The increasing challenge of reporting requirements
Risk managers are faced with a number of challenges when it comes to responding to reporting requirements, not least the amount of data and the difficulty in accessing it. ESG Risk Review talked to Neil Scotcher, director at software company Origami Risk, about the challenges, the need for coordination, and the role of technology.
What are the challenges facing risk managers when it comes to ESG reporting?
Neil Scotcher, director, Origami Risk: Firstly, the sheer quantity of data that risk managers must collate, validate and report on is overwhelming. If we take, for instance, the environmental part of ESG, companies will typically need to report on their energy suppliers at a minimum. For a company based in multiple countries around the world, with multiple locations and equally as many different providers, we’re already talking hundreds of potential data points.
For the ‘social’ element of ESG, there are a variety of different HR and accounting systems that need to be taken into account – and this is all just internal data. ESG reporting demands that risk managers take a broader look into their supply chains and ingest external data too. This is a monumental task, and this data and reporting will be made public, so they have to know they can trust the accuracy and veracity of the data they use.
Secondly, there is a lack of clarity and agreement over what should and shouldn’t be reported on. Most risk managers I speak to have no idea where they should be starting, and to what depth of data they need to reach.
Reporting requirements vary between countries too, adding another layer of complexity. For instance, earlier this year, the European Commission adopted the first set of European Sustainability Reporting Standards. These mandatory ESG reporting standards will apply directly to all 27 EU member states, but not the UK.
Other regions have no such requirement, so multinational businesses face the challenge of understanding how the regulatory landscape is evolving across all territories it operates within. Different countries have a different emphasis on reporting priorities; for example, the EU leans towards the ‘environmental’ aspect, whereas the US is more focused on the social aspect.
Putting these pieces together creates an incredibly complex and fast-moving environment for risk managers to operate in.
Is it largely about the difficulty in accessing the data?
Scotcher: It’s not so much the difficulty of access, but the difficulty in identifying what’s required in the first place. And then the challenge of pulling it all together into a single, useable format. We gathered five of our risk manager clients together in a meeting last week to talk about the ‘ESG challenge’ and significantly, every single one of those individuals was taking a different approach to reporting. Some hadn’t started worrying about it, and some had started small, using what they knew, and were focused on building outwards, but the one thing that had in common was that, though they knew where the data was, and largely how to access it, they didn’t know where to start.
Does it require a level of coordination with other areas in the business? Is this an issue?
Scotcher: Absolutely. Businesses, particularly big multinational operations, still have a huge silo mentality that’s proving difficult to move away from. Each area of the business has its own way of reporting and storing data, and there’s often no centralised approach to risk management. And it’s easy to see why. Given the enormous volume of data required, collating and managing the ESG reporting process has become a full-time job, with huge cost and resources involved. These reporting requirements didn’t exist five to ten years ago, and risk managers are finding themselves in a position where they are in greater demand but have fewer resources to match the enormity of the task at hand.
Is this data for regulatory reporting or insurers’ requirements (or both?)
Scotcher: Currently, it’s a regulatory requirement, largely driven by the EU, but though insurers are interested in the ESG status of their customers, it feels more like a tick box exercise.
We have seen a growing focus in the banking sector on ESG-linked loans, and the refusal of loans for businesses with a poor ESG score. I’ve spoken to clients who have told me that without a good ESG score, they’re unable to obtain funds. Will we see a similar challenge in insurance? I’m not sure. Insurers may look to counter with increased premiums, but the whole issue simply isn’t regulated enough for it to be that clear cut; there’s no standard framework yet to indicate what ‘good’ looks like.
Is a packaged-up ESG solution a good solution? Or are the separate elements of ESG better dealt with separately?
Scotcher: It’s certainly not as simple as finding a packaged-up ESG reporting solution, due to the enormous complexity of the challenge and different approaches required depending on the business. Risk managers should instead be focused on how they can leverage automation to collate all the data they need in one place to enable them to access and utilise it quickly and easily.
Though there are companies who can offer bespoke solutions for separate elements of ESG reporting, for example chemicals or emissions tracking, by separating out these strands, you essentially end up with multiple systems and pockets of data that don’t talk to each other, and a return to the clunky reporting that risk managers need to avoid if they want to stay on top of this task.
What data needs to be gathered by risk managers?
Scotcher: It would be simpler to ask what data does not need to be gathered by risk managers. Every company will have different reporting requirements and thousands of data points, ranging from emissions and compliance right through to printers and who supply their paper.
We’ve reached a point where ESG reporting threatens to exceed the risk managers’ remit. Where once their primary concern was collating and assessing enterprise risk data, or providing risk information to their insurers, they’re now spending hundreds of team hours trying to grapple with the ‘ESG problem’. It’s time-intensive, labour-intensive, and an expensive problem facing businesses.
Is technology simplifying both the gathering, management and reporting of the data?
Scotcher: The right technology can alleviate a lot of the pressure on risk managers by automating the process of data transfer, seamlessly connecting various internal and external systems and offering the ability to augment the data gathered by risk managers to enhance its integrity. APIs in particular are becoming vital for connecting systems to allow for effective data transmission, often in real-time, eliminating re-keying data and risking outdated, or inaccurate entries.
We also speak to a number of risk managers who appreciate the data enhancement capabilities we can provide. These allow them to draw together data from separate locations and, augmented with third-party sources, get a full picture of their overarching ESG position.
Technology is playing a significant role in ESG reporting, but risk managers still have to know where they want to start and where to get their data from, and unfortunately, until there is greater clarity on regulatory requirements, this remains a huge challenge.
