ESG COMPLIANCE: INTEGRATING SUSTAINABLE DEVELOPMENT INTO A COMPANY’S BUSINESS MODEL

Marharyta Tatarova, Advisor, Head of the ESG Practice,
Deputy Chair of the ESG Committee at the Ukrainian Compliance Association

Just a few years ago, ESG in Ukraine was mainly discussed at specialist events on sustainable development. Today, this acronym appears where it was least expected: in counterparty questionnaires, loan agreements and tender terms and conditions.

The reason is simple – regulatory requirements. European companies are subject to EU requirements regarding sustainability reporting and supply chain due diligence, and they pass these requirements on to their suppliers and partners. Banks and funds incorporate ESG criteria into their financing terms, and during mergers and acquisitions, ESG is scrutinised just as thoroughly as financials. In short, this is no longer merely a matter of reputation, but a prerequisite for access to markets, funding and partnerships. ESG compliance helps to ensure this requirement is met.

What does ESG compliance entail?

ESG compliance is a system comprising several elements. It is underpinned by internal policies: environmental, HR, human rights, anti-corruption and data protection policies. Alongside these policies are procedures that describe exactly how the company implements its own rules, and controls that enable this implementation to be verified. A separate element of the system is the allocation of responsibility, whereby a specific individual or department is accountable for each area. Furthermore, it is important not to overlook whistleblowing channels and regular staff training as equally important elements of ESG compliance.

At the same time, ESG compliance should not be reduced merely to the drafting of policies and internal documents. Its main objective is to integrate the principles of sustainable development into a company’s management system and decision-making processes. ESG maturity is determined not by the number of approved documents, but by the extent to which environmental, social and governance risks are taken into account in investment, procurement, human resources management, interactions with counterparties and business development.

To avoid confusion, it is worth distinguishing between three concepts that are often mentioned in the same breath. An ESG strategy answers the question ‘where are we heading?’ and outlines the company’s objectives in the areas of the environment, social responsibility and governance. ESG compliance is the mechanism that puts these objectives into practice. ESG reporting, meanwhile, shows stakeholders the results and demonstrates that the system is actually working.

Effective ESG compliance is based on a risk-based approach. It is the assessment of ESG risks that allows a company to determine which issues are critical for it and which may be of secondary importance. For a manufacturing company, these might include environmental risks and waste management; for a financial institution, they might include corporate governance, ethics, anti-money laundering, data protection and reputation risk management. This is precisely why there is no one-size-fits-all list of documents or procedures – the system must be built in line with the specific business’s risk profile.

It is not usually necessary to build everything from scratch, as ESG compliance relies on the same mechanisms as traditional compliance: risk assessment, allocation of responsibilities, staff training and channels for reporting breaches. Companies that already have an anti-corruption programme in place under the Law ‘On the Prevention of Corruption’ have it somewhat easier, as a significant part of their existing framework simply needs to be extended to cover environmental and social issues.

Who really needs it, and who doesn’t

This is where the main misunderstanding lies. Because of it, some companies spend money on documentation they don’t need, whilst others only ‘wake up’ two weeks before the deadline. In reality, the scope of the system required is often determined by your answers to very specific questions: which markets you operate in, who your partners are, and what obligations your business undertakes in its contracts.

For a small business operating in the domestic market (with no foreign partners, no loans from international institutions and no plans to sell a stake to an investor), a separate ESG system is not mandatory. It is sufficient to comply with current legislation: labour, environmental, data protection laws, and so on. This may change if your buyer exports to the EU, as ESG clauses may appear in your contract even if your business does not directly sell anything abroad.

For small businesses operating in the domestic market (without foreign partners, without loans from international institutions and without plans to sell a stake to an investor), a separate ESG system is not mandatory. It is sufficient to comply with current legislation: labour, environmental, data protection laws, and so on. This may change if your buyer exports to the EU, as ESG clauses may appear in your contract even if your business does not directly sell anything abroad.

A medium-sized business that exports, participates in public procurement or provides services to international companies in Ukraine will, sooner or later, receive a counterparty questionnaire. To answer most of its questions, you may need a basic set of documents:

  • a code of ethics containing provisions on conflicts of interest and non-discrimination;
  • an anti-corruption policy; for participants in public procurement with contracts of significant value, a comprehensive anticorruption programme is mandatory under Article 62 of the Law ‘On the Prevention of Corruption’;
  • a whistleblowing channel with a procedure for handling reports;
  • a personal data protection policy in accordance with the relevant legislation.

These documents not only cover the counterparty’s profile, but also help to mitigate the company’s own risks (labour disputes, fines from regulatory authorities, incidents of corruption, etc.).

For large enterprises, participants in international supply chains, borrowers from international financial institutions, and anyone preparing for mergers and acquisitions or seeking investment, the above package may not be sufficient. It is advisable to add the following to the basic set:

  • a framework ESG policy with measurable targets and a clear allocation of responsibilities;
  • a human rights and diversity policy based on the Labour Code and the Law ‘On Ensuring Equal Rights and Opportunities for Women and Men’;
  • a supplier code of conduct and ESG clauses in contracts;
  • environmental policies and the tracking of emissions and waste, in accordance with the Laws ‘On the Protection of the Natura Environment’ and ‘On Waste Management’;
  • a management report containing non-financial information; for large enterprises, this is mandatory under the Law ‘On Accounting and Financial Reporting in Ukraine’.

