CROs Can Defend Against ESG Risk – Here’s How

Three of the five most significant national threats are ESG-related, according to a World Economic Forum survey of U.S. business executives. As such threats shape the business risk landscape, chief risk officers (CROs) have a decision to make: Will they help their organizations transform ESG risk into value or will they let the cost of inaction cut into future profit?

Top Critical Threats Facing the U.S.


Risk 2

Risk 3

Risk 4

Risk 5

Asset bubble bursts in large economies

Climate action failure

Extreme weather events

Debt crises in large economies

Employment and livelihood crises

Source: World Economic Forum, The Global Risk Report 2022

The CRO’s role cannot be overstated — simply put, they are on the frontlines of the ESG battlefield and are in a prime position to:

  • Identify and assess ESG-related risks

  • Integrate ESG into the enterprise risk management (ERM) framework

  • Unlock strategic opportunities that drive business value

  • Influence stakeholder engagement strategy and ESG reporting

  • Facilitate cross-functional alignment, awareness and adoption

As stakeholders call for more transparency on ESG issues, businesses are now expected to provide quantifiable, objective data that reflects their ESG footprint. Business leadership, investors and other key players may be looking to chief financial officers for those metrics — but just as importantly, they are also looking to CROs to move those numbers in the right direction. With increased expectations comes an opportunity to build a sustainable, purpose-driven organization that is more resilient to today’s existential threats.

The State of ESG Regulation

An evolving ESG regulatory environment brings challenges to today’s CRO.

Currently, ESG regulations differ by country, and disclosure in the U.S. remains largely voluntary — though the SEC's proposed climate change disclosures will introduce mandatory reporting requirements. The proposed rules require publicly traded companies to disclose their Scope 1, Scope 2, and possibly Scope 3 greenhouse gas (GHG) emissions. To do so, companies will need to understand how they generate GHGs, compute GHG emissions accurately and report annual emissions in their SEC filings. Companies may also be required to identify and describe the ways in which climate change could impact their financial statements, operations and business strategy.
ESG reporting mandates are in every company’s future. In the absence of a single standardized reporting framework, however, there is no exact formula to follow, leaving organizations with subjective and ambiguous guidance on whether and how often to report on ESG issues. The stakes are high — the SEC’s Climate and ESG Task Force is already penalizing organizations for ESG misstatements — and regulatory enforcement efforts are only expected to escalate going forward.

How Can CROs Mitigate Regulatory Risk?

Managing regulatory risks requires navigating uncertainty and pushing the organization toward transparent action. Successful CROs will partner with finance and audit committees to codify ESG reporting standards. BDO recommends collaborating to establish processes for ESG risk analysis, measurement and disclosure — and taking the lead on risk identification and prioritization. The time is now to establish processes to:

  • Monitor relevant regulatory and reporting updates on a consistent basis

  • Benchmark against reporting by peers

  • Assess which frameworks are most relevant to the organization’s industry and make the most sense for corporate sustainability reporting

  • Collaborate with leaders responsible for various ESG initiatives to begin data collection efforts 

“The burden of data collection and reporting is not a small one. If the SEC climate change rules are enacted as currently proposed, ESG reporting will require a level of effort similar to SOX compliance. CROs will need to balance ideal-state reporting with the existing resources currently available to them, anticipating future regulatory requirements that are likely to increase the burden.” – Vicky Gregorcyk, Risk Advisory Services National Leader, BDO USA

Incorporating ESG factors into investment criteria is now mainstream. 84% of global asset owners are evaluating or implementing sustainable investment considerations in their strategies, according to a recent FTSE Russell survey. The retail investment community is also aligned: 66% of U.S. individual investors believe companies should report on their ESG performance, a Workiva survey found.
Investors aren’t prioritizing ESG out of altruism. They’re investing in companies with strong ESG performance based on the perspective that they tend to be safer, more resilient assets. To assess target investments’ ESG profiles, investors look to ESG disclosures in corporate sustainability reporting and independent ESG ratings providers.  

How Can CROs Mitigate Investor Risk?

ESG-savvy CROs work with CFOs to define the engagement strategy for ratings agencies. BDO recommends creating a shortlist of the ratings agencies with the greatest stakeholder relevance and then engaging the agencies with the most influence. These agencies’ materiality assessments — the methodology by which ESG issues are identified and prioritized — can also provide useful insight on what to include in reporting for other stakeholders.

Meeting Customers’ ESG Expectations

Consumers and B2B customers alike want to buy from socially and environmentally responsible businesses. Customers are increasingly unwilling to buy from companies with values that don’t align with theirs. For example, a number of retailers recently pulled out of their partnerships with the largest cardboard and shipping materials supplier in the U.S. because they disagreed with the owners’ views.
Many major companies now require their vendors and partners to meet certain ESG-related standards and disclosure requirements. In addition to customer attrition, contractual violations can result in costly repercussions. For example, some companies charge their vendors for poor environmental practices to help pay for carbon offsets to their Scope 3 emissions.
Ultimately, customer standards may dictate the organization’s approach to addressing and reporting on ESG factors.

How Can CROs Use a Stakeholder Engagement Plan to Mitigate Customer Risk?

