ESG regulatory requirements seen as a growing source of risk

Regulatory risk related to environmental, social and governance disclosures has rapidly risen to the second in the list of senior executives concerns in Gartner’s latest emerging risks monitor report.

ESG regulatory requirements present organisations with both notable risks and opportunities, according to the survey of 153 senior executives in the second quarter of 2021. Matt Shinkman, vice president with the Gartner risk and audit practice, said: “The survey data partly reflect a global inflection point as ESG disclosures move from voluntary to required. The major move towards the top of executives’ concerns suggests many organisations might be playing catch-up to this incoming reality.”

ESG regulatory requirements moved into second position in Q2 2021 after not previously registering in the top five risks in Q1 2021, which still mostly reflected pandemic-related concerns. Cybersecurity control failures, last quarter’s top risk, remained as the top risk reported in the latest figures.

Investor pressure related to ESG disclosures is not a new concern for executives, but established regulatory frameworks are only just beginning to become effective in some jurisdictions. The UK has become the first country to require companies to report on climate change, with the EU adopting a universal classification system. Major Australian banks and insurers are publishing the first comprehensive climate change reporting framework. Gartner warns that organisations will likely be faced with a patchwork of requirements until clear global standards emerge.

Gartner points out that while ESG regulatory requirements present a challenge to executives and their organisations this year, unlike many other ‘high velocity’ risks, such as cybersecurity control failures, ESG is a slower moving risk. This presents proactive organisations and their enterprise risk management teams with the ability to turn this area of risk into an organisational opportunity.

“ESG can be a challenging and amorphous area for ERM teams to fully engage with,” said Shinkman. “With so much of the regulatory landscape yet to be written, ESG can present organisations and their ERM teams with opportunities related to being an early adopter in this space, potentially attracting new investors and ultimately reducing the cost of capital.”

Shinkman recommends that ERM teams coordinate across assurance functions and with the investor relations team to identify gaps in ESG-related risk management activities. Recent Gartner research highlighted one such example of a potential gap, showing that only 8% of referenced ESG metrics among S&P 500 companies related to governance concerns.

    Share Story:


Cyber risk in the transportation industry
The connected nature of the transport and logistics industries makes them an attractive target for hackers, with potentially disruptive and costly consequences. Between June 2020 and June 2021, the transportation industry saw an 186% increase in weekly ransomware attacks. At the same time, regulations and cyber security standards are lacking – creating weak postures across the board. This podcast explores the key risks. Published April 2022.

Political risk: A fresh perspective
CIR’s editor, Deborah Ritchie speaks with head of PCS at Verisk, Tom Johansmeyer about the confluence of political, nat cat and pandemic risks in a world that is becoming an increasingly risky place in which to do business. Published February 2022.