But how should risk management evolve to incorporate sustainability considerations, including the concept of “double materiality” – “inside-out” as well as “outside-in” impacts.

Let’s start from the beginning: identification of ESG risks

When it comes to identifying ESG risks, the vast majority of organisations focus on the environmental risks, such as physical degradation of assets or transitional adjustment uncertainty. These risk factors are the most advanced for organisations in terms of understanding their risk impact and embedding assessment and management into risk frameworks, for climate risk in particular. Indicators around greenhouse gas emissions, for example, are well-defined and can be measured, reported, and verified.

Risk identification in terms of ‘social’ risk (e.g., relating to workers’ rights, inclusivity, equality, health and safety and human capital), and ‘governance’, (e.g., policies around executive leadership, internal controls, tax policies and shareholder rights), is in its early stages, with transmission channels often not identified or quantified in the way environmental risks are.

We believe it is important that organisations begin analysing and identifying ESG risk across all three areas to allow them to properly embed ESG risk management into their long-term strategies. There are several taxonomies, standards, and principles that that can support a firm in labelling, classifying, and defining different ESG risks and linking them to distinct categories, as well as assessing their impact on financial risk categories.

You can only manage what you can measure: sustainability assessment

There are several methods, both quantitative and qualitative, that can be used to assess ESG risks. Environmental factors (especially climate risk) can often be reviewed using quantitative data as firms are more likely to have the infrastructure in place to collect useable data given advanced risk identification methods.

The less mature approach towards social and governance factors, and the fact they often require greater levels of judgement or are less well-defined than environmental factors means that a qualitative approach could be preferred. Qualitative assessments, such as scorecards, are also easier to implement than quantitative ones, which can require investment in data tracking and analysis.

Decisions on which methodological approach to take should be determined by considering the size, complexity, risk profile, and business model of the organisation.

Time for action: ESG risk implementation

There are several methods to managing ESG risk and monitoring long term sustainability resilience. The most advanced of these is scenario analysis. There are several existing organisations that publish climate change scenarios, such as the Network of Central Banks and Supervisors for Greening the Financial System (NGFS). Scenario analysis can be used to build out the potential future business environment a firm will be operating in. For banks, it can also be applied to portfolios, as well as be linked to more traditional risk types to assess the interplay with ESG risk.

We believe that for ESG scenarios any planning horizons should be extended to a minimum of ten years. This is something that some firms can struggle with as to date, scenario analysis has been run over the short to medium-term. Once this has been done a set of long-term KPIs should be established against each ESG pillar, to track progress and risk. As well as these KPIs organisations should also develop long-term objectives that are in-line with regulatory requirements and stakeholder expectations. 

Ultimately, the outcome of any ESG risk analysis should be measured and embedded in the same manner as traditional financial risk appetite. Management actions should also be put in place to ensure adherence to the agreed risk appetite.

Parting thoughts

While the area of sustainability resilience is an emerging one, and the concept of double materiality is still relatively new, it is critical that organisations begin making progress in achieving it. Organisations should strive to implement best practice risk management addressing existing gaps in ESG strategy, and ensure that they understand the short, medium, and long-term impacts of ESG risks and opportunities.

Beyond risk management developments, improved long-term performance may be a better prize for those who implement this as a business transformation journey.