As third-party risk management (TPRM) continues to evolve, one of the most pressing concerns for organizations today is integrating environmental, social, and governance (ESG) considerations into their TPRM strategies. ESG frameworks have rapidly transitioned from a niche interest to a critical risk management component, driving supply chain transparency and accountability. For TPRM professionals, understanding and utilizing the right ESG frameworks can be a game-changer, helping to mitigate risks, enhance stakeholder trust, and contribute to sustainable business practices.
In this blog, we’ll explore ESG frameworks, why they matter in TPRM, how to select the proper framework for your organization, and how to prepare for future ESG trends.
ESG frameworks are structured guidelines designed to help organizations disclose data related to their environmental controls, social practices, and governance structures. These frameworks provide a blueprint for measuring and reporting a company's sustainability and ethical impact. Developed by various organizations, including NGOs, governments, and business groups, ESG frameworks outline the controls companies should establish, the metrics to track, the reporting format, and the frequency of disclosures.
ESG frameworks are significant because they can standardize how companies report on critical sustainability issues, making it easier for stakeholders, including investors, regulators, and consumers, to assess and compare different organizations' ESG performance. Some frameworks are voluntary, giving companies flexibility in reporting, while others are mandated by governments and require strict compliance.
The integration of ESG considerations into third-party risk management is no longer optional. As stakeholders increasingly demand transparency in corporate practices, organizations are under pressure to report their internal ESG performance and the sustainability practices of their suppliers and other third parties.
For TPRM professionals, ESG reporting and monitoring is crucial because it provides a holistic view of the risks associated with third-party relationships. These risks can range from environmental concerns, such as a supplier’s carbon footprint, to social issues, like labor practices in the supply chain, and governance challenges, including ethical business conduct. By incorporating ESG frameworks into TPRM, organizations can identify and mitigate these risks, ensuring that their third-party relationships align with their broader sustainability goals and don’t invite reputational concerns.
Moreover, failure to consider ESG risks in TPRM can have significant consequences. Companies that neglect ESG factors may face shareholder actions, loss of consumer trust, regulatory penalties, and even divestment by asset managers. On the other hand, organizations that proactively manage ESG risks can strengthen their brand reputation, enhance operational resilience, and secure long-term business success.
There are several widely recognized ESG reporting frameworks, each with strengths and focus areas. These frameworks provide the guidelines and metrics for assessing and managing ESG risks within your third-party network. Here’s a closer look at some of the most common ones:
Carbon Disclosure Project (CDP): The CDP is a benchmark framework focusing on environmental governance and policy, risks and opportunity management, and environmental targets. It offers detailed questionnaires on climate change, water, and forests, which accredited partners score. The CDP is particularly valuable for organizations looking to improve transparency and accountability in their environmental and sustainability practices.
For TPRM, the CDP can help in evaluating suppliers' environmental performance, especially those with significant carbon footprints or resource-intensive operations. Incorporating CDP requirements into your vendor assessment and monitoring processes can help meet regulatory and stakeholder demands for sustainable supply chain practices while potentially decreasing the overall environmental impact.
International Financial Reporting Standards (IFRS) Sustainability Disclosure Standards: The IFRS Sustainability Disclosure Standards, released in June 2023 by the International Sustainability Standards Board (ISSB), provide a global framework for companies to report sustainability-related ESG data to investors. These standards, which build on the earlier SASB Standards, focus on general sustainability disclosures and specific climate-related risks and opportunities. The ISSB is also exploring new standards for biodiversity and human capital disclosures, covering both a company’s workforce and its suppliers.
In the context of TPRM, these standards are helpful in evaluating third-party risks by providing consistent and comparable ESG data across industries. For example, a company in the manufacturing sector might use the IFRS SDS to assess the environmental risks associated with its suppliers. At the same time, a financial institution could focus on governance and compliance risks within its third-party network. By aligning with globally recognized standards, TPRM programs can better identify and mitigate potential ESG risks from suppliers and partners, enhancing transparency, reducing disruptions, and protecting the organization’s reputation and financial performance.
Global Reporting Initiative (GRI): The GRI is one of the most widely used voluntary ESG frameworks. It provides comprehensive standards for reporting on economic, environmental, and social issues. The GRI’s modular structure allows organizations to choose the standards most relevant to their material topics, making it a flexible and widely applicable framework. It encourages transparency across the supply chain, ensuring suppliers adhere to high standards in labor practices, environmental stewardship, and anti-corruption efforts. This can help organizations mitigate risks related to unethical practices or environmental non-compliance within their third-party network.
Task Force on Climate-related Financial Disclosures (TCFD): The TCFD was explicitly designed to address climate risks and their impact on financial performance. It focuses on governance, strategy, risk management, and metrics related to climate risks. For TPRM, this is particularly important for identifying climate-related risks within the supply chain, such as the physical risks associated with climate change, or the transition risks related to regulatory changes.
