The increasing magnitude and frequency of disruptive forces is affecting organisations globally from five perspectives – economic, environmental, technological, societal and regulatory. Each one of these areas directly correlates to – and multiplies and magnifies – the challenges that businesses today must overcome from an ESG standpoint and the capabilities they need to build.

In such an acutely scrutinous and digitally enabled environment, the need for corporate introspection and subsequent transformation at pace in relation to ESG has never been greater.

In the second of our series of posts analysing the opportunities and potential pitfalls when developing an ESG strategy, we turn the spotlight on Compliance.


The level of concern about ESG and its risks depends on various factors specific to each business, such as the industry, nature of products/services, and the geographical locations where it operates. Whether the risk is viewed as low or high along this spectrum, management teams may find it necessary to review an organisation’s compliance program to ensure it adequately addresses and prevents ESG risks.

This may be unwelcome news to compliance teams, who are already accounting for fraud, money-laundering, corruption, and anti-competitive practices. In an environment where compliance budgets were declining even before the pandemic, expanding the scope of audits will cause concern.

It helps to recognise that many of the legacy compliance areas are already included in Governance and – considering the recent boost of ESG concerns in public and business debates – broader ESG compliance has the potential to improve the overall position of the compliance function. Just as the pandemic upended the notion that complex businesses could not effectively rely on remote video technology to efficiently run their operations, a push on ESG compliance could trigger a refresh of the perspective on process and technology for compliance purposes.

Evidently, ESG compliance is particularly challenged by the complexity of unstructured and diverse sources of information that need to be considered for due assessments. The last decade has seen a significant evolution in the way that information can be obtained and handled, and these tools and processes are ripe for deployment on compliance functions.

The first such evolution is taking a greater number of data sources into account for monitoring. It is now relatively straightforward to consolidate content from internal databases, websites, online content, and internal communications into a single analysis database. This is because the tools necessary to normalise the data (convert documents to searchable format, translate languages, transcribe multimedia content, etc.) are now more readily available and less costly. This process requires more effort, but the additional data means better accuracy and a single monitoring process that clearly shows how data enhances, complements, or contradicts other data. Sample data sources include:

1. Marketing materials (websites, articles, speeches, online ads): Summarising how the business is represented around the globe and highlight outliers.

2. Internal communications (email, internal memoranda): Describing internal areas of focus or concern as they appear “on the ground”.

3. Internal relationships: Identifying customers, suppliers, investors, regional contacts and other relationships that are relevant in the context of ESG.

4. Social media discussions (e.g., Facebook, Twitter): Describing public perception about the business on relevant topics and highlighting any areas of support or concern.

5. International news sources: Summarising the range of public information known about a potential impact on the company’s ESG focus. 

This monitoring process would offer critical assistance, for example, to an organisation responding to a dawn raid at a processing plant operated by a foreign subsidiary suspected to have unlawfully disposed of hazardous chemicals. It might need to quickly understand relevant internal communications, the company’s outsourcing arrangements for the disposal of hazardous materials, the company’s official position about environmental protection as expressed by local executives, and the nascent response from the public in social media. A better application of this platform, however, would be to have identified that one of the firms onboarded to handle waste disposal was recently found to have a record of illegal dumping.

The second evolution is the ability to harness machine learning. This enables the development of predictive models and is no longer complex to run or costly. The implementation is more demanding, however, but it should nonetheless constitute an essential part of compliance processes. Machine learning is also particularly useful on large data sets: Unlike traditional models, adding data does not require more human resources. It would therefore help take advantage of the additional valuable data sources, as discussed above. 

To illustrate the benefit, you might not need a GPS when driving along a road you know well, but should it be closed due to an emergency, GPS can tell you which of the alternative paths are available, and which have the least traffic. Similarly, machine learning could help stitch together the various details of the issue being examined, whether or not they contain the same references, words, or languages.

The opportunity to take advantage of such evolved capabilities does not relate specifically to ESG. The better way to think of it is that ESG is cementing the importance of the overall compliance imperative, and that this function should therefore adapt and modernise to take on a challenge that will continue to grow in importance.

Click here to read the full report: Who Cares? Why the right ESG strategy can spell business success.

Read part 1 of this series here.