ESG supply chain risks are changing how businesses operate. Prompted by customers, investors, and regulators, business managers need ways to identify and address environmental, social, and governance risks in their offerings, operations, and supply chains.
A major challenge for these leaders is that ESG encompasses a broad set of risks, including greenhouse gas emissions reduction, water security, preservation of biodiversity, conflict minerals, human rights and labor standards, diversity and inclusion, cybersecurity, and more.
If that wasn’t enough, identifying and managing these risks in the supply chain requires a high degree of collaboration with suppliers, verification of reported data, and, in some cases, third-party inspections of goods and locations.
The good news is that you don’t necessarily need to start from scratch when managing these risks. Instead, it’s possible to leverage existing capabilities for third-party risk and business continuity management to help get the job done efficiently.
Leverage Existing Risk Management Capabilities for ESG
Third-party risk management (TPRM) addresses the risk exposures from outside parties. This includes suppliers, vendors, and contractors performing services or activities for your business.
ESG and TPRM often overlap in the areas of human rights and labor standards, conflict minerals management, and product safety and quality testing. Many businesses have mature capabilities for managing and reporting on these requirements, which have been part of responsible supply-chain operations for decades in manufacturing in apparel and textiles, food and beverage, consumer goods, metals and mining, and other industries.
The legal and procurement organizations in many businesses are aware of risk exposure presented by third parties and have processes to address it through contracting, ongoing monitoring, and obligation management.
Business continuity management (BCM) is another important and complementary capability for ESG. BCM establishes policies and processes to prevent disruption in business-critical operations and helps re-establish functions rapidly in the event of an interruption.
According to a recent survey of 1,000 global companies, supply-chain disruptions are considered the single biggest threat to company revenue streams. Risk and resilience functions within organizations provide the capabilities to identify and prioritize responses to extreme weather, floods, fires, social unrest, armed conflicts, cyberattacks, and other external threats.
These internal partners can identify the business’ exposure to climate-transition risks and provide the transparency that investors — and increasingly regulators — require about operations and forward-looking strategy.
Expanded ESG Regulatory Requirements
New ESG reporting requirements for climate-related disclosures and supply-chain resilience have been introduced for large businesses. Among important new regulations, the European Union mandated reporting under the Sustainable Financial Disclosure Regulation in 2021 and added to corporate disclosure requirements with the Taxonomy Regulation in 2022.
The German Supply Chain Diligence Act went into force in January 2023. It requires companies with more than 3,000 employees to take appropriate measures to prevent or minimize risks related to human rights and the environment within their supply chains.
The EU plans similar regulation with the Corporate Sustainability Due Diligence Directive that addresses ESG risks in a business’ operations and end-to-end supply chains, including:
- Human rights issues – such as trade union matters, labor rights, and social protection of vulnerable people
- Environmental diligence – such as handling of waste, use of natural resources, pollution, deforestation, and emissions
- Good governance practices – to prevent corruption and undue influence
The EU will also require auditing of reported information.
In the U.S., the Securities Exchange Commission announced new proposals in 2022 for all public companies to report their climate transition strategies and impacts. Scope 3 emissions disclosure also will be required for large public companies. Under the proposal, a company’s emissions reporting must be reviewed by outside auditors.
The U.S.’s Uyghur Forced Labor Prevention Act also went into effect in 2022. This requires businesses to prove that goods produced in China’s Xinjiang Uyghur Autonomous Region (XUAR) were not made by forced labor to be allowed to enter the U.S.
The climate-related reporting requirements are significant. The SEC estimates the cost of reporting and disclosure for a typical large organization to be $640,000 for the first year and $530,000 annually thereafter. The costs are even higher for businesses that operate in multiple regions outside the U.S. and have requirements from investors.
Managing ESG Risk in the Supply Chain
Supply chains are complex networks of businesses that span the globe. Conducting diligence in the supply chain is complicated by the number of trading partners and the dynamic nature of supply-chain relationships.
Improving diligence and managing ESG risks in the supply chain is dependent on a set of core capabilities enabled by technology. For instance, you must:
Gain visibility into supply-chain relationships. Mapping your business’ relationships with its suppliers and the goods and services they provide requires data from internal systems, such as enterprise resource planning (ERP) for vendor master data, purchase orders, and product master data.
The mapping process can be complicated if your organization has multiple systems containing overlapping information. Technology can help by connecting data, tracing trading relationships, and updating any changes in status to prevent noncompliance issues.
Collect supply-chain data efficiently. In the old days, businesses used email to collect data from suppliers. The problem is that this is costly, slow, and it increases the likelihood of informational gaps. What’s needed are capabilities that identify needed information and automate how it’s collected, including any necessary follow-up.
Suppliers can also range in size from very small to very large businesses. As a result, there are differences in their ability to provide the information that’s needed for ESG disclosure. Take for instance emissions reporting. Some large suppliers will report their Scope 1 and 2 emissions and can easily share this information. Small businesses, on the other hand, may be unaware of their carbon footprint and need detailed instructions on the data they need to share.
Technology enables collaboration in the supply chain, making it efficient to exchange information with many partners quickly and easily. An extra benefit of collaborative technology is improving the quality of data for reporting by putting guardrails on their responses to detect mistakes and inaccurate information.
Obtain data assurance. Responsible supply chains use site inspections to provide assurance around human rights, labor conditions, and health and safety practices. Enabling inspectors, auditors, and testers with permissions to access data and provide verification is an important capability to meet a growing burden of proof required by regulators, investors, and customers to prevent greenwashing.
Collaborate on supplier performance. Almost every large business has supplier management capabilities. Collaborating internally with procurement and supply chain is key for managing ESG risks.
Incorporating ESG performance measures in supplier contracts helps reduce risk and improve resilience. Benchmarking a supplier’s performance with its category peers helps facilitate continuous improvement. This is especially true when provided with educational resources that can increase understanding and elevate performance.
To be sure, managing ESG supply chain risk is a complex undertaking – but it doesn’t have to be overwhelming. Start by building on your existing capabilities for third-party risk management and business continuity management to help get the job done efficiently.
Your Checklist for Managing ESG Supply Chain Risk
Managing ESG supply chain risk can be complicated. Here are six steps to simplify the process:
- Leverage internal partners in purchasing, vendor management, legal, and risk management to draw on existing processes and knowledge.
- Map trading relationships in the supply base to identify high-priority focus areas.
- Use technology to streamline collaboration and govern data capture for reporting.
- Benchmark suppliers on performance and ESG capabilities.
- Enable suppliers to improve performance with peer comparisons and knowledge resources.
- Increase the transparency of your organization using digital experiences for all your stakeholders.