Third-Party Risk and ESG: What You Need to Know Now That It’s Happening

Ashley: My name is Ashley and I work in business development over here at Prevalent. Ashley: And we’re joined with two very special guests. Ashley: CEO of Cyber Marathon Solutions, Bob Wilkinson. Ashley: Hi, Bob. Bob: Hello. Ashley: And our very own VP of product marketing, Scott Lang. Ashley: How’s it going, Scott? Scott: Hey, Ashley. Ashley: Uh, just a quick reminder, this webinar is being recorded and we will be sending out the recording along with the presentation slides shortly after the webinar. Ashley: Uh, you’re all currently muted, but we do encourage participation, so please put any questions in our Q&A box. Ashley: So, can go over them after Scott’s presentation. Ashley: Today, Bob’s going to be talking about the latest and greatest ESG. Ashley: So, Bob, I’ll go ahead and pitch things over to you. Bob: Okay. Bob: Thank you very much, Ashley, and everyone, welcome. Bob: So, today we’re going to talk about uh ESG and third party and supply chain risk. Bob: And the way I refer to this is we’re as only as good as the company we keep. Bob: So, as far as the agenda for this call. Bob: We’re going to initially talk about operational risks third party and put ESG into context as yet another operational risk that we have to deal with. Bob: Then we’ll do an overview of ESG, what it is, the different component pieces, where we’re at today with ESG, the continued movement of ESG from a volunt ary activity that companies do to one that’s mandated by regulators and regulation. Bob: Next, we’ll talk about organizational objectives and how they tie together with uh ESG and how ESG really needs to be aligned with uh the objectives within your company and particularly how it relates around the ESG topic and that’s driven to a large extent by the industry vertical. Bob: that you’re in. Bob: Next, we’ll talk about ESG visibility into your extended supply chain and how your supply chain represents one of the areas of greatest risk and that you really need to focus on those fourth, fifth, and nth parties. Bob: Next, uh we’ll explore the different stakeholders within your organization and how they relate to the ESG conversation. Bob: And then finally, we’ll figure finish up with some best practices for incorporating ESG into your TPRM program. Bob: So when we talk about operational risks and we talk about thirdparty risk management, there are a number of topics that we cover in there. Bob: A number of risks that are important to understand in thirdparty risk management. Bob: The first of those is financial risk. Bob: We have to know the health of our third party’s financial And we have to be aware of when a company’s health financial health might be uh declining operations. Bob: How how is the company operating when they have sound operations? Bob: Are their processes wellestablished, documented? Bob: Are they able to report on them? Bob: We also need to know about geopolitical and concentration risk. Bob: So when we talk about geopolitical risk, we’re talking about where our third parties or our nth parties are actually performing work for our company. Bob: So not where the corporate headquarters of a third party is but rather where the work is actually being uh performed where the data is actually being shared and then also do we have any concentration risk across our vendor population and what risk might that represent? Bob: We of course have to focus on cyber risk which gets most of the attention but is just one of a number of operational risks we have to deal with and then finally we get into the topic of compliance with law and regulation depending on your industry vertical you need to be aware of them now taking those all together we have to also add in ESG risk and what’s going on there and when we talk about that breaks down into three topics environmental social and government governance risks. Bob: Okay. Bob: So, what is the ESG? Bob: ESG provides information that helps you evaluate your organization’s non-financial and social performance. Bob: So, usually we talk about profitability and financial risk, but with ESG we’re talking about what are some of those non-financial risks. Bob: So ESG today uses a standardized and the reason I have it in parenthesis is because one person’s standardization is not anothers and it uses standardized me measurements to provide ESG scores for each of the third parties that you or fourth parties that you might work with. Bob: And one important caveat here as we get into this topic is to realize that there are different organizations today who produce ESG scores and each of those organizations who do that have their own inherent biases baked into it. Bob: So for example, one ESG scoring platform might score a fossil fuel company as one out of 10, meaning that they’re bad. Bob: for the environment. Bob: Uh, and another one might score them as a 10 because they’ve made a lot of progress around solar and alternative forms of energy and they’re very much focused on doing that. Bob: So, the point being that whenever you see ESG scores, you have to understand the underlying methodology that companies are using uh for how those scores are