Risk managers have a critical role in boosting ESG performance. WTW’s John Merkovsky and Lisa Lipuma look at the practical tools, tactics and best practices they can deploy to deliver enhanced ESG risk management.

Environmental, social and governance (ESG) efforts are often led by sustainability, investor relations or people functions.

At the same time, risk managers are leaders and partners in helping organisations define and manage risks and opportunities relating to ESG, which is essentially a series of risks.

monitoring ESG

By measuring and managing ESG risks, risk managers can have a significant impact on factors influencing their organisations’ long-term success.

Some businesses are already embracing the role of the risk manager in progressing ESG. Half of the respondents to WTW’s latest ESG Global Risk Managers Survey said the risk management function was involved in their organisations’ ESG efforts.

What makes an ESG risk management expert?

Firstly, ESG is not one risk. It’s potentially more than 30 individual risks.

Managing them all effectively is not about being an expert in everything from decarbonisation, human rights and board diversity, to name just three ‘e,’ ‘s’ and ‘g’ risk drivers.

It’s about applying robust risk management frameworks, governance structures and deploying risk analytics, modelling and forecasting to systematically identify and manage these risks. Importantly, it’s about defining e, s, and g risks and opportunities highly specific to the business. 

“ESG is not one risk. It’s potentially more than 30 individual risks.”

We see addressing ESG as happening in parallel with the many other areas of risk and opportunity that shape the success of an organisation. In effect, dealing with ESG means extending a company’s existing risk workstreams.

While an organisation may want to call upon specialist expertise in specific areas, there’s nothing about ESG risks per se that puts them outside of being managed, for example, within a company’s existing enterprise risk management framework. 

Connecting ESG issues to risk management

It’s also worth remembering the three strands of ESG are already interwoven into the more established risk concerns for which a risk manager is already responsible.

For example, environmental risk touches physical climate risk, such as climate-related weather events like flood or drought on property damage and business interruption, but also workplace safety and environmental liability risks.

Social risks, meanwhile, speak to existing risk areas such as employee safety, product and employment practice liability.

“The three strands of ESG are already interwoven into the more established risk concerns for which a risk manager is already responsible.”

While through an ESG lens, existing governance risks extend to include cyber and the responsibilities of directors and officers to adapt strategy to a warming world and aligning remuneration with reaching climate goals.

‘E’, ‘S’, and ‘G’ are also not mutually exclusive. By addressing one issue, you’re likely to impact another, with interconnections once you start to interrogate each individual risk area.

Measure ESG risk to manage it

While half of respondents to WTW’s 2022 ESG survey said the risk management function was involved in their organisation’s ESG efforts, only 17% said they had documented targets with clear milestones for ESG risks.

We see this changing fast as risk managers are uniquely positioned to translate the letters E, S, and G into something relevant and actionable for the business. After all, risk professionals are well-placed to understand that what gets measured gets managed. 

There are a number of ways to define the variety of ESG risks and a range of metrics to measure where an organisation is at and where it wants to be. 

There are many ESG performance benchmarks and scores available.

“Risk managers are uniquely positioned to translate the letters E, S, and G into something relevant and actionable for the business”

There’s currently no single standard but some like the MSCI ESG Rating have a large following on the finance side, while companies like Aniline have interesting employee ESG insights and Polecat has ESG metrics tied to reputation risk. 

There is no one ‘right’ way for organisations to master ESG, but it is important to create a clear ESG measurement and reporting framework that connects to company priorities. Your priorities and the metrics you use to track your progress against them will depend on your business model and future growth plans. 

Whatever the most urgent ESG markers for your organisation, you can align these to the metrics that matter to the business, whether that’s financial resilience indicators, employee sentiment or corporate reputation, to name three measurable ESG indicators.

ESG risk management tools and tactics

There are many mechanisms a company can use to effectively manage ESG risks. You’re probably already doing some of them, even if you haven’t yet extended them to include ESG. Examples include:

  • Risk registers – A specific ESG risk register featuring the range of ESG risks pertinent to your organisation can ensure you’re systematically identifying and tracking them.
  • Risk mapping – You can identify the risks and opportunities around your ESG objectives using the same mapping techniques, such as analytics and modelling, you’re already using to interrogate other business objectives.
  • Prioritise areas for action – You can widen your work with leaders in your organisation to understand the critical ESG areas, whether that’s the risk of flood in key manufacturing locations, the reputational risk around supplier operations in overseas territories, or a lack of board diversity that’s hampering growth.

There are also some best practice behaviours we’ve observed in high performing companies in the ESG space. These organisations tend to:

  • Communicate their ESG aims and efforts to external audiences and employees at the same time, connecting employee and corporate goals with engaging programs that employees understand and want to be part of.
  • Articulate quantified, company-relevant ESG risk and opportunities to the board on a quarterly basis, consistent with the various external and internal sustainability reporting requirements.
  • Create strong ties between the risk and sustainability functions (and others) to empower the business to better address ESG regulatory and reporting requirements, as well as the ESG priorities that require attention and funding.

Managing ESG risk for long-term value

ESG risk management frameworks are about evaluating corporate behaviour and determining the current and future financial performance and sustainability of companies.

Another way to think about sustainability, then, is long-term value. In this way, you can see ESG as much more about value and managing risk than some notion of ‘values,’ or simply ‘doing the right thing’ as an end in its itself.

Risk managers have a crucial role in making sure their organisation can answer the big ESG questions:

  • What are the key ESG risks and opportunities?
  • How likely are these risks and opportunities to manifest and how severe could they be?
  • What are our regulatory and other reporting requirements related to sustainability risks?
  • What is the business doing to address priority ESG risks and what could it be doing?

Risk and analytics tools can provide clarity and direction of travel for organisations, whether they are relatively early in their ESG progress or seeking to refine their approach or performance.

John Merkovsky is head of risk & analytics and global account strategy, and Lisa Lipuma is director, risk and analytics, at WTW.