ESG Risks

Guest Post by James Kline (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

In a previous CERM Insights I mention ESG (Environmental, Social, Governance) Risk. The U.S. and European governments are starting to stress ESG risk management. This article looks at the proposed ESG requirements of the Security and Exchange Commission (SEC), and the implication for quality management.

Security and Exchange Commission

The SEC was formed in the aftermath of the 1929 Wall Street crash. Its mission is to “protect investors, maintain fair, orderly and efficient markets and facilitate capital formation.” Consequently, the SEC has regulatory reporting powers over publicly traded companies. In accordance with these powers, the SEC recently released a fact sheet entitled “Enhancement and Standardization of Climate-Related Disclosures”.

The fact sheet provides background information on a proposed rule which will standardize reporting on climate related risks. It would require a domestic or foreign registered company to include certain climate- related information on its registration statements and periodic reports such as Form 10-K.

It is anticipated that the rule will be adopted by December 2022. The effective date will be fiscal year 2023.

Types of Information to be included in report

The fact sheet list ten examples of the type of information to be report on annually by a company. Five of them are listed below.

• How many climate-related risks identified by the registrant have had or are likely to have a material impact on it business and consolidated financial statements, which may manifest over the short-medium-or long-term.
• How many identified climate-related risk have affected or are likely to affect the registrant’s strategy, business model, and outlook.
• The registrant’s processes for identifying, assessing, and managing climate-related risks and whether any such processes are integrated into the registrant’s overall risk management system or processes.
• If the registrant uses scenario analysis to assess the resilience of its business strategy to climate-related risks, a description of the scenarios used, as well as the parameters, assumptions, analytical choices, and projected principal financial impacts.
• If the registrant has publicly set climate-related targets or goals, information about:

1. The scope of activities and emissions included in the target, the defined time horizon by which the target is intended to be achieved, and ay interim targets.
2. How the registrant intends to meet its climate-related targets.
3. Relevant data to indicate whether the registrant is making progress toward meeting the target or goal and how such progress has been achieved with updated each fiscal year. (1)

Observations

There are numerous comments and implications one can make with this respect to the proposed rule. Let me note a few. First, the rule is expected to go into effect in 2023. This is consistent with the Biden Administration climate change push. Second, it will affect all companies registered on the New York Stock Exchange and certainly influence the climate risk reporting of other companies internationally. Third the information to be disclosed is extensive. It would allow investors to compare environmental risks, mitigation activities and performance between companies. Lastly, while these requirements deal with climate – risks, the SEC is expected to require more risk reporting related to the Social and Governance side of ESG risks. Examples of areas likely to be covered on in Social and Governance categories are below.

Social

1. Inequalities
2. Diversity & Inclusion
3. Employee Relations
4. Health & Safety
5. Working Conditions

Governance

1. Executive Remuneration
2. Board Diversity and Structure
3. Donations and Political Lobbying
4. Bribery and Corruption
5. Policies and Standards

While Cyber Security is not normally included in the ESG risks, it will be important to all organizations public and private going forward. Thus, it should be considered a risk that will need to be managed along with the ESGs.

Implications

Given these observations there are several implications. First, for the private sector identifying, mitigating, and reporting on ESG risks will become increasingly important.  The impact will be international and cover most private sector companies in the long run. Second, while not specifically requiring in the climate-related risks, the SEC is pushing Enterprise Risk Management (ERM) by requiring that it be reported whether the climate-risk management is integrated into the registrant’s overall risk management system or processes.

ERM’s use will be particularly important as a way of identifying, managing, and mitigating the numerous risks, when ESG reporting goes beyond climate risks. Third, the requirement that the organization’s climate and other ESG metrics be reported annually, will allow companies to be compared. To the extent that investors see ESG risk as important, ESG risk management and mitigation efforts will be used as a way of differentiating among companies.  They may provide companies with a competitive advantage in terms of receiving favorable financing and attracting investors, the same way ISO 9001 certifications have in the past.

Finally, with respect to quality, the movement is toward risk management and away from quality being job one. The risk of a poor-quality product will increasingly be seen as just one of the numerous risks an organization must manage.

Endnotes

Security and Exchange Commission, 2022, Fact Sheet: Enhancement and Standardization of Climate-Related Disclosures, https://www.sec.gov/files/33-11042-fact-sheet.pdf

BIO:

James J. Kline is a Senior Member of ASQ, a Six Sigma Green Belt, a Manager of Quality/Organizational Excellence, and a Certified Enterprise Risk Manager.  He has work for federal, state, and local government. He has over ten year’s supervisory and managerial experience in both the public and private sector.  He has consulted on economic, quality and workforce development issues for state and local governments.  He has authored numerous articles on quality and risk management. His book “Enterprise Risk Management in Government: Implementing ISO 31000:2018” is available on Amazon.