generated and whether that underlying methodology actually all ines with your organization’s ESG position. Bob: So that’s an important consideration and something that people if they just look at the scores and don’t consider who’s producing those scores, there are biases baked into that. Bob: It’s important to be aware of them. Bob: So as we go forward, what is ESG? Bob: So the first component of ESG is the environmental uh comp component and this covers climate change, resource use and emissions, sustainable growth, uh biodiversity and a number of other related topics. Bob: I don’t need to talk at any great length for I think anyone on this call to understand the impacts of climate change and what we’re seeing in today’s environment. Bob: Um all we have to do is look at, you know, the southwest of the United States and, you know, a record number of days where the temperature exceeded 110 degrees. Bob: Uh, the flooding that occurs regularly in eastern Kentucky, the rising uh sea tides that, uh, we’re seeing along the coast in in particularly the east coast in Florida and other places to understand that climate risk has significantly increased over the last few years. Bob: So the need to be aware of how the environment is changing and again the question of how some of the data that reflects around environmental concerns was calculated and at what point in time and I will give you a specific example. Bob: of what I’m talking about. Bob: So, one of the problems that we’re having right now in both California and Florida is the ability for homeowners to obtain insurance and insurers. Bob: Recently, the two of the largest providers in California have stopped offering home insurance programs there. Bob: This has been a problem for a number of years as well in Florida. Bob: and people are unable to obtain home insurance. Bob: Part of the problem is that the data that the Federal Emergency Management Agency uses for calculating flood zones in the US which informs insurance rates for the industry are from the 1950s and 1960s. Bob: Well, that data has recently been adjusted and FEMA has finally implemented a a uh regulation which is going to force all of the regions of the United States in terms of the amount of insurance you need to have on your home to reflect the current flood risk. Bob: What does that mean as a practical example? Bob: That means in places like Florida for people who live along the coast where they’ve been paying say $3,000 a year for for home insurance over the next seven years as these changes are implemented, their home insurance is going to go up to 13,000 a year, what that’s going to result in is going to be that certain people are going to be priced out of their homes. Bob: So, the environmental impact of climate change is very real. Bob: When we talk about the social aspect of ESG, we’re talking about how people are are treated in the workplace. Bob: So, that can be anything. Bob: from health and safety and the office uh the OSHA office which governs uh workplace safety. Bob: It could be anything related to what we went through with COVID 19 which I think everyone is well familiar with laws around data privacy child labor and diversity within organizations. Bob: As far as the social aspect goes there’s a strong compliance component there. Bob: So in Many cases, organizations have been focusing on social concerns already because they need to comply with laws and regulations that impact upon this governance. Bob: Uh when we talk about governance, we’re really talking about visibility and transparency into how businesses conduct their affairs, their financial reporting, the constitution of their boards, whether they have imple mented policy around diversity and uh executive compensation. Bob: So ESG really is a catchphrase for a number of areas, some of which are already being addressed today in our business practices. Bob: The big takeaway from my perspective when we talk about ESG is around the environmental and social aspects of ESG. Bob: So it’s ESG is a very hot topic and it’s a very politicized topic today. Bob: Uh there’s been a strong push on the part of uh shareholders and activists to push companies in the direction of improving their ESG practices. Bob: At the same time that this has occurred, there’s been a bit of a backlash from various industries including fossil fuels and including both at the federal and the state level reg uh legislatures and legislators pushing back on additional ESG requirements and there’s a fine line between implementing ESG controls and having a negative financial impact on companies. Bob: Nevertheless, a number of laws have been passed and a number of activities have moved forward. Bob: So, some of the areas where we see legislation moving forward, for example, is laws that have been passed in recent years around foreign corrupt practices, bribery, uh, human traffic, human slavery, topics like that. Bob: We’re all familiar with the European Union’s position on data privacy and GDPR in the US. Bob: Unfortunately, it continues to be a state-bystate activity uh mandating privacy practices which causes a lot of inconsistency and is disruptive to business. Bob: US government agencies on