Today’s sustainability is tomorrow’s compliance. And risk is ever present.
Compliance, risk management, and corporate sustainability have traditionally been viewed as three distinct disciplines. They are also, however, naturally related. For example, while corporate sustainability programs strive to have a positive social and environmental impact, at their foundation they involve complying with laws and mitigating risks.
Today, there is a need for greater alignment of these three areas. Events such as the COVID-19 pandemic and the war in Ukraine have underscored the importance of bringing compliance, risk management, and sustainability to the table to develop responses that reflect each area’s distinct, but complementary, capabilities and perspectives. Moreover, companies’ increased focus on environmental, social & governance (ESG) issues, as well as their heightened attention to the long-term welfare of multiple stakeholders, has meant that the concept of sustainability is now being integrated more deeply across companies, including the compliance and risk management functions.[1] Companies are therefore seeking ways in which they can make collaboration among these three areas easier and more effective.
In February 2022, The Conference Board ESG Center held a Chatham House Rule convening to discuss how companies can increase alignment among compliance, risk management, and sustainability without compromising each discipline’s unique attributes; how to improve the board’s involvement in each area; and how to communicate more effectively, both internally and externally.
The discussion with over 160 executives, along with a survey of over 120 executives, generated the following insights.
Insights for What’s Ahead
- Aiming for collaboration and alignment among compliance, risk management, and sustainability programs makes more sense than a full integration. Convergence is already underway, driven by the need to bring these three areas together to address complex challenges such as climate change, supply chain disruptions, and human capital management (“HCM”), including diversity, equity and inclusion. As companies’ focus on sustainability grows, so does the natural intersection of these areas. Many companies are adjusting their organizational structures to make collaboration easier; e.g., by having an executive oversee two or all three areas. At the same time, it’s important to recognize the distinctions among these disciplines. For example, it’s critical for compliance to maintain its independent control function and for risk management to provide an objective assessment of business initiatives. Companies may therefore want to focus not on full-blown integration, but on analyzing the priorities of each area and where they intersect.
- Sustainability, the newest of the three corporate disciplines, may benefit the most from greater collaboration. Compliance not only sets the baseline for a sustainability program, but also provides a good model for sustainability programs. A robust compliance program typically has senior management support, an accountable leader, training, sufficient resources, integration with corporate culture, and periodic evaluations. Similarly, risk management brings skills and tools that can be applied to risks related to ESG issues. At the same time, compliance and risk management can benefit from the “multistakeholder” approach that is often the defining trait of the sustainability team. Companies can evaluate their compliance and risk management programs through the lens of how those two programs impact a broad range of stakeholders.
- Boards should ensure that sustainability, risk management, and compliance are incorporated into the company’s business strategy—and that they are able to oversee sustainability as effectively as they do the other two areas. According to our survey, executives believe their boards are doing a good job of overseeing risk management and compliance but are lagging when it comes to sustainability. For its part, management should ensure that the information going to the board on sustainability is of the same quality and frequency as that provided on risk management and compliance. The board can also form a task force or subcommittee composed of a representative from each of the board’s standing committees to work with management in assessing the way the board oversees sustainability issues, which may result in the allocation of responsibilities among the existing board committees or, increasingly, the establishment of a new committee to oversee the company’s initiatives relating to environmental, human capital, and other social issues.
- Internal and external communications can be improved by adapting best practices from each of the three areas. Compliance does the best job of communicating internally; sustainability externally. As companies already do with compliance programs, they can supplement top-down messages on sustainability and risk management with training and learning opportunities. Companies typically use multiple outlets to communicate about sustainability matters with external constituencies. They should consider discussing all three areas in communications vehicles such as proxy statements, including highlighting how the three areas work together to achieve the company’s objectives.
- Small companies can learn from large companies—and vice versa. Our survey indicates that larger companies are further along on their sustainability journey than their smaller counterparts, and that boards at larger companies are more engaged on sustainability—resulting in greater alignment among the three areas. But small can be beautiful. According to our survey, compliance and risk management are more aligned at smaller companies, which may reflect smaller staffs and less bureaucracy. A lesson from smaller companies is that as companies add more staff to each area, it can be helpful to recruit individuals who are cross-trained, and to make collaboration part of each job description.
