Investors, customers and governing bodies are demanding greater transparency on ESG initiatives from the companies they do business with. But rapidly evolving ESG regulations are leaving risk and compliance managers at a loss for how to keep up.
Governing bodies across the globe continue to take action to slow or halt climate change and protect civil and human rights. Business leaders are therefore focused on meeting their companies’ expanding ESG and regulatory commitments, in addition to being good corporate citizens.
But doing the right thing can be difficult, especially for business units, such as procurement and supply chain, that have been straining for nearly three years already.
The status quo of managing critical ESG issues is not sustainable. Procurement and supply chain management teams need the right processes and solutions to drive further positive environmental and social changes alongside profit and value.
Consider two bold ESG laws with which businesses must now comply.
The U.S. Uyghur Forced Labor Prevention Act prevents the import of goods, products, or materials tainted with modern slavery into the U.S. It’s a model law for other countries, such as Germany, that are trying to do the right thing. Companies must conduct due diligence on their supply chain and rebut the U.S. Government’s presumption that any import originating from or transiting Xinjiang, China is tainted with Uyghur slave labor. If they cannot comply, then they will have their shipments seized. Production or sale of their products could stop immediately and indefinitely. And the company’s reputation could be permanently harmed.
The German Supply Chain Due Diligence Act redresses modern slavery plus climate change and environmental impact; and it carries more compliance requirements, including mandatory changes in business practices, disclosures and reporting measures. Companies headquartered or operating in Germany with more than 3,000 employees must comply with the new law in 2023; that threshold drops to 2,000 employees in 2024. Non-compliance could result in fines of between 400 and 800,000 euros, or up to 2 percent of the company’s annual revenues.
These and other similar laws are meant to drive positive and meaningful social change through the global business community. But change is hard. And for business leaders, the stakes are high and the margins for error are low. Fortunately, there’s help on the horizon.
Here are some landmarks that business leaders can use to align their extended enterprise with the values of key stakeholders while also adhering to an increasingly ambitious and complex regulatory landscape.
Recognize that ESG compliance is a journey – not a destination. So long as there are applicable ESG laws and regulations on the books, your job is never going to be “done.” You’ll need a repeatable, scalable, and sustainable due diligence and compliance program to govern your extended enterprise and drive continuous compliance. You and your team will need investment in people, processes and technologies to enable you for consistent and optimal performance.
Bring some friends with you (People). ESG programs need to be cross-functional. Convene cohorts across supply chain, procurement, legal, enterprise risk, audit and compliance, or other internal stakeholders to help you identify and track key regulations, frameworks and laws. Look to key external stakeholders, such as suppliers, investors and outside activists; what are they seeking from your company in terms of regulatory compliance? Often, one or more stakeholders are using existing resources that you can access. Don’t reinvent the (steering) wheel.
Chart your course (Process). There are dozens of laws and regulations that may – or may not – apply to your organization. Assess how you will track them and drive compliance across the extended enterprise. Take a risk-based approach to get started: focus on highest risk exposure to your business – highest likelihood of occurrence and highest impact to your business. Also, know what new laws or regulatory changes are coming, because they will surely add to the complexity of your ESG program.
Zoom in for a detailed view (Policy). You don’t have to be an attorney or a policy wonk. But you do have to grasp the finer points of your company’s compliance requirements, and how your team – whether you’re in procurement, supply chain, or legal – are going to meet standards. Do you have the right tools or people in place? Do you have enough ground-level intelligence? Are you talking to the right people on the ground? These are all things to consider.
Adopt digital ESG compliance solutions (Technology). Ensuring your business and extended enterprise meet growing ESG due diligence obligations in scope with laws and regulations is nearly impossible with manual, paper-based processes. To scale an ESG compliance program and ensure it’s sustainable, you’re going to need digital solutions. And since you’re in it for the long haul, now is the time to gather your requirements and explore the solutions market.
Don’t sleep on SEC disclosure rules. The U.S. Securities and Exchange Commission (SEC) may require thousands of publicly traded businesses in the U.S. to disclose Scope 3 emissions. Several existing frameworks have been voluntary to date. If they don’t, there are international climate regimes, such as the International Sustainability Standards Board and the European Financial Reporting Advisory Group, that will likely require Scope 3 emissions disclosures.
As environmental and social challenges persist, governing bodies continue to pass ESG laws and regulations to redress them. Some businesses and their stakeholders have failed to comply and serve as cautionary tales for others. If business leaders don’t fulfill customer and regulatory demands for positive changes to the status quo, they risk incurring financial, operational and reputational risks that may not be sustainable. They could end up in the breakdown lane or worse, the junk yard.
Image credit: Martin Portas via Pexels
Eric Hensley, Chief Technology Officer at Aravo, is responsible for technical delivery of the company’s product offerings, including engineering, QA and hosting operations. He has over 15 years of experience in the development and delivery of enterprise SaaS offerings with a special focus on supply chain management and intelligence solutions.
We're compiling all data!