ESG Risk Management & TPRM: A Best Practice Approach?
There are few initiatives currently afoot in banking that do not feature Environmental, Social, and Governance (ESG) credentials, either to engage investors and customers or deliver the ESG risk management capabilities that banks now require.
These initiatives will cover various business areas from business process change, product development, investment management, and market positioning.
The widespread use of ‘ESG’ may inspire a sense of fatigue for some. That said, there is little doubt that issues around climate change, sustainability, or modern slavery, for example, are now hot-button issues for many people, in a way they were not 20 or even ten years ago.
ESG offers investment and growth opportunities for some and provides a source of risk and challenge for others. Wherever you stand, ESG needs to be embraced, and for banks, this inevitably leads to thoughts around ESG risk management.
ESG is a vast topic, but working with financial institutions, it is clear that third-party risk management (TPRM) is a significant aspect of ESG for many banks. Banks have complex value chains and make extensive use of sophisticated technology and data capabilities from suppliers worldwide.
While providing scope for innovation, scalability, and business efficiencies, a bank’s extensive supply chain can be a source of an array of issues beyond the purely practical problems of trying to work with multiple business partners in different time zones. Numerous social, commercial, contractual, operational, and compliance risks need to be identified, managed, and mitigated if an institution is to capture the total value of these commercial relationships.
Companies will have risk management systems and processes to address many of these risks. Still, the complex, interrelated and global nature of ESG risk means that many institutions need risk management tools and frameworks to manage their ESG risk specifically.
A framework for ESG risk management
KPMG has proposed an ESG risk management framework that covers all aspects of ESG risk management, including business strategy, product development, governance, capital charging, product distribution, regulatory & stakeholder reporting, and ESG data management.
As one would expect, the framework covers the traditional risk competencies, including governance, strategy, risk measurement and identification, reporting, and disclosure. It recognises the need to have a defined ESG risk management profile to manage the ESG risk itself and inform other risk areas that it can impact, including operational risk, compliance risk, risk capitalisation and others.
From a TPRM perspective, it emphasises specific risks, including human rights, climate risk, corruption, structural risk, legal risk, compliance risk, and data protection risks, as potentially significant issues in the supply chain.
Pursuing an optimal solution
These risks are already broadly recognised and understood. The challenge for banks is somehow fully capturing and defining these risk profiles, together with consolidating the data, metrics, and documentation used to monitor them. The aim is to proactively monitor the status of their key suppliers that support the banks directly and their 4th and 5th level suppliers.
Given the expectations from stakeholders, regulators, and customers to embrace the emerging opportunities surrounding ESG, there’s a premium on delivering TPRM capabilities quickly and efficiently. The PRA has been on the front foot regulating this with SS2/21, which details the operational resilience aspects of TPRM.
The KPMG model will help institutions shape their response to managing the ESG risks, including the TPRM risks.
The key enabler for delivering this type of framework? A suitable technology platform that provides the efficiencies, the scalability, and the results that an institution needs to implement comprehensive TPRM.
The optimal ESG risk management solution will feature SaaS-based capabilities that allow for rapid deployment, both within a bank and within the companies that make up its 3rd, 4th, and 5th line supply chain. It should also feature a dashboard so that any issues – operational, political, commercial, et cetera – can be flagged early on, with proactive alerts.
Experience suggests that the earlier an ESG risk management issue is identified, the easier it is to address without harming the business or the relationship. Equally, the platform needs to be the repository of all the vendor risk documentation, contracts, and risk metrics, so staff can access them quickly when incidents develop.
How can Mitratech help?
Mitratech offers proven and robust TPRM solutions that help banks address the new challenges taking shape they implement and develop their ESG risk management initiatives.
Manage your Shadow IT spreadsheets
With ClusterSeven, take control of the End User Computing assets hidden across your enterprise that can create hidden risk.