The case for merging sustainability, risk and compliance
Why companies like AstraZeneca are moving sustainability from a "nice-to-have" into an existential consideration.
This article is the fourth in a series by BSR that will explore how corporate sustainability pros can work across departments on shared goals.
Given the overall trend toward convergence in the internal functions that own and address questions of corporate integrity and values, collaboration skills are at a premium. Change management and influencing skills, in particular, are the most underrated in the sustainability practitioner’s toolbox, and they are likely to be helpful in engaging your risk and compliance colleagues.
The relationship between sustainability teams and the range of functions that broadly sit under governance, risk and compliance is complex, riven with both opportunities and tensions. Historically, these teams have been most closely aligned in extractives, manufacturing and engineering organizations. In such organizations, sustainability tends to be framed as a dimension of "non-technical" or "above-ground" risk, rather than an effort to drive opportunity and innovation or build a powerful brand.
However, working with risk and compliance teams is one of the more promising avenues that you can use to drive the sustainability agenda, and the advantages of ethics beyond compliance are very clear to both sides. It’s time to move beyond vague purpose statements and redefine what meaningful corporate integrity might look like. Here are three areas you can focus on to better collaborate with risk and compliance departments in your company: governance; enterprise risk management (ERM) processes; and cultures of compliance.
Enhancing integrity via integrated governance
Companies are rethinking their internal governance and management structures under the broad mantle of ethics, integrity and responsible business. Increasingly, we see the creation of advisory groups, board committees or cross-functional management teams that might include representatives from internal audit, investigations, risk, compliance and sustainability. When this works well, it can be an excellent way for companies to develop a coherent narrative about their values, aligning them with internal management structures and processes.
Risk and compliance teams tend to be more powerful and well-resourced than sustainability, and so the dominant approach has been to subsume sustainability under one of these teams. But this approach has limitations, as it can mean companies miss the value creation and opportunity identification that sustainability can provide. It also can leave sustainability practitioners fighting for influence and voice, struggling to correct the misperception that sustainability is a reputational "nice-to-have" rather than an existential consideration.
Your organization may wish to follow the example of pharmaceutical company AstraZeneca. The science-led biopharma has decided to merge safety, health and environment, compliance and sustainability into one team called Global Sustainability.
Global Vice President Sustainability Jim Massey explained the decision: "This was driven by our innovative executive team. We are aiming to move from governance of risk to governance of our commitments. Bringing key stewardship functions under one roof of sustainability means we can move beyond defensive risk management and toward increasingly proactive consideration of what it means to be a responsible company."
Integrating sustainability with ERM
From the sustainability perspective, incorporating sustainability into the enterprise risk management (ERM) process can be a critical step in building internal influence and ensuring that sustainability factors are built into senior decision-making. Although many companies have found that their top 10 business risks and top 10 sustainability issues have limited overlap, this is increasingly understood as a limitation in the risk management process overall, rather than a sign that sustainability and risk are fundamentally misaligned. Traditional ERM processes may be too short-term and focused on direct financial risk to incorporate more systemic issues, such as income inequality and climate change, but there is increasing awareness that such issues present existential long-term risks.
This recognition has led risk practitioners to focus more on "black swan" events, scenario planning and strategic foresight, with the goal of building enterprise resilience — tools that sustainability practitioners also would be wise to embrace. The new Task Force on Climate-related Financial Disclosure reporting recommendations explicitly consider "transition risks," including policy developments and reputational risk, and argue that scenario planning is the best way to prepare, given the level of uncertainty. Such approaches naturally bring sustainability front and center and drive alignment between the functions, while also encouraging the overall development of futures thinking across an organization.
Creating a culture of compliance
Broad, intersecting trends are driving convergence between sustainability and compliance across all industries. Regulation is becoming weaker or less consistent in a number of markets, and corporations are increasingly being expected to provide leadership on issues such as climate change, transparency and human rights in the absence of public policy direction.
We are seeing more companies drive ethical standards throughout their supply chains, regardless of regulatory requirements, and many new products and services, notably in technology and pharmaceuticals, are not regulated at all. Hypertransparency is tightening the feedback loop between corporate actions and stakeholder trust, and legal risk is no longer a reliable proxy for reputational risk.
From an ethics and compliance perspective, the drivers to incorporate sustainability are powerful and pressing. While ethics and compliance functions first emerged from the need to anticipate and respond to the concerns of external regulators, their focus has shifted to wider organizational integrity, tone at the top and "cultures of compliance."
Compliance teams are held responsible for norms and values as well as rules, and corporate commitments to social responsibility, human rights, diversity and inclusion are more effective at driving ethical employee behavior than an exclusive focus on avoiding legal penalties. This is an important motivator for cross-functional collaboration.
As one leading company told BSR, "We have become more aware of the correlation between ethics and compliance and business advantage — transparency, open culture and innovation. This influence can be helpful to the sustainability agenda. Compliance functions have realized that if they just focus on the enforcement of rules, they will be limited in what they can achieve."
Companies are experimenting with new approaches to align risk, responsibility and integrity. This creates new opportunities for sustainability practitioners to embrace change management and coalition-building skills to help companies adapt to a more disruptive and uncertain future.