9 Proven Dos and Don'ts of ESG in a GRC Context

With a push to deliver on ESG in a GRC context, learn how your company can avoid “ESG-washing” and deliver a meaningful ESG program.

March 2, 2023 · READ
This content was created as part of our Top 5 Strategic GRC Capabilities Report. Download our free report now!

Rising in interest from consumers and investors alike, ESG stands for Environmental, Social, and Governance (ESG) factors and programs. With $17 trillion invested in 2023 ESG funds — and a forecast of $53 trillion globally by 2025 —the ESG label matters now more than ever.

With this push to create positive change in organizations that filter to customers and investors, perhaps your company has already begun to deliver on ESG. But how do you ensure you’re not just “ESG-washing” to meet those pressures but actually providing a meaningful program that positively impacts the bottom line, the planet and its inhabitants, and your corporate brand over time?

Passionate about talking all things ESG, Kroll’s Managing Director of Compliance Risk and Diligence, Mariellen Davies-DeMarco, recommends creating guiding principles and ensuring you are aligned with how your goals (like KPIs and OKRs) will be measured and defined, letting due diligence be your guide. “Apply a risk-based approach and establish proactive due diligence requirements across all operations.” In this article, Davies-DeMarco shares her recommendations and best practices for delivering a meaningful ESG program as part of an overall GRC strategy.

ESG-washing: The problematic dark side of ESG

The problem with ESG, says Davies-DeMarco, is that many investors have grown increasingly skeptical about the trend. “They see it as a lot of show. It’s shiny, no substance, and really open to abuse.” ESG-washing occurs when companies falsely overstate the positive impact of an investment on environmental causes, labor rights, human rights, or social issues. Davies-DeMarco explains how this highlights a huge disconnect between the policy and the practice, “Even when there’s action because those that are affected by the corporate abuse don’t see the practical applications or the expected improvement of that action.”

With the ESG-washing, funds raised can be used to cast a positive spotlight on the image of an organization rather than actually making true investments and projects to help combat climate change or make a difference in people’s lives. Davies-DeMarco says ESG leaders and companies focused on ESG need to show that they’re going beyond putting out statements, engaging in low-impact activities, or box-ticking exercises. “They really need to better understand and make good on the environmental and social impacts of their investments, of their activities, and on the activities of their third parties.”

Dos and don’ts for an effective ESG program that avoids ESG-washing

Davies-DeMarco explains that while it sounds like a lot of work, there are some straightforward ways to ensure you are not ESG-washing.

1. DO complete an ESG ratings agency score evaluation

“There are so many agencies that have set frameworks for ESG standards and disclosure, and that’s a great place to start. But Davies-DeMarco also cautions that there can be a real divergence between ESG ratings, “so you’ll have to look at the different frameworks to better understand what inputs were used, what reports were leveraged within these frameworks and how they’re scored. And once you have a better understanding of those differences, then you can decide which scoring you might want to take a look at and compare to what you’re doing.”

2. DO look at your investor disclosures

“Understand what representations your organization is making and test them,” DeMarco recommends. “See if you’re actually taking the right action. And then seek outside experts.” Risk advisory experts with a specialty in ESG, like Resolver’s parent company Kroll, can help you ask the right questions, and will help you align to the correct framework, then gather the best data to be able to demonstrate that you are taking effective steps.

3. DON’T take a top-down approach to ESG

ESG needs to be a shared responsibility of buyers and suppliers. “This is really a reductive approach that leads to a lack of being able to prescribe, or even monitor, compliance to ESG needs. This also comes into play with business supply chains, shifting responsibilities to the suppliers.” Davies-DeMarco cites what happened to Hyundai  in 2022 as an example of the problems that can arise with a top-down approach to ESG.

Authorities had launched a child labor probe into two of Hyundai’s regional supply plants and found migrant child workers, some as young as 13, allegedly hired by regional recruiting and staffing firms. “So it was almost two layers removed,” says Davies-DeMarco. Shortly after this issue became public, an investor group sent a letter to Hyundai warning of the possibility of reputational damage. The use of child labor violated international standards that the company had committed to, and it also violated the company’s code of conduct for its suppliers.

Build an Agile GRC Strategy for your Organization Learn More

4. DO own your mistakes and be agile in remedying them.

For many organizations, it can be challenging to see errors coming until they happen. But resiliency can’t take effect until the situation is addressed. “Hyundai’s global COO stated that the company would sever ties with the employment supplier companies and undertake a broader investigation into Hyundai’s entire network, which is exactly what they should be doing.” To ensure compliance and be stringent that there were no other potential labor law violations, Hyundai also stated that it would stop using third-party suppliers and oversee hiring directly. “That’s absolutely the right response to something like this,” says Davies-DeMarco. “They saw that it was a real failing that they had, and so they took steps to remedy it.”

