Wed, Jul 8, 2020

Is Your Compliance Team Ready for Mandatory Environmental, Social and Governance Due Diligence?

At the end of April, European Commissioner for Justice Didier Reynders announced that the EU Commission is intent on introducing mandatory corporate environmental and human rights due diligence legislation in early 2021, weaving it into the Commission’s Green New Deal, post COVID-19 recovery plan.1  

Public consultation is ongoing, and the finer details of the legislation will be debated among EU lawmakers and stakeholders during the remainder of the year. However, it is clear the EU will move towards a requirement that European companies extend their existing compliance-based due diligence programs to address a full spectrum of environmental, social and governance (ESG) risks linked to their third parties. 

Reynders’ announcement signaled that forthcoming legislation would not only apply to a narrow set of “at-risk” sectors, but would place mandatory due diligence requirements on multiple sectors, backed up by an enforcement mechanism and sanctions for non-compliance.  

The EU legislation seems to confirm the recent perceivable trend of companies’ ESG commitments graduating out of corporate social responsibility (CSR) and sustainability departments and into compliance functions. With this in mind, chief compliance officers, legal counsels, business ethics officers and compliance professionals will need to ask themselves what they need to do to prepare, adapt and build on their existing due diligence programs. 2

ESG – A Primer

The formal concept of ESG was first coined in 2005 by the UN Global Compact’s study called Who Cares Wins, which laid the basis for the notion of ESG investing.3 In short, the study argued that environmentally and socially sustainable investments not only have the benefit of furthering sustainable societies, but also deliver enhanced financial returns. While the prominence and relevance of ESG risks to management decisions vary across regions and industries, they can be broadly defined as follows:

  • Environmental risks relate to a business’ ecological sustainability, and the actual or potential negative impact of its activities on the natural environment including air, land, water, ecosystems and human health. Such risks also extend to a business’ preparedness for and resilience to natural catastrophes and climate change. 4 
  • Social risks refer to the potential or actual negative impacts a business may have on local communities and civil society, as well as risks generated by inadequate implementation of safe working conditions, diversity and inclusion policies, and measures to ensure product integrity and consumer protection. Crucially for many sectors, social compliance also extends to human rights risks, including human trafficking, modern slavery, forced labor and child labor. 5
  • Governance risks relate to the ways in which a company is run and addresses several aspects related to business ethics such as board diversity and integrity, audit committee structure, executive pay and whistleblower protections.

The benefits of companies’ increasing ESG disclosures, driven by regulatory mandates in the financial sector, investor pressure and a growing understanding of the advantage of going beyond purely financial parameters is a dynamic that Kroll has explored before. However, for many businesses today, ESG risk exposure lies not only within their own operations and direct control but is distributed among their global networks of third parties, partners and suppliers.7

Green Shoots Indicative of the Upcoming Regulatory Regime 

The announcement of the upcoming EU legislation did not take place in a vacuum. The seeds of the emergent ESG regulatory regime were sown by mounting civil society pressure on businesses to mitigate the specific impacts their operations have on the natural environment and communities; and on governments to react. Reynders’ announcement was preceded not only by the 2014 Non-Financial Reporting Directive requiring large European companies to report on environmental and human rights matters and the Conflict Minerals Regulation due to come into effect in 2021; but also by a growing crescendo of national regulations in Europe and beyond placing new requirements on companies to conduct environmental and human rights due diligence. 

As set out in recent articles by Kroll, public pressure and reputational damage remain key drivers encouraging companies to up their game when it comes to tackling the specific issue of forced labor. Nonetheless, a growing body of law, including the 2010 California Transparency in Supply Chains Act, the UK 2015 Modern Slavery Act and the Australia Modern Slavery Bill 2018 have gradually raised the bar in placing more demanding due diligence reporting requirements on companies and their third parties, strengthening enforcement mechanisms and better defining what counts as “compliance.” Meanwhile the Dutch Child Labor Due Diligence Law requires companies selling goods and services to consumers in the Netherlands to identify and prevent child labor across their supply chains.8

France arguably set the scene for the upcoming EU legislation by passing the 2017 Duty of Corporate Vigilance Law, requiring large companies to develop a due diligence program throughout their chain of production and to implement preventative and remedial action to address not only forced labor, but a wider range of serious human rights violations and environmental impacts. The new EU legislation is expected to use a similar basis for enforcement as the French law, enabling claims to be made against companies who fail to establish and implement human rights and environmental due diligence programs. 

How Kroll Can Help Integrate ESG Into Your Existing Compliance Due Diligence Program 

As we have explored, the advantages of proactively assessing exposure to third-party ESG risk are considerable. Moreover, based on the significant out-performance of ESG funds and companies with strong ESG credentials since the onset of the COVID-19 pandemic, it makes financial and reputational sense to get ahead.9  

But incorporating ESG need not overwhelm a compliance team. At Kroll, we see the consolidation of third-party ESG assessments into a company’s risk management compliance program as the next logical step in an ongoing evolution of its compliance due diligence culture. 

Alongside our clients, Kroll has developed a suite of ESG services that are fully integrated into our existing risk management products. This includes the integration of ESG questionnaires into the Kroll Compliance Portal, as well as targeted ESG-focused public record research on third parties and the localized country risks associated with the jurisdictions in which they operate. 

Kroll’s flagship new offerings, the ESG Compliance Due Diligence report and the ESG Focus, offered as an addition to the Kroll Public Record Review, both provide publicly available information regarding a  third party’s stated ESG policies, and seek to identify references to their material involvement in activities considered as higher risk or non-compliant with its own policies and a range of ESG global standards and frameworks. This includes the London Stock Exchange ESG reporting guidance, WFE ESG Guidance and Metrics, the Sustainability Accounting Standards Board guidance and the United Nations Principles for Responsible Investment. Crucially for this new and maturing area of compliance, where red flags are identified, searches are also conducted for a third party’s response and details of any mitigation measures taken. 

In addition to investigating third parties’ performance in relation to specific client ESG standards, industry-wide regulations, sector-specific benchmarks or ethical investment requirements, Kroll has defined eighteen ESG risk issues that we research as relevant to the subject’s business activity, as summarized in the graphic below: 

Is Your Compliance Team Ready for Mandatory Environmental, Social and Governance Due Diligence?

As the regulatory landscape governing ESG compliance continues to evolve within Europe and beyond, Kroll remains at the forefront, supporting compliance teams around the world to protect their businesses by successfully identifying and navigating the ethical, reputational and financial risks associated with their third parties. If you would like to find out more about integrating ESG due diligence into your existing compliance program, please contact Kroll’s Compliance Risk and Diligence team via the contact details provided below. 


Kristina Isert
Global Head of Sales
Compliance Risk and Diligence
[email protected]
+44 207 029 5153

Kevin Braine
Managing Director and Head of EMEA
Compliance Risk and Diligence
[email protected]
+44 20 7029 5151

Veronique Foulon
Senior Manager 
Compliance Risk and Diligence
[email protected]
+44 207 029 5155



Compliance Risk and Diligence

The Kroll Investigations, Diligence and Compliance team partners with clients to anticipate, detect and manage regulatory and reputational risks associated with global ethics and compliance obligations.

Due Diligence Wizard Tool

Determine which due diligence product best fits your needs.