No matter how many documents you have (whether one or ten), the following principle applies: each must have an owner, a procedure for implementation and links to the rest. A code of ethics that nobody has been trained to apply, or a complaints channel without a procedure for handling complaints, will be a weak point in any system as early as the first audit.

Despite the revision of certain European requirements as part of the Omnibus reform package, the strategic direction of regulatory development remains unchanged. Large international companies, banks, investors and international financial organisations have already integrated ESG criteria into their own procedures for counterparty assessment, lending, investment and supply chain management. Consequently, for Ukrainian businesses, ESG issues are increasingly arising not because of direct legal requirements, but due to the demands of the market and partners.

Common mistakes that come at a high cost

Most ESG failures are not unique – they recur from company to company. Let’s examine some of them in more detail.

Declarative ESG

A company makes a grand announcement of its policy, yet nothing changes behind the scenes. When public claims of ‘environmental friendliness’ do not match reality, there is a term for this: greenwashing.

Imagine a large multinational corporation that has been advertising its product as ‘eco-friendly’ for years. In its documents and adverts, it presents favourable emissions figures obtained in the laboratory. But in real-world use, emissions turn out to be many times higher, because in reality the product was never as clean as it was made out to be. When the deception becomes public, the company loses more than just its reputation. It faces heavy fines in various countries, compensation payments to customers, the dismissal of executives, and sometimes even criminal proceedings.

For a Ukrainian supplier, the accountability mechanism is usually simpler, but no less painful. Inaccurate ESG assurances in a contract or responses to a questionnaire give the counterparty grounds to terminate the contract, and the lender grounds to review the terms of financing.

No one is in charge

‘Everyone is responsible for ESG’ effectively means that there is no one actually in charge. Without a specific individual with the authority and budget, the system gets bogged down in empty rhetoric and holds together only until the first serious audit.

Who to appoint depends on the size of the company. In large organisations, this may be a separate role for a sustainability manager or director, or even a dedicated committee reporting to the supervisory board. For medium-sized businesses, there is no point in creating a new full-time role: responsibility is usually assigned to a lawyer, compliance officer or finance director – in other words, someone who already deals with risks and regulatory requirements.

The following conditions are key:

  • the person in charge must have a genuine mandate from senior management, not just a line in their job description;
  • the person in charge must have access to the budget and influence over decisions regarding procurement, production and human resources;
  • the person in charge must report directly to the executive body or the supervisory board, so that ESG does not get lost at the middle management level.

Contradictions in documents

For example, prior to or during due diligence, it may emerge that the code of ethics permits business gifts up to a certain amount, the anti-corruption policy specifies a different limit, whilst the procurement regulations prohibit them altogether. For the auditor, this will, of course, be a clear ‘red flag’, indicating that there is no unified system, but merely a set of unconnected documents drafted at different times by different people.

Unmeasurable targets

The phrase ‘we care for the environment’ cannot be verified or refuted; it is therefore more of a statement of intent than a target. Be specific: for example, ‘the goal is to reduce electricity consumption by 8 per cent by 2028’. It is precisely these kind of empty slogans that regulators latch onto: advertising in which a company calls itself ‘eco-friendly’ without sufficient evidence is banned in many countries as misleading to consumers.

Staff Unawareness

It sometimes happens that policies are approved and then almost immediately forgotten, whilst staff are not even aware they exist. It is easy to check this: simply ask a few ordinary staff members where they would turn if they became aware of a breach. In a well-functioning system, key staff members are made aware of the rules and sign to confirm they have read them; they know who to approach with a complaint and undergo brief training from time to time. It is precisely this staff awareness that best demonstrates to the auditor that the system is working.

The importance of the Governance (G) component

Particular attention should be paid to the Governance component, which is often underestimated. It is effective corporate governance that ensures the functioning of the entire ESG system. An independent compliance function, internal controls, transparent decision-making, management of conflicts of interest, the proper functioning of governing bodies, and effective internal whistleblowing mechanisms form the basis of trust for investors, government bodies, partners and customers alike.

International standards

The development of ESG compliance is increasingly based on international standards and best practices in corporate governance. Depending on the company’s sector of activity, such guidelines may include, in particular, ISO 37301 (Compliance Management Systems), ISO 37001 (Anti-Bribery Management Systems), the OECD Guidelines for Multinational Enterprises on Responsible Business Conduct, the UN Guiding Principles on Business and Human Rights, as well as other international recommendations on due diligence and risk management. Using such standards enables the development of a system that meets the expectations of international partners, investors and regulators.

First steps and conclusions

So, where to start? Firstly, take stock of existing policies and procedures and assess which of these are actually effective and which exist only on paper as policies and declarations. Secondly, determine the scope of the system you specifically need, based on your markets, partners and the company’s plans. Thirdly, appoint a person in charge and elevate ESG to senior management level.

And most importantly, here’s what you should bear in mind. In the coming years, it will not be those who produce the most policies and reports who come out on top – the advantage will go to businesses that embed sustainability into their own business model. It is precisely this that builds trust with partners, makes the company more resilient and opens up access to new markets, investments and partnerships.

Source: LIGAZAKON

In Focus