Proactively share your Security Profile with anyone, at any time. Learn More

Manage ESG risks in the supply chain

Introduction

We have updated our standardised Supplier Assessment Framework as part of our regular review of the framework that sits at the heart of our supply chain risk management platform. Our bi-annual reviews of the SAF ensure the framework remains relevant and useful for our clients and suppliers using Risk Ledger globally. Keep in mind the ‘global’ element of that last sentence because it is an important factor in how we have solved ESG risk management in the supply chain.

As part of our recent update to the SAF, we have added a new risk domain which covers Environmental, Social and Corporate Governance (ESG) risks in the supply chain. This blog looks at why we have added this new domain and how organisations using the Risk Ledger platform benefit from the update.

Why ESG?

Over the past decade, ESG has become a buzz word for governments, investors and large corporations alike.

Today, over 80% of large corporations report on the ESG impact of their organisation’s operations and legislation has been implemented in jurisdictions from New Zealand to the EU and the UK that is further embedding ESG into the day-to-day business of running a large organisation.

Net zero carbon commitments by large economies across the globe including the UK, Japan, Germany, Sweden and New Zealand are providing the impetus for initiatives and legislation to measure carbon emissions across global supply chains.

Even without legislation, over two thirds of large organisations globally are voluntarily using the GRI Standards to report their impact on sustainability showing a tidal shift in attitudes to sustainability in the private sector.

But what does it actually mean?

The acronym stands for Environmental, Social and Corporate Governance. That's the easy bit. In a business context, it means integrating ESG factors and impacts into the decision-making processes of organisations with the objective of aligning those decisions with their true impact and a more sustainable way of doing business.

Why does ESG risk management matter?

It matters because ESG risks have risen-up the agenda for all stakeholders driven by a number of factors.

Shareholders, employees and end customers have become more aware and conscious of the ESG impact of the employers they work for, their investment decisions and consumption choices. PwC’s 2021 ESG Consumer Intelligence Survey found that over 80% of consumers and employees are more likely to give their custom or their labour to organisations who take a stand on ESG factors.

The shift in consumer attitudes towards better ethical standards, particularly among younger millennial and gen z consumers whose spending power is growing rapidly globally, has precipitated increased attention on ethical standards in the supply chains of big brands. Adoption of the Ethical Trading Base Code by more than 80 multinational companies has set an international benchmark against which hundreds of large organisations now measure their own practices.

In addition to the pull of consumer sentiment, the impact of ESG failures can also be extremely costly to reputations and operations – which ultimately become financial costs.

Take Brazilian company JBS, the world’s largest beef exporter. In 2017, the company was hit simultaneously by two ESG related incidents that resulted in the shut-down of nearly all meat production across 36 sites in Brazil, the halting of all beef exports and the scrapping of their planned initial public offering which has still not taken place in 2021 when this blog is being written.

At the same time, governments globally have been implementing legislation that sets requirements for organisations to report on and manage ESG factors - with penalties for those who fail to comply.

UK based multinational law firm Simmons & Simmons highlighted in their 2021 ‘ESG: Sustainable Business’ report covering human rights and environmental due diligence that there is a potential for organisations to be hit with regulatory enforcement, civil claims and criminal sanctions simultaneously and in multiple jurisdictions if their failure to implement adequate risk controls leads to negative ESG impacts.

What does this mean for supply chain risk management?

Just like cyber security risks, organisations cannot hope to successfully identify and mitigate ESG risks facing them if they do not have visibility of the business processes, policies and actions of the suppliers, sub-contractors and partners they rely on to deliver their products and services.

21st century supply chains are complex, global (there’s that word again) and growing on all fronts, so the task of collecting relevant ESG data from the supply chain to make more sustainable decisions is a challenge being faced by many organisations – including Risk Ledger clients.

This has also been recognised by governments and regulators. Many of the ESG laws and regulations being implemented globally have specific requirements for the reporting and management of ESG factors in the supply chain. Many countries, particularly in Europe, have passed supply chain ESG due diligence laws requiring organisations to collect and report supply chain data across a range of ESG domains.

This is where Risk Ledger and our award winning secure social network model steps in.

Risk Ledger’s solution

Existing users of Risk Ledger and the wider market have been telling us three things:

  1. They want a single solution for collecting and sharing supply chain risk data across multiple risk domains; cyber security, financial, procurement and ESG.
  2. They want a solution that is flexible enough to be applied at scale and globally – taking into account the varying requirements and contexts in different jurisdictions.
  3. They want to be able to continuously monitor the policies, process and practices of their entire supply chain - end to end.

Fortunately, the Risk Ledger platform was designed to solve these exact problems.

The platform is based around a comprehensive, risk control-based, standardised Supplier Assessment Framework that allows organisations to complete a single profile setting out the controls they have in place supported by contextual notes and evidence showing how the control has been implemented.

Access to this single profile can then be shared with any client they work with who asks them to engage with a due diligence programme in a ‘do once, use many’ model.

The organisation only has to maintain that single, comprehensive profile. When anything about their risk management regime changes, all clients connected with them on the platform can see and assess those updates in near real-time, facilitating continuous monitoring for clients and drastically reducing the time and cost of administering and responding to due diligence assessments from clients.

It is to this single comprehensive Supplier Assessment Framework that we have added an ESG domain covering environmental management and sustainability, health and safety, ethical trading, human rights, whistleblowing and workplace grievance, diversity and inclusion and corporate social responsibility.

Flexibility guaranteed

Earlier in this blog, I highlighted how supply chains are large, complex, growing and most importantly, global. The global nature of the supply chain risk management challenge adds complexity to the data collection task for organisations. What data should they ask for? What data should they accept? Asking your Texan enterprise software supplier how they comply with the UK modern Slavery Act 2015 just won't work.

To manage this, we have carefully engineered the new ESG risk domain on our Supplier Assessment Framework to ask suppliers how they comply with the norms, regulations and legislation applicable to them in their relevant jurisdictions. This will act as a prompt for suppliers to share information on their Risk Ledger profiles across the key ESG topics and allow their clients to dig deeper into the areas that are particularly important to them.

Can you try the Risk Ledger platform?

Sure. If you are reading this blog and you are not already a Risk Ledger user, you might assume there is a catch somewhere. There isn’t. I invite you to book a short demo with our product specialists who can walk you through how the Risk Ledger platform can work for you and your supply chain and how clients like NHS Test and Trace and BAE are benefitting from our innovative network model. If you like it, you can see how it works for yourself by signing up straight away and connecting with up to 5 of your existing suppliers for free. You won’t regret it.

If you are reading this blog and liked the idea of completing a single, comprehensive risk profile covering cyber, financial and ESG risks that you can then share with all clients who run due diligence against your organisation, ask to join Risk Ledger for free as a supplier. You will drastically reduce the number of time consuming due diligence questionnaires you have to complete.

Ready to dive in?
See Risk Ledger in action.