Climate Risk Disclosures and Your Supply Chain

The Global Policy Institute in August 2022 estimated that annual investment in “green” technology could hit as high as $5 trillion by 2025. This is a big deal. It wouldn’t be just the largest reallocation of capital in history, but also possibly a major boost for the economy—not to mention the impact such investment would have on reversing or mitigating the human impact on the environment and climate. The year 2025 isn’t far away, and the push for green solutions that began decades ago is still accelerating.

There are two main reasons for this. First is the ever-expanding list of studies that point to a dire climate situation, one that will arrive sooner than expected if we don’t take action. A 2022 report from the Intergovernmental Panel on Climate Change found that limiting global warming to just 1.5°C (2.7°F) would require greenhouse gas emissions worldwide to be slashed by 43% by 2030, alongside a one-third reduction in methane. That temperature limit is reportedly the tipping point after which there’s a much greater likelihood of worsening floods, droughts, wildfires, and even collapses of entire ecosystems.

The second reason—and the one that gets far less attention than the headlines and chyrons announcing impending climate disasters and increasingly frequent extreme weather events—is the recent increase in worldwide regulations not just around emissions and energy usage, but around the reporting of companies’ efforts toward sustainability.

REGULATING ESG REPORTING

While there are many global regulations and policies aimed at directly reducing emissions, such as the European Union (EU) climate laws that set the goal of cutting emissions by 55% by 2030, regulations addressing environmental, social, and governance (ESG) reporting have only recently entered mainstream conversation. These regulations generally set parameters around what businesses need to disclose, and when, about their ESG efforts.

The biggest step in this direction thus far has been the EU’s Corporate Sustainability Reporting Directive (CSRD), which went into effect in January 2023. The CSRD set the standards that EU companies need to follow when it comes to reporting their environmental and climate impact, and it also applies to any company that has a significant presence in the EU, “including U.S.-based companies with as little as one subsidiary or branch in the European Union.” The CSRD is likely a watershed moment for ESG regulations worldwide as other countries, regions, and even individual states ready their own regulations.

In anticipation of other disclosure laws being passed around the world, the International Sustainability Standards Board was formed in November 2021 with the intention to “deliver a comprehensive global baseline of sustainability-related disclosure standards.” Not long after, in 2022 the U.S. Securities & Exchange Commission (SEC) suggested its own set of climate disclosure rules for the United States, which would impact many companies based in the country or doing business within it, similar to the CSRD overseas.

Yet the SEC proposal hasn’t been finalized or approved. Later in the year, the U.S. Supreme Court’s ruling that the U.S. Environmental Protection Agency only has certain powers when it comes to curbing emissions cast a shadow over the SEC’s plans. Additionally, despite widespread positive sentiment among U.S. citizens for taking action to prevent climate change, ideas differ on how to achieve carbon neutrality—and in some cases ESG regulations have come under fire as a result. ESG detractors and proponents of “anti-ESG” measures try to paint such regulations as purely political affairs, and one of the most ambitious state-level proposals, the Climate Corporate Accountability Act in California, failed to pass the second round of voting needed to become law.

It might take some time to sort out the finer details of how these laws will be shaped in the U.S., but the likelihood is high that some form of ESG reporting regulations will be put into place sooner rather than later. U.S. businesses will need to begin collecting, analyzing, and reporting their emissions and sustainability data before long and probably need to start doing so immediately if they’re planning on doing more business in the EU or other regions that are gearing up to adopt their own such regulations.

Now is the time for businesses to begin preparing for regulatory changes. Especially since the processes needed to collect and report ESG data require coordination with multiple departments and even other companies like partners and suppliers, it will be a complex task to get them up and running—it’s best not to wait until the last minute to do so.

SCOPE(s) OF REGULATIONS

ESG regulations, such as the CSRD and the SEC’s proposed rules, usually require what’s known as “double materiality,” i.e., the impacts a company’s activities will have on the climate, ecology, society, and so on, as well as the risks the company faces from a changing climate.

Since one of the most prominent factors in a company’s own impact on climate and beyond is its greenhouse gas emissions output, much of this reporting will focus on quantifying and clarifying those numbers (see Kenton Swift, “Accounting for Greenhouse Gas Emissions,” Management Accounting Quarterly, Winter 2019). Emissions are broken down into three categories, called “scopes,” and all three need to be measured and accounted for when reporting:

• Scope 1: direct emissions, such as those occurring when a company’s vehicle runs or large equipment operates.
• Scope 2: indirect emissions created as a result of purchasing energy (i.e., emissions created by the energy producer).
• Scope 3: all other indirect emissions not covered in Scope 2; the vast majority of this scope can be traced back to a company’s value chain. (See “Scope 3 Categories” for examples of the various types of Scope 3 emissions.)

