectively.

European institutions are increasing their focus on sustainability in order to deliver on the Green Deal1 towards making Europe the first climate neutral continent in the world. For example the EBA (European Banking Authority) thereto has published its action plan towards sustainable finance. At a national level we see this increased focus in for example the AFM performing supervisory reviews on sustainability regulation. Given the increased attention on multiple levels and the unique challenges for financial institutions of ESG related risks there is a pressing need for the Compliance function to (re)define its role in order to ensure compliance with ESG regulation and manage ESG risks effectively. This article will therefore focus on specific actions the Compliance function can take to tackle the main challenges financial institutions are currently facing.

While the implementation of mitigating measures towards ESG risks comes with several challenges, it also creates opportunities for Compliance to (re)define its role. The first and largest challenge for Compliance however is deciding how and where to begin. The first steps to be taken should at least include a shift towards operating at a strategic level, enhancement of the compliance framework by including ESG risks, developing a data strategy and assist the organization in preparing for the upcoming supervisory reviews.
In order to reach the goals set above and meet the deadlines, this practically includes performing an ESG risk and materiality assessment and Compliance maturity analyses. The outlined actions that Compliance should undertake in order to tackle the major challenges in this article can serve as guidance to create a roadmap that implements the role of Compliance to support the organization in their journey towards ESG maturity.

ESG risks and compliance challenges

 

ESG considerations and related risks are becoming increasingly important to investors, and financial regulators around the world as they look to promote sustainable economic growth and ensure the stability of the financial system. So, what are ESG risks? The definition of ESG risks refers to environmental, social and governance events or conditions, however, there is no regulatory definition for these events and conditions. The EBA refers to ESG risks as follows2 :

  • Environmental risks - include the physical impact of global warming which may make some geographies higher risk, and transition risks as public policy, technological advancements and market sentiment may lead to some activities being phased out.
  • Social risks – include the negative impacts linked to factors such as inequality, health or labour relations.
  • Governance risks - include the negative financial impacts linked to factors such as executive leadership or bribery and corruption.

News in the past has shown that ESG risks should be perceived as material risk for organizations. ESG risks are dominantly connected to the existing Risk Taxonomy or Risk Library of an organization and are seen as drivers for existing risks including:

  •  Governance Risk – e.g. impact of the integration of Sustainability Risk and the required senior management oversight.
  •  Operational Risk – e.g. impact of environmental events on operations.
  •  Regulatory Risk – e.g. incompliance or noncompliance with the amended UCITS and AIFMD directives.
  • Conduct Risk – e.g. misrepresenting the carbon footprint of an investment product to attract greater investment.

This in turn requires supervisory authorities to take a closer look at how companies are managing ESG risks and whether they comply with regulations. We will highlight the main challenges:

  •  The biggest challenge for the Compliance function currently is to define the scope with regard to ESG risks. Profound knowledge on ESG is required in order to make sound decisions on the scope.
  •  Financial institutions will be required to measure and monitor the progress of ESG of compliance related initiatives. Companies must have a way to track their progress and ensure that initiatives are in line with any applicable standards or regulations.
  •  Transparency in ESG is an integral part of responsible investment and corporate sustainability, however difficult to fulfill as ESG definitions are not yet set in stone and require a different approach as we are measuring and monitoring non-financial data. For example, one of the risks is that disinformation or marketing techniques may present a financial product more environmentally responsible than it is, also known as “greenwashing”.
  •  Not only identifying but also understanding and addressing the various stakeholders involved in ESG initiatives is another challenge. Companies must consider the interests of shareholders as well as those of customers, employees, business partners and other stakeholders to ensure that the initiatives are successful and meet the expectations of all stakeholders involved.
  •  Due to the complex regulatory environment, it is very difficult to not only keep track of the evolving landscape covering ESG but also determine the impact on the Compliance function and the organization as a whole. The compliance functions must therefore be aware of the various laws and regulations related to ESG activities as well as the potential financial, environmental, and reputational risks associated with non-compliance.

How the Compliance function can play a role in mitigating ESG risks

 

Being familiar with non-financial risks that need to be managed, the Compliance function is also traditionally well positioned to play an important role in regulatory change management. The compliance function is often equipped with a compliance charter capturing roles and responsibilities as well as the scope thereof. Because ESG risks are seen as a driver of existing risks it is in the line of expectation that ESG will be integrated in the risk domains that are currently already under the responsibility of Compliance. Traditionally these are at least integrity and reputational risks. Therefore, Compliance could for example already integrate ESG risks in their monitoring and advisory role. This section will focus on what the Compliance function can do to support or even lead the way regarding overcoming the ESG challenges.

1.  Support the business to achieve effective compliance
The Compliance function is expected to play a significant role as supervisors will focus more and more on compliancy with ESG regulation (e.g., SFDR/CSRD/EU Taxonomy) since last year3, such as the supervisory review started on the SFDR by the AFM in 2023. Compliance should collaborate closely with the business (first line of defense) and support them to achieve effective compliance. An example of a challenge where compliance can play a role is on the SFDR level requirement. 14 Mandatory indicators are stipulated where Compliance could support in defining clear requirements in order to determine an entity’s negative impact on environmental and social issues. One of the environmental indicators is the share of investment in the fossil fuel sector. Compliance could support to define the requirement for determining when a company is considered to be ‘active’ in this specific sector. A second challenge lies within the disclosure regulations. Compliance could assist with setting up a clear framework for the entity and product level website disclosures.

