In 2020, the EU approved the European Green Deal, ushering in a wave of sustainability initiatives across all sectors.
For a multinational like SAP, sustainability is already a corporate consideration, says Charlotte Hedemark Hancke, senior risk manager in customer success risk assurance services at SAP: “At SAP we define risk to include ESG and the third-party impact. We also see customers demanding responsible products. I have worked for 14 years with SAP. We build sustainability into our mission statement: ‘To create positive economic, environmental and social impact within planetary boundaries, with special focus on our sustainability pillars of climate action, circular economy and social responsibility.’”
However, for risk managers, the implications of ESG also stretch to the third parties in a company’s supply chain. For example, Germany has introduced the German Supply Chain Act, which is due to come into effect in Germany in January 2023 for companies with more than 3,000 employees.
It aims to minimise risks to human rights and the environment created by the financial activities of organisations. Over and above internal procedures, the Act calls for organisations to now expand their corporate social responsibility standards to their supply chain.
Therefore, companies should conduct a risk analysis with regard to their own activities and business relationships within the supply chain, as they are called to establish processes to identify, assess, prevent and remedy violations of human rights and the environment in their supply chain.
“We recommend to all our customers and suppliers that they should set up a corporate supply chain risk monitoring system,” says Hedemark Hancke. “It is a legal procedure that will be extended to apply to companies with over 1,000 employees in 2024.”
There is also the European Commission’s directive on corporate sustainability, which was adopted in February 2022 and requires even more transparency and governance from companies.
It will also require more attention from risk managers, says Hedemark Hancke. “If you want to ensure compliance with the German Act and forthcoming EU acts, more resources will be needed within the risk management function as the scope of the risk assessments will be extended. You will need to have a governance structure in place with the IT systems to support these new requirements.”
There may be an additional workload from the ESG-related reporting requirements but also benefits, says Hedemark Hancke. “It helps us in the risk management function and it creates a stronger link with purchasing and sustainability teams. The ESG-related risks are more complex to understand, including the extended impact on the supply chain. Furthermore, it will give the business more insight into risk at an enterprise level as well as a holistic view of the value chain and the environment we operate in.”
There are also change-management challenges that come with any new regulatory initiative, says Hedemark Hancke. “We still see this resistance when we talk to a risk owner but they need to consider the ESG impact. Normally we only consider our own exposure but now you have to expand that to your supply chain. It is not just about short-term profitability but also long-term sustainability.”
For example, there are numerous investment risks that come from the interest in ESG – some are immediate and some are more long term, such as a company’s inability to attract funding or investment because it does not meet certain sustainability standards.
“It is a challenge for risk managers to deal with this process,” says Hedemark Hancke. “In 2021 we started to assess non-financial risks, look at mitigation measures and decide what we could disclose. It created a lot of internal attention and more visibility on ESG. We also ran workshops to create stronger internal alignment and not these departmental silos.
“And for external reporting, we have advanced risk systems and a new impact category to enable the capture of ESG risks. These risks may not affect SAP directly; it is more about the wider environment,” says Hedemark Hancke.
Speaking of the wider environment, Hedemark Hancke also sees an important role for risk management associations such as Darim and Ferma. “We had an open dialogue with Darim members and intend to set up smaller working groups – a process that is only just starting. Companies have to prepare themselves for those Green Deal rules because they will come,” she says.
Also in Ferma, the advocacy work on sustainability has accelerated, largely driven by an increase in policy and regulation in this space. Ferma published a whitepaper titled Insuring the Transition on 12 September, which calls on the (re)insurance industry to do more to support its corporate clients in making the transition to carbon neutrality.
According to the whitepaper, businesses are suffering restrictions on insurance coverage for their transition activities in three ways: limited or unavailable cover; lack of coverage for specific technologies or materials; or exclusion of specific risks. These topics will be addressed in a keynote session, ‘Insurance in Transition’, at the Ferma Forum, which is taking place in Copenhagen on 9-11 October.
There is also the law of unintended consequences to consider, such as the notion that more stringent regulatory and reporting requirements will be beyond many smaller companies. “The concern is if we see insurers engaging only with companies that have completed their ESG reports,” says Hedemark Hancke.
This could have the detrimental effect of reducing insurance uptake at a time when the relationship between insurers and companies is already deteriorating and could get worse, given the economic challenges facing all companies.
“When companies face economic challenges, it has a budgetary impact and that might reduce insurance buying,” says Hedemark Hancke. “The risks to be covered are still the same if not more, but there is a smaller budget to cover them.”