ESG or E, S and G: A note for risk practitioners
Without doubt, environmental, social and governance (ESG) considerations are becoming increasingly important for organisations and their teams, with businesses being judged on their ESG performance. The catch-all acronym, however, which in reality combines three distinct and separate matters under one umbrella, tends to be misused and overused, creating a lexicon of ESG specialists, ESG departments and ESG risks. In fact, the Bank for International Settlement (BIS)’s paper on ‘Deconstructing ESG scores: how to invest with your own criteria’ highlights that it is nearly impossible to create a portfolio aligned with all three ESG values. Investors should separate and align their portfolios with either E, S or G factors.
Similarly, in risk management, where multiple regulatory authorities including the EBA require ESG risk management, the concept of ESG risks needs to be decomposed. Taking a closer look at each letter of the acronym, the climate and environmental – or the C&E component – is the cause of other risks materialising. In Operational risk management, this means that the traditional framework requires to be enriched with data on the causes of relevant risks and events. Did the flood in the data centre, supplier failure or ATM breakdown occur due to a human error or due to an excessive, heavier than usual rain? Risk professionals need to facilitate risk assessments, search for data and design models to estimate additional Operational risk consequences.
In turn the S – social aspect, refers to activities almost certainly already led by the corporate HR department. Topics such as diversity and inclusion and employee health and well-being in many organisations would be covered via policies, practices and monitoring dashboards implemented by HR. Internal risks arising out of the social factors require to be captured via departmental Risk and Control Self-Assessments (RCSAs).
Last but not least, the Governance – G aspect – would likely be embedded via Compliance and Ethics policies, such as anti-corruption, anti-fraud and fair practices. The Compliance department would likely issue monitoring reports on the status of embeddedness. The risks arising from the G-aspects would, similarly to S-factor risks, form part of the firm’s RCSAs.
In conclusion, there is a place and a very important role for the corporate ESG teams; it is in integrating those existing distinct E, S and G activities and their related risks. It is not in creating a standalone ESG framework to capture ESG risks. As much as we favour the acronyms in the corporate world, let’s aim to embed meaningful practices. As FT calls out, ‘ESG is a category error that needs unbundling’.