Rahman Ravelli
Rahman Ravelli Solicitors Logo
Rapid Response Team: 0800 559 3500
Switchboard: +44 (0)203 947 1539

About Us Expertise PEOPLE International Legal Articles News Events Contact Us toggle button for phone toggle button for search
Rapid Response Team: 0800 559 3500
Switchboard: +44 (0)203 947 1539
Rapid Response Team: 0800 559 3500
Switchboard: +44 (0)203 947 1539

A Brief Guide To ESG (Environmental, Social and Governance)

Author: Azizur Rahman  31 May 2024
14 min read

Our brief guide to ESG is a basic introduction to the subject, what it is, and who it applies to. We also outline some of the risks to organisations and individuals when navigating this broad and complex new area of business.

What’s the meaning of ESG, and who does it affect?

ESG stands for Environmental, Social and Governance.

While it is an area that is being viewed as increasingly important in both business and legal circles, there is no exact, universally-agreed definition of what it is.

It has come to mean the use of environmental, social and governance factors to assess the sustainability of companies and countries. These three factors are seen as the major challenges facing corporations and wider society, as they include hugely important issues such as climate change, human rights and the legal and ethical standards of companies. 

ESG started off as a financial reporting requirement, with the first ESG probes relating to potential greenwashing allegations in the financial sector. However, it is now at the heart of investment trends and practices, with ESG factors regularly being applied when analysing a company’s conduct, products and services.

It is because of this that ESG is of great significance to all companies – particularly those dependent on investment – as well as their staff and existing or potential investors. It is also a major factor for companies because of the legislation that an increasing number of countries are looking to introduce to promote and enforce ESG values.

While there is no comprehensive list of ESG factors, they could be summarised as follows:

  • Environmental: pollution, greenhouse gas emissions, waste generation, energy efficiency and impact on the area involved, particularly regarding biodiversity. 
  • Social: workplace approaches to diversity, labour standards at a company’s premises and along its supply chains, workplace health and safety, sourcing of materials from conflict areas, human trafficking and use of child and/or forced labour.
  • Governance: a company’s quality of management, boardroom diversity, gender equality, efforts to identify and prevent corruption, approach to meeting accounting and risk management standards, and treatment of staff and shareholders.

Some of these factors will be more relevant to a company than others, depending on the nature and geographical location of their business activities. 

Why is ESG important in business? 

ESG is important in business as it can be viewed as shining a light on all aspects of a company’s activities. This is the case wherever a company is trading and whatever the sector of business it is active in.

Companies need to be paying close attention to ESG as it is becoming the focus of increasing amounts of legal activity. Litigation relating to ESG considerations is increasing throughout the globe. At the same time, legislation is being passed in an attempt to hold companies to particular ESG standards. As a result, non-governmental organisations (NGOs) and other bodies are looking to the law to bring action against companies that they view as falling short of their ESG obligations.

To take one example, in 2017, France introduced a mandatory duty of vigilance (devoir de vigilance) for companies and groups located in France above a certain size. It requires each company to implement a plan (that must be publicly available on its website) aimed at identifying risks associated with its activity. This plan has to include actions relating to health and safety, the environment, and preventing human rights violations. It must also include the company’s approach to risk mapping (the illustrating of risks facing a company), assessment of subsidiaries and third parties, due vigilance measures, mechanisms for collecting reports and ways of monitoring the effectiveness of measures taken. Since the introduction of the duty of vigilance, a number of NGOs have brought cases before the French courts. Major companies such as Total, EDF and Suez have been targeted for their activities in Uganda, Mexico or Chile, respectively.  

More and more countries are implementing sanctions regimes that can be applied worldwide to combat gross human rights violations. In the US, the Magnitsky Act was adopted in 2012 and extended in 2016 to target any perpetrator of human rights violations. Other countries that have adopted similar sanctions regimes include Canada, Estonia, Latvia, Lithuania and Australia. In July 2020, the UK adopted the Global Human Rights Sanctions Regulation, while that year also saw the European Union (EU) adopt a global sanctions regime against human rights violations and abuses committed worldwide.

Corporates have to take ESG seriously as the legal and regulatory framework that is developing places obligations on them relating to all aspects of their activities. In 2021, Germany adopted the Supply Chain Act, which started coming into force in 2023. This made it compulsory for companies with a German connection to comply with human rights and environmental standards, including the UN Guiding Principles on Business and Human Rights and the Organisation for Economic Cooperation and Development (OECD) Guidelines for Multinational Enterprises. February 2022 saw the EU Commission issue its long-awaited proposal for an EU directive on corporate sustainability due diligence to harmonise such requirements across its member states. 

