The Golden Threads of ESG: The Role of Compliance in Embedding an ESG Framework in Financial Institutions
A firm’s governance, purpose and culture are central to its values as an organisation; to how its people conduct themselves; and to how it embeds ESG considerations in the design and delivery of its products and services for the benefit of clients and consumers. (A Strategy for Positive Change: Our ESG Priorities)
Published during COP26 in November 2021, the statement of the environmental, social and governance (ESG) priorities of the Financial Conduct Authority (FCA) are a helpful reminder of the regulatory focus on ESG and the approach that regulators, not only in the U.K. but in other jurisdictions as well, are expecting firms to take to embed ESG considerations across their business. Regulatory expectations in relation to ESG are not new, but over the past 12 to 18 months, we have seen regulators globally (particularly in Europe and the United States) publish a variety of principles and statements of intent, signalling heightened regulatory attention to ESG commensurate with a widespread, multi-industry global focus on the environment.
Compliance officers are, of course, tracking developments. Whereas until recently ESG was considered to be the responsibility of the risk function, the increase in rules and regulatory expectations has meant that many now see that the compliance function has a key role to play in responding to the challenge of ESG.
Defining impacts, roles and responsibilities
For the financial services industry, governance is one area where many regulated firms will consider themselves to be well-placed. But ESG is itself a very wide banner for a number of topics, and according to the FCA’s recent note on strategic ESG priorities, the “E” includes not only climate change but also wider environmental issues such as nature and biodiversity. The “S” is also wide-ranging, including issues such as diversity and inclusion, a living wage, fair taxation, and the supply chain.
In addition to the breadth of ESG itself, there is a multiplicity of external and internal stakeholders, including governments, regulators, consumers, shareholders, the markets and analysts, the public in general, and employees — and there are ESG impacts across most business areas and functions and across the three lines of defence. These impacts may vary by industry and business model, and many are still emerging as ESG requirements develop and mature.
The FCA has spoken about adopting a “golden thread” approach with the expectation that ESG considerations will be seamlessly and comprehensively embedded across an organisation. That points to an end-to-end impact — suggesting similarities to its conduct risk framework.
A common approach to tackling ESG in financial services has been to set up a team or centre of excellence, led by a head of ESG, who serves as ESG champion, bringing focus, expertise, benchmarking, challenge and support to the identification of stakeholders across the organisation. However, the regulators are making it clear that senior management has a responsibility for ESG and that there should be clear accountability at the board level. We’re expecting to hear more from the U.K. regulators in Q2 when they consult on their rules and expectations relating to the firm’s governance and culture.
Financial institutions are also giving consideration to the roles of the first, second and third lines of defence and, indeed, the relative roles of some of the second-line functions. Clearly, the first line will be impacted by ESG as a business issue. ESG may well bring significant business opportunities in terms of new products, new technologies and innovation as well as demand for “green” products and services from clients. It may also bring risks from existing products, services and customers that may no longer be consistent with ESG principles and choices may need to be made. ESG presents both opportunities and risks owned by the first line. The third line, meanwhile, will be responsible for auditing compliance with regulatory requirements and internal policies and procedures, including the integrity of data used to demonstrate compliance. How does compliance fit within the framework of stakeholders and others with key roles in the implementation of an ESG framework?
The role of compliance
Whereas ESG was very much considered a risk function responsibility a year ago, it’s now recognized that as regulation increases globally, ESG is taking on a very strong regulatory risk and compliance aspect as well.
Compliance teams will be looking at the growing body of international regulations and thinking through issues such as the following:
- Board accountability, management information, challenge and oversight — Regulators are making it clear that the board should be accountable for ESG matters and overseeing how firms are responding, and as such, boards will need specific ESG reporting to allow effective and informed challenge, oversight and direction as required.
