ESG - Doing Good and Well at the Same Time

 ESG-related risks have been around for many years, but only recently these risks have been elevated to a greater level of scrutiny by investors and other important constituencies.  Environmental, Social and Governance-related risks have not been clearly defined yet; examples of such risks include risks such as climate change, pollution, natural resources, social opportunities, human capital, corporate governance and corporate social behavior.

ESG is an emerging risk which is difficult to define and put our arms around.  The Sustainability Accounting Standards Board and the Global Reporting Initiative are among the organizations that provide lists of issues that might be included under ESG.

COSO has also developed a framework to define and manage ESG risks, consistent with its generic risk definition of “the possibility that events will occur and affect the achievement of a strategy and business objectives (which includes opportunities and positive outcomes as well).

Most banks have not focused on ESG risks (there are numerous notable exceptions).  They do, however, recognize the need to start framing the issues and organizing toward a better definition, governance and mitigation of ESG risks.

What can a bank do today to start tackling ESG topics without getting absorbed in the subject or disproportionately invest resources in the developing set of issues?

1. First identify the risk.

Acknowledging ESG as an emerging risk is the first step toward scoping, documenting and mitigating the risk.  It is important not to ignore ESG, as it impacts all phases of bank operations, from credit decisions to investor relations.  As you embark upon the risk identification, you likely will discover that many of the ESG risks are already managed elsewhere within the risk program.  Prioritizing the risks and their future impact is the difficult part.

Examples of risks most of us have already incorporated into our framework include:

• The Covid-19 pandemic and its continuing impacts and anticipated outcomes.

• A CRA program and Committee to ensure the Bank serves the low or moderate income (LMI) communities in its footprint.

• Creation of programs to improve our communities by driving impact in the areas of business and economic development, education and youth development, environmental stewardship and social equity, and health and human services.

• The recent social disruptions associated with perceived systemic racism and police misconduct.

• The appointment of a Diversity Equity and Inclusion (DEI) Officer and creation of a Diversity Council to address the need for greater diversity in the workplace.

• The aging of the population and emergence of millennials as a primary component of the workforce with different world views.

The call for ESG-related disclosures by ISS and using standards developed by the Sustainability Accounting Standards Board (SASB).

2. Include ESG in “emerging risks”.

ESG is, for many of us, an embryonic risk.  We’re not quite sure how to define it, scope it or document our mitigants, but we do know it’s there.  Include it in your “emerging risk” section of the board report and the management-level risk management committee. This is where risk appetite can come in to play. Climate change is the most talked about of the ESG risks. It is easier to manage through increased hurricanes and snowstorms that affect business, but how far is an institution willing to go to manage something that won’t happen for a hundred years? 

3.  Scoping ESG-related risks

COSO offers a handy framework to considering ESG issues.  It is included in a document called “Applying enterprise risk management to environmental, social and governance-related risks (October 2018).  The table on page 8 is an excellent place to start.  It lists ten ESG issues and themes, and further categorizes those into 37 ESG key issues.  Most of these will not apply to us, but they might be relevant to our customers, their future credit worthiness, third parties we do business with and the entire vendor management discipline.

4. Tasking an individual with monitoring and escalating ESG risks as needed.

We already have a Responsible Banking Officer, a BSA Officer, a CRA leader.  Is it time to have an ESG officer?  Should your Chief Risk Officer be also designated ESG Officer?  Or your General Counsel?  It might be appropriate to designate someone with this additional responsibility as your bank starts its journey toward ESG risk management.  This person should also be monitoring regulatory developments. Over the next few years, the investment community will likely expect more detailed disclosures and formal ESG management efforts. Similarly, the regulatory agencies will likely jump on the bandwagon and expect formal processes be put in place. 

5. Adding the ESG dimension to credit decisions

When COVID hit us last year, we rose to the occasion and disbursed CARES Act fund to our small and medium size borrowers.  As some borrowers requested a second deferral, most banks required a business plan addressing the future impact of COVID on the borrower’s core business, and strategies the borrower plans to employ to mitigate the impact of COVID or even turn it into a positive opportunity for the company.  Similarly, ESG is creating major barriers to success in some industries, and huge opportunities for others.  Incorporating the impact of ESG on the long-term viability of our borrowers, particularly in certain industries (for example, feed lots, energy, trucking etc.), is something that our future credit memos should include. Without being judgmental regarding a customer’s industry, recognizing both the credit risk and reputation risk of banking them is important.

6. ESG statement

Are you ready to put an ESG statement together?  A brief, high-level statement may or may not resonate with your customers and the communities you serve.  Whether you develop such a statement or not, it should be done with intentionality and forethought.

7. COSO’s enterprise risk management framework

COSO laid out a simple and clear framework for risk management in 2017.  The framework is designed to achieve several ESG-related goals for organizations:

• Enhanced resilience when things go wrong

• A common language to define and assess risks

• Improve alignment of resources with the risks and opportunities identified

• Enhanced pursuit of uncovered opportunities

• Scale efficiencies resulting from centralized views of ESG

• Improved disclosure to appropriate constituencies

ERM is by now a well-established discipline, but the addition of ESG is relatively new.  COVID showed us how well our entire industry functioned in an entirely different operating mode.  It may be time to expand our risk definition to encompass newly created risks, with a particular focus on the opportunities those new development present.