Nonfinancial Risk for Banks: Know Your Customer’s Environmental, Social and Governance Risk
It goes without saying that banks’ legal, compliance, and risk management mandates are multiplicitous and complex. For clear reasons, compliance with national and multi-jurisdictional prudential, anti-financial crime, and other laws and regulations top banks’ compliance priorities. Compliance in these areas requires banks to scrutinize their counterparties and customers, and in some cases the customers of their customers for imprudent, illegal and suspicious conduct that is often defined or described by applicable rules.
As banks continue to manage regulatory and risk complexity, they should add Environmental, Social, and Governance (ESG) and general business conduct issues to their nonfinancial risk matrices. ESG and business conduct issues—whether or not the subject to legal prescriptions— are no longer ancillary to risk and reputation management. Nor can ESG and business conduct awareness be regarded as merely ornamentation to enhance corporate appearance (or conceal corporate blemishes).
The business case for ESG and business conduct consciousness has been most compelling for consumer-facing businesses and sectors (e.g., food and beverage) that have clear, direct, and readily discernable roles in supply chain nodes from which clear lines can be drawn to environmental, social, and governance priorities and harms. But as the concepts of ESG and “good” (or responsible) business conduct have become more coherent and widely embraced, supply chain participants are expected to enforce, at the business-to-business level, ESG and good business conduct rules and standards.
We recognize that the finance sector can play a greater role and that the wider market participants — growers, processors, consumer goods companies, NGOs and banks — can work together more successfully to promote a sustainable palm oil sector. –HSBC Group CEO, March 2017
Increasingly, these expectations are becoming applicable to financial intermediaries—particularly commercial banks—whose roles in facilitating customer and third party conduct that violates or undermines established ESG and business conduct codes and objectives—is coming under greater scrutiny.
Earlier this year, for example, HSBC’s Group CEO announced that the bank would strengthen its agricultural commodities policy to include “no deforestation, no peat, no exploitation (NDPE)” goals. HSBC also expanded the scope of parties in the palm oil supply chain to which its toughened policy would apply. As reported by news outlets, “HSBC’s action followed a report by Greenpeace that highlighted HSBC’s links with palm oil companies alleged to have been behind deforestation.”
The HSBC example illustrates how and why commercial and reputational risk management considerations would drive banks to incorporate ESG and business conduct awareness into their business and risk management frameworks. Banks should also bear in mind that they could in some cases be subject to legal claims (at minimum, hailed into court) for actionable conduct of customers, for example on the theory that bank financing facilitated actionable conduct. Banks may also face commercial pressures and withdrawal risk from ESG-conscious corporate customers because of their relationships with other customers engaging in objectionable practices.
To understand and manage legal, commercial, and reputational risks presented in connection with ESG and business conduct, banks should take the following preliminary and further steps.
Assess ESG and Business Conduct (BC) Relevance and Risk: Customer Classes, Business Lines, and Jurisdictions
- Monitor ESG and BC standards that are established and emerging.
- Assess the relevance of ESG and BC issues to specific customer classes, business lines, and jurisdictions.
- Monitor ESG and BC incidents involving other financial intermediaries—particularly commercial banks—and identify whether events giving rise to such incidents and responses to such incidents can yield actionable risk management lessons.
Assess and Adjust Internal Reporting and Workflow to Enhance ESG and BC Risk Assessment and Responsiveness Capabilities
- Consider whether ESG and BC compliance and risk functions should be a part of the legal and/or compliance functions of a bank, with responsible individuals ultimately reporting to the General Counsel and/or a compliance leader.
Increasingly, companies (particularly those most concerned with ESG and BC compliance and risk) are embedding ESG and BC compliance personnel within legal departments or drawing direct reporting lines to general counsels. One key benefit of this organizational approach is that it allows for earlier assessments of the direct and indirect legal risks that ESG and BC non-compliance may present.
- Where ESG and BC issues are handled exclusively or initially by a CSR or similar department of an institution, take steps to ensure that legal, compliance, and CSR personnel have a sufficient mutual understanding of the interrelationships of their roles and subject-matter focuses, and have in place clear and open lines of cross-functional communication.
- In cases where ESG compliance is primarily screened and enforced at the transactional level by product and service line teams (g., project finance, agricultural commodities finance), these teams and the legal and compliance personnel with whom they work should ensure that ESG and BC issues inherent to certain transactions, products, and services are understood and assessed as legal, commercial, and reputation risk issues.
 The line between anti-financial crimes laws and regulations and prudential regulation has thinned somewhat in recent years, as compliance with, for example, anti-money laundering (AML) and counter-terrorism financing (CFT) mandates has been viewed as essential to the safety and soundness of banks and the international system more generally. See, e.g., Basel Committee on Banking Supervision, Sound management of risks related to money laundering and financing of terrorism (Consultative Document), September 27, 2013 and FDIC, Bank Secrecy Act Examination Program Overview.
 Such as in some cases of correspondent banking relationships for AML compliance purposes.
 See, for example, the discussion in a May 2016 MassPoint Note discussing the withdrawal of business by food and beverage companies from a supplier that lost an important palm oil sustainability certification.