5. Information, communication and reporting for ESG-related risks




            Mandatory reporting obligations
            In preparing external communications on ESG-related risks,
            organizations should start with understanding the risk and         Guidance
            ESG reporting requirements for their jurisdiction. This includes
            understanding the entity’s requirements for reporting:             Communicate and report
                                                                               relevant ESG-related risk
            •  Significant or material risks (e.g., SEC-registered companies are
              required to report material risk factors in their annual 10-K/20F)     information externally to
                                                                               meet regulatory obligations
            •  Individual ESG-related risks that meet the organization’s criteria for      and support stakeholder
              materiality and disclosure in legal filings (e.g., chemical companies   decision-making
              including: health and safety concerns as a material risk factor)

            •  ESG issues that contribute to other material risks (e.g., severe weather which may contribute to business
              continuity and could be included in the description of the risk in legally mandated disclosures)
            •  ESG-related risks or issues that are required to be disclosed under a separate requirement, such as
              France’s Article 173-VI, which requires asset management companies and institutional investors to describe
              methods for incorporating ESG factors into the investment strategy and means employed to support the
              energy and ecological transition
                                         4
            Chapter 1 provides additional detail on the role of fiduciary duties for reporting ESG-related risks as well as
            ESG-related regulatory requirements. Additional voluntary frameworks for reporting ESG-related issues can
            be found in Appendix III. Jurisdiction requirements for reporting risk factors and ESG-related risk factors are
            summarized in Appendix II.

            Voluntary communication and reporting
            In addition to mandatory disclosure requirements, most entities have external stakeholders that have an
            interest in their activities, which require broader communication and disclosures. Stakeholders may include
            investors, suppliers, customers or community groups.
            Many considerations affect the decisions organizations make about external reporting of ESG information.
            Various possibilities are available to companies when considering which ESG information they should report
            and how and where the information should be reported as well as for which audiences.


              In one EY study, 81% of institutional investors stated that companies do not adequately disclose the
              ESG-related risks that could affect their current business models – with 60% calling for companies to
              disclose these risks more fully. 5


            To understand what assumptions inform the conclusions made and what purposes and audience the
            information is intended to serve, organizations should identify their stakeholders, understand their ESG-related
            priorities and information needs, and determine an approach for communication. Table 5.2 provides examples
            of information expectations of external stakeholders and methods for communicating with them.





























        88                             Enterprise Risk Management | Applying enterprise risk management to environmental, social and governance-related risks  •  October 2018