Scopes 1 and 2 are much easier to measure and track because there’s a high level of control and/or visibility into the sources of those emissions. Scope 3 is the one poised to create the most headaches. The activities of all suppliers done on behalf of a company would need to be disclosed under a company’s Scope 3 emissions. While businesses up to now have been self-reporting (if they’re reporting at all) their Scope 3 emissions, any new regulations will include specific standards and requirements for disclosure that many organizations simply aren’t currently equipped to meet.

The other reason Scope 3 emissions reporting looms so large is that in addition to being the hardest to track and report on, it’s also the largest category of emissions—by a large margin. As much as two-thirds of a company’s ESG footprint can be tied to its supply chain.

REPORTING ON SCOPE 3 EMISSIONS

The most pressing task then is for companies today to prepare to collect, analyze, and report on emissions tomorrow. Since Scopes 1 and 2 are already close to a company and thus easier to measure (though to be clear, that isn’t to say you can ignore them), we’ll focus on Scope 3. Following are some recommendations for preparing your supply chain for ESG disclosure regulations.

As with many key business activities, properly getting things done requires cross-departmental collaboration. Procurement teams will be handling much of the supplier-side interfacing, technology teams will need to put in place the needed solutions, risk management departments will need to assess and guide activity, and finance professionals will be in charge of transitioning reporting of the data.

1. ASSESS SUPPLIER RISK

The first step in addressing ESG-related supplier risks is to get a handle on your current suppliers’ ESG programs and emissions. (It’s helpful to think of this as another risk category, as the potential for your suppliers’ activities to bring fines to your company is something that must be prepared for like any other risk.) That means data collection. Bring your suppliers onto a platform that can collect all relevant emissions data from each and then display that data to you in an actionable way. In many cases, that means setting a threshold for reporting and then having suppliers who aren’t meeting these ESG requirements marked for further action.

From there, businesses have the choice of working with those suppliers to address the areas in which they’re falling short; replacing that supplier with a new, more ESG-friendly supplier (many of the same third-party management platforms used to collect this data from current suppliers can also assess such risk in potential suppliers or even help locate new options); or simply plan on paying fines for suppliers not meeting regulations. For most companies, that last option simply won’t be on the table. Why pay fines when you could address the problem that they’re put in place to solve—and likely do so at a cost lower than the fine itself? 

It’s also impossible to overstate the importance of being proactive in putting this and the following steps in place. ESG regulations and sustainability monitoring organizations seek continuous impact, not one-off or low-impact programs that serve as bandages over the omission of a robust and effective ESG program. Getting these tracking and reporting processes going—and involving the suppliers—can be a complex and relatively time-consuming process. The longer you wait to put these items in place, the more likely you’ll be to come up short of some of the reporting requirements when they’re due.

2. PRIORITIZE AND BUILD IN FLEXIBILITY

As already mentioned, any new ESG regulations are just another category of risk, and whatever risk management processes you use in other areas should be utilized here as well. Just like in other risk categories, prioritization is important. Make a plan for assessing each and every supplier under contract, then start with the ones most critical to your day-to-day operations and work your way down the list. With each supplier, bring them onto whatever data management platform you’ll be using, then work with them closely to assess their emissions and ESG risks. It might turn out that they need help collecting or finding a way to share that data, but it could also reveal that they’re simply unable (or unwilling) to reduce these risks or provide the information you need.

This is a case for flexibility and redundancy in suppliers, making it easier to shift a small percentage of supply from a risky company to a less risky one—or even to switch over entirely. In some cases, you should renegotiate contracts when the time comes to ensure that ESG regulations and data collection are being handled properly on both ends.

Again, being proactive here is particularly helpful. Preparing today for the possibility of changing suppliers down the road—keeping a short list of options and flagging companies that might need to be replaced in the coming months or years—will serve to lessen the impact on core everyday activities that changing a supplier will have.

3. ENABLE DATA VISIBILITY

Gaining that visibility into the commitments and risks associated with your suppliers is crucial. You need to know their emissions output and sustainability efforts in order to take the correct course of action and gather what you need for reporting.

But that’s sometimes easier said than done. A Deloitte survey found that fewer than 75% of organizations feel like they have good visibility into their most critical suppliers (and much less for other suppliers; only 15% said they have good visibility into second- or third-tier suppliers).