5. DON’T rely solely on social audits

Social audits are independent reports companies use to determine whether their suppliers (again, in the third-party chain) meet ethical norms or standards. “The problem is that the social auditing model is very limited, and there’s a lot of questioning as to when a social audit is conducted. Who’s paying for the social audit? Is there a certain expectation of what the findings might provide?”

Davies-DeMarco uses the manufacturer Top Glove as an example. Based in Malaysia, Top Glove underwent approximately 30 social audits in two years before an independent investigation found widespread forced labor in their supply chain. “They kept pointing to the social audit, saying, ‘Look, everything’s great, and everything’s fine,’” says Davies-DeMarco. “And yet that independent inquiry found that that was, in fact, not the case.”

Social audits are not due diligence, DeMarco cautions. “They ultimately do not work to improve outcomes for the people that ESG is supposed to be helping. And it’s a particular failing. It looks pretty, but ultimately, it doesn’t work.”

6. DON’T misrepresent your ESG program

In April 2021, the SEC had to issue a risk alert that specifically addressed management misrepresentation in ESG investing. “This alert calls on participants that are promoting ESG investing to really assess whether their public statements and their claims relating to ESG are accurate and consistent,” DeMarco describes, stating she expects the SEC to push this further and counter falsehoods with proper disclosure. Public companies will be expected to include their response to climate change threats with detailed reporting on their actions.

“This is most likely being put into place to counter greenwashing. If you want to talk about ESG-washing, there are other components too, says Davies-DeMarco.

  • Greenwashing exaggerates or misrepresents environmental credentials
  • Bluewashing uses the UN affiliation to confer undeserved sustainability credentials
  • Pinkwashing represents false LGBTQ+ claims
  • Rainbow-washing reflects the inappropriate use of the UN’s sustainable development goals logo

Esg washing grc

7. DO understand that transparency is as important as performance

A simple and great start for doing the right thing in ESG management is taking brave steps toward transparency when evaluating current state practices. “When thinking about your next risk assessment, look beyond the financial misstatement risk and start to think about environmental and societal misstatement risk,” Davies-DeMarco recommends. Be very honest about where you are now before deciding where you’d like to be and why it matters, and before moving straight into action plans needed to bridge that gap. Communicating your current state transparently and giving context to the “why” of implementing ESG programs at all will significantly impact getting buy-in from employees, customers, and vendors alike.

8. DO start with a gap analysis

To get to that desired state of transparency and self-assessment, you first need to understand the industry benchmarks. Who around you does ESG well? What do you have to do to get there? “Take a look at your ESG reporting and compare it with competitors in your field,” Davies-DeMarco suggests. “Or better yet, compare it with the ESG standards of the relevant regulatory bodies. It’ll give you a great understanding of where you compare.”

9. DO clean up your data

“Many companies struggle to gather data to calculate ESG metrics and even turn that into action,” explains Davies-DeMarco. Data can be complicated to collect, incredibly when siloed in different departments and without a central way to capture it before moving to analysis. Social data is even harder to define, says Davies-DeMarco. When compared to environmental issues — where data like carbon footprints or pollution provide us with well-understood comparable metrics — measuring social impact can often be subjective without adequate frameworks to help you assess.

Ensure you align with how your goals (like KPIs and OKRs) will be measured and defined, letting due diligence guide you. “Apply a risk-based approach and establish proactive due diligence requirements across all operations,” she recommends.

Don’t let the risk of ESG-washing deter you from pursuing a meaningful ESG program. With the right risk intelligence software that provides a centralized, accessible, and flexible GRC solution to capture, analyze and communicate your ESG risk data and program milestones, you can confidently contribute to impactful environmental and social change that will benefit your organization.

If you’re ready to explore how Resolver can help you avoid ESG-washing and deliver on your ESG goals, talk to our knowledgeable Sales team to request a custom demo that addresses your specific needs around risk management.

While an effective ESG program ensure benefits to both the planet and your organization, it’s just one part of a holistic GRC strategy. From the desire to move towards digital transformation and GRC agility, we’ve designed a Strategic GRC Capabilities Report to help start the conversation on improving and maturing your GRC processes and strategy. Our industry experts will guide you through thought-starters and actionable goals to help maximize your team’s efficiency, agility, and resiliency in 2023 and beyond.

Get the Free Report on the Top 5 Strategic GRC Capabilities Download Now

Request a Demo

I'd like to learn more about
  • I'd like to learn more about
  • Enterprise Risk Management
  • Incident Management
  • IT Risk
  • IT Compliance
  • Investigations Management
  • Security Operations Management
  • Compliance
  • Security Audit
  • Loss Prevention
  • Brand Protection
  • ESRM
  • Internal Audit
  • Internal Control (SOX)
  • Third Party Risk Management
  • Threat Assessment

I agree to receive promotional email messages from Resolver Inc about its products and services. I understand I can unsubscribe at any time.

By submitting this form you agree to Resolver's Terms Of Service and Privacy Policy.