What ESG Means to Your Organization and Which Laws or Regulations Apply

Originally Published June 13, 2022 – Updated July 26, 2023.

Today’s post features quotes from Michael Rasmussen, an internationally recognised pundit on governance, risk management, and compliance (GRC) — with specific expertise on the topics of GRC strategy, process, information, and technology architectures and solutions. With 28+ years of experience, Michael helps organisations improve GRC processes, design and implement GRC architectures, and select solutions that are effective, efficient, and agile. He is a sought-after keynote speaker, author, and advisor and is noted as the “Father of GRC” — being the first to define and model the GRC market in February 2002 while at Forrester Research, Inc.

ESG: Purpose at the heart of Coupa’s global community events in 2023

ESG took the spotlight during this year’s Coupa Inspire events in Las Vegas and London, reflecting the growing interest in ESG programs and initiatives from the Business Spend Management (BSM) community, both in the private and public sectors:

• A call to arms from Magic Johnson (“You can do well and good at the same time”)
• Keynotes from Coupa’s own ESG lead Gina Tesla and VP of Innovation Donna Wilczek
• Michael Rasmussen joining a session on ESG compliance with myself and Quentin Roulier, Senior Solutions Consultant at Coupa
• Multiple breakout sessions and countless conversations around demonstrating proof of good corporate citizenship

From cooperation to compliance: the growth of ESG legislation

Several years ago, those activities were seen as nice-to-haves, often as a market differentiator or a way to drive brand loyalty. Unfortunately, just relying on companies to do the right thing isn’t enough to target certain high risk sectors and address specific looming targets (particularly in the climate and emissions space). With this in mind, regulations setting clear requirements and holding companies accountable is arguably the best driver for change. Countries are already shifting from a voluntary to mandatory approach. Three recent examples:

• The European Union’s Corporate Sustainability Due Diligence Directive (CSDDD), which will shape ESG efforts around the globe (more on the CSDDD below)
• Germany’s all-encompassing Supply Chain Act (“Lieferkettensorgfaltspflichtengesetz” in German, often shortened to LkSG) — particularly significant because it is the first example of a country having one piece of legislation that encompasses a number of risk domains
• The United States’ Uyghur Forced Labor Prevention Act, effective June 2022

The rate of new ESG legislation is rising rapidly:

Even if a company isn’t subject to a mandate today, or this year, the business may well be in a different place three to five years from now — and then it will no longer be at a company’s complete discretion to decide how to measure ESG performance. In certain cases, companies must adhere to regulations that prescribe specific due diligence requirements and reporting obligations on a recurring basis.

We recommend that teams familiarise themselves with upcoming ESG legislation and learn how ESG compliance is essential to not only mitigating risk, but also to improving an organisation’s bottom line. ESG is a key factor for investors and will impact all companies regardless of whether they are subject to a mandate.

“The best approach to ESG is to own it. Clearly determine your objectives.” — Michael Rasmussen, the GRC Pundit

Keep reading to explore:

• What is ESG and how is it measured?
• The Corporate Sustainability Due Diligence Directive (CSDDD)
• The Corporate Sustainability Reporting Directive (CSRD)
• The SEC Climate Disclosures
• The Fighting Against Forced Labour and Child Labour in Supply Chains Act (Bill S-211)
• What's next?
• What can companies do right now?

What is ESG and how is it measured?

In a 2021 report, Forbes neatly summarised ESG policies and initiatives as “illustrating a company's identification and quantification of its risks and opportunities, as well as highlighting the ethics of a company. Such measurable considerations are beneficial both for external partners and investors and company executives in making strategic decisions.”

Broken down a little more:

• Environmental: Assesses how a company performs as a steward of nature 
• Social: Examines a company’s relationship with internal/external stakeholders
• Governance: Assesses a company’s leadership, executive pay, internal controls and shareholder rights

“The best ESG program clearly outlines values.” — Michael Rasmussen, the GRC Pundit

There are a variety of ways to measure a company's approach to ESG, including but not limited to:

• Having a clearly defined set of internal policies explaining the company’s goals and strategy for environmental and social issues
• Documenting and publishing any ESG breaches that may have occurred
• Having a clear mechanism for how a company will deal with any ESG breaches

Let’s look at how some countries and regions around the world are seeking to address national targets for social and environmental issues by introducing legislation that mandates companies to undertake due diligence into both their direct practices and entire supply chains.

The latest ESG updates and regulations

The European Union: Corporate Sustainability Due Diligence Directive (CSDDD)

What is the CSDDD? Still in development, the Directive establishes a corporate due diligence duty. Specifically, it should encourage sustainable and responsible corporate behaviour and embed human rights and environmental considerations in how companies operate and carry out corporate governance. The CSDDD is expected to cover a number of risk domains — much like the German Supply Chain Act — and require companies to manage and mitigate adverse impacts within their value chains and even outside Europe.

The CSDDD has a long history. It was originally due to be introduced in June 2021, but it was indefinitely postponed. As a result, Germany forged ahead in a bid to keep their ESG commitments on track.

Which companies are impacted? The CSDDD is expected to be introduced in a phased approach:

• Group 1: All EU Limited Liability companies with more than 1,000 employees and €300 million worldwide turnover (for non-EU companies: €300 million net turnover generated in the EU) — within three years of the Directive going into effect
• Group 2: All EU limited liability companies with more than 500 employees and €150 million worldwide turnover — within four years of the Directive going into effect
• Group 3: Other EU companies operating in defined high-impact sectors with more than 250 employees and €40 million worldwide — within five years of the Directive going into effect
• Group 4: Non-EU companies active in EU with minimum turnover of Groups 1 and 2

The three core branches of the EU are still negotiating the final content of the CSDDD. Once it is finalised, however, it will shape ESG efforts around the globe. All 27 member states will have two years to integrate the Directive into their own national laws. The European Commission may also go further than the scope of Germany’s Supply Chain Act and consider the sale, distribution, transport, storage, and disposal of products.

