How to Integrate ESG in Your TPRM Programme

Modern companies rely on a complex web of third-party vendors and software to function. These partnerships help fuel growth and efficiency, but also introduce hidden risks, and not only with respect to more traditional risk domains such as Security Governance, Software Development, IT Operations, or Network and Cloud Security. Increasingly, organisations are also concerned with potential Environmental, Sustainability and Governance risks in their supply chains.

This is not least because regulators are increasingly expecting organisations to not only demonstrate that they themselves abide by high standards when it comes to the environmental impact, social and ethical labor practices and other related considerations in their operations. They now also expect organisations to demonstrate that any vendors, suppliers, or partners they work with, and whose services they use, do the same. 

By understanding how ESG integrates with TPRM, and what options exist to ensure you are vetting your third-party network with a range of relevant ESG control questions, you'll not only gain a roadmap for building a more sustainable and resilient supply chain, but you will also be able to ensure that you are safeguarding your company's reputation and compliance with new and incoming regulation. 
‍

What is ESG Risk Management and Why Is It Important?

ESG risk management is the process of identifying, assessing, and mitigating risks related to environmental, social, and governance factors within an organisation and its extended network of business relationships. But why does it matter so much?

Imagine you're building a house. Traditional risk management might focus on the structural integrity of the building itself. 

ESG risk management, however, considers the environmental impact of your construction materials, the working conditions of your laborers, and the transparency of your decision-making processes as well as of your suppliers. It's a comprehensive approach that looks beyond immediate financial or security risks, and includes considerations such as long-term sustainability and ethical implications.

The importance of ESG risk management has grown significantly in recent years, driven by several factors:

Regulatory Pressure

Governments and regulatory bodies, particularly in the EU and other Western nations, are increasingly mandating ESG risk management, including in your supply chains. For example:

• The Sustainable Finance Disclosure Regulation (SFDR) in the EU requires financial market participants to disclose how they consider sustainability risks.
• The proposed Corporate Sustainability Due Diligence Directive (CSDDD) aims to make large EU companies accountable for human rights and environmental impacts throughout their value chains.
• Germany's Supply Chain Due Diligence Act requires companies to identify and address human rights and environmental risks in their supply chains.
• Under the proposed EU Supply Chain Act, companies are mandated to audit their suppliers across the entire global supply chain, covering all direct and indirect business relationships.
  

Stakeholder Expectations

But investors, customers, and employees are also demanding greater corporate responsibility and transparency. Transparency has become key - stakeholders want to see concrete actions and measurable results. 

• Investors: ESG factors are now a key consideration in investment decisions. BlackRock, for example, the world's largest asset manager, has made sustainability central to its approach.
• Customers: Consumers, especially younger generations, are willing to pay more for sustainable products. They're looking at companies' overall practices, not just the products.
• Employees: People prefer working for companies that align with their values. Strong ESG practices help attract and retain top talent.
  

Risk Mitigation

ESG risks can have significant financial and reputational impacts if not properly managed, with effective ESG risk management protecting companies from potential losses and disruptions.

• Financial Impacts: Poor ESG practices can lead to fines, cleanup costs, and even contribute to bankruptcies.
• Reputational Damage: News of poor ESG practices can spread quickly, leading to boycotts and customer loss.
• Operational Risks: ESG issues can disrupt operations, from supply chain interruptions to high employee turnover.
• Legal and Regulatory Risks: As regulations tighten, unprepared companies face significant legal risks.

Competitive Advantage

Companies with strong ESG practices often outperform their peers in the long run. By viewing ESG as a strategic opportunity, companies can gain a significant edge over competitors and create long-term value.

• Financial Performance: Studies show a positive correlation between ESG performance and financial results.
• Innovation: ESG considerations can drive product and process innovation.
• Customer Loyalty: Strong ESG practices can enhance brand loyalty and justify premium pricing.
• Operational Efficiency: Many ESG initiatives lead to cost savings through reduced resource use.
• Access to Capital: Companies with strong ESG profiles may find it easier to attract investment.
• Resilience: ESG-focused companies tend to be more resilient during crises.

Importantly, as already alluded to, regulators are now asking organisations to manage ESG risks not just within their own operations, but also throughout their supply chains. This means you're responsible not only for your own ESG performance but also for that of your suppliers and other third parties.
‍

What Are ESG Reporting Frameworks?

ESG reporting frameworks provide standardised guidelines for companies to disclose their ESG performance. These frameworks are not one-size-fits-all. There are different types, each serving a distinct purpose:

• Voluntary disclosure frameworks: These offer a platform for companies to report on ESG metrics across various industries and regions. Reporting is often done through online surveys or questionnaires that are then scored.
• Guidance frameworks: Similar to standards, guidance frameworks provide specific topics, methodologies, and metrics for companies to report on their ESG performance.

