Managing ESG Risk in the Supply Chain

​​​​​​Environmental, social, and governance risks are changing how businesses operate. Prompted by customers, investors, and regulators - business managers need ways to identify and address ESG risks in their offerings, operations, and supply chains.  
 
A major challenge for these leaders is that ESG encompasses a broad set of risks, including greenhouse gas emissions reduction, water security, preservation of biodiversity, conflict minerals, human rights and labor standards, diversity and inclusion, cybersecurity, and more.
 
If that wasn’t enough, identifying and managing these risks in the supply chain requires a high degree of collaboration with suppliers, verification of reported data, and, in some cases, third-party inspections of goods and locations.
 
The good news is that many businesses are not starting from scratch when it comes to managing these risks. They can leverage their existing capabilities for third-party risk and business continuity management to help get the job done efficiently.
 
Leverage Risk Management Capabilities for ESG
 
Third-party risk management (TPRM) addresses the risk exposures from outside parties, including suppliers, vendors, and contractors performing services or activities for your business. 
 
ESG and TPRM often overlap in the areas of human rights and labor standards, conflict minerals management, and product safety and quality testing. Many businesses have mature capabilities for managing and reporting on these requirements, which have been part of responsible supply-chain operations for decades in manufacturing in apparel and textiles, food and beverage, consumer goods, metals and mining, and other industries. 
 
The legal and procurement organizations in many businesses are aware of risk exposure presented by third parties and have processes to address it through contracting, ongoing monitoring, and obligation management. 
 
Business continuity management (BCM) is another important and complementary capability for ESG. BCM establishes policies and processes to prevent disruption in business-critical operations and help re-establish functions rapidly in the event of an interruption. 
 
According to a recent survey of 1,000 global companies, supply-chain disruptions are considered the single biggest threat to companies’ revenue streams. Risk and resilience functions within organizations provide the capabilities to identify and prioritize responses to extreme weather, floods, fires, social unrest, armed conflicts, cyberattacks, and other external threats. 
 
These internal partners can identify the business’ exposure to climate-transition risks and provide the transparency that investors — and increasingly regulators — require about a business’s operations and forward-looking strategy.
 
ESG has Expanded Risk Management Requirements
 
ESG has introduced new requirements for climate-related disclosures and supply-chain resilience for large businesses. Some of the important new regulations, both in effect and planned, are listed here, but it’s important to note this list is not exhaustive.
 
In 2021, the European Union (EU) mandated reporting under the Sustainable Financial Disclosure Regulation and then added to corporate disclosure requirements with the Taxonomy Regulation in 2022.
 
The German Supply Chain Diligence Act will go into force starting in January 2023. It requires companies with more than 3,000 employees to take appropriate measures to prevent or minimize risks related to human rights and the environment within their supply chains. 
 
The EU plans similar regulation with the Corporate Sustainability Due Diligence Directive that addresses ESG risks in a business's operations and end-to-end supply chains, including:

- Human rights issues, such as trade union matters, labor rights, and social protection of vulnerable people 
- Environmental diligence, such as handling of waste, use of natural resources, pollution, deforestation, and emissions 
- Good governance practices to prevent corruption and undue influence
 
The EU will also require auditing of reported information.
 
In the US, the Securities Exchange Commission (SEC) announced new proposals in 2022 for all public companies to report their climate transition strategies and impacts.  Scope 3 emissions disclosure also will be required for large public companies. Under the proposal, a company’s emissions reporting must be reviewed by outside auditors.
 
Also in 2022, the US’s Uyghur Forced Labor Prevention Act went into effect. This requires businesses to prove that goods produced in China’s Xinjiang Uyghur Autonomous Region (XUAR) were not made by forced labor and are allowed to enter the US.
 
The climate-related reporting requirements are significant. The SEC estimates the cost of reporting and disclosure for a typical large organization to be $640,000 for the first year and $530,0001 annually thereafter. The costs are even higher for businesses that operate in multiple regions outside the US and have requirements from investors.
 
Managing ESG Risk in the Supply Chain
 
Supply chains are complex networks of businesses that span the globe. Conducting diligence in the supply chain is complicated by the number of trading partners and the dynamic nature of supply-chain relationships. 
 
Improving diligence and managing ESG risks in the supply chain is dependent on a set of core capabilities enabled by technology:
 
Gaining Visibility into Supply Chain Relationships

Mapping your business’s relationships with its suppliers and the goods and services they provide requires data from internal systems, such as enterprise resource planning (ERP) for vendor master data, purchase orders, and product master data. 
 
The mapping process can be complicated if your organization has multiple systems containing overlapping information. Technology can help by connecting data, tracing trading relationships, and updating any changes in status to prevent noncompliance issues.
 
Collecting Supply-Chain Data Efficiently

In the old days, businesses used email to collect data from suppliers. The problem is that it’s costly and slow. It also increases the likelihood of gaps in the information. What’s needed are capabilities that identify the needed information and automate how it's collected, including any necessary follow-up.
 
Suppliers can also range in size from very small to very large businesses. As a result, there are differences in their ability to provide the information that’s needed for ESG disclosure. Take for instance emissions reporting. Some large suppliers will report their Scope 1 and 2 emissions and have this information ready to provide. Small businesses, on the other hand, may be unaware of their carbon footprint and need detailed instructions on the data they need to share. 
 
Technology enables collaboration in the supply chain, making it efficient to exchange information with many partners quickly and easily. An extra benefit of collaboration technology is improving the quality of data for reporting by putting guardrails on their responses to detect mistakes and inaccurate information. 
 
Obtaining Data Assurance

Responsible supply chains use site inspections to provide assurance around human rights, labor conditions, and health and safety practices. Enabling inspectors, auditors, and testers with permissions to access data and provide verification is an important capability to meet a growing burden of proof required by regulators, investors, and customers to prevent greenwashing.
 
Collaborating On Supplier Performance

Almost every large business has supplier management capabilities. Collaborating internally with procurement and supply chain is key for managing ESG risks. 
 
Incorporating ESG performance measures in supplier contracts helps drive risk reduction and improve resilience. Benchmarking a supplier’s performance with its category peers helps facilitate continuous improvement, especially when it’s provided with educational resources that can increase understanding and elevate performance. 
 
Checklist for Managing ESG Risk in the Supply Chain

- Leverage internal partners in purchasing, vendor management, legal, and risk management to draw on existing processes and knowledge.
- Map trading relationships in the supply base to identify high-priority focus areas.
- Use technology to streamline collaboration and govern data capture for reporting.
- Benchmark suppliers on performance and ESG capabilities.
- Enable suppliers to improve performance with peer comparisons and knowledge resources.
- Increase the transparency of your organization using digital experiences for all your stakeholders.

For more about how technology can support ESG risk management in the supply chain, visit Riskonnect’s listing on the AppExchange. 
 
About the author: Elliott Yama is the Head of Product Marketing - ESG & Supply Chain Risk at Riskonnect. Yama’s focused on helping Riskonnect customers and alliance partners understand and manage enterprise risk more effectively. He has extensive experience in the areas of ESG and Supply Chain risk and has worked for 12 years in the Salesforce independent software vendor (ISV) ecosystem.
 
*1 https://www.sec.gov/rules/proposed/2022/33-11042.pdf