Growing role for risk managers as diversity exposures rise

A new ISO standard can help organisations identify and tackle risks associated with diversity and inclusion, according to Zurich’s Julia Oltmanns and Lisa Dutkanych

Calls to improve diversity, equity and inclusion (DEI) have been growing louder in recent years, spurred on by movements like #MeToo and Black Lives Matter, as well as the impact of Covid-19 on employees and wider society.

Consumers and employees are growing more socially conscious and increasingly expect society’s rich diversity to be reflected in the organisations they engage with and work for. These societal changes are now starting to filter through to investors and policymakers, who are demanding more information and increasingly more evidence of action on DEI issues, from board representation to equal pay and human rights.

The US Securities and Exchange Commission (SEC), for example, is working on requirements for companies to disclose the diversity of their boards and potentially their workforces. Under separate proposals, companies listed on Nasdaq will be required to disclose the ethnic and gender makeup of their boards. In Europe, EU member states recently reached a provisional agreement that would require EU-listed companies to have at least 40% of their non-executive director positions held by women by 2026.

A lack of focus on DEI is an enterprise risk
Insufficient attention to diversity and inclusion has become a business risk that can have a direct impact on a company’s financial performance, its workforce and reputation. Recoveries from US discrimination claims against employers were at an all-time high in 2020, according to the Equal Employment Opportunity Commission (EEOC). Private litigation jury verdicts are skyrocketing, while DEI-related shareholder derivative lawsuits are also on the rise. Recent years have seen a number of board diversity lawsuits filed in the US, as well as shareholder securities lawsuits related to companies failing to live up to DEI promises.

In the past, DEI may have been viewed as a ‘nice-to-have’ programme, but today, lack of attention to DEI is an enterprise risk. Diversity, equity and inclusion is not just about the fair treatment of employees. It extends to corporate culture and business models, as well as how an organisation is perceived by suppliers and customers, and its impact on wider society.

In addition to the moral case for diversity and inclusion, there is also a compelling business case. According to McKinsey research in 2020, organisations with a gender-diverse executive team are 25% more likely to be more profitable than their peers, while ethnic diversity among the executive team will boost the chances of outperforming rivals by 36%. A 2018 study by the Boston Consulting Group also found that companies with a diverse management team have a 19% higher rate of revenue from innovation.

Game-changing ISO standard
While the majority of large multinational companies have formal DEI programs, progress on diversity and inclusion has been slow. Despite good intentions, many companies struggle to translate their DEI strategy into action. According to a 2021 PWC global survey, diversity and inclusion was a priority for 75% of the 5,000 companies surveyed, yet more than a third agreed that diversity remained a barrier to career progression at their organisation.

PWC’s survey also found that two thirds of companies had reached only basic levels of DEI maturity and only 17% had a board-level diversity and inclusion leader. The first step in any DEI initiative should be to establish the current maturity level, identify gaps and then prioritise actions. Progress should then be monitored and benchmarked against a consistent definition of what success looks like.

The release last year of Standard 30415 – the first global standard for diversity and inclusion – by the International Organization for Standardization (ISO) could be a real game-changer, however. ISO 30415 provides companies with a roadmap to create an effective DEI programme and embed diversity and inclusion across their organisation, as well as in their supply chains and relationships with other stakeholders.

Active role for risk managers
A risk management programme should consider that customers, shareholders and regulators will expect an organisation to demonstrate its commitment to DEI and its progress towards greater inclusion. These efforts are not solely an HR responsibility, but rather require that DEI considerations should be integrated into every aspect of a company’s operations.

Risk managers have an important role to play in DEI, which interacts with many areas of risk already on their agenda, such as governance, liability, corporate culture, reputation and supply chain disruption. Risk managers need to take an active role in DEI, promoting and facilitating the assessment of risk. By engaging with HR, risk managers will be better able to understand the organisation’s DEI strategy and influence actions with risk in mind.

ISO Standard 30415 is also a valuable tool for risk managers. The standard, which includes 32 separate risk domains, can be used to identify DEI-related risks and prioritise actions to mitigate risk.

Seek out good advice and support
Good advice and support are also essential for improving diversity and inclusion. A number of companies have pursued DEI initiatives that, while well meaning, have had unintended consequences that have resulted in litigation.

Earlier this year, Zurich Resilience Solutions launched a DEI assessment and consulting service for customers, in collaboration with Inclusion Score. The Workplace DEI Service includes DEI assessment and reporting services, which measure DEI maturity and set out areas for improvement that are consistent with ISO 30415. Zurich can then help customise recommendations and provide ongoing consultation to ensure measures are implemented in accordance with benchmarks. Zurich Resilience Solutions is also providing services to help customers on their DEI journey, including education and training.

Aligning DEI with risk
Insufficient attention to diversity and inclusion will increasingly become a driver for risk and liability, and organisations will need to align their DEI programme with risk management. As companies develop their DEI strategies, it is essential that risk managers take an active role, as advocates for risk and as a bridge between HR and other corporate functions.

Contributed by Lisa Dutkanych, head of strategy and business planning, North America, Zurich Resilience Solutions, and Julia Oltmanns, director of workplace DEI services, North America, Zurich Resilience Solutions