Such actions are symptoms of the global move towards ESG legislation. But the link between investment in a company, ESG and legal action can also be significant. Investment in a company or purchases of its products that were prompted by it appearing to meet certain ESG criteria can lead to legal action if investors or purchasers then come to believe they have been misled. Prosecutions relating to inaccurate ESG claims being made can be brought under existing legislation relating to issues such as consumer protection and the protection of investors from misleading statements. As an example, the 2003 case of Nike v Kasky saw activist lawyer Marc Kasky sue the sportswear firm under California’s False Advertising Law and Unfair Competition Law, alleging it published false and misleading statements when it faced allegations of unfair labour practices and unsafe working conditions. The cases mentioned and the legislation outlined give an indication of the importance of ESG.

What’s the difference between ESG and CSR?

ESG should not be mistaken for Corporate Social Responsibility (CSR).

  • ESG relates to standards that investors – and increasingly the authorities – are looking to hold businesses to.
  • CSR is a business model practised by companies that are aware of the potential impact their activities can have on society; including the environment, the economy and individuals. Such companies look to ensure that they are accountable to their staff, those who invest in them and the wider public.

Companies that take a CSR approach are more likely to be meeting their ESG responsibilities than those that do not. ESG acts as the criteria upon which a company is judged whereas CSR is the means by which a company ensures it is acting in a legal, ethical and responsible way.

What are the ESG risks facing businesses? 

The wide-ranging nature of ESG means that businesses can face a sizeable task to ensure they are meeting the standards expected of them by investors and / or the authorities. 

This requires a carefully-prepared due diligence process. Such a process involves a company examining its operations and identifying, collecting and recording the relevant facts and statistics to assess what needs to be done to meet its ESG obligations.

The importance of due diligence in relation to ESG cannot be over-emphasised, as companies are required to comply with requirements that span all aspects of their activities. 

The results produced by due diligence can be of great value in helping companies:

  • identify the risks they face of falling short on ESG matters.
  • put in place policies and procedures to remove those risks.

Such risk management is key if companies are to meet - and continue to meet - the ESG standards expected of them.

The environmental aspects of ESG mean that companies have to ensure they are doing all they can to:

  • reduce pollution.
  • cut greenhouse gas emissions.
  • keep waste generation to the lowest level possible.
  • maximise energy efficiency.
  • minimise their impact on the areas where they are active.

This makes it imperative that companies are not only fully aware of their environmental impact – they also have to build measures into current and future strategies to make sure they are functioning in a way that is expected of them.

The social obligations that companies have to meet relate to:

  • workplace diversity.
  • labour standards at all their places of operation and in all their supply chains.
  • health and safety.
  • sourcing of materials from conflict areas.
  • use of child and/or forced labour.

Many businesses have developed in a way that has ensured they already meet such obligations. But there will be many that need to assess what changes need to be made to their working practices and structures to bring them to that position.

ESG’s requirements regarding governance cover a company’s:

  • quality of management.
  • boardroom diversity.
  • gender equality.
  • efforts to identify and prevent corruption.
  • approach to meeting accounting and risk management standards.
  • treatment of staff and shareholders.

As with the social obligations, there will be many companies who have made such issues key factors. Their employment practices and the way they conduct business may not require any significant changes to be ESG-compliant. Others, however, may need to devise new policies and practices to prevent them facing future ESG-related difficulties. 

How are ESG risks scored or reported?

While there are currently no universal standards when it comes to ESG reporting, developing an ESG reporting framework can help a company devise guidelines to help it implement sustainable, ethical business practices.

And although there are no universally-recognised ESG reporting standards, there are some well-known ones.

These include:

  • The European Financial Reporting Advisory Group (EFRAG). Working alongside the European Commission, it has a set of general standards and requirements for European businesses relating to matters such as the environment (such as biodiversity and ecosystems), society (such as consumers), and governance (such as business conduct). 
  • The Sustainability Accounting Standards Board (SASB). This uses feedback from companies and investors and helps organisations identify sustainability issues most relevant to their business sector.
  • United Nations Global Compact (UNGC), which enables organisations to align themselves with the United Nations’ Sustainable Development Goals that have been approved and adopted by all UN member states.
  • The Global Reporting Initiative (GRI), which has devised a set of standards to help organisations prepare an effective ESG report that best suits their industry and goals.
  • Task Force on Climate-Related Financial Disclosures (TCFD). This was created by the International Financial Stability Board to help companies disclose the right information for investors to be able to price and assess risks related to sustainability. 
  • The International Integrated Reporting Council (IIRC) framework was developed to promote integration across all kinds of ESG reporting.
  • The Climate Disclosure Standards Board (CDSB) framework focuses on the “E” in ESG and aims to standardise information connected to climate change.
  • IFRS Sustainability Disclosure Standards. The IFRS standards build on the existing SASB standards and also supersede the CDSB framework, following the consolidation of the organisations responsible for those two frameworks into the IFRS Foundation in 2022. The goal is to create a unified set of disclosure standards that can be used globally to report ESG data to investors. The ISSB (an independent standard-setting body within the IFRS) is working on two sets of requirements: one for general disclosures of sustainability-related financial information and the other for disclosing specific information about climate-related risks and opportunities. The organisation issued the first version of both standards in June 2023.