To efficiently manage customer requirements, CROs should lead the development of a high-level code of conduct that covers the priority issues for the organization’s industry, with enough flexibility to accommodate a variety of client needs. Aim to design programs that meet current and future customer demands.
BDO recommends CROs consider working with the account leads of the organization’s largest customers to understand the ESG issues that matter most. A proactive stakeholder engagement plan can help uncover these issues and spark a productive dialogue to demonstrate that the company cares.

Guilty By Association

In an environment where information is easy to access and share, businesses’ ESG activities are judged along their entire value chain. Engaging partners with poor ESG reputations may cause stakeholders to call into question the company’s own commitment to ESG principles and may turn off customers and vendors. Organizations with problematic partners may be confined to a limited, lower quality pool of suppliers and more expensive vendor agreements.
Managing third-party ESG risk is not just a matter of reputation or access; it is a matter of regulatory oversight. The California Transparency in Supply Chains Act, for example, requires any company that does business in the state with annual worldwide receipts over $100 million to disclose measures taken to eradicate forced labor in their supply chains. Overseas, the German Supply Chain Due Diligence Act mandates assessment of human rights and environmental risks across the supply chain. The European Commission’s proposed Corporate Sustainability Due Diligence Directive puts forward more extensive supply chain due diligence requirements. Additional regulation at the national and international levels is forthcoming.

How Can CROs Mitigate Third-Party Risk?

Supply chain sustainability is a shared responsibility. Although oversight is typically managed by procurement, supply chain risks need to be integrated with the organization’s broader sustainability strategy. CROs are instrumental in facilitating such integration.
How? Risk leaders can champion sustainable supply chain objectives internally by linking them to value drivers. Bringing together representatives from supply chain management, human resources, legal, risk and finance, risk leaders can solicit cross-functional input to develop a supplier code of conduct, supplier selection criteria and mechanisms for operationalization.  
Many of the most adverse risks — ESG-related and otherwise — will reside in relationships beyond the first tier. According to BDO’s 2022 Global Risk Report, only 32% of organizations have visibility into suppliers up to the third tier. BDO recommends that CROs consider incorporating supply chain ESG risk analysis into the organization’s existing third-party risk assessment and due diligence model.

Business Drivers For Supply Chain Sustainability.png

Source: UN Global Compact, Supply Chain Sustainability: A Practical Guide

The Significant Costs of an Unhealthy ESG Reputation

While ESG can bolster a company’s image, organizations that view ESG primarily through the PR lens stand to lose. ESG incidents and inaction can damage reputations: ESG incidents typically result in adverse media attention and a flood of negative comments on social media. However, superficial ESG commitments — without the teeth and documentation that provide necessary credibility — can also have toxic effects. Business practices that go against stated ESG values create a gap between stakeholder expectations and reality. Most CROs have already identified the reputational risk of an ESG-related scandal. They also need to combat the risk of falling short of public ESG goals by ensuring that ESG commitments are followed up by concrete action.

How Can CROs Reduce Reputational Risk?

At the most basic level, CROs need to assess business practices, political donations and supply chain partners against stated ESG policies to address inconsistencies. Sophisticated organizations implement frequent, transparent communications on ESG efforts, demonstrating accountability by sharing updates on progress against ESG objectives.
The level of transparency necessary varies from company to company. What constitutes “good enough” depends on the organization’s business model, brand, customer base and industry, among other factors.

The Perils of Poor ESG Adoption

Shortcomings in internal ESG adoption carry significant risks. Without leadership’s buy-in, alignment and ongoing efforts to rally employees around sustainability objectives, companies will find progress impaired and internal discontent brewing. If the ESG strategy is communicated externally but not executed, investor and customer trust will be lost. Lack of clarity and poor direction on ESG programming may result in inconsistent adoption, inadvertent policy violations or unethical behavior. 

How Can CROs Drive ESG Adoption?

BDO recommends CROs consider layering ESG program administration into the framework of their existing compliance and ethics program by:

  • Establishing clear standards, policies and procedures.

  • Communicating and socializing ESG goals.

  • Providing training and education across the organization.

  • Monitoring and auditing ESG programs.

  • Building data collection, reporting and controls systems to ensure compliance with reporting obligations.

  • Enforcing discipline for non-compliance.

  • Creating investigation and remediation measures.

To engage stakeholders, CROs should consider borrowing from the company’s marketing playbook. By aligning the ESG program with corporate purpose, risk leaders can create an authentic value proposition that resonates with their internal audience. By harnessing the power of storytelling to communicate program information, CROs can build the “brand” of their ESG program internally and inspire individuals to actively participate.

“Risk is confusing to non-practitioners. Employees may not understand the difference between ERM and ESG. Instead of treating ESG as a bolt-on program, CROs should approach ESG as an integrated component of a larger risk management framework.” – James MacDonnell, Business Continuity & Crisis Management Managing Director, BDO USA

To build business resilience, CROs need to proactively identify and mitigate material ESG risks. CROs who succeed do so by creating processes, structures and policies that thoroughly incorporate ESG in enterprise risk management strategy. Organizations that manage ESG risks as integral to not only ERM, but overall business strategy, realize benefits such as greater value creation, long-term profitability and longevity. Over time, organizations with ESG-aware cultures don’t just mitigate the world’s most critical threats, they positively impact them through innovation and collaboration.


Have Questions? Contact Us