By adopting TCFD recommendations, organizations can systematically evaluate the climate resilience of their third-party vendors. This ensures suppliers can manage climate-related risks, reducing the likelihood of supply chain disruptions and protecting the organization’s financial stability.
EU Corporate Sustainability Reporting Directive (CSRD): The CSRD is a regulatory framework developed by the European Union. It requires organizations to report on various sustainability topics, including environmental and social issues. The CSRD emphasizes double materiality, requiring companies to consider financial and societal impacts in their reporting. This framework is mandatory for organizations operating in the EU and is expected to impact thousands of companies worldwide.
Organizations subject to CSRD must ensure that their third-party vendors comply with stringent sustainability reporting requirements. This enhances transparency and accountability within the supply chain, helping organizations manage risks related to non-compliance and ensuring alignment with EU regulations.
ISO 26000 (Guidance on Social Responsibility): ISO 26000 provides guidelines on social responsibility, covering areas such as human rights, labor practices, the environment, fair operating practices, consumer issues, and community involvement. These standards are particularly relevant when monitoring and mitigating supplier reputational risks.
Additionally, ISO is currently developing more comprehensive ESG guidelines to complement and integrate with existing ESG reporting frameworks and “facilitate global harmonization and alignment on ESG principles and approaches.”
National Greenhouse and Energy Reporting (NGER): NGER is Australia’s national framework for reporting on greenhouse gas emissions and energy consumption. It requires organizations to disclose detailed data on their emissions and energy use, making it a critical tool for companies looking to reduce their carbon footprint and comply with Australian regulations. It requires reporting across the extended supply chain for organizations that have authority over operating policies, health and safety policies, and environmental policies of third-party vendors or suppliers.
Align Your TPRM Program with Expanding ESG Regulations
Download this guide to review current and future ESG standards and legislation, and learn how to prepare your TPRM program for compliance.
ESG ratings agencies play a crucial role in evaluating and scoring a company’s ESG performance. These ratings objectively assess an organization’s sustainability efforts, helping stakeholders make informed decisions about investments, partnerships, and other business relationships.
Sustainalytics: Sustainalytics is a global ESG research and ratings provider that offers assessments of ESG risks across various industries. In TPRM, Sustainalytics ratings can be used to evaluate the ESG performance of third-party vendors, particularly in terms of risk management and industry-specific ESG challenges such as sustainability.
ENERGY STAR®: ENERGY STAR® is a U.S.-based energy rating system that benchmarks the energy efficiency of commercial buildings. It compares a building’s performance against similar buildings nationwide, providing a score that reflects its energy efficiency. This rating system is particularly valuable for organizations in the real estate sector looking to improve their energy performance and reduce costs.
Dow Jones Sustainability Indices (DJSI): The DJSI tracks the performance of leading companies in terms of economic, environmental, and social criteria. It uses the Corporate Sustainability Assessment (CSA) questionnaire to score companies across various industries, providing investors with a comprehensive view of their sustainability performance. The DJSI is widely recognized as a benchmark for sustainability performance, making it a key tool for organizations aiming to attract ESG-conscious investors.
Look for ESG solutions with comprehensive assessment and monitoring capabilities, including built-in sustainability ratings, ESG scoring, and ESG reporting such as Scope 1, 2 and 3 Emissions Reporting and EVIC reporting.
How Does ESG Fit Into Your TPRM Program?
Our 14-page guide shares a best practices framework for incorporating ESG into your third-party risk management program.
Given the many options available, choosing the appropriate ESG framework for your organization requires a strategic and informed approach. The right framework will align with your organization’s overall objectives and enhance your ability to manage the ESG risks inherent in your third-party relationships. Here’s how to select the best ESG framework for your TPRM needs:
The first step in selecting an ESG framework is to assess where your organization can exert the most influence through its third-party network. Conduct a materiality assessment to identify the ESG issues most relevant to your supply chain and third-party interactions. This assessment should focus on the areas where third-party risks could significantly impact your organization, whether through environmental concerns, social responsibilities, or governance practices.
For example, if your organization relies heavily on suppliers from regions with known labor issues, social factors like supply chain labor standards should be a priority. Similarly, if your third-party vendors significantly contribute to your carbon footprint, environmental factors such as emissions and waste management will be crucial. By identifying these key areas, you can choose ESG frameworks that address these risks, ensuring your third-party relationships are managed effectively and sustainably.
Double materiality is a particularly useful concept here. It requires you to assess materiality from two angles: financial materiality, which considers how third-party risks could affect your organization’s financial performance, and impact materiality, which examines the broader social and environmental impacts of your third-party operations. This dual perspective allows for a more comprehensive approach to ESG, ensuring that both internal and external risks are managed across your third-party network.
Understanding the expectations of both internal and external stakeholders is crucial when integrating ESG frameworks into your TPRM strategy. Different stakeholders may have varying priorities regarding ESG, and these priorities should guide your selection process.