When it comes to reporting, an organisation can choose its framework based on factors such as the audience the report will be aimed at, the ESG goals it hopes to achieve and the ways of measuring these, and the best methods of communicating the findings. 

Why Is ESG reporting important?

Although ESG reporting is a voluntary activity in most countries, mandatory rules are on the rise. Some organisations have called for rules to standardise how companies report climate-related risks, while some companies already provide ESG-related data about their activities as part of their annual reports.

ESG reporting can be of value in boosting:

  • Transparency: Such reporting allows investors and other interested parties to see a company’s ESG goals and how they are seeking to achieve them.
  • Accountability: Reporting enables senior figures in a company to be held to account for their actions, ensuring that their actions match their words when it comes to ESG matters.
  • Confidence: Publishing ESG reports can give a company’s customers more confidence in their belief that they are supporting the right brand – a brand that is treating the environment, society and those it comes into contact with properly. 

Tackling ESG risks – the benefits of a strategic approach. How can ESG risks be managed or minimised?  

A company can only minimise the ESG risks it faces if it:

  • Knows what those risks are, and,
  • Knows how to manage them.

The ESG situation facing one company may differ hugely from that facing another, even if the two companies are working in the same business sector or geographical area.

But each company has to:

  • Be able to assess the ESG risks it encounters now or may encounter in the future.
  • Make sure it is fully aware of any current ESG regulations and reporting obligations that apply to it. 
  • Do everything possible to ensure it becomes aware of any new ESG-related obligations that may be introduced.
  • Evaluate the risks posed by those outside of its own organisation that it has relationships with, such as suppliers or agents.
  • Develop a strategy for compiling and reporting all the relevant information.
  • Act on any available information to ensure that risks are addressed as soon as they are identified.

With the moves being made around the world to tackle ESG issues through the law, businesses should be proactive in seeking out the risks and the ways of removing them from their activities. It is up to them to take responsibility for their actions - and those of the third parties they use in their activities - and put right any wrongs. Failing to do this can lead to a business facing serious problems: actions brought by regulators, criminal prosecution or legal actions brought on behalf of those who suffered as a result of those ESG failings.

Practical recommendations for tackling ESG risks

As has been said above, a company’s failure to address the ESG risks it encounters can lead to it facing legal action – which can be damaging to its finances, reputation or ability to keep trading.

Companies have to do more than go through the motions regarding ESG. It cannot be treated as an irritating box-ticking exercise. The challenge involves taking the time and effort to assess the exposure to ESG issues and then changing any activities once the assessment is complete in order to ensure all legal obligations are being met.

This will mean introducing procedures that ensure that staff and any third parties are aware of those legal obligations. More specifically, it will mean ensuring that all relevant environmental and human rights-related issues are managed appropriately as part of standard business practice. When operating globally, businesses must adopt a consistent approach to ESG in all the places it is active. This has to mean adopting the highest standards of regulation and guidance across all of its activities rather than just in those jurisdictions where such standards are expected. By doing this, there is no risk of a company’s operations in one country “letting the side down’’.  

Who should oversee the tackling of ESG risks?

It is worth emphasising that while someone within a company (a compliance officer, for example) can be given the task of overseeing ESG-related matters, a company-wide approach is required.

To take one area of activity as an example, the ESG risks in a company’s supply chain can be an issue for those who work in procurement (the obtaining of goods or services for the company) as well as for the compliance officer and/or the legal department.

What is the role of senior management?

It could be argued that those at the very top of the company need to recognise the need for it to meet all its ESG obligations. Company directors do, after all, have responsibilities under the UK Corporate Governance Code.

It is also the case that senior management can and should play a major role in determining a company’s approach to ESG. But assessing the risks and devising ways of ensuring those risks are removed – or at least minimised – will involve staff at all levels within the company. It is important that all those with responsibility for ESG work together. 

What strategies can be used to tackle ESG risks?

ESG risks are not something that should only be dealt with any time that a problem arises. The potential legal, financial and reputational problems that they can create make it necessary for companies to devise strategies to address all existing or potential ESG risks. Only by taking such a carefully thought-out, strategic approach can a company expect to be legally compliant and able to avoid future ESG-related difficulties.

