ESG risk management – an enabler for long term sustainable resilience

This article is the third in a series published on the topic of sustainability, ESG and risk management for banks. The first paper explored the opportunities ESG brings for risk management. The second covered how risk management should begin evolving to contribute to achieving sustainability for banks. This article discusses how ESG risk management could assist in organisations achieving their long term financial and operational resilience.

Effective risk management should be used to influence strategy to drive resilience (resilience is the ability to absorb and adapt to shocks and disruptions). Traditional efforts on resilience have been focused in the areas of operations and finance, delivering on shareholder and stakeholder goals.

As the understanding of the impact that ESG factors can have develops, it is evident that organisations need to adopt a more outward looking stance and develop ‘sustainability resilience’, to enable them to not only withstand negative impacts from ESG factors but also leverage ESG opportunities. In addition, organisations risk management function needs to incorporate ESG risks when analysing impact on their resilience.

Current management methods for risk and resilience focus on external factors that can have material impacts on organisations; sustainability related resilience brings with it the new concept of ‘double materiality’. Double materiality is the interlink between financial materiality (outside-in impacts) and environmental, social and governance materiality (inside-out impacts). In other words, the ESG impacts on an institution can be material, and an organisation can have material impacts on external sustainability. For example, an increase in flooding may impact the risks against a bank’s mortgage portfolio, causing internal impact. Equally a bank may decide to cease investment in fossil fuel companies, impacting external markets. ESG risks can also affect traditional risks, multiplying the likelihood or impacts. For these reasons focusing on sustainability resilience is a key issue for organisations and should be prioritised.

So how should risk management practices evolve to incorporate ESG considerations, including double-materiality? And how can the appropriate management of ESG risks be used to drive strategy towards achieving sustainability resilience?

Let’s start from the beginning: identification of ESG risks

When it comes to identifying ESG risks, the vast majority of organisations focus on the environmental risks, such as physical degradation of assets or transitional adjustment uncertainty. These risk factors are the most advanced for organisations in terms of understanding their risk impact and embedding assessment and management into risk frameworks, for climate risk in particular. Indicators around greenhouse gas emissions, for example, are well-defined and can be measured, reported, and verified. Risk identification in terms of ‘social’ risk (e.g., relating to workers’ rights, inclusivity, equality, health and safety and human capital), and ‘governance’, (e.g., policies around executive leadership, internal controls, tax policies and shareholder rights), is in its early stages, with transmission channels often not identified or quantified in the way environmental risks are.

It is important that organisations begin analysing and identifying ESG risk across all three areas to allow them to properly embed ESG risk management into their long-term strategies. There are several taxonomies, standards, and principles that that can support a firm in labelling, classifying, and defining different ESG risks and linking them to distinct categories, as well as assessing their impact on financial risk categories. An example of a good toolset is the UNEP FI Impact Analysis Tool which allows banks to assess their compliance with the principles for responsible banking.

You can only manage what you can measure: sustainability assessment

When it comes to the assessment of ESG risks, the goal should be to incorporate material risks into traditional risk metrics. There are several methods, both quantitative and qualitative, that can be used to assess ESG risks. Environmental factors (especially climate risk) can often be reviewed using quantitative data as firms are more likely to have the infrastructure in place to collect useable data given advanced risk identification methods.

The less mature approach towards social and governance factors, and the fact they often require greater levels of judgement or are less well-defined than environmental factors means a qualitative approach could be preferred. Qualitative assessments, such as scorecards, are also easier to implement than quantitative ones, which can require investment in data tracking and analysis.

Decisions on which methodological approach to take should be determined by considering the size, complexity, risk profile, and business model of the organisation.

Time for action: ESG risk implementation

Once ESG risks have been identified and assessed, a risk management and monitoring framework can be put in place. This is a series of plans and controls that aim to take periodic risk assessments, and track and evaluate the level of ESG risk within the firm against targets.

There are several methods to managing ESG risk and monitoring long term sustainability resilience. The most advanced of these is scenario analysis and there are several existing organisations that publish climate change scenarios, such as the Network of Central Banks and Supervisors for Greening the Financial System (NGFS). Scenario analysis can be used to build out the potential future business environment a firm will be operating in. For banks, it can also be applied to portfolios, as well as be linked to more traditional risk types to assess the interplay with ESG risk.

For ESG scenarios any planning horizons should be extended to a minimum of 10 years, something some firms can struggle with as to date scenario analysis has been run over the short to medium-term. Once this has been done a set of long term KPIs should be established against each ESG pillar, to track progress and risk. As well as these KPIs organisations should also develop long-term objectives that are in-line with regulatory requirements and stakeholder expectations.

Ultimately, the outcome of any ESG risk analysis should be measured and embedded in the same manner as traditional financial risk appetite. Management actions should also be put in place to ensure adherence to the agreed risk appetite.

Parting thoughts

Whilst the area of sustainability resilience is an emerging one, and the concept of double materiality is still relatively new, it is critical that organisations begin making progress in achieving it. Organisations should strive to implement best practice risk management addressing existing gaps in ESG strategy, and ensure that they understand the short, medium, and long-term impacts of ESG risks and opportunities.

Beyond risk management developments, improved long-term performance may be a better prize for those who implement this as a business transformation journey.

About the author

Jack has worked in management consulting for over seven years and during this time, has engaged on a number of large scale regulatory change and ESG climate risk projects for leading financial services institutions. He is a member of Be UK‘s ESG working group.