2.  Update the Compliance framework
In light of rapidly evolving stakeholder expectations as well as deeper embedding in corporate culture and awareness with regard to ESG, regular review of policies and procedures is required more than ever in order to timely identify gaps. In order to close these gaps and manage ESG risks, Compliance should significantly enhance the existing compliance framework by integrating ESG risks and controls in order to mitigate the associated risks as also advised by the EBA.

As part of a continuous risk assessment process focus should be brought on the systemic integrity risk analysis (SIRA). Here a foundation can be built for embedding ESG risks into the Compliance framework by developing scenario’s and identifying ESG risks and mitigating measures. The outcome of the SIRA could also provide the required input for the risk appetite statement if ESG is not already included. In order to become in control Compliance should subsequently provide guidance to the first line of defense to contribute to a solid understanding of these risks throughout the company.
Secondly, the rapidly evolving regulatory landscape also require Compliance to identify key processes and stakeholders that may be impacted by changing expectations of the regulators and supervisory authorities. Timely identification can assist Compliance to draft plans to ensure conduct outcomes will not be negatively impacted. Financial institutions should be pro-active in ensuring that they can adhere to rules and regulations. This means taking monitoring regulatory developments a step further by not only being aware of the rules and regulations but also being intrinsically inspired to be one step ahead when it comes to implementation and find ways to efficiently and rapidly respond to these developments.

3.  Advisory Function on ESG Data strategy
ESG data quality is a crucial aspect of sustainable and responsible business practices. Compliance monitors and advises so that the business adheres to the standards of ESG reporting, which helps to build trust with stakeholders and contributing to a more sustainable and ethical business landscape. The compliance function should focus on the following regarding this topic:

  • Transparency: compliance monitors emphasize the importance of transparent reporting and full disclosure of ESG data.
  • Integration within business strategy: compliance advisors work with the business to ensure that their ESG initiatives are integrated with their core operations and processes.

4. Pro-active advisory function
To enable the company to expand its focus from short to long term it is important that the Compliance function holds ongoing oversight on changes in regulatory as well as conduct expectations.
The unique nature of ESG risks and the rapid pace in which changes evolve enables the Compliance function to position itself as a more pro-active strategy advisor at C-level.
Compliance’s interpretation of expectations should contribute to solidify definitions within ESG, which in turn helps to identify gaps in ownership of responsibilities, the inclusion of stakeholders and capabilities required within the company to manage risks linked with ESG.
Operating at a more strategic level enables the Compliance function to monitor reputational, conduct and regulatory risk and provides input for a more strategic approach to embed the company’s strategy on all levels.

5. Transition from short term focus to long term strategy
A transition from managing ESG risks and compliance at the product/transactional level towards engagement at the board/enterprise level is required in order to shift the focus from short-term, tactical decisions to long-term, strategic planning. By taking the following steps, a company can ensure that it is successfully engaging at the board/enterprise level.
It is important to understand that board/enterprise-level engagement is not only about meeting regulatory requirements, but also about creating value for the company. In order to do this, it is important to develop a comprehensive ESG strategy that takes into account the company’s current and future risks, opportunities, and goals. When an ESG strategy is set in the right way, it can also have a positive effect on recruitment and retention and allow for greater innovation and brand differentiation besides the positive effects on the company’s financial performance.
Secondly, it is essential to create a culture of accountability and openness around ESG, and to ensure that the company’s ESG strategy is regularly reviewed and updated.
This transition can be a challenging prospect for companies. We believe that one of the keys to successfully navigating this transition is held by the Compliance function in (re)defining its role and taking the lead to support companies in their quest to find solutions to the main challenges.

Conclusion

 

While the implementation of mitigating measures towards ESG risks comes with several challenges, it also creates opportunities for Compliance to (re)define its role. The first and largest challenge for Compliance however is deciding how and where to begin. The first steps to be taken should at least include a shift towards operating at a strategic level, enhancement of the compliance framework by including ESG risks, developing a data strategy and assist the organization in preparing for the supervisory reviews.
In order to reach the goals set above and meet the deadlines, this practically includes performing an ESG risk and materiality assessment and Compliance maturity analyses. The outlined actions that Compliance should undertake in order to tackle the major challenges in this article can serve as guidance to create a roadmap that implements the role of Compliance to support the organization in their journey towards ESG maturity.

1. Delivering the European Green Deal (europa.eu)

2. EBA - ESG risks management and supervision factsheet

3. ‘Op weg naar een duurzame balans’, dnb.nl, ‘Position paper AFM en duurzaamheid’, afm.nl

4. ‘AFM doet nader onderzoek naar naleving SFDR en Taxonomie door beheerders’, afm.nl. 

Did you find this useful?

Thanks for your feedback

If you would like to help improve Deloitte.com further, please complete a 3-minute survey