Where ESG and Risk Management Intersect: A CRO’s Guide

Financial institutions are starting to review the implications of environmental, social, and governance (ESG) practices and how they can work to shape a better future. While regulatory focus is currently targeting large institutions, smaller firms should also be considering what they can do at a localized level and how ESG intersects with building best-in-class risk management practices.

When regulators begin to prioritize a policy area such as ESG compliance, risk professionals need to start thinking proactively about the new domain and how their organization will address the changing risk and compliance landscape. As regulatory agencies like the U.S. Securities and Exchange Commission (SEC) signal an increased focus and forthcoming rulings on ESG disclosures, institutions need to consider the potential impact of ESG risks both internally and extending from third parties or other businesses in their network.

Understanding Risk Management in the Context of ESG

Bank Director points out that the risks associated with ESG issues like climate change encompass more than just operational resilience in the financial services industry:

“They can include physical risk, transition risk, enterprise risk, regulatory risk, internal control risk and valuation risk. Financial institutions will need to consider how their climate risk disclosures harmonize with their enterprise risk management, internal controls and valuation methodologies….Financial institutions therefore should consider how changes to the ESG disclosure requirements affect, and are consistent with, other aspects of their overall corporate governance.”

Organizations need to take time to understand how their underlying risk management strategy and operational objectives address ESG through:

• Governance Structures: Defining management responsibilities and ensuring your institution is positioned to identify, assess, and mitigate risks within the organization and with third parties
• Risk Stakeholders: Developing your organization’s knowledge, skills, and thought leadership to manage ESG risks
• Compliance: Ensuring compliance management aligns with the guidance and trajectory of regulators and other policy-making bodies
• Reporting: Examining ESG risks when designing, implementing, and maintaining reporting processes internally and with third parties

ESG disclosure and compliance requirements will continue to evolve as governments and regulatory agencies establish frameworks and standards. Now is the time for financial institutions to plan ahead for effective ESG risk management.