the social side, the occupational safe and healthy health administration, OSHA regulations along with EPA regulations impact on this area. Bob: I talked already about FEMA and how they’ve adjusted uh the measurement of flood risk across the United States. Bob: There’s an interesting organization called the First Street uh Foundation. Bob: And what the First Street Foundation has done is initially they went around and looked at every single property in the United States and assigned a flood risk to it based on current data. Bob: First Street recently also calculated the fire risk for every property in the United States and it’s really very interesting reading if you have some time to take a look at this. Bob: For example, when I did this, I live in New Jersey and I live in an area where there’s a fair amount of forest land. Bob: I didn’t realize I was now living in an area that was classified as an extreme fire risk because of the changing climate circumstances. Bob: So all of this is starting to make its way into insurance and into business practices and having an impact. Bob: So increasingly again environmental is having an impact. Bob: Along with this there’s been a trend where initially a lot of the activities that were being uh performed around ESG were focused on voluntary activities that companies took upon themselves to do to be proactive. Bob: But when they did that, they realized that there were a number of changes that are occurring in governments where we’re moving from a voluntary environment to a mandatory environment. Bob: And as that that occurs that’s going to have a bigger impact on companies and companies don’t want to be behind the curve here when it comes to ESG. Bob: So to date a lot of the activities have focused around uh from an investment standpoint and the asset management industry and mutual funds that claim to be ESG that are marketed uh to clients. Bob: And one of the key considerations there is some That’s called materiality. Bob: So from an investing perspective, materiality means a substantial likelihood that an investor would consider ESG information that is important to making a decision on how either they vote their shares or they make an investment decision in a public company. Bob: So companies that fail to disclose relevant ESG information to shareholders are potentially putting themselves at risk of regulatory action by the Securities and Exchange Commission. Bob: And this is something that we’re going to see more focus on rather than less as we move forward in the asset management space. Bob: In the financial services industry, government regulators have primarily focused their activities around banking and the impacts of climate change on the banks on the people that they lend money to and what are the implications of climate change. Bob: So in a draft that the regulators the OC had uh issued a year ago which uh there hasn’t been further progress that I’m aware of on. Bob: But nevertheless, in that draft, they described risk in two ways. Bob: They describe the immediate risk and the longer term risk. Bob: And when they talk about climate change, they’re talking in in terms of immediate risk about floods, hurricanes, tornadoes, and the increase in those activities and the potential impact that they can have on both banks and the bank’s loan portfolios and also on consumers because there were a number of banking laws for example fair housing act and and the anti-discrimination provisions of that which have direct relevance for banks. Bob: So banks make a certain percentage of their loans in lowincome areas. Bob: Many of those lowincome areas are located along the coasts in the US and it puts a potentially a disproportionate number of customers of the banks in those lowincome neighborhoods along the coast at risk of flooding. Bob: So when the government looks at this, they look they look about it and they say, you know, is there a bias in the way that loans have been done in these communities because there’s a greater risk at of flooding. Bob: So it’s not just if floods occur and and will the banks be able to be repaid on the loans that they’ve made? Bob: But is there discrimination in the nature of the way the loans have been given given that uh climate change is forcing different risks in different geographic areas of the United States? Bob: Of course, they’re focused also on the long-term perspective, which is are the loan portfolios that banks and have are they at greater risk because of climate change as we move forward in time and that’s where we get into in uh issues of the solveny of financial institutions going forward if we shift to Europe the European Union and the United Kingdom uh have been more aggressive than the US in terms of putting legislation in in place focusing on the SG topic and again primarily environmental and social. Bob: So Germany has already passed a uh a law called the the supply chain due diligence act which focuses specifically on companies and their third parties and both their environmental and human rights violations. Bob: And this is already law and it’s already a practice in Germany. Bob: Now along with that the EU is in the process and have been moving forward