ESG risks and opportunities - beyond recycled coffee cups and net-zero aspirations

Risk

The risk function should be the engine room of a firm's ESG initiatives and while ESG creates new risks which need to be identified, categorised and controlled, all the firm's risks (and opportunities) should now be viewed through an ESG lens.

Risk identification

The ESG risk landscape is broader than the traditional risk landscape. The time horizons can be longer and the outcomes more nuanced.

[DIAGRAM 1]

• Physical risks – climate-related factors that present existential risks to the firm or its customers, or to the firm's objectives
• Transition risks – risks arising from the firm’s decision to move to a greener or more socially responsible model
• Legal and Reputational risks – the risk of non-compliance with new or changed environmental and social legislation (and the interrelationship between various pieces of legislation) as well as the risk of reputational damage when a firm fails to recognise shifts in attitude to social and climate-related issues. For example, the recent Consumer Duty and operational resilience regulatory initiatives have a clear link to the 'S' of ESG, requiring firms to have greater regard for the impact their actions have on others in society – customers and counterparties.

Firms will need to cast the net wider to capture these risks, drawing in megatrend analysis and insights from sources and sectors outside their traditional view  – there are plenty of 'green swans' out there.

And when considering the broadening of the risk landscape, firms should also consider whether their risk inventory needs to be expanded to capture all ESG-related risks fully and whether they have an effective process for identifying these emerging risks.

[DIAGRAM 2]

Risk quantification

As noted, ESG-related risks can have much longer timeframes and more subtle effects. Firms should therefore reassess their quantification criteria, particularly in relation to the 'value' that is at risk, including potential value erosion (or value creation) beyond the narrow scope of profit and loss. The Integrated Reporting Framework, for example, defines six capitals that firms should assess:

• Financial Capital: the traditional yardstick of performance which includes funds obtained through financing or generated through productivity.
• Manufactured Capital: physical infrastructure and technology, such as equipment and tools.
• Human Capital: the knowledge, skills, competencies and other attributes embodied in individuals that are relevant to economic activity.
• Social (and Relationship) Capital: networks together with shared norms, values and understandings that facilitate cooperation within or among groups.
• Natural Capital: the stock of renewable and non-renewable natural resources (e.g. plants, animals, air, water, soil, minerals) that combine to yield a flow of benefits to people.
• Intellectual Capital: the skills and know-how in the workforce, in addition to individuals’ commitment and motivation, which affect their ability to fulfil their roles.

This moves firms away from a traditional five-box model of risk severity which is overly focused on the level of financial loss. For a fully rounded view, it is important to bring in these more nuanced non-financial factors and utilise the range of quantitative (both monetary and non-monetary) and qualitative metrics that will be needed to assess their risk severity.

To note, ESG risks can:

• Be more variable and unpredictable
• Appear over different timelines
• Be novel, with little historical data and precedent
• Be more complex, systemic, and interrelated
• Have a greater focus on risks to others rather than risks to the firm

Based on this, firms should consider whether their approach to risk quantification needs to change. In particular, they should:

• Ensure First Line risk owners understand the full spectrum of risk impacts
• Expand the Risk Control Self-Assessment (RCSA) process to encompass the full range of ESG requirements
• Draw in a broader range of expertise (both internal and external) to assess the risk impacts

Risk Control

The risk identification phase provides the 'what' – the comprehensive mapping of the ESG risk landscape. The risk control phase provides the 'how' – the tools and techniques to control these risks.

Addressing the broad-ranging nature of ESG risks requires a coordinated approach across the firm with ESG requirements being naturally integrated into the BAU, rather than developing inefficient (and ultimately ineffective) parallel processes.

[DIAGRAM 3]

Defining

In the defining phase, firms can consider the macro-level impacts of ESG and how this may affect the firm's strategic objectives in the long term. ESG risks can develop over a far longer timeframe than other risks the firm may encounter. Assessment of the ESG-related business risks may prompt a revision of the firm's strategy:

• Physical risk: the firm, customers or counterparties may be in regions which experience the adverse effects of climate change (or will do so over a foreseeable timeline). Or there may be environmental factors that will disrupt the supply change and routes to market.
• Transition risk: business models or business opportunities may be impacted as economic activity moves towards net zero. This could impact the credit risk or market risk of lending and investment activity, or the overall viability of propositions.
• Legal and Reputational risks: activities which are currently undertaken can become prohibited. Equally, some business and labour practices may become less acceptable as social attitudes change.

These strategic changes should flow through into the firm's Risk Appetite Statement. This should reflect any revised objectives of the firm and any other impacts related to ESG factors — for example, a greater focus on concentration and diversification issues. The ESG lens can reveal a range of unacceptable risks where a firm's activities are concentrated in particular locations or sectors.

Scoping

The scoping phase considers the application of the control framework in the near-to-medium term.

Embedding

By completing the defining and scoping phases, a firm should have:

• Awareness of the whole ESG-related risk landscape
• Clarity on what is inside and outside of risk tolerance
• Confidence in the firm's strategic approach to ESG risk (and opportunities)

Once this is clear, the firm can embed the ESG risk controls.

Monitoring and assessing

The crucial final step is ensuring that the implemented controls have the desired effect. And if not, then it is necessary to make any required amendments is necessary.

Governance

Applying a risk-focused methodology will avoid much of green myopia which besets many ESG initiatives. But this approach is predicated on the assumption that the governance frameworks will be effective and fit for purpose, and that senior management will take an active and informed role in balancing risk and reward – on ESG and across all matters.

Any ESG initiative will tend towards ineffective greenwashing if senior management lacks clear leadership and direction. Equally, the control of ESG-related risks will not be effectively achieved until an organisation has reassessed the requirements within the ERMF.

An approach that prioritises governance, social and environmental (GSE rather than ESG) reflects the fact that the effective control of environmental and social risks will only be achieved with the leadership of senior management.

Next steps

Faced with evolving requirements and changing risks, it is important that firms take a broad-based approach to ESG. Working where relevant with our legal teams, Hogan Lovells Consulting is helping clients to build approaches to ESG that recognise the importance of good governance, and a holistic view of risk management.

Authored by Frank Brown.