ESG & TPRM risk management: a best practice approach? | Mitratech Holdings, Inc
[author: Henry Umney]
There are few initiatives currently underway in the banking sector that not present environmental, social and governance (ESG) benchmarks, either to engage investors and clients, or to provide the ESG risk management capabilities that banks now need.
These initiatives will cover various areas of activity ranging from business process change, product development, investment management and market positioning.
Widespread use of “ESG” can inspire a feeling of fatigue for some. That said, there is no doubt that issues of climate change, sustainability or modern slavery, for example, are now burning issues for many people, in ways they once were. not 20 or even ten years ago.
ESG offers investment and growth opportunities for some and provides a source of risk and challenge for the others. Whatever your position, ESG must be adopted, and for banks, this inevitably leads to reflections on ESG risk management.
ESG is a vast subject, but working with financial institutions it is clear that third party risk management (TPRM) is an important aspect of ESG for many banks. Banks have complex value chains and make extensive use of sophisticated technologies and data capabilities from providers around the world.
While providing opportunities for innovation, scalability and business efficiency, a bank’s extended supply chain can be the source of a range of problems beyond the purely practical ones of trying to work. with multiple business partners in different time zones. There are many social, business, contractual, operational and compliance risks that must be identified, managed and mitigated if an institution is to capture the full value of these business relationships.
Businesses will have risk management systems and processes in place to deal with many of these risks. Always, the complex, interdependent and global nature of ESG risk means that many institutions need risk management tools and frameworks to specifically manage their ESG risk.
A framework for ESG risk management
KPMG proposed a ESG risk management framework which covers all aspects of ESG risk management, including business strategy, product development, governance, capital charge, product distribution, regulatory and stakeholder reporting, and ESG data management.
As might be expected, the framework covers traditional risk competencies, including governance, strategy, risk measurement and identification, reporting and disclosure. He recognizes the need to have a defined ESG risk management profile to manage ESG risk itself and inform other areas of risk that it may have an impact, including operational risk, compliance risk, risk capitalization and others.
From the perspective of the TPRM, it emphasizes specific risks, including human rights, climate risk, corruption, structural risk, legal risk, compliance risk and protection risks. data, as potentially significant issues in the supply chain.
Find an optimal solution
These risks are already widely recognized and understood. The challenge for banks is to somehow capture and fully define these risk profiles, as well as consolidate the data, metrics and documentation used to monitor them. The aim is to proactively monitor the status of their main suppliers who directly support banks and their 4e and 5e level providers.
Given the expectations of stakeholders, regulators and customers to seize emerging opportunities related to ESG, it is paramount to deliver TPRM capabilities quickly and efficiently. The PRA has been at the forefront of regulating this with SS2 / 21, which details the operational resilience aspects of TPRM.
The KPMG model will help institutions shape their response to ESG risk management, including TPRM risks.
The key factor in providing this type of framework? A adapted technological platform that provides the efficiency, scalability, and results that an institution needs to implement a comprehensive TPRM.
The optimal ESG risk management solution will offer SaaS capabilities allowing rapid deployment, both within a bank and within the companies that make up its 3rd, 4e, and 5e online supply chain. It should also have a dashboard so that all issues – operational, political, business, etc. – can be reported upstream, with proactive alerts.
Experience suggests that the earlier an ESG risk management issue is identified, the easier it is to resolve without harming the business or the relationship. Likewise, the platform should be the repository for all documentation on supplier risks, contracts, and risk metrics, so staff can access it quickly when incidents develop.