on what’s called the corporate due diligence and accountability directive which will require ongoing due diligence and extends on the topic of environmental and social to third parties. Bob: And it’s expect that companies of different sizes and it it looks like it’ll be implemented in phases that different companies on an ongoing basis will have to monitor the environmental and social risks of the third parties and their subcontractors for environmental and social risks. Bob: So Europe continues to be ahead of the US and North America in that respect. Bob: Um, one other thing I didn’t mention is Canada also is looking at environmental uh, climate change uh, regulations in their financial industry. Bob: So, legislation is is moving forward on all these fronts. Bob: Okay. Bob: It’s important with ESG that you don’t implement your ESG program in a vacuum. Bob: Depending on the industry vertical you have, there are certain additional considerations and you have to make sure that your ESG program aligns with the objectives of your organization as it relates to the ESG topic. Bob: So when you’re incorporating your ESG program, you need to make sure that it aligns with how your business actually use ESG. Bob: And this comes back to a point I made earlier about the standardization in the scoring methodologies for ESG. Bob: If your company has one approach on how they’re doing ESG, but the product that you’re using to generate ESG scores is not aligned with the way that your business is practicing ESG, that potentially can be a problem for you. Bob: You need to understand that going in. Bob: Additionally, you need to be aware of what we call greenwashing. Bob: Greenwashing is where companies will ostensibly do something that seems to be good for the environment and in fact uh they’re not abiding by their practices. Bob: I can give you several examples of this where this has occurred. Bob: So a little while back uh an investigative journalist was uh went undercover at Exxon and in the process of doing it Exxon executives were supportive of certain climate change legislation in the US. Bob: They said this will be good for industry. Bob: But the fact was that behind closed doors they were acknowledging the reason they could be proactive in public about that was because they knew the legisl had no chance of passing. Bob: Another example of greenwashing is Starbucks. Bob: So now when we go to Starbucks, we have the strawless lids which are supposed to be more environmentally friendly. Bob: The reality is by making those strawless lids, Starbucks is actually producing more plastic than they were before with straws. Bob: So while ostensibly a move in the right direction, the reality was a little bit different. Bob: The third example is a company called Adani in India which is one of the largest uh companies in that country where they’ve made public pledges to be carbon neutral over the next few years. Bob: However, when you look at their business practices, they’re supporting some of the biggest coal mining operations in the world. Bob: So greenwashing is an important consideration when you’re looking at companies in your third-party risk program and their public statements about ESG. Bob: Are they really doing things that are beneficial for the environment or is it just lip service and they’re not actually doing it? Bob: So, greenwashing is something you need to be aware of. Bob: Moving on from there, um, as I said, I’ve talked about the biases already and you have to understand those in the scoring mechanisms. Bob: Another factor is depending on your company’s position on ESG, you may need to ensure in your third party contracts that green contract provisions are integrated in there which align with whatever your company’s practices are around ESG. Bob: This is an important consideration that you need to take into into as you move forward. Bob: your extended supply chain. Bob: It doesn’t stop with your third parties. Bob: You need to understand just as you do for all risks in your third party risk management program what the focus is for your extended supply chains. Bob: So you might turn around and say, well, you know, I’m barely doing ESG right now for my third parties. Bob: What I would suggest is one approach that you take is as you identify who your critical third parties are, extend your ESG monitoring into the fourth and fifth parties that are in support of your critical business processes. Bob: So by focusing on your critical business pro processes first, you know, narrow down the scope of the numbers of third and fourth parties you’re looking at, but you really need to understand those risks. Bob: for your critical third and fourth parties as a starting point and you need to understand that there are no outstanding issues there which may potentially impact your business. Bob: Now when you’re selecting third parties when uh when you issue an RFP and you’re looking at who you might hire there if all other factors risk factors are equal you’re always better off in and particularly in the environment we’re in today in selecting companies that have responsible ESG programs. Bob: Having said that, I’ll also say that generally ESG today is not the