Today, organizations have to comply with a range of laws, regulations, and industry standards designed to protect sensitive data, prevent fraud and money laundering, improve workplace safety, and more.

Increasingly, organizations are expected to achieve environmental, social, and governance (ESG) compliance as well. ESG is not just a regulatory burden, however. 91% of business leaders say they believe their company has a responsibility to act on ESG issues, and 83% of consumers think companies should be actively shaping ESG best practices.

Read on to learn what ESG compliance is, why it’s important, and some best practices for achieving it.

What is ESG compliance?

ESG compliance refers to the adherence to environmental, social, and governance guidelines created by governmental and regulatory bodies or internally by the organization itself.

Let’s take a look at the three components of ESG compliance.

Why is ESG compliance important?

ESG compliance is important for meeting the expectations and requirements of an increasing number of investors, employees and consumers, and regulatory bodies and governments across the world. Let’s take a closer look at these reasons below.

1. Investor preference

According to an industry report from US SIF Foundation, investors held $8.4 trillion in assets chosen according to ESG principles in 2022. This represents 13% of the total US assets under professional management. As more investors opt for socially-responsible investing, publicly-traded companies can improve their chances of outside investment by making ESG compliance an important aspect of their corporate governance.

2. Employee and consumer preference

Employees and consumers are also increasingly concerned with ESG issues and indicate they are prepared to reward companies accordingly.

In a recent study, overwhelming majorities of both consumers and employees said they’re more likely to buy from or work for companies that share their values across the various elements of ESG:

• Environmental: 80% consumers and 84% employees
• Social: 76% consumers and 83% employees 
• Governance: 80% consumers and 86% employees

3. Regulations and laws

Governments are also beginning to pass or consider legislation requiring organizations to comply with ESG standards. 

The EU passed the Non-Financial Reporting Directive back in 2014, requiring public-interest companies with more than 500 employees to publish information related to environmental matters, social matters and treatment of employees, respect for human rights, anti-corruption and bribery, and diversity on company boards. This will be superseded by the Corporate Sustainability Reporting Directive, which will require a broader set of large companies, as well as listed SMEs, to report on sustainability.

Other countries are following suit. In recent years, Australia, Canada, Chile, Colombia, India, Singapore, and the United States have also passed or proposed new ESG regulations. For example, the U.S. Securities and Exchange Commission (SEC) under Commissioner Gary Gensler has made ESG a top priority in its rulemaking agenda since June 2021. While it has yet to finalize proposed new rules for company disclosures regarding ESG policies, SEC officials say ESG concerns will be a high priority during SEC examinations this year.

Starting to prepare for ESG compliance now can help ensure you’re ready when regulations do pass in your country.

ESG compliance frameworks and standards

Now that we’ve established why ESG compliance is important, let’s take a look at some of the most common frameworks and standards to help you decide which may apply to or be right for your organization.

Global Reporting Initiative (GRI)

GRI provides the world's most widely-used framework for sustainability reporting. It has a whole set of Sustainability Reporting Standards that specify the requirements and reporting principles for organizations to publicly disclose their most significant impacts on the economy, environment, and people and how they manage these impacts. These standards cover anti-corruption, emissions, waste, diversity and equal opportunity, rights of indigenous people, customer health and safety, and other ESG issues. 

Sustainability Accounting Standards Board (SASB)

SASB Standards are sustainability reporting standards that identify the subset of environmental, social, and governance issues most relevant to financial performance and enterprise value for 77 industries. These enable organizations to make transparent financial-related sustainability disclosures. 

Task Force on Climate-Related Financial Disclosures (TCFD)

TCFD has published recommendations on the types of information that companies should disclose to support investors, lenders, and insurance underwriters in appropriately assessing and pricing risks related to climate change. There are 11 total recommended disclosures that make up the TCFD framework. The goal of these disclosures is to help investors and others understand how reporting organizations think about and assess climate-related risks and opportunities.

While the TCFD framework is made up of voluntary disclosure guidelines, these are becoming part of mandatory regulatory frameworks across the world. New Zealand and the United Kingdom, for example, are mandating climate risk disclosures in line with the TCFD framework by 2023 and 2025 respectively. 

Carbon Disclosure Project (CDP)

CDP focuses on climate change, forest health and preservation, and water security. It asks companies, states, cities, regions, and public authorities for voluntary disclosure of environmental data to help progress toward a sustainable net-zero, deforestation-free and water secure future. Some investors and customers may also request information from companies through CDP's climate change, forests, and water security questionnaires.

Once they fill out questionnaires, companies are then scored on their disclosure and environmental performance. 

Business Responsibility and Sustainability Reporting (BRSR)

BRSR is India’s framework for ESG reporting that requires the top 1,000 listed companies in India to provide quantitative metrics on sustainability-related factors as of fiscal year 2023. This was designed to be interoperable with other internationally accepted reporting frameworks such as GRI, SASB, and TCFD.

