Companies increasingly face scrutiny of their environmental, social and governance (ESG) activities, including from investors, regulators, prosecutors, consumers, NGOs and other stakeholders. While robust ESG programmes can provide new business opportunities and other competitive advantages for companies, ESG issues also can pose legal and reputational risks, particularly when there is a gap between what companies say and do with respect to ESG.
In this article, we consider ESG risks for companies and offer our thoughts on the steps companies should consider taking to mitigate those risks. This article focuses on laws and practices relating to ESG that have developed in the UK. Because of jurisdictional variations that exist relating to ESG standards and their enforcement, the steps to be considered by in-house counsel to mitigate ESG risks may – and often will – vary by country.
ESG standards and frameworks
ESG encompasses a diverse set of topics that, generally speaking, offer a framework for responsible business practices and are linked to a company’s licence to operate. These topics are viewed through the prism of three umbrella categories: 1) environment (ie, related to a company’s effect on the natural world); 2) social (ie, concerning a company’s relationship with its people as well as external people or institutions); and 3) governance (ie, relating to a company’s internal operational processes). There is often a significant level of interdependence between these three limbs.
The ESG landscape continues to develop rapidly, with ESG regulation in the UK and other jurisdictions struggling to keep pace. Unsurprisingly, an over-arching global standard for assessing and reporting on the full spectrum of ESG topics has not yet emerged. Instead, ESG issues currently are being addressed in a patchwork of standards, including national laws and regulations, ‘soft law’ instruments such as the UN Guiding Principles on Business and Human Rights and voluntary standards such as those formulated by the Global Reporting Initiative (GRI) and the Sustainability Accounting Standards Board (SASB).
In the UK, several ESG topics already are being addressed in well-established legislative frameworks, including those relating to bribery (Bribery Act 2010 (BA)), modern slavery (Modern Slavery Act 2015 (MSA)) and health and safety (Corporate Manslaughter and Corporate Homicide Act 2007). Some of those frameworks, including the provisions to counter illegal deforestation in the recently passed Environment Act 2021 (EA), mandate the establishment and implementation of supply chain due diligence programmes by companies of a certain size operating the UK.
The UK also has enacted legislation requiring certain companies to make mandatory disclosures with respect to a range of ESG topics. For example, the UK Companies, Partnerships and Groups (Accounting and Non-Financial Reporting) Regulations 2016 (Non-Financial Reporting Regulations) require public interest companies with over 500 employees to include a non-financial information statement relating to ESG in their annual strategic reports. In particular, the report is required to address environmental protection, social responsibility, treatment of employees, respect for human rights, diversity on company boards, bribery and other forms of corruption.
In addition to the foregoing, the transparency in supply chains provisions of the MSA require companies that carry on all or part of a business in the UK with a total annual turnover of £36m or more to report annually on the steps they have taken to ensure that slavery and human trafficking are not occurring in their business or supply chains.
ESG reporting is an area of continued focus for the UK government, which recently published draft legislation that, if approved by parliament, will enshrine in law mandatory climate-related disclosures. The Companies (Strategic Report) (Climate-related Financial Disclosure) Regulations 2021 require many of the UK’s largest public companies, banks and insurers as well as private companies with over 500 employees and £500m in annual turnover to make annual disclosures of climate related financial information from 6 April 2022 in line with recommendations from the Task Force on Climate-Related Financial Disclosures.
The increasing importance of ESG topics to a broad array of stakeholders is a trend we expect to continue in 2022. In particular, the introduction of mandatory reporting regimes and measures to tackle ESG risks in supply chains are areas that are likely to continue gaining in prominence.
ESG risk areas for companies
While the failure to meet ESG commitments increasingly has the potential to inflict significant reputational, commercial or financial harm on companies (eg, a drop in Boohoo’s share price following allegations of modern slavery or a vote to change ExxonMobil’s board of directors for the company’s failure to take into account the financial risks posed by climate change), the growing focus on ESG activities also poses a range of potential legal risks. Non-compliance with legal or regulatory regimes addressing certain ESG topics can result in criminal or civil liability for companies. For example, companies can face prosecutions under the BA for either substantive bribery offences or, more commonly, ‘failure to prevent’ bribery benefitting a company by its associated persons. The EA also contemplates the imposition of civil penalties on companies that fail to comply with mandatory supply chain due diligence requirements relating to so-called forest risk commodities.
