This is the final blog in a 6-part series, the Diligent Master Class for CCOs (Chief Compliance Officers). Designed by CCOs who’ve built, scaled and run compliance programs for diverse industries across the globe, this is a one-of-a-kind program that provides actionable advice and frameworks for today’s compliance leaders. You may want to check out the previous blog in this series, Planning for and Responding to an Integrity Crisis.
In a dark corner of a central American country, a worker was badly injured on a subcontracted project for a European multinational.
Electrocuted by a faulty setup without the right equipment or supervision, it was a tragedy for the family. How did this happen, and how could the company prevent it from ever happening again?
The Emergence of an Integrity Crisis
The truth is that lots of small warning signs were apparent. The management was weak, incidents weren’t reported or tracked properly, and the culture lacked the rigor that one can simply feel when you walk into a well-run facility. Hindsight was 20/20. Other problems were swiftly uncovered, and a major clean-up began.
I would argue that integrity risk for organizations is fundamentally the same as it always has been — failing to treat individuals and society with respect. But this risk has been made more complex by globalization, technology and regulation over the past decades. Bridging the gap from the general (respect for people) to the specific (daily practices to protect people and follow the rules) is where things get complex.
We all tend to focus on risks that have materialized. But we do so at the expense of risks that are perhaps more likely or deserve more of our attention. I have been the Chief Compliance Officer (CCO) at several multinationals. I was brought in to address a deep-rooted problem or crisis in nearly all of them.
For example, at Norwegian multinational Yara, the company faced a corruption crisis reaching the very top of the organization. But as the corruption crisis eased, we could lift our gaze and see how all of our risk management work fitted together. It was no surprise that we had focused perhaps too much on managing corruption risks and needed to make changes.
ESG and Compliance
I started to build a human rights program in 2015, and in doing so, I revisited the origins of ethics and compliance. I concluded that if I could start over, I would have built a broader compliance program, tackling the whole array of environmental, social and governance (ESG) risks. That’s how I came to see ESG as the future of ethics and compliance.
Compliance started out as a matter primarily for lawyers, with most companies following a limited set of regulations and not looking too far beyond the black and white of the rulebook. But economists in the 1990s linked legal risks such as corruption to egregious social impacts, often in faraway places. Scandals on either side of the millennium reinforced the views of many that something needed to be done. What has ensued is a boom in legislation and many executives getting caught in a changing tide. It is against this backdrop that the role of the CCO has ballooned.
Implementing an ESG Framework
Many organizations have set lofty ‘branded’ ambitions around protecting people and the planet without matching commitments on the ground. The risks are made more complex as the world has changed and heavier scrutiny has been placed on organizations. The CCO has found itself front and center in tackling these risks.
So how do compliance functions start their journey towards this future? The first step to take is understanding your stakeholders’ perspectives. ESG means different things to different people, and you need to know how they are approaching the numerous topics within the field. For example:
- Investors are interested in long-term returns on capital. Companies that look after ESG risks should be safer investments in the long run.
- Governments need to address ESG risks as they impact security and politics.
- Corporates have begun to use ESG as a form of efficient, integrated risk management.
And finally, the public — all of us as individuals — have become far more conscious of ESG topics and insistent upon visible action. We want to see fundamental change.
The Three Pillars of ESG
Once you know your stakeholders’ views, you can build out your definition of what ESG means for your organization. There are three pillars:
- Environmental risks include broad topics like climate change, natural resources and the ambient environment. You can break each one of these into much more detail.
- Social risks include everything from human rights to health & safety and working together.
- Governance covers foundational responsibilities, business ethics and reporting.
Perhaps the most important aspect of your ESG work is to ensure good collaboration. Make sure colleagues positively perceive your work by communicating openly and ensuring good cross-functional involvement in key decisions. I recommend using a regular committee to share ideas and progress.
The Results of a Strong ESG Program
Eventually, you will begin to see the vast similarities between your ESG program and the work you’re familiar with from your compliance program. You set a management commitment, identify your risks, set policies and so on. It’s a well-trodden compliance roadmap, but it addresses a much broader set of issues.
“ESG” is going through a bit of a brand crisis, just like “CSR” and “Sustainability” have. But whether or not ESG emerges with the same title is beside the point. What matters is that organizations manage complex risks well and, in doing so, look after individuals and society like they should. In my view, ESG offers a pathway to achieving this most laudable of outcomes.
Ready to learn more? For in-depth information from CCOs for CCOs, download the Diligent Master Class for CCOs Toolkit. This toolkit provides actionable insights to bring your compliance program to the next level.
The Rising Tide of ESG – Navigating the Road Ahead
The Board's Role in Leading and Enabling GRC
Board and Executive Collaboration: Components of a Secure Platform for the Evolving Workplace
Ezekiel “Zeke” Ward advises companies on how to build and refresh best-in-class ESG, ethics and compliance programs. He has been SVP and Chief Compliance Officer at Volvo Group and Yara International. A lawyer by education, he is also a Fellow Chartered Accountant with a forensic background at PwC and KPMG.