One of the keys to enabling transparency and visibility in important ESG data collection is to make it as simple as possible for suppliers to self-report that information. On their own, suppliers don’t have an overwhelming amount of incentive to provide that information. If doing so is difficult to achieve or not strictly required, the chances that you never get a hold of that information increases and so too does the possibility of regulatory fines for missing ESG information.

Building those requirements for reporting into systems and contracts from the point of onboarding in third-party workflow tools is the most effective way to get suppliers used to the act of providing that information as part of their normal business activities. This goes a long way to cutting off ESG risks before they can even make it to your company when bringing on new suppliers.

What about current suppliers who aren’t already reporting this data? Here too is where you can lean on those supplier management solutions to bridge that gap, as many allow for workflows and features that guide suppliers through the process of reporting the needed info—and no more than what’s needed—quickly and easily.

4. REVIEW COUNTRY-SPECIFIC REGULATIONS AND PROPOSALS

No matter where you do business, your company is beholden to the laws and regulations of the countries in which your suppliers and, in some cases, your customers reside. Sometimes, like with the EU’s CSRD, those rules are already laid out (or already in effect). In many others, proposals are in various stages of readiness. And the number of these proposals and laws is only going to steadily increase in the coming years.

It’s up to your company to track the applicable regulations anywhere you’re currently doing or plan to do business. There’s bound to be plenty of overlap in what’s required in different regions, but there could also be specific regulations or corner cases that are unique to one country. For example, the German Supply Chain Due Diligence Act went into effect on January 1, 2023; any companies that fit its criteria probably also need to stay within the regulations set by the CSRD.

Specific industries too could have different regulations: The Sustainability Accounting Standards Board (SASB) identifies different standards guidance for 77 unique industries within the 11 sectors in Table 2. These industry-specific standards will likely also change from country to country, which means that there’s more for companies to track in any region in which they conduct business.

The unique geographic and industry details of your suppliers might also require you to assess their risk with regard to geopolitical tensions, which can fluctuate over time and from region to region. Some countries that have been reliably low-risk for decades are finding themselves in unstable situations, with war and social upheaval hitting various places around the globe. Just last year, seismic geopolitical events in Sri Lanka, Peru, and even usually stable Japan made many redo the calculus on suppliers in these areas.

The same holds true for the increased rate of extreme weather events being caused by global climate change (the kind of increase that ESG regulations in part are aimed to help slow down). If your suppliers are in countries experiencing geopolitical or weather-related uncertainty, or even just bordering countries that are, those risks should be assessed as well.

5. PREPARE YOUR DISCLOSURES PROPERLY

As with any regulation, the devil is in the details—you can’t just glance at the highlights of an ESG law and expect to be compliant based on that. You need to know every applicable regulation inside and out; it’s the fine details that sometimes trip up businesses and open them up to fines and penalties.

Review any disclosure documentation that already exists within your third-party risk management system and identify what’s missing and what needs to be addressed. Build a disclosure plan that outlines a clear path from where you are currently and what needs to be done or acquired in order to ensure compliance.

Prepare the disclosure documents in the specific format requested by the regulation—some may require how the information is presented or that specific items must be included. This likely includes financial statements and their accompanying notes, board meeting notes, and so on.

It’s important to be as accurate as possible in these disclosures. Be sure to review the documentation with all relevant stakeholders and get their input and approval before calling anything final. Only after you’ve done all you can to ensure the accuracy and completeness of the information should you submit the documentation to the appropriate regulatory body for review. Note deadlines for providing that information and respond in a timely fashion to any queries the regulatory body may have about your disclosures.

READY FOR REGULATION

Increased and specific ESG regulations are coming—and soon. In some regions, they’re already in effect. Ignoring them simply isn’t an option; doing so will close off areas of the world to your business or introduce the possibility for major fines.

The supply chain is a key player in meeting ESG disclosure requirements, with as much as 70% of a company’s emissions being traceable to suppliers (as Scope 3 emissions). Making sure suppliers can easily provide key information on their emissions and ESG initiatives is important, and both transparency and flexibility will be key in getting their cooperation to do so.

While the specifics for many upcoming regulations, like those in the U.S., will still need to be hammered out, debated, and finalized in their respective regions and industries, there’s a lot we know already. The technological capabilities for collecting, analyzing, and reporting any needed data will remain largely the same. That means companies shouldn’t wait to start building out those processes.