Thoughts on Developing an ESG Program
Today I want to circle back to that KPMG survey of compliance officers that the firm released two weeks ago. We have another issue in that report worth our attention: corporations’ efforts to stand up ESG programs, and the role that compliance officers might play.
The report, which surveyed 240 chief compliance officers at large companies across numerous industries, found that nearly half of respondents had implemented at least some sort of ESG program — but an equal number hadn’t yet started, with a large portion of that group plodding along in the “planning/development” stage. Only a tiny fraction of respondents said their companies had already implemented a full compliance program. See Figure 1, below.
Source: KPMG
That unto itself doesn’t surprise me. I’m more interested in the questions that arise from the 48 percent still either planning their ESG program or that haven’t even reached that point. First, exactly what ESG program capabilities do companies want to develop, as they move from planning to implementation? And second, who takes point on that work?
I ask those questions because I still have nagging concerns about whether the compliance function is the best one to lead the charge here. A dueling school of thought is that the corporate controller’s team might be better suited, because they’re the ones who’ve been building strong processes for financial reporting for decades. So wouldn’t they be the natural candidates to do the same for ESG reporting?
Not to get all lawyerly here, but it depends.
Companies’ Future ESG Needs
Let’s go back to the KPMG report. Figure 2, below, shows us the ESG capabilities that companies want to develop in the next few years.
Source: KPMG
Hmmm. Reporting and data & controls seems very much up the controller’s alley. On the other hand, policy management and regulatory scanning are natural fodder for the compliance team. Monitoring and testing of ESG metrics could go to either team, with an assist from internal audit.
Those findings in Figure 2 don’t lend themselves to any clear answer about who should manage the ESG program. Every company will probably need to find its own correct answer, and that will depend on (1) how highly regulated your business already is; and (2) the existing strength and maturity of your compliance function.
That is, if you’re a private company working in, say, food production or civil construction, you probably already have lots of regulations governing your supply chain, fair labor, environmental damage, and whatnot. But since you’re private, you might not have the most robust system for financial reporting, because you’re not publicly traded.
In that case, one can easily see how the compliance team is a strong candidate to develop the ESG program; it already reaches into many parts of the enterprise and the supply chain to handle other issues. ESG would just be an expansion of those relationships.
Now consider a publicly traded business like a professional services firm. In that case, the internal audit and corporate controller teams might be the ones with the necessary experience and relationships to lead the ESG charge, because the compliance team is smaller and less sophisticated.
Either way, the key issue is who has the experience in business process development and experience with internal stakeholders. The first is necessary to develop ESG program capabilities: the data collection, the reporting dashboards, the testing and validation procedures, and so forth. The second is necessary so you can understand what specific procedures work for your enterprise, and to persuade everyone to climb aboard the ESG bandwagon you’re building.
One Trump Card for Compliance
As companies ponder what to do about ESG programs and who should play a leading role in developing them, compliance officers would do well to heed a bullet point tucked away at the bottom of the KPMG report’s discussion of ESG:
- Use sustainability/ESG as a value drive for ethical business practices and “good corporate citizenship.”
There it is: alignment with the company’s ethical priorities. That’s what ESG needs to succeed, and that’s what the compliance officer deals with every day.
For example, a while back I had a post about how to perform an ESG materiality assessment. Plenty of assessment resources available, but they all hinge on a company knowing which ESG issues are most relevant to its stakeholders. Intrinsic to that understanding is some sense of what’s morally and ethically proper.
At a fundamental level, your ESG materiality assessment — your whole ESG program, really — is a reflection of your company’s moral and ethical priorities.
For example, I know one large food company that considers employee volunteer hours to be an important ESG metric. It allows employees to spend one day per quarter volunteering for a good cause on company time, and reports the total to the public every year. The company doesn’t need to do that. No regulator is ever going to require companies to allow employee volunteerism and then report it in the 10-Q. But the company believes that volunteerism is a good thing to do, and wants to be accurate in its report of those efforts.
That’s a moral statement as much as it’s an ESG disclosure. So who better to say, “If these values are what matter most to our business, then we need to cultivate the following ESG processes and metrics to hold ourselves to that” than the ethics and compliance officer?