ESG issues for corporations are becoming increasingly pervasive as regulation and legal risks surrounding the topic continue to expand. Although environmental, social and governance risks intersect, the ‘S’ in ESG may be especially challenging for compliance and investigations professionals to address, given the breadth and complexity of the issues it encompasses. By way of example, the social aspect of ESG can include: (i) respecting human and labour rights; (ii) #metoo cases; (iii) ensuring diversity and equal pay; and (iv) the more general impact the company has on communities directly affected by its business.
We look here at the framework of hard and soft laws applicable to the ‘S’ in ESG, the intersection with traditional corporate crime risks and some considerations that compliance and investigations professionals may wish to keep in mind when considering how to leverage or adapt existing compliance systems to take account of emerging risks relating to these issues.
When considering the ‘S’ in ESG, what are the relevant benchmarks?
When assessing risk, developing policies and procedures, and investigating potential violations, it is important for corporates to understand the relevant legal framework within which the company will be judged.
For the social element of ESG, this framework is diverse, encompassing black-letter law, persuasive guidance and the company’s own representations (to the market or otherwise) in relation to social issues.
In terms of black-letter law, there are a raft of laws that could be relevant. Some of these are longstanding (for example anti-discrimination laws) whereas others are more nascent (for example laws aimed at addressing human rights issues present within corporate supply chains). By way of illustration, the German Supply Chain Due Diligence Act aims to protect human rights (including the prohibition of child labour, unequal treatment in employment or withholding a reasonable wage) within companies’ global supply chains by imposing extensive due diligence obligations on those companies falling within scope. In a similar vein, the EU is looking to approve and enact the EU Corporate Sustainability Due Diligence directive (CSDDD), which will require ESG due diligence to be integrated into the way companies are managed (with heavy fines for those who fail to comply). The EU has also recently proposed “Regulation on prohibiting products made with forced labour” (September 2022), aimed at empowering member states to investigate and seize goods produced with forced labour anywhere in the world. Similarly, in December 2021, the US enacted the Uyghur Forced Labour Prevention Act, the aim of which is to prevent goods made with forced labour in the Xinjiang Uyghur Autonomous Region of China from entering the US market.
The EU has also recently introduced mandatory due diligence rules for companies that make available, on the EU market, specific commodities and products linked to deforestation or that violate, within the source country, labour rights, land-use rights and human rights protected by international law. As under the CSDDD, the potential financial penalties for non-compliance with these rules are severe.
The developments described above build on existing “soft law” which also addresses the ‘S’ in ESG. This includes the UN Guiding Principles on Business and Human Rights (UNGPs) and the UN Sustainable Development Goals (SDGs), both of which influenced the scope and terms of the CSDDD (highlighting why corporations would be well-advised to factor such guidance into their risk assessments, given that it can often indicate a direction of travel).
Finally, the company’s own representations and commitments regarding the social aspects of ESG constitute another important benchmark for the purposes of developing and measuring compliance and are likely to be looked at closely when considering the topic in the round. Such statements can also pose risks to the corporate, as described below.
How does the ‘S’ in ESG interact with corporate criminal risk?
ESG risks, including in particular the social aspects of ESG, cannot be considered in isolation and can arise alongside more traditional white-collar crime risk. As a result, compliance and investigations professionals should be alert to such issues arising when considering and investigating possible ESG-related violations.
By way of illustration, as a recent English High Court judgment acknowledged, conduct abroad which would constitute, in the UK, an offence of forced labour contrary to section 1 of the Modern Slavery Act 2015 or crimes against humanity, contrary to section 51(1) of the International Criminal Court Act 2001 could well constitute criminal conduct under the UK Proceeds of Crime Act 2002 and could, as a result, create money laundering risk for corporates sourcing goods from problematic areas.
ESG issues and, more specifically, how a company portrays its ESG credentials, could also pose fraud risks. For example, companies which misleadingly market their products on the basis of ethical production or publish misleading modern slavery statements could risk exposure under existing fraud laws or, in the UK, under the proposed new failure to prevent fraud offence contained in the Economic Crime and Corporate Transparency Bill (expected to come into effect during the course of next year) (the Bill). Under the current iteration of the Bill, organisations may be guilty of the offence of failing to prevent fraud where they are the intended beneficiary of fraud (including fraud by false representation) by their associated persons where they do not have reasonable fraud prevention procedures in place to prevent the misconduct. This strict liability offence increases the risk of corporate exposure, as dishonesty by individual employees drafting ESG statements could, following its enactment, lead to liability on behalf of the corporate if the requirements of the predicate offence are met and if the corporate does not have appropriate compliance policies in place.