The European Union: the Corporate Sustainability Reporting Directive (CSRD)

What is the CSRD? The CSRD went into effect on January 5, 2023. It is an update to existing legislation on the social and environmental information that certain companies must disclose. It is designed to create a culture of transparency as well as reduce the financial burden on companies when they compile their reports. Companies subject to the CSRD must submit their reports in line with European Sustainability Reporting Standards.

Which companies are impacted? The CSRD defines a common reporting framework for sustainability for several kinds of companies:

• Group 1: Large/listed EU Companies which is defined as an EU company that exceeds at least two of these criteria:
  • Balance sheet total: €20 million
  • Net turnover: €40 million
  • Average number of 250 employees
• Group 2: Parents of Large EU groups (EU-incorporated parent companies of large companies meeting the criteria above will need to file consolidated, CSRD-aligned reports for the whole EU group)
• Group 3: Global groups with a significant presence in the EU (companies with a turnover of above €150 million in the EU will also have to comply)

While this is legislation originating in the EU, any global company with EU companies meeting two of the three criteria will need to start reporting data from fiscal year 2025/fiscal year 2028.

The United States: the SEC Climate Disclosures

What are the Securities and Exchange Commission (SEC) Climate Disclosures? Currently in the proposal stage, this rule would accomplish two things:

• Amend and expand the scope of the Securities Act of 1933 and the Securities Exchange Act of 1934
• Make it easier for investors and issuers to understand risks by standardising disclosures

The rule would require certain companies to include specific climate-related disclosures in their registration statements and periodic reports. This would include information on climate-related risks that are most likely to have a material impact on the business, results of operations, or financial condition. Specific climate-related financial statement metrics would also need to be included in those companies’ audited financial statements.

The proposed rules were originally published in March 2021 with a target deadline for the update due in October 2022. They currently address several areas:

• Financial statement footnote disclosures 
• Greenhouse Gas (GHG) emission disclosures
• Qualitative disclosures
• Governance disclosures
• Location, timing, and applicability of the required disclosures 
• Attestation requirements 
• Phase-in period 

The SEC has written more extensively about these areas here.

Which companies are impacted? The proposed rules are primarily aimed at large, publicly-listed companies in the US. If they were to go into effect, companies subject to the rules would be required to disclose information about

• Direct greenhouse gas (GHG) emissions (Scope 1)
• Indirect emissions from purchased electricity or other forms of energy (Scope 2)
• GHG emissions from upstream and downstream activities in its value chain (Scope 3) 

The inclusion of Scope 3 emissions has generated considerable commentary from the business community, particularly on the financial burdens it may pose to smaller businesses. Some examples (source):

• “SEC hasn’t taken into account the substantial compliance costs that will be imposed on suppliers and vendors, many of which are small non-public companies, when public companies demand that they provide information on Scope 3 GHG emissions.” 
• “Small non-public companies will be harmed by facing higher compliance costs as public companies request non-material information on Scope 3 GHG emissions, or risk the loss of business if they fail to provide such information.”

Canada: Fighting Against Forced Labour and Child Labour in Supply Chains Act (Bill S-211)

What is Bill S-211? Effective January 1, 2024, companies impacted by the Act are required to submit a report that documents the steps that company has taken to prevent and reduce the risk that forced or child labour was used at any time during the production of goods that the company produced or imported into Canada. Companies to which the Act applies must submit their first report by May 21, 2024.

Which companies are impacted? Bill S-211 applies to companies which:

• Produce, sell, or distribute goods in Canada or elsewhere
• Import goods into Canada that are produced outside the country
• Control a company that does either of the above 

What’s next?

The international push for legislation is ongoing, and it will address a broad range of risk domains and the entire supply and value chain, particularly in Europe.

A look at ESG trends over time shows that while countries are aligned to some extent on an end goal, they all have different strategies as to how they will work to achieve it. This patchwork of regulations will prompt companies to understand their supply chains at an even more granular level — and to start drafting a streamlined, manageable approach to comply with multiple regulations. Leaders should also keep in mind that any enacted legislation can be subject to change.

“It's both a challenging and exciting time in the ESG space. Which direction will our world take ‒ one where we face environmental and social disasters, or one where we have a socially responsible and green future? The time is now to address these issues.” — Michael Rasmussen, the GRC Pundit

The ESG legislation topic is constantly evolving and companies should do the work to stay ahead of changes that may impact their business processes, reporting, and public perception. Coupa’s Global Product Compliance team monitors regulations impacting the Coupa BSM community in real time to help customers meet their compliance requirements.

What can companies do right now?

More and more companies are realising they need to do the work to stay ahead of changes that may impact their business processes, reporting, and public perception. Coupa customers rely on our Global Product Compliance team to help monitor regulations impacting the business spend management community in real time. But monitoring is just the first step.

Organisations can save money and accelerate corporate responsibility through better compliance on one unified business spend management platform. It enables a company to use every single dollar spent to reduce environmental impact, increase supplier sustainability, implement supplier governance, and push for positive change. 

• Discover how smarter inventory management reduces footprints.
• See how improved supplier governance reduces risk.
• Take steps to mitigate risk in the supply chain.
• Learn more about emerging supply chain regulations.
• Make a positive impact within diverse supplier communities.