The Role of Third-Party Risk Management in ESG Compliance

Businesses today are being held to new standards, thanks in large part to the rise of environmental, social, and governance (ESG) frameworks that focus on long-term sustainability, ethical choices, and other forward-thinking initiatives.

It’s not uncommon for a business to experience extreme reputational damage when it willingly or inadvertently violates key aspects of the ESG framework. After all, businesses have profound impacts on their communities and must be held responsible for how they operate and how they change the lives of those around them.

You might have heard acronyms like GRC (governance, risk and compliance) or ESG if you’ve worked in a legal compliance department before. The latter has received exceptional attention, attracting over $330 billion in funding by September 2021 in the U.S. alone.

But what is ESG or GRC? To clear up the nature of corporate compliance, let’s define these terms and discuss where third-party risk management comes into play.

In general, we want to focus on an ESG strategy, but it’s worth talking about its predecessor, the GRC framework. GRC stands for:

• Governance: The way an organization is governed (i.e. directed and controlled).
• Risk: Obstacles to achieving the business’s objectives and possible incidents that can cause loss.
• Compliance: The adherence to legal guidelines which is important for avoiding penalties and fines. Noncompliance also makes your brand seem untrustworthy in the eyes of business partners and customers.

GRC is well-known to help organizations improve their decision-making processes and knock down barriers among departments for a less fragmented and more streamlined workflow.

But before we get ahead of ourselves, keep in mind that the real target should be developing ESG initiatives. ESG can be considered the “next step” after GRC. The concept can be difficult to grasp mentally, let alone practically out in the field. ESG compliance can’t really be purchased as a service; rather, it’s the mechanism behind how we think and act at work.

What does ESG stand for? ESG is an umbrella term that covers Environmental and Social Governance.

• Environmental: Third-parties are usually the professional services you use for travel, electronics, real estate maintenance, and various other activities that have strong implications on your carbon footprint. Travel, for instance, is to do with greenhouse gas emissions.
• Social: Businesses today are using third-parties increasingly to outsource certain tasks and functions. Take for example a temporary workforce to address spikes in demand. These types of third-party outsourcing naturally have a strong social responsibility.
• Governance: It’s up to you to generate a code of conduct or a list of terms and conditions when you initiate a partnership. These terms are important for achieving a proper governance structure.

A pattern worth noting is that third-parties usually cover a large portion of these responsibilities, so third-party risk assessments – such as denied and restricted party screening of business and trading partners at home and abroad, new hires and existing staff, contractors, even seemingly innocuous visitors to your offices and other facilities – are a natural part of ensuring ESG compliance.

Now that we know the finish line, what’s the route? Developing an ESG compliance checklist is an excellent first step. You want to keep in mind the factors that contribute to each part of ESG.

Environmental compliance involves:

• The sourcing of raw materials
• Waste management and its impact on air, water, and other natural resources
• Shipping, packaging, and transportation
• Energy use, from power consumption to recycling efforts

Social compliance might include:

• Equal opportunity employment
• Focus on the customer
• Community initiatives

Governance includes:

• Data storage and security
• Management transparency
• Commitment from upper management on business ethics and values

Securing ESG funding and checking on the progress of the program through a comprehensive ESG auditing effort are important steps towards achieving the higher economic returns ESG-focused businesses often enjoy.

A large part of that effort is third-party risk management. You need to ensure the compliance of not only yourself but also any partners or client companies you work with, as it’s become clear that the government expects businesses to cover their own ESG responsibilities.

How can Descartes Help?

Descartes is a provider of an industry-leading suite of denied party screening and 3^rd party risk management solutions, including integration and Salesforce with minimal disruption, sometimes in under an hour.

Descartes Visual Compliance solutions are flexible and modular, allowing organizations to pick the specific and exact functionality and content they need for their particular compliance needs and scale up later as and when necessary.