factor that’s driving the decision about which third party you use. Bob: Other criteria are being used for that. Bob: ESG as more regulation comes along will become more important, but generally it’s not the driving factor. Bob: in doing it. Bob: So within your thirdparty risk management programs, yes, you should be considering ESG. Bob: You should make sure it’s aligned with your company’s positions on ESG, but it’s not generally the decision on who to proceed with. Bob: So whenever you have a conversation about ESG or any topic related to third party, it’s important to understand and who your stakeholders are, what role they play in the process and how it is uh that you can work with those stakeholders to help improve the traction in your program. Bob: No program exists in a vacuum and the more you do outreach across the people and the organizations within your company that can help support you in your ESG. Bob: um program buildout, you should do that. Bob: So by sharing more information about ESG across the organization, you increase awareness and people take an interest and that helps drive the success of your program. Bob: So clearly boards of directors in the environment that we live in today along with senior management are very much focused on operational risks and in their focus. Bob: They want to know that their company is being responsible around ESG concerns and that this is effectively being measured and taking into consideration in business decisions. Bob: Likewise, business unit management were the ones who usually request that a third, you know, that a third party be onboarded for particular services within the company. Bob: They’re counting on their third-party risk programs to make sure along with their own due diligence that they’re not onboarding companies that potentially have significant ESG failings associated with them. Bob: So having a conversation as you talk with your business partners about onboarding third parties, make sure that ESG is another part of the conversation. Bob: along with the cyber, the financial and the other risks that you face in a third party risk management program. Bob: Some of the most important people that you have to work with are your procurement and your sourcing organization. Bob: They need to understand what the considerations are as they shepherd RFP processes and onboarding of new organizations into your company, what things do they need to consider? Bob: So, the more you interact and work with your procurement and sourcing people to share all of your operational risks, including ESG, the more sensitive they are to those items. Bob: Sometimes they’re involved with uh the monitoring of your third parties and by sensitizing them to ESG concerns. Bob: They’re better able to filter out when companies may have issues with that before you make a decision to sign a contract. Bob: Enterprise and operational risk management. Bob: They have oversight for third-party risk programs. Bob: They understand from a corporate perspective what the operational risks are. Bob: And they’re go going to want to know that the third party risk program is considering those ESG risks. Bob: So for me, when I’m looking at a third-party risk management program and building out the right level of controls, two of the most important stakeholders that I always have in the conversation are both the procurement and the enterprise risk people. Bob: Because the enterprise risk people who are overseeing the third party, the third party program, they have the opportunity to help escalate issues and concerns that third party might have so that particularly in the ESG context, those are being reflected at the right levels of the organization. Bob: Third party relationship managers, those are the people that you work directly with from the business unit who have responsibility for relationships. Bob: They’re a conduit both ways in the relationship um for any ESG or other concerns that you might have. Bob: The legal and compliance teams within the organization are very much focused around uh compliance with law and regulation and where law and regulation are going to. Bob: And they need to understand that for existing laws, the organization is compliant and for contemplated new legislation that there are programs in place that as legislation moves forward and becomes law and put into practice that their company is compliant on that. Bob: So legal and compliance could be a strong relationship for you to have with the ESG conversation. Bob: Likewise, business continuity and disaster recovery are always part of the conversation when it comes to third-party risk and understanding what those SG risks are and you know let me let me go back to the examples of either rising tides, floods, hurricanes, uh tornadoes. Bob: There was a storm last week which destroyed a large part of a a Fiser pharmaceutical manufacturing plant. Bob: Um changes in the environment have direct business impact and you know where services are located with third parties is becoming increasingly important to ensuring continuity of those services. Bob: If those services are being delivered in areas which are subject to extreme heat and power failures, uh extreme