Tackling risk in the 21st century


Tackling risk in the 21st century Ethical BoardroomBy Donato Calace with contributions from Marjella Alma and Erin Levey ESG Specialist at eRevalue



In April 2016, Unilever removed Malaysian palm oil manufacturer IOI from its supplier list after the Roundtable of Sustainable Palm Oil (RSPO) watchdog suspended it for several violations of the ‘no deforestation, no peat and no exploitation’ policy. Shortly after, a string of other corporations, including Kellogg’s, Mars, Nestlé, Hershey’s, Colgate-Palmolive, Johnson & Johnson, Procter & Gamble, SC Johnson, Yum! Brands and Reckitt Benckiser disengaged with IOI; and other companies, such as Dunkin’ Donuts, are verifying if IOI is in their list of suppliers, with plans of removing it if so. Such substantial action taken by a swathe of high-profile consumer brands begs the question: what is the rationale supporting these decisions?

Managing risk along the supply chain, where ‘risk’ entails new dimensions, such as the ones mentioned in the RSPO policy (deforestation and forced labour), are increasingly appearing in corporate compliance and risk management programmes as companies recognise the longer term risks associated with so-called ‘soft issues’.

Indeed, the definition of business accountability today is much broader than 10 years ago as it includes a diverse array of issues, ranging from board composition and gender equality to human rights and climate change. Evidently, such broadening has implications in terms of new forms of risk to control, the emergence of which influences the role of key decision makers and how they shape processes and controls in their organisations. Companies need to ask themselves: “What issues should be on our radar? How does this influence and impact decision making?”

Identifying emerging issues

An area of increasing interest and importance to corporations is the systematic inclusion and review of environmental, social and corporate governance issues – often referred to as ESG. The demand for greater attention to the wider interests of stakeholders is driving the ESG agenda forward. Institutional investors are demanding corporations disclose and manage ESG issues, with the United Nations Principles for Responsible Investment (UNPRI) signatories representing more than $60 trillion in investment funds in 50 plus countries.¹The wider public also pays increasingly close attention to the activities of corporations; and companies need social buy-in from the wider stakeholder community in order to maintain their ‘social licence’.²

Not understanding and managing the wider array of issues puts companies in a vulnerable position with stakeholders and the approach to managing these issues can be confusing for a number of reasons.

First, the use of umbrella terms, such as ESG or CSR (Corporate Social Responsibility), contributes to the isolation of such issues. In many organisations, CSR is siloed in peripheral departments – in many cases these departments’ activities and resources are not deemed a priority, or wholly connected to the business case. The risk associated with deeming such issues as a ‘nice to have’ and not measuring specific environmental, social and governance issues, such as board composition, forced labour or conflict minerals, is that the corporate agenda may be blind to areas which require inclusion across multiple business departments – legal counsel, risk management, investor relations, procurement, auditors and senior management.

Second, the number of regulations regarding environmental, social and governance topics disclosure is rising rapidly.³ The call for greater transparency comes from governments, international institutions, such as the EU and its highly anticipated directive on non-financial reporting, stock exchanges and indexes, investment funds and supply chains. From a business perspective, corporate reporting means having a robust process in place to be able to disclose a public account detailing how a given issue is managed.

Third, data concerning non-financial dimensions is mostly unstructured, non-quantitative and hardly commensurable in figures. It is dispersed in reports, laws, regulations, guidelines and news. Consequently, it takes a lot of time to access, extract, analyse and synthesise knowledge from these various sources, making it a real pain point for risk assessment and risk management.

Corporate reporting means as a business, you have to be able to tell a public story about how you manage a given issue. This requires you to have a plan and a process in place.

What the leaders do

Companies with complex and global value chains want to be in the driver’s seat in order to get ahead of the new forms of risk and assess if there is a way to convert them into opportunity. Their aim is to adopt a data-driven approach to assess how environmental, social and governance -related issues may affect the different areas of their business and to understand how they can best control risks.

The following case studies provide illustrative insights from decision makers in multinational companies (generic names are used to ensure anonymity), what new risks and opportunities they consider and why these are important to their business.

Cases are presented from the perspective of three different decision makers: the general counsel of a consumer goods company, the risk manager of large bank and the CFO of a pharmaceutical company.

Consumer goods company

Earning and maintaining the customers’ trust is vital and the risks of boycotting and class actions are extremely high, especially with regards to supply chain related issues. The view of the General Counsel:

“There are issues along global supply chains that are extremely difficult to monitor and the challenge is to extract hard facts from anecdotal data. One way to do this is to be able to capture early warning signals; these signals often come from soft law and principles. This trend is very new.

We prefer a regulated environment rather than a cloud of uncertainty. Recently, it has become so obvious that regulation needs to be addressed differently; a more holistic approach is needed as legal counsel needs to have a form of ‘informal’ or ‘soft’ audit. The division between the legal function and public affairs is fading – especially if our mission is to build trust and accountability. Our role now involves helping the company to engage through a constructive dialogue with the stakeholders – because, in the end, they validate the early warning signals. That’s why we created a global advocacy committee putting together public affairs, legal, regulatory and consumer communications (labelling, etc.), which reports regularly to the board.”

