By Tahmina Day
In anticipation of forthcoming disclosure requirements related to environmental, social responsibility and governance factors, many banks are ramping up their resources across multiple functions. As a multifaceted practice, ESG touches multiple bank roles and departments. As ESG experiences rapidly evolve and refine, some banks are pursuing a more integrated model, with ESG practices distributed across various functions. Others are opting for a centralized approach by assigning ESG responsibilities to one particular role.In all those developments, risk professionals play a vital role in ensuring and promoting safe and sound practices and supporting strategic goals. Will evolving ESG practices impact risk function, or will risk professionals contribute to the development of ESG? The answer is both.
While there is currently no standardized approach toward assigning ESG to one function in particular, some banks involve enterprise risk management to build and advance the ESG framework. The choice of ERM is rooted in its enterprise-wide mandate and reach. ERM function steps in to support the ESG development on multiple fronts. This article addresses both: the role that risk might play in shaping the ESG approach, and how the ESG agenda might influence risk practices in return.
Playing a leading role
Enterprise risk management is an all-encompassing function that is charged with understanding risk and opportunities and supporting banks achieving strategic objectives. ESG and its multiple dimensions confront tremendous opportunities as well as challenges, including the risk of the unknown and untested. By its nature, ERM is centrally located to assess the ESG risk profile and connect the dots across multiple roles. ERM is well-positioned to play a role of a facilitator to initiate the discussion across three lines; evaluate past, existing and potential events associated with ESG; and assess them against the bank’s strategic objectives.
ERM may also play a role in formalizing the corporate ESG approach and developing a framework. ESG runs across multiple functions and represents a complex interplay of practices. While banks’ internal sustainable practices are one of the dimensions of ESG, many others also contribute to the whole picture including ESG disclosures, ESG credit portfolio risk and third-party sustainability risk management, among others.
For banks that do not have a dedicated ESG or sustainability office, ERM can step in to fill in the void. ERM brings value by aligning all the pieces of the ESG puzzle and developing a holistic and cohesive approach. Doing so requires collaboration across three lines and establishing a productive partnership with peer functions.
Assessing ESG risks
The next important step for risk professionals is to decide how to define and assess ESG risks. While every bank will apply its own unique methodology, there are two main approaches. Some professionals consider developing a distinct subcategory for ESG risks in a corporate risk taxonomy to centralize and aggregate all ESG related risks under one category. This methodology offers a more narrowly focused approach toward ESG risks.
However, it is important to remember that ERM is a holistic company-wide function, and that defines its position toward ESG, leading to the second approach to ESG risks. This approach takes an enterprise-wide view and recognizes that ESG risks do not exist in isolation. ESG risks run through numerous practices and are interconnected with other risks factors. This holistic approach leads to spreading ESG risks throughout the existing risk taxonomy and understanding its interplay with various risks. For example, consider a climate risk that may affect a bank’s internal operation in certain regions and qualify as a strategic or operational risk in a corporate taxonomy. At the same time, climate risks may affect credit portfolio exposures and find their way to credit risk considerations. Taking an enterprise-wide view and understanding connectivity is essential.
While ESG risk methodology is still in its infancy and rapidly evolving, risk professionals might want to refer to some of the existing industry resources to define their first steps in this direction.
In 2018 the Committee of Sponsoring Organizations of the Treadway Commission in partnership with the World Business Council for Sustainable Development published “ERM: Applying Enterprise Risk Management to ESG-related Risks.” The publication was developed to provide risk professionals the guidance on identifying, managing and disclosing ESG risks in alignment with ERM concepts. The guidance serves as a solid starting point for risk professionals developing their own risk management approach to ESG risks.
Other industry players, such as ABA, GARP and RMA offer various resources, including publications, certification programs and member forum groups on the ESG topic spectrum to support risk practitioners.
Understanding the control environment
Banks increasingly practicing three dimensions of ESG across multiple functions and identifying related risks need to understand the effectiveness of control environment around ESG practices. At this stage, it’s essential to ask some vital questions and seek clear answers. Have we established adequate controls that allow preventing, detecting or correcting risks associated with ESG? Are existing controls effective? If the answer is no, what are the gaps and how can we fill in the missing parts? Addressing those points will enable risk professionals to assess how well a bank is prepared to manage intrinsic and extrinsic ESG risks.
In April 2021, the SEC published “Risk Alert—The Division of Examinations’ Review of ESG Investing,” which provides valuable insights into potential areas of concern that the regulator raised regarding ESG practices. While the document draws on the SEC’s examination of investment advisors and funds, it provides valuable information to publicly traded companies, including banks. The document discusses observations of effective and weak ESG-related practices. Some of the raised concerns include weak and inadequate controls around ESG disclosures and the lack of appropriate policies and procedures. Risk professionals may want to be proactive and plan on designing and testing controls around ESG risks, including those associated with public disclosures. In ESG’s true enterprise-wide spirit, risk professionals may also want to ensure that ESG controls development aligns with the company-wide ERM approach.
Taking a proactive approach to ESG will help risk professionals set the stage and prepare for what is next in regulatory directives. Risk function is well equipped to become the facilitator supporting the bank’s effort to incorporate ESG risks into the corporate risk taxonomy, assess risks and develop a sound control environment.
Tahmina Day served as a corporate governance officer of the International Finance Corporation ESG Group. Most recently, she served in governance, risk and compliance leadership roles at CIT Group, Inc. and Fannie Mae. She can be reached at LinkedIn.