weather through tornadoes and other natural events or flooding that directly impacts your abil ability of your business to continue to operate. Bob: Uh on the privacy front, data privacy is directly relevant uh from a social perspective and staying on top of the laws particularly in the US where it’s a mishmash of 50 different states um administering uh their privacy standards. Bob: That’s that’s a tricky place and and hopefully we’ll evolve to the point where we get more federal privacy regulation there. Bob: Uh of course the third party in their extended supply chains. Bob: Whatever the policy is you have around ESG, you need to share that with your third parties and stress to them that any subcontractors they use need to comply with your policy and that you will hold that third party accountable for that. Bob: Another aspect of ESG is that your employees care. Bob: They work there. Bob: They want to know that they work for a responsible uh employ. Bob: employer and that they can be proud of their track record that their company has. Bob: Likewise, for the communities in which companies do business, how is it that you demonstrate to the communities that that you live and work in that you’re being responsible around ESG and that with particularly all the news that’s going on around this topic now that your company’s behaving in a responsible fashion. Bob: And then finally, Lenders are very focused now on environmental, you know, whether it’s carbon credits, whether it’s net zero, whatever aspect it is, but particularly particularly in making loans. Bob: They don’t want to make loans in in areas which may be subject to environmental u disruption and the ability of companies to repay those loans. Bob: So when you think about this, these are all potential stakeholders who are levers for you to help you in the implementation of your ESG program and gaining traction. Bob: So, here’s a few of the best practices for how you might go about incorporating ESG into your TPRM program. Bob: Make sure your TPRM program aligns with your organization’s ESG program. Bob: What industry vertical are you in? Bob: What are the particular sensitivities around that? Bob: If you’re going to use ESG scoring that’s available in a number of thirdparty risk tools that are out there, make sure that that underlying methodology maps well to what your organization does around the whole third around the whole ESG question. Bob: Make sure that you include ESG specific risks that are relevant to your company. Bob: If you’re in the manufacturing business, you’re are going to want to make sure that your company is not more subject to some of the environmental climate change impacts that we’re seeing around the company. Bob: And it’s it’s about not just your company, it’s really about those third parties and those fourth parties. Bob: Where are they located? Bob: And if they’re providing a critical service to your company, is there a risk of disruption? Bob: Make sure that you uh in your initial due diligence, you’re focused on ESG so you don’t end up with uh onboarding companies that have ESG pro problems. Bob: Um, one way that you can get your hands around arms around this better is as you categorize your third parties into what I call risk domains, that provides clearer indication of what the risk is for different subsets of your third party in inventory. Bob: So by categorizing your third parties based on the services that they’re providing to you, the type of information they’re handling, you can use that leverage to better understand ESG risk. Bob: That’s that’s a much bigger topic that we can go into in in all the detail here. Bob: Uh you have to be plugged in with the people in your organization who are monitoring the evolving laws. Bob: regulations and just because laws are changing in Europe, don’t think they have no impact on companies in the US because depending on the size of your company and whether your companies doing work in Europe, you are as subject to those uh environmental and social laws being passed in Europe as as if you were doing business only in Europe. Bob: So you need to understand the reach. Bob: Next, you need to monitor that risk on an ongoing basis. Bob: One of the problems in thirdparty risk programs is the oneanddone periodic risk assessment. Bob: You have to have the capability to continuously monitor risk. Bob: The day you get a periodic risk assessment completed, you understand what your risks are for that one day. Bob: There’s 364 more days in the year and you need to be aware of what those risks are and and to manage those risks on an ongoing basis and then you need to make sure you’re reporting on the results of your ESG monitoring and that you’re reporting to the right level of management. Bob: These are important factors in ensuring success in your program. Bob: So that’s what I have today on ESG. Bob: I’m happy to take questions from anyone in the audience. Bob: Um uh Ashley, I’m going to go back back over to you. Bob: I I think maybe Scott wants to do that. Bob: Let me know on the timing of the questions. Scott: All right, Bob. Scott: Thank you. Scott: Quick check. Scott: Bob, can you hear me? Scott: Uh, okay. Bob: