The hottest three letters in the corporate world are “ESG.” 

Environmental.

Social.

Governance.

As compliance vendors fall all over themselves setting up workshops and webinars to explain what each letter means, there is very little information about who should take on this new blended responsibility in companies. No one has a degree specifically in ESG (yet). In most companies, no singular function has been tasked with managing these new initiatives.

Since few companies are hiring new people to run ESG, the question becomes which person or department should oversee it?

Well, a survey found that 64% said compliance must tackle the issue while only 12% described sustainability as not a compliance issue

The answer: compliance should take lead. But why? Well because compliance:

• knows how to create the framework

• already reports to the board and handles governance

• has always worked cross-functionally

• already runs third-party due diligence

• already handles code violations/investigations

• is used to high-stakes problems

Let’s look at each reason in detail as we build the case that compliance should be the home of ESG initiatives…

Compliance knows how to create the framework

The US Federal Sentencing Guidelines sets out the seven elements of an effective compliance program, which it just so happens can be used incredibly effectively to create an ESG framework. 

While there are many standards for ESG out there, e.g., Sustainability Accounting Standards Board (SASB), the standards don’t typically explain how to create a program to meet the standards. For example, SASB states that its framework “sets out the basic concepts, principles, definitions, and objectives that guide SASB in its approach to setting standards for sustainability accounting; it provides an overview of sustainability accounting, describing its objectives and audience.”

The standards help companies to set their ESG goals and identify areas that should be tracked based on industry but don’t describe how corporations can create the structure to meet them.

Compliance officers know how to do this; create policies and procedures, give training where necessary, send communications, create metrics and measurements, apply third-party and employee due diligence, report to the board/management on the initiative, perform investigations and apply discipline where required. These are all activities that the compliance team does all day long!

Compliance already reports to the board and handles governance

A compelling reason compliance should be tasked with ESG is because compliance is already in the boardroom (or at least, it should be according to mountains of regulatory guidance and statements from the US Department of Justice). Compliance already reports to the board about new laws, regulatory trends, investigations data, and more, and so adding ESG elements would be the natural evolution of the current remit of the Compliance Officer with respect to board engagement and reporting.

Additionally, in many compliance programs, compliance manages governance or is involved in corporate governance. Compliance officers are expected to have relationships with board members and are frequently included in non-executive sessions. Therefore, expanding these to include ESG just makes sense.

Compliance has always worked cross-functionally

Compliance has always been tasked with cross-functional work. Whether instituting training or getting the business on board with the due diligence program, compliance’s job has always involved getting other functions to work with them to facilitate the compliance program.

Recently, new laws have come about intensifying this trend. The European General Data Protection Regulation (GDPR) and new state laws in the US have created the need for cross-functional participation to comply with data privacy regulations, for example:

• Compliance is frequently tasked with managing data privacy issues.

• Compliance works with Information Technology, Information Security, Legal, HR, and others to ensure compliance with these laws.

• Compliance with modern slavery laws is frequently assigned to compliance to manage, as are conflict mineral laws and others requiring a cross-functional approach.

Because of Compliance’s experience running multi-functional teams to comply with these types of laws, Compliance is uniquely situated to take over the ESG program and to run it similarly to the ways it runs programs to comply with complex laws.

Compliance already runs third-party due diligence

Most ESG frameworks have a strong focus on third-party relationships. This includes requiring third parties to fill out supplier questionnaires, sign onto Supplier Codes of Conduct, sign attestations, fill out due diligence questionnaires, and report on their environmental and social activities.

In most companies, compliance owns the anti-bribery third-party due diligence process, which means it is uniquely situated to expand that process to include ESG-related third-party due diligence into its remit.

Adverse media searches can be expanded to include terms relating to environmental and social issues. Enhanced due diligence can be applied to higher-risk third parties using existing third-party management processes and technology. Compliance is already doing this work, so expanding it will be a much easier answer than setting up brand new systems to manage ESG risk.

Compliance already handles code violations/investigations

In most companies, whistleblower hotline calls and reports of violations of the Code of Conduct are routed through compliance. Many calls relate to HR issues that are included in the social remit of ESG. These include discrimination (diversity/inclusion), bullying, and harassment.  There may also be reports of health, safety, and environmental misconduct.

Compliance departments typically handle investigations. Even where the investigations are handed to another department to execute - say HR or Audit – compliance still typically oversees the investigation and case management software to ensure that the cases are closed out. Thus, once again, compliance is the hub of activity affecting ESG priorities.

Compliance is used to high-stakes problems

Compliance officers are used to high-stakes situations. From handling bribery concerns to regulatory investigations, they know how to manage the potential for large fines and reputational damage. To a very real degree, compliance already handles higher-risk activities than most ESG initiatives. Should a disaster strike, compliance is ready!

ESG initiatives are an important area of growth for companies. Holding companies responsible and accountable for their management of environmental, social and governance concerns is a noble undertaking. Because of compliance officers’ unique skillset and pre-existing responsibilities, compliance is the best place for ESG to sit in any organization.