For example, investors and boards might prefer reporting frameworks like the Task Force on Climate-related Financial Disclosures (TCFD) or the Sustainability Accounting Standards Board (SASB), which provide clear guidelines on financial materiality and climate risks. On the other hand, consumers and employees may resonate more with frameworks like the United Nations Sustainable Development Goals (UN SDGs), which emphasize broader social and environmental outcomes. In TPRM, this could translate to ensuring that your third-party vendors adhere to ethical labor practices or contribute positively to community development.
Internal stakeholders such as risk management, compliance, procurement, and HR teams also have specific needs regarding ESG data. Risk and compliance teams might focus on governance issues within third-party contracts, while procurement teams are interested in suppliers' environmental and social performance and potential supply chain risks. Understanding these diverse needs can help ensure the chosen ESG framework aligns with your organization’s overall risk management strategy.
Geographical considerations are essential in TPRM, as third-party risks vary significantly by region. Some ESG frameworks are region-specific due to local regulatory requirements, making them mandatory for companies operating in those areas.
For example, the European Union’s Corporate Sustainability Reporting Directive (CSRD) requires detailed sustainability disclosures from companies operating within the EU, including their third-party engagements. Similarly, Australia’s National Greenhouse and Energy Reporting (NGER) framework mandates reporting on greenhouse gas emissions and energy consumption, which could be directly relevant to your third-party suppliers in that region.
If your organization operates globally or has suppliers in multiple regions, you may need to comply with several regulatory frameworks. In such cases, it is crucial to select ESG frameworks recognized across these jurisdictions and comprehensively address the regional risks associated with your third-party network.
Specific industries have well-established ESG frameworks that are particularly relevant to their risk profiles. Understanding the sector-specific risks within your third-party network can help you select the most appropriate framework.
For example, the Global Real Estate Sustainability Benchmark (GRESB) is widely used in the real estate sector to assess the sustainability performance of real estate and infrastructure portfolios. If your organization operates within this sector or relies heavily on third-party vendors who do, GRESB can provide valuable insights into the sustainability practices of your third-party partners.
Reviewing the ESG reporting practices of your industry peers can also provide guidance. Many ESG frameworks offer sector-specific guidance, making aligning your TPRM reporting with industry standards easier. This can be particularly useful for benchmarking the ESG performance of your third-party vendors against industry norms.
Finally, it’s essential to consider the specific ESG metrics that each framework emphasizes and how these align with your TPRM objectives. Different frameworks prioritize various aspects of ESG, such as environmental metrics like carbon emissions and waste management, social metrics like labor practices and diversity, and governance metrics like ethical business conduct and board composition.
For TPRM, selecting a framework that covers the key ESG risks associated with your third-party relationships is critical. For example, if your supply chain significantly contributes to your overall environmental impact, choosing a framework that strongly emphasizes environmental metrics is vital. Similarly, if social factors like labor standards and human rights are significant concerns in your third-party network, you’ll want a framework that provides robust coverage.
If your organization reports to multiple ESG frameworks, selecting those with overlapping metrics can streamline your reporting processes and reduce the burden on your TPRM team. Look for solutions with breadth and depth to map assessments across overlapping frameworks and regulations automatically. This approach allows you to efficiently manage ESG data while ensuring comprehensive coverage of all relevant third-party risks.
As ESG reporting continues to evolve, organizations must stay ahead of emerging trends and regulatory changes to maintain compliance and enhance their sustainability performance.
Artificial intelligence (AI) is increasingly used to analyze large volumes of ESG data, providing more accurate and insightful reporting. AI-driven tools can sift through data to identify patterns, benchmark performance, and generate predictive insights, helping organizations improve their ESG reporting. However, AI also presents challenges, such as the potential for bias in data analysis and concerns about data privacy.
The ESG reporting landscape is increasingly becoming harmonized, with regulatory bodies pushing for standardized ESG disclosures globally. For example, the U.S. Securities and Exchange Commission (SEC) has proposed mandatory ESG disclosures modeled on the TCFD framework. Similarly, the EU’s sustainable finance regulations, including the CSRD and SFDR, are setting new standards for ESG reporting.
As ESG considerations become central to business operations and governments continue to pursue ESG regulations, now is the time to make sure your third parties stack up. The Prevalent Third-Party Risk Management Platform centralizes ESG monitoring data and correlates it with the results of questionnaire-based ESG risk assessments to standardize and simplify compliance reporting across your supply chain. The Prevalent platform:
To learn how Prevalent can help you streamline ESG assessments, reporting, and compliance, visit our ESG solutions page or request a demo today.
2025 promises to be a consequential year for third-party risk management. Read our top TPRM predictions...
12/12/2024
Learn how a third-party risk management (TPRM) policy can protect your organization from vendor-related risks.
11/08/2024
Follow these 7 steps for more secure and efficient offboarding when third-party relationships are terminated.
10/17/2024