Yes, sir. Scott: All right. Scott: Very good. Scott: All right, folks. Scott: I just want to share with you a little bit about how uh Prevalent can help you simplify the process of uh getting the right information and insights from your thirdparty vendors and suppliers with regard to their E ESG uh strategies and and processes and policies, how you can simplify that reporting, get the intelligence you need to to generally make, you know, uh smarter, more informed uh uh thirdparty decisions. Scott: Uh we have built into our platform a standardsbased ESG assessment uh that is quite comprehensive and addresses I think 10 uh high-level ESG risk domains and has several customizable questions uh that you can implement and change. Scott: and move around and create risks from custom to your organization. Scott: This comes out of the box on the prevalent platform. Scott: Uh and the objective is to give you the flexibility you need to assess your suppliers against whatever one of these topics or all of these topics uh that you may have to uh uh you know to do so at whatever stage of your relationship whether it’s a pre-contract due diligence requirement or ongoing monitoring and reporting for compliance purposes. Scott: Now the value that we deliver uh in that capability in our platform isn’t just the fact that we have the platform. Scott: We help you create, raise, track, manage, remediate risks uh that are discovered there, but we also, and this is important, help you u map those results and risks and controls from your vendors and suppliers into commonly accepted uh global ESG frameworks. Scott: Uh whether that be to address specific requirements in the CSRD, which uh Bob talked about, as well as the German corporate uh supply chain due diligence act. Scott: I won’t even attempt to pronounce that in German. Scott: That word is like 64 letters long uh uh but also industry standards like ISO and SASBY. Scott: And then finally, global agreements like uh UN’s global compact uh and others. Scott: So we’ve done that pre- uh mapping and pre-integrating for you so that you can take the results of that assessment and just simply run a report based on those requirements uh and then give that to your auditors, your internal risk management team, uh compliance team, or more to help identify uh soft points in your uh vendor supplier base that have to be addressed. Scott: Uh but it’s not enough to do an annual assessment or some sort of event-driven assessment based on findings from your thirdparty vendors and suppliers. Scott: Uh you have to have a continuous cadence of that information flowing into your enterprise to help you keep track of what happens in between those assessments. Scott: Uh what we’ve done is we’ve built very specific ESG related uh data feeds and insights and integration points. Scott: We feed that into the central risk register in the prevalent platform and then you can use that information to uh validate the presence of controls that were reported in the assessment or just generally just keep your finger on the pulse of your vendor’s ESG practices and you can see some of the sources that we have available there um uh that that brings that information and everything from a high level score in each of the ES and G categories uh to uh the drill down capability in any one of the the those subsectors that we mentioned on a previous slide. Scott: Look, our vision here with regard to ESG is to not necessarily treat ESG standalone, but to help you look at ESG in the context of all the rest of the third party risk that you have to manage among your thirdparty ecosystem. Scott: Right? Scott: So, our platform addresses not just ESG, but also cyber security, data, privacy, performance, contractual, um, uh, compliance, sanctions, you know, whatever types of risks uh, all kind of flow into the platform and help you manage them from an ESG perspective, you know, and as well as other risks, but from an ESG perspective with regard to this presentation, we look at those risks discreetly at every stage of that relationship because they are somewhat unique. Scott: You know, at the sourcing and selecting phase, for example, you know, we give you a snapshot of ESG scores from a database of 12,000 companies that we have ready access to uh as you onboard and tier and profile those vendors to determine, you know, who’s the most important ones, the most critical ones that you have to spend the most time on. Scott: Um, you know, we we we give you the ability to to leverage ESG criteria to make those tiering, categorization, profiling uh uh decisions. Scott: And then the the assessment that we mentioned, the continuous monitoring, you know, if you are leveraging our contract life cycle management capabilities to build ESG um clauses and right to audits into your contracts, you know, we can help you extract that information through AI. Scott: and then track it uh through you know SLA and performance management capabilities and then when it comes time to end the relationship you know give it the capability to develop a checklist and make sure that you know once that relationship ends you won’t be bound by any ongoing obligations uh with regard to you know environmental