In addition, in recent years, several non-profit organisations have made complaints to criminal authorities in Europe alleging violations of human rights in named companies’ supply chains, urging the prosecutors to open up criminal investigations into the companies and, sometimes, individuals in management. The basis of these claims differs depending on the particular jurisdictions and allegations. By way of example, complaints have been made in Germany against retailers and manufacturers claiming they aided and abetted in alleged forced labour within their suppliers abroad. NGOs have also made similar complaints to Dutch prosecutors against companies with European headquarters in the Netherlands, urging the criminal agencies to investigate the companies for money laundering or receiving stolen goods under Dutch law or, citing the Dutch principle of universal jurisdiction for serious crimes, for being complicit in forced labour abroad. Even if such claims are unfounded and do not lead to prosecutions, they often garner extensive press interest and put the company (and its management) under intense scrutiny.
How to adapt compliance and investigations practices to the evolving risks associated with the ‘S’ in ESG?
While there is a clear need to address the risks associated with the social aspects of ESG, and the diverse and expanding legislative framework applicable to them, this does not require a wholesale overhaul of existing processes and controls. Rather, because the traditional pillars of an effective compliance programme apply equally to social concerns as they do to more familiar risks such as bribery, money laundering and fraud, companies will generally be able to adapt their existing systems to help manage such risks.
In doing so, and in conducting risk assessments to determine what activities of their particular business might pose risks in this sphere, legal and compliance teams may want to consider the following points.
First, given the proliferation of supply chain due diligence laws and the money laundering risks posed by violations of human rights within a company’s supply chain, companies may wish to give careful thought to whether they should modify their existing supplier due diligence procedures in order to ensure compliance with the varying provisions of the laws applicable to their business. In jurisdictions or sectors considered to be particularly high-risk, this may involve triaging suppliers and conducting enhanced due diligence with priority suppliers which could include, for example, reaffirming the organisation’s commitment to ethical conduct, updating contractual terms, the use of contractual auditing rights, requesting written confirmation from suppliers that they are not aware of any forms of criminal conduct within their operations and in-country interviews or intelligence-gathering to provide more detailed and objective evidence of compliance with social laws.
Second, given the focus on organisations’ representations about their ESG efforts and the risk of fraud associated with such statements, verification processes which test the accuracy of such statements are likely to be key. Corporates may therefore wish to consider all of the areas in which ESG disclosures are required or made voluntarily and create or enhance the process of testing and confirming the consistency and reliability of such disclosures. Documenting these verification efforts is also likely to be crucial if such statements are ever subjected to scrutiny by regulatory or enforcement authorities, or in litigation.
Third, encouraging a healthy ‘speak-up’ culture is perhaps of particular importance when considering the social aspects of ESG, as employees may find it particularly difficult to speak out about sensitive social issues. As a result, companies may wish to review and consider their whistleblowing and ‘speak-up’ policies, as well as their top-down communications, to ensure that these are fit for purpose and encourage individuals to voice their concerns openly on all relevant issues.
The evolving and diverse nature of the legal framework surrounding the ‘S’ in ESG creates challenges for compliance and investigations professionals. But they can take heart from the fact that there will likely already exist, within their existing toolkit, many familiar devices that can be deployed and adapted in order to assist them to meet these challenges. These include risk assessments, clear policies and procedures, top-down engagement and communication, effective training, monitoring and due diligence, appropriate investigation procedures and processes to ensure that any issues are appropriately remediated. A recognition of the particular sensitivities and challenges that the social aspects of ESG can represent is the first step in adapting these tools to ensure they are fit for purpose when looking at the range of risks that may arise in this context.
This is the sixth in our 2023 Global Enforcement and Compliance blog series. All other blogs in the series are available here.
For our previous blogs on related developments, see the investigations blogs on our US blog “A Fresh Take”.