While there's no single governing body for ESG reporting, several prominent frameworks have emerged. Here's a closer look at some of the most influential ones:

• IFRS Sustainability Disclosure Standards: These new standards aim to create a unified set of global ESG reporting guidelines for investors.
• GRI Standards: Developed by the Global Reporting Initiative (GRI), these comprehensive standards encompass economic, environmental, and social impacts.
• SASB Standards (transitioning to IFRS): These industry-specific standards focus on financially material ESG information.
• CDP: The Carbon Disclosure Project allows companies to report on environmental risks and opportunities related to climate change, water security, and deforestation.
• Task Force on Climate-related Financial Disclosures (TCFD): These recommendations focus on climate-change related financial disclosures for investors and lenders.
• United Nations Global Compact: Companies committed to these principles report on their sustainability efforts through annual Communication on Progress reports.
• Workforce Disclosure Initiative (WDI): This framework allows companies to report on workforce practices and management through an online survey.

By understanding these frameworks, companies can deduce what sort of control questions to consider including in their respective TPRM frameworks when vetting their third-parties. These control questions should at the very minimum align any regulatory requirements that companies have to abide by.
‍

How to Incorporate ESG into Your TPRM Framework

While it might seem like a large task, integrating ESG into your TPRM programme is achievable with the right processes. Here's how you can do it:

1. Assess Your Current TPRM Framework: Start by evaluating your existing TPRM processes and where best to include any ESG control questions.
2. Define ESG Criteria: Determine which ESG factors are most relevant to your business and supply chain. This could include carbon emissions, labour practices, or data privacy standards.
3. Update Supplier Questionnaires: Incorporate ESG-related questions into your supplier assessment process. For example, you might ask about a supplier's environmental policies or diversity initiatives.
4. Conduct ESG Due Diligence: When onboarding new suppliers or reassessing existing ones, include ESG factors in your due diligence process.
5. Set ESG Performance Targets: Establish clear ESG expectations for your suppliers and include these in contracts where appropriate.
6. Continuous Monitoring and Reporting: Regularly assess your suppliers' ESG performance and include this information in your reporting.
7. Collaborate and Educate: Work with your suppliers to improve their ESG performance. Offer training or resources to help them meet your standards.

Integrating ESG with broader TPRM frameworks makes sense for several reasons:

• Efficiency: It allows you to assess multiple risk factors simultaneously, saving time and resources.
• Holistic View: It provides a more comprehensive picture of your third-party risks.
• Alignment: It ensures that your ESG goals are consistently applied across your entire supply chain.

Remember, this integration goes beyond compliance—it's about building a more resilient, sustainable, and responsible supply chain.
‍

How Risk Ledger Can Help With ESG Frameworks

When it comes to integrating ESG into TPRM, having the right tools makes all the difference.

Traditionally, many standard assessment frameworks like ISO27001, NCSC CAF, and NIST have focused primarily on information security and didn't include comprehensive ESG risk control questions. This left a gap in many organisations' risk management strategies.

Risk Ledger has stepped in to fill this gap by integrating ESG into its standardised assessment framework, making it easier for companies to evaluate ESG risks in their corporate supply chains. 

This comprehensive approach allows you to not only safeguard your business but also operate with a greater sense of social responsibility.

Here's how Risk Ledger's framework empowers you to manage ESG risks within your supply chain:

• Standardised Assessments: Risk Ledger's platform includes a robust set of control questions across various ESG categories. These questions cover areas like environmental certifications, social responsibility practices, and governance structures of your vendors. By incorporating these assessments, you gain a deeper understanding of potential ESG risks within your network.
• Transparency and Accountability: The framework encourages your vendors to disclose relevant ESG data, such as their environmental impact (carbon emissions), labour practices, and commitment to human rights. This transparency allows you to identify potential risks and hold your suppliers accountable for responsible business practices.
• Actionable Insights: The platform helps you analyse the collected ESG data and identify red flags. This empowers you to prioritise risks, make informed decisions about supplier relationships, and encourage positive ESG practices throughout your supply chain.

Here are some specific examples of how Risk Ledger's ESG framework translates to real-world benefits:

• Reduced Environmental Impact: By identifying vendors with unsustainable practices, you can encourage greener alternatives and minimise your company's overall environmental footprint.
• Enhanced Brand Reputation: Consumers are increasingly concerned about the social and environmental impact of the companies they support. A commitment to ethical sourcing through ESG-conscious TPRM will strengthen your brand reputation.
• Improved Regulatory Compliance: Many countries are implementing stricter regulations around ESG practices. Risk Ledger's framework helps ensure your supply chain adheres to evolving regulations and avoids potential legal or financial penalties.

In conclusion, Risk Ledger's ESG-integrated TPRM framework provides a valuable tool for building a more sustainable and responsible supply chain. By proactively managing ESG risks, you’ll protect your business, contribute to a more positive global impact, and gain a competitive edge in today's ESG-conscious marketplace.

‍