Blog Post
Examining ESG Risk Part 3: Taking Action Through Data and Technology
In this series on the role of data in Environmental Social and Governance and its intersection with compliance, Al Park, Senior Managing Director and Risk & Compliance practice leader for FTI Technology, has engaged in discussion with domain experts across FTI Consulting. The series has covered some of the risks that arise when organizations overlook data in their ESG strategies and the fundamentals of measuring, managing, monitoring, improving and reporting ESG activities. In this final installment, Al joins colleagues Jake Frazier, Drew Sheehan and Steve McNew to take a closer look at some of the specific ways they are helping clients leverage data to reach their ESG objectives and requirements.
Al, in the last Q&A, you and Miriam Wrobel, Senior Managing Director and FTI Consulting’s Global Leader of ESG and Sustainability, had a lengthy discussion around the role of technology in improving ESG. Can you reiterate some of those thoughts to start off this discussion?
Park: Yes, that conversation focused on the importance of data governance and information governance in an ESG context. Data governance helps ensure that the data companies rely upon for tracking, monitoring, analysis and reporting is managed in a way that upholds data quality and data lineage (i.e., reliability and accuracy). Also, information governance is important from the perspective of ensuring effective management and protection of sensitive information — particularly personal information that is protected by various global data privacy laws. Upholding a strong data privacy posture can support organizations in meeting standards on both “social” and “governance” fronts.
Technology is essential here, as it is often an important enabler behind these types of governance and other compliance programs.
Jake, perhaps you can add to that, given your focus on information governance and privacy. Can you speak to some of the specific ways FTI Consulting is leveraging information governance principles and strategies for ESG use cases?
Frazier: There are quite a few areas where our information governance, privacy and security expertise can support clients with ESG programs. First is in the category of data management and controls. We help clients develop data management protocols to set and transparently manage ESG data, which allows them to maintain defensible and accurate data, supported by internal controls. This also helps with preparedness for regulatory investigation, as clients with robust data controls and a maintained inventory of ESG data will find it much easier to respond to information requests from authorities.
Like Al mentioned, our Information Governance, Privacy & Security practice also supports ESG in building data privacy policies, procedures and technology solutions to support compliance with data protection regulations, which is an important element of the “governance” portion of ESG.
There are other aspects of regulatory and compliance governance for ESG as well, correct? What are some of the additional considerations beyond data protection?
Park: That’s right. Companies are increasingly facing the expectation that their compliance programs are assessed holistically and built to monitor, detect and manage metrics and activities that carry ESG implications. For example, organizations must address ESG exposures beyond their own direct behaviors to include those of the companies they engage as vendors and providers. Compliance teams should now consider incorporating ESG risk assessment and due diligence of third parties into their third-party risk management program to enable a fulsome understanding of the overall posture.
Sheehan: Yes, and beyond that, another area that ties back to this issue and the data governance points that were discussed before, is readiness for regulatory reporting. This can be a challenge because every company is unique in how it approaches ESG, including the roles and departments responsible for managing data monitoring, analysis and reporting. For some, it may fall to the compliance officer, while others appoint the general counsel or head of supply chain or a dedicated sustainability officer. In other words, tracking of ESG metrics may fall to a person who isn’t familiar with data-driven processes and reporting. They may need support in establishing or executing efficient data collection and disclosure processes across a wide range of data, to satisfy various global and industry regulatory requirements related to climate and environmental impact.
Can you expand upon that point about data and analytics?
Sheehan: Companies must collect, inventory, cleanse, track, analyze and report on a vast universe of data types for countless reasons — from data governance or financial reporting requirements to regulatory investigation, litigation, marketing and proactive compliance. And now, for many, ESG. The ESG use case is unique because the metrics have not yet been standardized and the relevant information that a company may need or want to track will span numerous functions of their business (e.g., HR, real estate, supply chain) and dozens of structured and unstructured data systems. It’s our aim to help clients design programs that bring all of the data that matters to their ESG objectives into an all-encompassing dashboard, supported by automated processes and advanced analytics tools, to provide insight, transparency and efficiency.
You mentioned there isn’t yet a single, standardized framework for reporting. That has to make it difficult for companies to not only decide what to report upon, but how to prove they aren’t greenwashing. What are some ways we’re addressing the issue of trust and proof?
McNew: There’s a lot of uncertainty about what and how to track for ESG, and a lack of trust and transparency in what is reported, due to greenwashing and genuine difficulty in getting the data and metrics correct. Serious fines are being handed down for greenwashing and incorrect reporting, and the overall compliance requirements for, and litigation around, ESG are expected to grow.
One way we’re approaching that with technology is through blockchain. Blockchain technology can provide immutable tracking, certification and reporting of any number of datapoints that relate to an organization’s ESG tracking. For example, corporations that have committed to significantly reducing or eliminating their carbon footprint could take data relating to their carbon emissions (e.g., flight miles taken or freight shipments) and credits (e.g., legitimate, verified offsets) and track it on a blockchain, where it can be benchmarked against set goals.
Similarly, organizations could track and trace products and labor conditions along their supply chains, storing the findings on the blockchain alongside other ESG metrics. Data from their vendors and suppliers could be integrated, so that every relevant metric is measured using the same mechanism. All the information would remain on-chain and immutable. Critically, the transparency, tracking efficiency and immutability of blockchain closes many of the gaps that frustrate regulators, shareholders and consumers.
Our teams are helping clients build affordable and easy to deploy blockchain solutions to automatically disclose the data either in real time or on a pre-set schedule to the public and/or regulators. This data can then be independently verified by regulators or a credible third party to confirm that the organization’s activities are meeting set standards and that its claims, messaging and advertising are consistent with its actual practices.
So, it sounds like the technologies needed to support ESG tracking, reporting and compliance maturity are available, but there’s work needed for organizations to bring that all together. How long do you think it will take before some of these concepts we’re talking about become more standardized?
Frazier: It’s going to be an evolution, and every company will be on a different timeline dependent upon their size, geography, company culture, technology sophistication and ESG obligations. There’s really no one-size-fits-all strategy or timetable. I do think within the next several years we’re likely to see significant progress and adoption of the processes and technology solutions we’ve mentioned here.
The key is for companies to start with a realistic baseline. Create a plan that is incremental and can show progress over time. Maybe this year it’s refreshing the information governance and privacy policies to account for new ESG considerations. Then, analytics. And for the most technology-forward, mature organizations, or those that have significant supply chain reporting to address, blockchain-based solutions can start to be developed. All of this can happen within individual organizations while governments and global organizations work to develop and aligned framework for standards and reporting.
Related topics:
The views expressed herein are those of the author(s) and not necessarily the views of FTI Consulting, its management, its subsidiaries, its affiliates, or its other professionals.