Environmental, Social, and Governance ESG is an important element within the reporting scope of a Third-party risk management (TPRM) initiative because for many organizations, most of their carbon emissions come from their supply chain. Yet, passing the responsibility onto suppliers isn’t an acceptable option. Today’s investors, regulators, and consumers hold first parties accountable for thirdparty failures as much as if not more than the third parties themselves, making it imperative to extend governance, risk, and compliance(GRC)disciplines across the third-party ecosystem.Managing ESG risks across the extended enterprise in the context of Third-Party Risk Management (TPRM) involves incorporating ESG considerations into the evaluation and monitoring of third-party vendors, suppliers, and business partners. This approach ensures that the organization’s extended network aligns with its ESG goals and helps mitigate potential risks.
Here are some key steps and strategies to effectively manage ESG risks across the extended enterprise
within the framework of TPRM:
ESG Integration in TPRM: Integrate ESG factors into the overall TPRM framework and processes of the organization. Ensure that ESG considerations are embedded in the risk assessment, due diligence, and vendor selection stages.
ESG Criteria in Vendor Evaluation: Develop specific ESG criteria and scoring mechanisms to assess the ESG performance of potential vendors and business partners. Consider factors such as environmental impact, social responsibility, labor practices, diversity and inclusion, and ethical governance.
ESG Due Diligence: Conduct comprehensive ESG due diligence on potential vendors to assess their ESG risks and identify any red flags. This may involve reviewing environmental policies, social impact assessments, labor practices, regulatory compliance, and governance frameworks.
Contractual Agreements: Incorporate ESG clauses and requirements into vendor contracts to set clear expectations and standards. Specify ESG performance targets, reporting obligations, and compliance with applicable laws and regulations.
Ongoing Monitoring and Auditing: Implement regular monitoring and auditing processes to evaluate vendors’ ongoing ESG performance. This can include site visits, self-assessments, third-party audits, and monitoring of key ESG metrics. It ensures that vendors remain aligned with ESG expectations throughout the business relationship.
Collaboration and Capacity Building: Foster collaboration with vendors and business partners to enhance their understanding of ESG risks and opportunities. Provide resources, training, and guidance to help them improve their ESG practices and align with the organization’s goals.
ESG Reporting and Transparency: Require vendors to report on their ESG performance regularly. This can include the provision of sustainability reports, ESG disclosures, and relevant metrics to demonstrate their commitment to ESG and facilitate transparency.
Risk Mitigation and Remediation: Establish processes to identify and mitigate ESG risks across the extended enterprise. Develop corrective action plans and support vendors in addressing identified gaps or non-compliance with ESG standards.
Continuous Improvement: Encourage vendors and business partners to continuously improve their ESG performance. Set goals, benchmarks, and incentives to drive positive change and recognize outstanding ESG practices.
Stakeholder Engagement: Engage stakeholders, including customers, investors, and employees, to understand their expectations and concerns regarding ESG. Incorporate their feedback into the organization’s ESG risk management strategies and decision-making processes. By implementing these strategies, organizations can effectively manage ESG risks across the extended enterprise within the TPRM framework. This approach promotes responsible and sustainable practices throughout the supply chain and mitigates potential ESG-related risks, contributing to long-term business resilience and value creation.