Company directors also can face criminal liability for their company’s failure to comply with some ESG reporting requirements. For example, it is an offence under the Non-Financial Reporting Regulations for a director to approve a non-compliant strategic report if the director knew about the non-compliance, was reckless as to whether there was non-compliance or failed to take reasonable steps to ensure compliance or prevent board approval of the report.
Sector-specific regulators are increasingly focusing on ESG risks. For example, rapid growth of the market for ‘green’ financial products has drawn the attention of the Financial Conduct Authority (FCA) to the risk of so-called ‘greenwashing.’ In July 2021, the FCA published a ‘Dear Chair’ letter setting out guiding principles for the design, delivery and disclosure of ESG and sustainable investment funds that, among other things, sets out the FCA’s view of what constitutes ‘greenwashing’ and how to avoid it. In 2022 and beyond, it is not difficult to envision increased regulatory scrutiny and enforcement risk as well as consumers bringing mis-selling – or fraud – claims alleging that products have been promoted on the basis of misleading claims as to their environmental impact.
As mandatory reporting requirements concerning ESG topics proliferate, they increasingly will provide the tools for stakeholders to litigate allegations that companies have failed to live up to their corporate ESG commitments. Such challenges may take the form of strategic litigation, or perhaps even private prosecutions, by activist non-profit organisations seeking to effect environmental or social change or claims for financial compensation by stakeholders claiming to have suffered damage as a result of such failures.
Litigation relating to ESG topics already has started to emerge, involving novel arguments concerning the boundaries of corporate accountability. In February 2021, the Supreme Court held that it was at least arguable that a UK parent company owed a duty of care to a group of Nigerian citizens in respect of alleged environmental damage and human rights abuses by a non-UK subsidiary (Okpabi v Royal Dutch Shell [2021]). In March 2021, the Court of Appeal also held that it was at least arguable that a UK shipping company selling a vessel for dismantling in Bangladesh could owe a duty of care to a shipbreaking worker killed while working on the ship in unsafe conditions (Hamida Begum v Maran (UK) Ltd [2021]).
Practical steps for in-house counsel to consider
The direction of travel with respect to ESG is clear – pressure on companies to manage ESG risks effectively across their corporate group and supply chains will continue to mount. Taking early pro-active steps to build ESG monitoring and reporting into a company’s risk management approach can insulate against future legal, commercial and reputational risks.
Some practical steps in-house counsel should consider include:
- Ensuring that ESG is a standing item on the board’s agenda and that the board is equipped with adequate data to facilitate effective oversight and management of ESG risks.
- Identifying and prioritising the ESG topics that are applicable to the company.
- Identifying existing regulatory reporting requirements related to ESG, which often can vary by jurisdiction.
- Identifying and collating necessary data for the company to formulate specific, measurable, achievable, relevant, and timely ESG-related goals.
- Identifying the functions, technology and other resources that are needed to support the company’s ongoing identification of ESG issues and anticipating emerging risks, regulatory compliance and effective monitoring of performance against its ESG goals.
- Implementing robust monitoring and governance processes to ensure satisfaction of the company’s ESG due diligence and disclosures obligations as well as complying with any ESG targets and commitments the company has set.
- Investing, when appropriate, in risk management technology that helps the company implement ESG commitments across its operations and enables robust tracking and reporting of data to satisfy the company’s corporate commitments and applicable ESG reporting requirements.
- Understanding the suitability to the company of the standards currently being used for ESG reporting (eg, whether standards were developed principally for investors such as the SASB standards or to make sustainability reporting as simple as possible for companies such as the GRI standards).
- Regularly monitoring developments with respect to ESG reporting standards and frameworks to assess their impact on the company’s approach to reporting.