ESG regulatory requirements seen as a growing source of risk

Regulatory risk related to environmental, social and governance disclosures has rapidly risen to the second in the list of senior executives concerns in Gartner’s latest emerging risks monitor report.

ESG regulatory requirements present organisations with both notable risks and opportunities, according to the survey of 153 senior executives in the second quarter of 2021. Matt Shinkman, vice president with the Gartner risk and audit practice, said: “The survey data partly reflect a global inflection point as ESG disclosures move from voluntary to required. The major move towards the top of executives’ concerns suggests many organisations might be playing catch-up to this incoming reality.”

ESG regulatory requirements moved into second position in Q2 2021 after not previously registering in the top five risks in Q1 2021, which still mostly reflected pandemic-related concerns. Cybersecurity control failures, last quarter’s top risk, remained as the top risk reported in the latest figures.

Investor pressure related to ESG disclosures is not a new concern for executives, but established regulatory frameworks are only just beginning to become effective in some jurisdictions. The UK has become the first country to require companies to report on climate change, with the EU adopting a universal classification system. Major Australian banks and insurers are publishing the first comprehensive climate change reporting framework. Gartner warns that organisations will likely be faced with a patchwork of requirements until clear global standards emerge.

Gartner points out that while ESG regulatory requirements present a challenge to executives and their organisations this year, unlike many other ‘high velocity’ risks, such as cybersecurity control failures, ESG is a slower moving risk. This presents proactive organisations and their enterprise risk management teams with the ability to turn this area of risk into an organisational opportunity.

“ESG can be a challenging and amorphous area for ERM teams to fully engage with,” said Shinkman. “With so much of the regulatory landscape yet to be written, ESG can present organisations and their ERM teams with opportunities related to being an early adopter in this space, potentially attracting new investors and ultimately reducing the cost of capital.”

Shinkman recommends that ERM teams coordinate across assurance functions and with the investor relations team to identify gaps in ESG-related risk management activities. Recent Gartner research highlighted one such example of a potential gap, showing that only 8% of referenced ESG metrics among S&P 500 companies related to governance concerns.

    Share Story:

Recent Stories


Cyber physical risks
Property damage as a consequence of cyber attack is often excluded from standard property policies, but as the industrial internet of things expands, so too do the risks. This podcast examines the evolving threat landscape. Published October 2021

Financial institutions were early adopters of cyber security and insurance. Are they still on top of the game?
Managing huge amounts of sensitive data online makes financial institutions a prime target for hackers. As such, the sector was an early cohort for insurers in creating cyber cover. Since then, the market has evolved almost beyond recognition. It continues to challenge itself to this day, complying with rigorous regulatory demands and implementing avant-garde enhancements to keep abreast of the ever-changing risks. Published June 2021

Advertisement