Large bank

This company is a major player in the financial services industry, operating as a commercial bank and investment bank with branches in different countries, therefore facing different economic and regulation systems in various jurisdictions. The view of the Chief Risk Officer:

“What has changed and is changing in terms of risk management for the Chief Risk Officer is the risk management framework, in particular  from the issue identification standpoint. The new trend requires connecting qualitative issues to the characterisation of risk. Three key processes are needed: expansion of the degree of control through access to new areas of information; ensuring that the process of control is systematic and robust; and integration of the conversation in all the departments.

“People tend to be caught in their daily routine, preoccupied with the specific tasks they look at. Hence, it is not necessarily common to go outside of that scope and that’s where intervention is needed. Maybe there are other issues you should be looking at with a broader lens. New input for risk assessment and the management of a larger set of issues across all the value chain is needed, especially as companies are increasingly held responsible for modern slavery, data protection and conflict minerals along their value chains.”

Pharmaceutical company

This company operates in the complex pharmaceuticals industry, where investment in time-intensive research and development projects is key to long-term competitive advantage and success. The view of the Chief Financial Officer:

“I used to work in [one of the big four consultancies]. I have always looked at sustainability, ESG, CSR as something ‘soft’. People just think these are not relevant to them. But when you break these down to plain issues and can demonstrate the business case, they do think they are relevant to them. These issues are now coming up in laws and regulations.

“From the perspective of investments, ESG and socially responsible investing is still a niche business for specialised asset managers and owners. Nonetheless, today every investor and rating agency collects information beyond the financial scope: employment practices, board composition, controversies, etc. Disclosure on non-financial topics reduces information asymmetry; transparency is the next big thing.

“From the CFO perspective, these issues are now being increasingly reported in financial reports and SEC filings. They are changing fiduciary duty. But more refined analysis is needed. We need to be able to demonstrate if and how these areas are relevant for the ROI and the financial bottom line – in other words to understand if they are material. To make decisions in an informed way we need to be ahead of all this. As a CFO, I need to understand all the costs, visible and hidden, related to a decision.”

New risks, new lessons

Three main lessons can be drawn from the stories above, with the key objective of ensuring companies are prepared to manage emerging issues before they pose real threats or provoke damage and to be quick to react and minimise the impact if a crisis occurs.

  1. No matter how weak, signals are important to the preparation for new form of risks Given that they are facing new challenges and responsibilities, companies need robust safety nets built on systematic control processes. The ability to assess in detail specific issues with a data-driven approach is a key component of activating these nets.
  2. The language of strategic accountability talks issues ESG, CSR and other umbrella terms are obscure black boxes. Decision makers need data on the issue level to close the gap between the ‘knowable universe’ and the ‘visible universe’ of information. Then, data-driven analysis must inform the assessment of the corporate impacts of the issues, highlighting areas that are moving from a ‘nice-to-have’ to a ‘must-have’ on the business strategy, competitive, industry, regulatory, public opinion and stakeholder levels. This process drives the conversion of these new risks into opportunity.
  3. Integration The breadth of the areas involved in these processes embraces all the departments in the organisation, as shown in the cases provided. Decision makers from the different corporate functions need a common platform to discuss information coming from such diversified domains and in turn this has to be translated to a language familiar to them. In other words, it needs to be data-driven, robust, comparable and issue-specific.

One of the most dangerous risks is the illusion of preparedness; the automatic assumption that everything is monitored, under control and that nothing is slipping under the radar.

The new norms in business accountability

These insights from companies confirm that the types of issues previously considered ‘soft issues’ or a ‘nice to have’ are increasingly relevant across the organisational value chain.

■  Regulatory and legal controls are complex and widening as the volume of hard and soft regulation, as well as the number of related judicial disputes, is globalised

■  Strategic management is moving to material coverage of ESG, as the fiduciary duty of managers towards the shareholders, the stakeholders and the company itself is changing

■  Competition takes advantage of wider risk and opportunity measures, as it affects variations in market share, revenues, costs, stock quotation, cost of equity and debt

■  Reputation management is increasingly important to stakeholders, as the public opinion can get harsh on sensitive topics, such as child labour. The challenge then is extending the organisation’s control across a wider array of issues, whereas historically, companies have had limited insights and limited capacity to influence and act. This approach calls for connectivity between different sources of information (e.g. corporate reports, regulation, news, social media) and consequently, different types of information (quantitative qualitative and narrative).

So what are the key takeaways from all of this?

■  Understand the issues

■  Review the importance from a competitive, regulatory and reputational standpoint

■  Implement these insights into your business strategy



¹ www.unpri.org/about
² www.theguardian.com/sustainable-business/2014/sep/29/social-licence-operate-shell-bp-business-leaders
³ Today there are 10 times more non-financial disclosure requirements than there were only three years ago.