Strategy is crucial to meeting the challenges posed by ESG. It can take various forms, depending on the exact nature of the company’s work, where it conducts it and its trading partners and third parties.

But any ESG strategy for a business should involve:

  • Knowing the ESG risks:
    • An understanding of the ESG risks facing a business needs to be made. This involves conducting a risk assessment in relation to the business’ work, including its staff and other representatives, third parties, trading partners and service suppliers. Such assessment needs to examine potential internal risks of ESG-related fraud (such as pressure on staff to hit certain targets) and external ones (such as potential suppliers overstating their ESG credentials to secure a contract). 
    • Companies can always seek expert advice if they are unsure how to conduct a risk assessment. The World Economic Forum has produced a set of metrics for identifying potential areas of risk. The Task Force on Climate-Related Financial Disclosures (TCFD) has developed a framework to help companies disclose their climate-related risks.
  • Update existing processes and procedures to cover ESG concerns:
    • Once your risks have been identified, there needs to be a review of your processes, procedures, policies and controls, with a view to seeing how they might be extended to cover ESG-related risks. 
  • Knowing the regulatory developments concerning due diligence in the supply chain:
    • Companies have to be aware of any ESG regulatory developments that may affect them and those with whom they do business. This means a company’s compliance officer must make sure they are up to speed with all such developments and how they affect the company, trading partners, and all third parties.
  • Disclosures:
    • ESG disclosure is a form of public reporting by an organisation's management team about its performance in relation to ESG issues.

When it comes to ESG reporting requirements, companies run two main risks. The first is that they provide inaccurate or misleading data (either intentionally or unintentionally), which could lead to fines being imposed and reputational damage. The second is that if a company sets new (and possibly unrealistic) key performance indicators (KPIs) the risk of fraud may be increased as employees look to bend the rules and gain rewards for meeting what are unreasonable targets.

When it comes to these risks, it is vitally important that companies have policies in place to ensure that the disclosures they make can stand up to scrutiny. All disclosures have to be both defensible and auditable.

Where on the supply chain are the worst ESG risks? 

Companies’ supply chains will differ due to a variety of factors. Where a company does its business, the nature of that business and the third parties it uses for it can all affect how big an ESG risk it faces. And the size of that risk will play a large part in how likely a company is to face fines or prosecution.

Regardless of the exact location and type of work a company does, the main risks can be summarised as follows:

  • Environmental
    • Climate change and emissions: While some sectors of industry are more carbon-intensive than others, all companies (and the financial institutions backing them) need to assess their activities to ensure they are meeting environmental obligations.
    • Natural resources and biodiversity: Companies – particularly those in resource-intensive industries like manufacturing - have to make sure that they are doing all they can to prevent them from being open to accusations of activities such as illegal deforestation, raw material depletion and overuse of water. 
    • Waste and pollution: The reuse and recycling of materials and the disposal of waste have to be viewed as issues that can damage local communities as well as the environment
  • Social
    • Human rights: This is a very wide class of risks relating to the rights outlined in the United Nations’ Universal Declaration of Human Rights. These rights include the right to life and liberty, health and safety, and the right to work.
    • Labour standards: For many years, the risks around working conditions and pay have been issues in those business sectors that require large workforces. Aside from ensuring no involvement in the obviously illegal and highly immoral use of forced labour or child labour, companies have to do everything possible to ensure those working for them are receiving fair pay and proper treatment.
    • Community impact: The effect that a company’s operations can have on the local community has to be treated as a priority and managed accordingly. This is an area that overlaps with human rights (such as respect for indigenous people) and the environment (in terms of damage that may be done to a community’s habitat).
  • Governance
    • Corruption: Supply chains can involve many parties and cover large distances – meaning that it can be difficult for a company to keep a close watch on the activities of its partners in such a chain. Any corruption at any stage of the supply chain could result in a company facing both legal action and serious reputational damage.
    • Internal controls: Any company that is serious about being legally compliant and ensuring its reporting is transparent and accurate must have in place an audit and control process that is fit for purpose. If this process if not good enough, the company is not doing all it can to manage its ESG risks.
    • Diversity and discrimination: Companies are expected by investors and customers to be able to show that they promote diversity and inclusion within their staff. Any indication of discriminatory practices relating to those working for or with the company can have major legal and reputational consequences.
Azizur Rahman C 09369

Azizur Rahman

Senior Partner

+44 (0)203 911 9339 vCard

Download Profile PDF

View Profile

Aziz Rahman is Senior Partner at Rahman Ravelli and its founder. His ability to coordinate national, international and multi-agency defences has led to success in some of the most significant corporate crime cases of this century and top rankings in international legal guides. He is recognised worldwide as one of the most capable legal experts regarding top-level, high-value commercial and financial disputes.

Share this page on