social or governance issues uh once that uh once that arrangement ends again the end of the day trying to accomplish three things for you from an ESG perspective give you better visibility into the ESG policies, actions, processes and whatever amongst your third party vendor and supplier base. Scott: Get you some streamlined capability to um report on the compliance requirements globally that you have to meet and then get everybody singing from the same himnil. Scott: Uh unifying teams across the supplier life cycle regardless of what type of uh you know assessment or um risk type you’re trying to manage. Scott: And kind of uh just uh reiterating the benefits of of the prevalent approach uh here better visibility, streamline compliance in a single platform to address not just ESG and supplier risk but also cyber data privacy and multiple different types of of thirdparty risk management. Scott: So that’s all I wanted to share with you today. Scott: We have very specific capabilities to address ESG use cases around consolidation of insights uh reporting and ongoing monitoring. Scott: Uh and I think that fits in nicely with the rest of your TPRM program. Scott: Right. Scott: So that’s all I wanted to share. Scott: Ashley, I’ll tip it back to you. Scott: and then uh sounds like it might be question time. Ashley: Thanks, Scott. Ashley: Yes, it will be. Ashley: I’m going to go ahead and launch our second poll. Ashley: Uh we’re just curious to see if you were looking to establish or augment a fragrance program in the year. Ashley: Um please be honest because we do follow up with you, but we got about 10 minutes left, so I’m going to go through these questions. Ashley: Uh Bob, it looks like we have one for you. Ashley: Someone asked, “You talk about sustainability. Ashley: Is it only related to the environmental aspect of it or does it cover all three ESGs? Bob: Well, it it covers everything because what you’re trying to do in your third party risk program is build a sustainable program and excuse me, ESG risks are risks just like cyber risks, just like all the other risks and that um it’s important to consider them and and to think of them on a on an ongoing basis. Bob: That’s why I said that you can’t measure it one day a year. Bob: you have to manage it on an ongoing basis. Bob: And the fact that this whole conversation whether it’s environmental, social or governance is an ongoing and evolving conversation all the time. Bob: And it’s just like all the other risk in the third party risk uh landscape. Bob: So it’s important that you know as you as you look at this and you look at ways to automate your program that you to consider this as yet another requirement that you need to have in your program. Bob: Uh and that you need to have reliable data and you need to work with providers who can help you automate because increasingly this is a space that’s going to be driven by the need for continuous monitoring across risks and you need to be able to do that. Ashley: Thanks, Bob. Ashley: We have another question coming in for you, Scott. Ashley: Uh, someone asked, “Does prevalent provide a specific tool? Ashley: Does ESG reporting for TPRM? Ashley: And is there potential to integrate with AI and current TPR tools?” Scott: Uh, great question. Scott: Uh, uh, answer is our our thirdparty risk management platform or holistic platform, uh, includes the ability built in to assess, uh, suppliers, vendors, partners, third parties, whatever against specific ESG requirements. Scott: It’s just a different question type. Scott: Um, But it all flows through the same reporting, the same risk register to help you uh centrally manage it. Scott: Our goal isn’t to create another silo tool for you to manage. Scott: Our goal is to bring those siloed tools together under one pane of glass uh the prevalent platform regardless of the the assessment type or the risk you’re trying to measure or the department in the enterprise. Scott: Uh what was the second part of the question actually? Scott: I’m sorry. Ashley: Uh is there potential to integrate with AI or existing TPRM tools currently using? Scott: Yeah, we have uh uh what’s called a connector marketplace uh that comes out out of the box with our platform that allows you to connect with other solutions uh as well. Scott: If you’re using uh different tools for different uh purposes uh you can integrate that capability into the prevalent platform uh as well. Scott: And I should mention you mentioned AI. Scott: AI is a fundamental component of the prevalent platform. Scott: We’ve got AI and ML technology built into uh automated uh uh workflow rules uh if this then that statements uh reporting and then uh kind of ongoing uh you know workflow management. Scott: So, it’s a it’s a heart of it. Ashley: Thanks, Scott. Ashley: Um, unless anyone else has any other questions, it seems like it was a light question day today, guys. Ashley: Um, so thank you, Bob, Scott, and everyone for all your questions. Ashley: They gave us some great information to take in today. Ashley: So, I hope to see all of you either in your inbox or at a future prevalent webinar. Ashley: Here’s everyone. Bob: Thanks everyone. Bob: Bye. Scott: Bye, everyone.