By Todd Ehret
9 Min Read
NEW YORK(Thomson Reuters Regulatory Intelligence) - Compliance departments are tackling an expanding universe of responsibilities as environmental, social, and governance (ESG) issues and potential regulations have emerged as a critical priority within organizations.
The addition of ESG to the growing and complex list of compliance responsibilities including cybersecurity and data privacy have raised concerns with some compliance experts about “mission creep.” It has prompted questions about exactly where responsibility for a firm’s ESG efforts and commitments should lie.
Although the compliance department is undoubtedly well-equipped to perform many of the necessary functions surrounding ESG, such as policies-and-procedures oversight, training, testing, measurement, and surveillance, other areas of the organization must also play a significant role.
A challenge faced by compliance departments is that ESG concepts in financial services are still evolving and nebulous. Debate is active over standards for “environmental” and “social” considerations and how to define, benchmark and measure them. The “governance” element, however, should not be a challenge. It should be the starting point for firms in building a framework.
After all, governance issues are what compliance and related functions such as risk, legal, internal audit, accounting, and human resources (HR) are accustomed to, and generally pretty good at.
So where are companies placing the workload and responsibilities for ESG? It’s a good question, and the answer depends on several factors like the type, size, and objective of the organization. Below is an overview of some of the organizational questions and challenges firms face related to developing an ESG compliance framework.
What began many years ago as “socially responsible investing” where some investors began scrutinizing and restricting investments in companies like makers of alcohol, tobacco, gambling and weapons, or so-called “sin stocks,” has morphed in recent years into something different and eventually much bigger.
In 2006 the United Nations published the Principles for Responsible Investment(Link:here), where the focus broadened from sin stocks to other areas such as the environment, economic sustainability and social justice. The ESG movement has since gradually gathered momentum. In 2020, the COVID-19 pandemic, a heightened awareness of social and racial justice, and the presidential victory of Joe Biden created a perfect storm that has emphasized ESG and corporate responsibility at an unprecedented level.
With the Washington power shift to President Biden, regulators have now elevated ESG and related concerns to the top of their agendas. The U.S. Securities and Exchange Commission (SEC) under Commissioner Gary Gensler made clear that ESG was its top priority when it announced in June its rulemaking agenda for the coming year(Link:go-ri.tr.com/rb7292). Topping the list was, "Disclosure relating to climate risk, human capital, including workforce diversity and corporate board diversity, and cybersecurity risk."
Other regulatory bodies including the Office of the Comptroller of the Currency (Link:here) and the Federal Reserve have also emphasized various aspects of ESG, such as climate risk(Link:here).
Historically ESG was viewed as a set of specialty obligations primarily related to investment managers. However, it has expanded into many other areas of businesses, industries, and society in recent years. Firms are now approaching the ESG challenge by catching up and putting governance as the cornerstone of their effort.
There is no one-size-fits-all approach for organizations. Priorities, size, and business objectives shape how firms manage ESG commitments and thus their compliance and tracking of such obligations.
As ESG standards and potential regulatory frameworks are being debated what many see on the horizon is voluntary standards becoming mandatory. Many firms have begun to emphasize the importance of the buildout of a governance element first in anticipation of more precise standards and benchmarks coming from regulators.
Firms must have a governance or compliance plan ready for the inevitable new regulations. Hence, much of the ESG work is being delegated to the compliance department.
A recent blog published by Mike Volkov at the Volkov law group asked whether Chief Compliance Officers (CCOs) should take responsibility for the new ESG function(Link:here). The answer is a "resounding no," he wrote. "CCOs have enough responsibilities on their respective plates, and the last thing they need is to assume responsibility for a whole new set of tasks, controls, reporting obligations, and international ESG regulations mandating disclosure and substantive requirements," Volvkov wrote.
Volkov acknowledges that compliance departments and their leaders play an essential role in the company’s governance structure, and should hold a seat at the ESG table. But despite similarities in design and function between compliance and ESG programs, he said, “CCOs have to refuse the temptation, avoid the overwhelming responsibilities, and protect themselves from being dragged into such a significant challenge.”
Others said compliance must take charge of ESG issues.
David Curran, Chief Sustainability and ESG Officer at the law firm Paul Weiss told Regulatory Intelligence, “the natural place for ESG to reside is the compliance department. Compliance has systems-process software, GRC platforms and the like to deal with such obligations and commitments. The best place to track, measure, monitor, and report it is compliance, as it’s the only function within organizations that has enterprise-wide visibility and processes in place,” Curran said.
“At most larger firms, both banks and non-financial services companies, the office of the General Counsel is taking ownership of the ESG responsibility, but in most cases, compliance is playing the critical role and resides within that office reporting into the GC,” he said.
Similar to cyber and data privacy controls, compliance is the only place to handle the necessary testing, monitoring, measuring, and reporting obligations, since regulators have included these duties in new regulations.
Other ESG-related issues, including diversity, equity, and inclusion have historically been handled by HR departments. However, this is no longer the case, according to Curran. “Firms realize that it now needs to be overseen by the GC and the compliance departments because the risks of getting it wrong now are so significant,” he said.
Therefore, the challenge for companies is to match their business strategies and governance with the legal and non-legal compliance requirements relevant to ESG considerations.
An important message from Curran was that firms must demystify the process and focus on governance first. “Environmental and social are areas where people can be very emotional, so firms need to take the emotion out of it and focus on whatever your organization is committed to. Do you have a policy or procedure, and can you track, measure, monitor, and report on progress against that initiative?” he said.
Compliance and technology will play a vital role in the governance process. And, although the general counsel will likely bear ultimate responsibility, compliance will be tasked with much of the heavy lifting. Firms must also accept that there needs to be coordination and a tearing down of silos throughout organizations. Firms can no longer over promise and under deliver as lawmakers and regulators codify new regulations.
(Todd Ehret is a Senior Regulatory Intelligence Expert for Thomson Reuters Regulatory Intelligence, based in New York.)
*To read more by the Thomson Reuters Regulatory Intelligence team click here: bit.ly/TR-RegIntel
This article was produced by Thomson Reuters Regulatory Intelligence - bit.ly/TR-RegIntel - and initially posted on July 19. Regulatory Intelligence provides a single source for regulatory news, analysis, rules and developments, with global coverage of more than 400 regulators and exchanges. Follow Regulatory Intelligence compliance news on Twitter: @thomsonreuters
Our Standards: The Thomson Reuters Trust Principles.