National Greenhouse and Energy Reporting (NGER)

NGER is the Australian national framework for reporting and disseminating company information about greenhouse gas emissions, energy production, energy consumption and other information specified under the NGER Act in 2007. This data is used to inform Australian government policy and the public and help measure progress against Australia’s international climate change commitments.

ESG compliance requirements

ESG compliance requirements can largely be broken down into four categories:

1. Requirements for organizations to disclose ESG performance and practices
2. Requirements for investors to consider ESG as part of their investment planning
3. Specific laws that touch on parts of ESG but are not focused on ESG themselves
4. Requirements for organizations to audit and manage their business practices and supply chains based on ESG frameworks and standards

Since these vary so widely across voluntary and mandatory ESG frameworks and standards, let’s take a look at some best practices that organizations of all types and sizes can follow below.

ESG best practices

Following the best practices below can help you meet ESG compliance and reporting requirements.

1. Determine what ESG data to collect and report

To start, determine what ESG risks and opportunities are most relevant to your business. To understand what risks and opportunities are typical for your industry and what specific metrics you should report, you can consult an established framework or standard like SASB or GRI. 

Next, consider the expectations of your largest shareholders. Some investors will request that companies disclose ESG data that is aligned with the recommendations of an established framework or standard. You should also consider the expectations of other stakeholders, like employees and customers. In a PWC study, 86% of employees said they prefer to support or work for companies that care about the same issues they do and 76% percent of consumers said they will discontinue relations with companies that treat employees, communities, and the environment poorly. That indicates that companies may suffer in terms of sales and employee recruiting and retention if they don’t disclose ESG data. 

2. Automate data gathering and centralize it

Data gathering may pose a significant challenge for organizations trying to establish an ESG compliance program. The process may vary by business unit, department, or region and involve manually collecting it on spreadsheets. 

Companies can standardize and automate the process by using governance, risk, and compliance (GRC) software. This will also help ensure that ESG data lives in a central repository along with other compliance data. 

3. Develop an ESG data policy

Once established, these data gathering procedures should be documented in a policy. The policy should specify what ESG data should be collected and how, how it should be analyzed and reviewed, and who the responsible parties are. This policy should be updated and reviewed regularly so it can stay up-to-date and in accordance with ESG regulations.

ESG compliance checklist

Use the following checklist to evaluate your organization’s environmental, social, and governance policies and procedures.

Step 1: Prepare for ESG compliance

The following activities can help you prepare for ESG compliance:

• Find out if any ESG regulations are in effect in your country or will be shortly
• Understand what ESG standards may apply to your industry
• Understand what ESG-related issues your investors care about
• Read your competitors’ ESG disclosures
• Understand how ESG related to your company’s objectives
• Understand your organization’s current ESG strategy, maturity, and risk factors
• Communicate your ESG strategy and risk factor to stakeholders
• Develop ESG policy and procedures

Step 2: Choose your ESG compliance framework(s)

Based on the activities above, select one or more ESG compliance frameworks that can help meet your reporting needs and overall objectives. Consider developing a custom framework if an existing one does not meet your unique reporting needs or objectives.

Step 3: Determine which existing compliance requirements overlap with ESG ones

If you already have a compliance program in place at your organization, then you likely have existing compliance requirements that relate to ESG. For example, ISO has several standards that relate to ESG issues, like:

• ISO 14001: Environmental management
• ISO 45001: Occupational Health and Safety Management System (OHSMS) 
• ISO 50001: Energy management
• ISO 26000: Social responsibility

That means you may already have controls in place to meet ESG requirements. If you use  compliance automation software like Secureframe, you can map these controls and tests to those framework requirements to reduce duplicate work.

Step 4: Prepare for ESG Reporting

The last step is preparing to include ESG disclosures in your financial reporting to demonstrate a genuine commitment to sustainability, social responsibility, anti-corruption, and more. The goal is to allow stakeholders, regulatory bodies, other organizations in the industry, and any interested parties to understand your organization’s ESG performance, opportunities, and risks. 

How Secureframe can help with ESG compliance

Complying with ESG regulations can be a long and resource-intensive process without help from experts.

Secureframe can help simplify and streamline the process. Using custom frameworks, custom controls, and the Secureframe control and test libraries, your organization can create your own custom frameworks based on ESG compliance requirements and map tests and controls to those frameworks. The Secureframe platform will consolidate audit and risk information, including vulnerabilities from cloud resources, control who has access to ESG data, and conduct continuous monitoring to look for gaps in controls so you can maintain continuous compliance.

To learn more about how Secureframe can play an integral part in developing a robust ESG compliance program, request a demo of our platform today.