- Culture, remuneration — The FCA has stated that it will do more to “encourage a strong ‘tone from the top’ on ESG, supported by clear accountability for ESG claims and promises, and the right incentives — including through remuneration”. In this way, there are similarities between the approach of ESG and that of conduct risk. This is consistent with the approach being taken by regulators in other jurisdictions, including the United States.
- Training and certification — Again, the FCA has highlighted its concerns about “competence-washing” (where actual ESG competence has been overstated) and are expecting to see genuine capability-building training — and, potentially, certifications. The similarity with areas such as the Senior Managers & Certification Regime and the need for appropriate training in other risk and compliance areas indicates a compliance interest here.
- Financial crimes — In July 2021, the Financial Action Task Force published Money Laundering From Environmental Crime, and there appear to be links of environmental crime with bribery and corruption. Even if a crime is not an “environmental crime,” there may be certain industries or sectors where firms no longer wish to invest or lend.
- Greenwashing — According to the Investment Association, net retail sales of U.K. responsible investment funds accounted for 38% of total net retail fund sales. Firms have an obligation to ensure that such products meet their commitments and mandates and deliver against the marketing and disclosure claims. Regulators will be scrutinising the financial promotions and environment claims made for a variety of products and services.
- Disclosure, reporting and transparency — While it may take time and a concerted effort to achieve a consistent and coordinated level of transparency and disclosure on ESG matters, many global regulators wish to achieve a consistent regulatory approach in areas of ESG. This increased transparency and disclosure may lead to further regulatory scrutiny.
- Benchmarks and ESG ratings — The development of a framework for ESG and sustainability benchmarks will enable greater consistency of comparison across companies, investments and portfolios. Compliance teams will be considering these, including those relating to suitability of advice, portfolio composition and reporting to customers, in the development of their policies and procedures.
- Regulatory reporting — Data, metrics and management information are going to be key in ESG. We expect regulatory reporting to increase as a result.
- Diversity and inclusion (D&I) — Many firms are conducting a gap analysis of their D&I (or DEI, incorporating equity, as described in some jurisdictions) policies, arrangements and existing metrics against the principles and explanations set out in FCA Discussion Paper 21/2. The FCA has signalled its intention to assess how firms build diversity and inclusion into their governance and culture.
- Metrics, reporting and monitoring — It is clear that the U.K. regulators, as well as regulators in other jurisdictions, intend to adopt a governance- and data-led approach, so defining a proportionate and accurate set of data and key metrics, along with appropriate targets and timelines, is a good starting point.
- Procurement and third-party risk management — Another factor is review and assessment of suppliers in relation to other social issues such as workers’ conditions and supply chain considerations.
- Communication and culture — A key component of any cultural shift is considering how management establishes a “tone from the top” and communicates this through its day-to-day action, and how it recognises, incentivises and remunerates employees – for example through setting appropriate targets, balanced scorecard measures and so on. Training and awareness also continue to be a key focus for a variety of social issues.
- Governance — While many financial institutions will be satisfied that their governance arrangements are appropriate and well established, compliance teams will be considering how these might be amended to reflect the environmental and social agenda and the likely regulatory view of existing governance arrangements.
- Product-oversight governance — There is a strong alignment with conduct risk in that products and services must be developed with a target market’s needs in mind, designed to achieve those needs, and marketed and sold in a way consistent with the customer’s objectives. Throughout the product life cycle, there should be appropriate monitoring, oversight and governance of customer outcomes. The compliance function’s role will be crucial in governing and monitoring the internal consistency of decision-making in relation to ESG investments and managing potential conflicts in advice given to customers.
2022 is likely to usher in new regulations and regulatory expectations and compliance officers will be keeping a close eye on the developments as compliance takes on an increasingly important role in ESG. Compliance teams will want to be closely involved in internal ESG initiatives and projects. They have a key role to play in providing input and helping organisations understand and respond to the developing ESG regulatory requirements. In many cases, the widespread impacts of ESG and the regulatory intent to ensure greater focus on governance, culture, data, metrics and reporting will mean that compliance resources are likely to be needed to address these issues in 2022.