Published

It's Time To Address Climate Change Risks: Regulations to Come

Corporations have reached a tipping point on climate change. They understand that requirements are coming for new disclosures about climate change risk, and fighting such regulation is a fruitless effort. 

So the challenge now is how to develop a sensible, sustainable approach to expanded disclosure of climate change issues.  

Precisely what should that approach be? How can corporate compliance officers plan now for whatever new climate change disclosures are likely to come? We can glean a few clues from comments that businesses have already submitted to the Securities and Exchange Commission.

The backstory: The SEC is developing proposed rules for new disclosures around climate change. We don’t know when those proposed rules will arrive or exactly what they’ll require, but SEC chairman Gary Gensler has said that climate change is one of his top priorities and called for public comment on the subject. Plenty of interested parties, including numerous businesses, have done so. Let’s look at the themes within that feedback. 

The Demand for Action Is Real

The most salient point about climate change right now is that people want businesses to act on the issue. Large investment funds such as BlackRock want companies to address climate change. Employees (particularly Millennials and Generation Z, who make up a majority of the workforce) want companies to address climate change. Consumers want companies to address climate change.

One could even say that the SEC’s new attention to climate change is a lagging indicator here; all of a company’s other major stakeholder groups are already clamoring for action. This means at least some of a company’s value and its strategic position is already tied to how it handles climate change risks. And that, in turn, means corporate boards already have a duty to think about and oversee climate change risks that affect their business — a point raised by SEC commissioner Allison Herren Lee in a speech just the other week. 

Corporate compliance and risk executives could, and perhaps should, approach their boards and say, “The business case for addressing climate change is already here. We need to identify the risks we face, figure out ways to reduce our role in climate change and communicate to our stakeholders – which the SEC will soon make mandatory.”

Robust, Versatile Frameworks Are Crucial

The mechanics of “climate change compliance” are straightforward. The SEC will adopt specific disclosure requirements. Companies will need to perform a gap analysis to understand where their current operations do or do not meet those disclosure requirements and then implement remediation steps to close those gaps. 

That means companies will need to use frameworks to guide those efforts. 

Luckily, there are a number of frameworks to utilize. The Sustainability Accounting Standards Board (recently renamed the Value Reporting Foundation, after a merger with the International Integrated Reporting Council) has industry-specific frameworks for climate change and other ESG issues, as well as a materiality map to help companies understand what disclosures make the most sense given their industry. The Global Reporting Initiative is another source, as well as the Task Force on Climate-Related Disclosures, for financial firms.


Read: ESG Reporting: Where to Start


The SEC might mandate a specific framework for climate change and ESG disclosures or recommend several frameworks while leaving the final choice to individual companies. 

Regardless, the chores of compliance — performing risk assessments and gap analyses, adopting policies and procedures, chasing down remediation steps to assure that they happen promptly — will be the same. And to succeed, you’ll need frameworks to guide your journey. 

One Part Internal, One Part Supply Chain

Be aware of where you focus: one eye on internal operations and one eye on your supply chain.

For example, stakeholders might pressure your business to disclose its “Scope 3 emissions.” The Environmental Protection Agency defines those as greenhouse gas emissions caused by “assets not owned or controlled by the reporting organization” — such as your suppliers, shipping services, or product recycling services. (A majority of shareholders at ConocoPhillips approved a resolution calling for reductions in that company’s Scope 3 emissions just this spring.) Extracting such information from your suppliers will involve contract clauses, attestations, due diligence, and perhaps even audits. 

Internally, you’ll also need to consult with operating units in the First Line of Defense to understand how their activities contribute to climate change, what mitigation measures you can put in place, and what data you can gather for reporting purposes. You might also need to collaborate with the procurement function or internal audit to understand what compliance and operational risks you have and how to reduce them.

Should Compliance Own This? 

All of that brings us to perhaps the most important question: Is compliance the right one to take point on climate change — and for that matter, on ESG issues entirely? 

The mechanics of addressing climate change are quite similar to what compliance officers have already done for anti-corruption, antitrust, and other related issues. You take a set of regulatory requirements; study how the company could best comply with those goals; and then implement policies, procedures, and other measures to bend corporate conduct toward those goals. 

Compliance officers steer behavior, often balancing between specific regulatory obligations and a broader – but just as important—imperative to “do the right thing.” As we mentioned earlier, climate change is now at that point. 

Of course, you can’t succeed without sufficient resources and executive support — but that’s always been true of ethics and compliance duties, FCPA or otherwise. Assuming that your business has the appetite to confront climate change issues and the disclosure obligations that now seem inevitable, savvy ethics and compliance professionals might be able to seize the moment here.

Take Control of Managing ESG Frameworks


Chat with a solutions expert to learn how you can take your compliance program to the next level of maturity.


Watch Out for Hoax Reports to Your Hotline
ESG Ownership: Compliance, Convergence and Opportunity

The State of Risk Alignment - Alliances Grow Between IT Security and IRM

NAVEX Global’s recent survey of IT security professionals found that alliances are growing between IT security and IRM. Organizations are moving away from a siloed approach, and adopting an integrated risk management (IRM) strategy. 

Previous/Next Article Chevron Icon of a previous/next arrow. Previous Post

Enhanced Due Diligence and ESG: Why Your Due Diligence Program Should Broaden Its Horizons

As the risk and compliance landscape continues to evolve, exposure to risks from sustainability, human rights, and social responsibility issues grows. Learn why due diligence programs should broaden their horizons and include ESG.

Next Post Previous/Next Article Chevron Icon of a previous/next arrow.