Today’s sustainability is tomorrow’s compliance. And risk is ever present.
Compliance, risk management, and corporate sustainability have traditionally been viewed as three distinct disciplines. They are also, however, naturally related. For example, while corporate sustainability programs strive to have a positive social and environmental impact, at their foundation they involve complying with laws and mitigating risks.
Today, there is a need for greater alignment of these three areas. Events such as the COVID-19 pandemic and the war in Ukraine have underscored the importance of bringing compliance, risk management, and sustainability to the table to develop responses that reflect each area’s distinct, but complementary, capabilities and perspectives. Moreover, companies’ increased focus on environmental, social & governance (ESG) issues, as well as their heightened attention to the long-term welfare of multiple stakeholders, has meant that the concept of sustainability is now being integrated more deeply across companies, including the compliance and risk management functions.[1] Companies are therefore seeking ways in which they can make collaboration among these three areas easier and more effective.
In February 2022, The Conference Board ESG Center held a Chatham House Rule convening to discuss how companies can increase alignment among compliance, risk management, and sustainability without compromising each discipline’s unique attributes; how to improve the board’s involvement in each area; and how to communicate more effectively, both internally and externally.
The discussion with over 160 executives, along with a survey of over 120 executives, generated the following insights.
Insights for What’s Ahead
- Aiming for collaboration and alignment among compliance, risk management, and sustainability programs makes more sense than a full integration. Convergence is already underway, driven by the need to bring these three areas together to address complex challenges such as climate change, supply chain disruptions, and human capital management (“HCM”), including diversity, equity and inclusion. As companies’ focus on sustainability grows, so does the natural intersection of these areas. Many companies are adjusting their organizational structures to make collaboration easier; e.g., by having an executive oversee two or all three areas. At the same time, it’s important to recognize the distinctions among these disciplines. For example, it’s critical for compliance to maintain its independent control function and for risk management to provide an objective assessment of business initiatives. Companies may therefore want to focus not on full-blown integration, but on analyzing the priorities of each area and where they intersect.
- Sustainability, the newest of the three corporate disciplines, may benefit the most from greater collaboration. Compliance not only sets the baseline for a sustainability program, but also provides a good model for sustainability programs. A robust compliance program typically has senior management support, an accountable leader, training, sufficient resources, integration with corporate culture, and periodic evaluations. Similarly, risk management brings skills and tools that can be applied to risks related to ESG issues. At the same time, compliance and risk management can benefit from the “multistakeholder” approach that is often the defining trait of the sustainability team. Companies can evaluate their compliance and risk management programs through the lens of how those two programs impact a broad range of stakeholders.
- Boards should ensure that sustainability, risk management, and compliance are incorporated into the company’s business strategy—and that they are able to oversee sustainability as effectively as they do the other two areas. According to our survey, executives believe their boards are doing a good job of overseeing risk management and compliance but are lagging when it comes to sustainability. For its part, management should ensure that the information going to the board on sustainability is of the same quality and frequency as that provided on risk management and compliance. The board can also form a task force or subcommittee composed of a representative from each of the board’s standing committees to work with management in assessing the way the board oversees sustainability issues, which may result in the allocation of responsibilities among the existing board committees or, increasingly, the establishment of a new committee to oversee the company’s initiatives relating to environmental, human capital, and other social issues.
- Internal and external communications can be improved by adapting best practices from each of the three areas. Compliance does the best job of communicating internally; sustainability externally. As companies already do with compliance programs, they can supplement top-down messages on sustainability and risk management with training and learning opportunities. Companies typically use multiple outlets to communicate about sustainability matters with external constituencies. They should consider discussing all three areas in communications vehicles such as proxy statements, including highlighting how the three areas work together to achieve the company’s objectives.
- Small companies can learn from large companies—and vice versa. Our survey indicates that larger companies are further along on their sustainability journey than their smaller counterparts, and that boards at larger companies are more engaged on sustainability—resulting in greater alignment among the three areas. But small can be beautiful. According to our survey, compliance and risk management are more aligned at smaller companies, which may reflect smaller staffs and less bureaucracy. A lesson from smaller companies is that as companies add more staff to each area, it can be helpful to recruit individuals who are cross-trained, and to make collaboration part of each job description.