ESG Data Rising to the Importance of Cybersecurity, Data Privacy and Compliance Requirements in Supply Chain Management Considerations

  • Richard Blore & Kevin Bourne, chief executive officer, KY3P & managing director, Sustainable Finance at IHS Markit

  • 02.06.2021 09:15 am
  • #data #cybersecurity #compliance

Both public and private companies are under increasing pressure from investors, civil society and governments to make ambitious public commitments covering all aspects of ESG, but especially greenhouse gas emissions which are directly linked to climate change and its threat of global systemic disruption.

As a result, companies are required to simultaneously demonstrate compliance with an ever-increasing raft of legislation and regulation (e.g., Modern Slavery Act (MSA), German Supply Chain Law), while also and demonstrating delivery against targets to dramatically minimise their impact on the environment and make positive contributions to diversity and inclusion.  

The Role of The Supply Chain:

Firms must master overall Supply Chain Management and incorporate ESG into their overall supply chain strategy if they are going to succeed in their ESG efforts. Consideration should be given to an integrated approach between ESG strategy, process, technology, and data across the supply chain to ensure alignment across the organization.

A survey of global supply chain leaders conducted by IHS Markit in early 2021 suggests a significant gap between having an ESG strategy in place, and the ability to execute: 51% of respondents claim to have a mature ESG strategy in place, yet only 36% have access to the required technology and data to drive their ESG strategy, with only 10% giving themselves the top score for having access to integrated technology and data.

Based on these results, many of these leaders are not prepared for the role of supply chain within ESG.

Furthermore, the amplifying effect of supply chains impacts both the opportunity to improve and the risk of noncompliance, with even medium size firms potentially having hundreds or perhaps thousands of suppliers. Each of these suppliers can have a complex enterprise with many employees located within facilities operating across the globe. It is also probable that each of these suppliers has its own matching footprint, such is the interconnected and globalised world of today. Therefore, an organisation’s extended ESG footprint can grow exponentially in size, reach and complexity. This makes failure at some point almost impossible to avoid and very difficult to monitor.

Procurement and Supply Chain teams are having to rapidly evolve beyond the traditional contract and performance management techniques such as those used for materials sourcing (Identity Preserved, Segregated, Mass Balance, Book and Claim). In addition to these and other obligations, there is now a growing focus on tracking and monitoring how staff are treated within suppliers which adds ever more complex but important ESG obligations and increasing liabilities.

Risk and Compliance:

The acceleration of governmental action and intervention is set to continue through 2021 in the run up to the UN Climate Change Conference (COP26) in November. A signpost of things to come can be seen in the recent proposed German supply chain legislation which combines the need for an organisation to demonstrate compliance with stringent requirements and enforced with a tough penalty regime up to 2% of global revenue. Given the current global political climate it is highly likely that other countries will want to match the German lead in this space and implement similar ESG focused regulatory frameworks.

Meeting Targets:

In recent years there has been a rush by organisations to establish and publish ambitious targets including spend with diverse suppliers, carbon footprint reduction and how they are helping local and small organisations to thrive. To help drive delivery of targets and objectives, there has been the rapid expansion of ESG/Sustainability teams within companies, working alongside all aspects of the business including procurement. Historically, it has been challenging for companies to understand how to message accurately and demonstrate not just compliance but also intent and impact to investors and regulators. With a plethora of quasi reporting standards, the challenge is often multiplied. This is coupled with the need to demonstrate that ESG targets have been met. This has become an issue that now challenges the boards and the non-Executive directors that provide input and guidance; they need to ensure the data provided can be audited and evidenced as a result of real concern amongst governments and regulatory agencies around Green Washing, intentional or otherwise. This is also more material for public companies as ESG (non-financial) factors become embedded in financial markets and such information becomes more price sensitive in both directions.  

So what is the fix?

For as long as there has been a focus on ESG, there have been attempts to solve for these problems from certifications to data and technology solutions. It is only now with the advent of powerful data gathering, analytics, industry utilities and audit capacities that there is a real chance of answering the questions required and helping to avoid the significant liabilities, both reputational and economic in world where information is a form of energy.

It is essential to apply a comprehensive approach to identify, assess, and continuously monitor the supply chain. There is an increased need for Supply Chain leaders to embed ESG as part of supplier risk management and vendor risk assessment processes. Looking at ESG data alongside cybersecurity, data privacy and compliance requirements is essential for the success of modern Third Party Risk Management programs. It is also important at a time of vendor onboarding and periodic assessment to take action to work with suppliers in remediating ESG deficiencies just like remediating a cybersecurity risk. This being combined with an ongoing, long term program that continuously monitors the process and notifies the correct individuals if there is a drop in ESG posture or a negative news alert against any suppliers.

Other Blogs