ESG Reporting Mandates to Know for Third-Party Risk Management

5 minute read

August 2021

Third-Party Risk Management in today’s regulatory landscape is difficult – and it is about to become more challenging. With a growing social consciousness around environmental, social and governance (ESG) issues, regulators are putting pressure on organizations to prioritize ESG with reporting mandates.  

The good news is that there’s a strong business case to be made for ESG. A report from Morningstar found that 88% of organizations with high ESG index ratings outperformed their market equivalents for five years through the end of 2020. The report proves that organizations that prioritize ESG demonstrate resilience and increased profitability. The lynchpin for third-party risk management will be ensuring that vendors prioritize it too.  

This article will explore the most prevalent ESG reporting mandates to be on the lookout for in the years to come. Then, we’ll uncover how organizations can make sure their vendors’ ESG practices are aligned with their own to prepare for emerging ESG mandates. 

ESG Reporting Mandates Today

ESG regulations have experienced a significant uptick in recent years, forcing organizations to rethink their practices and third parties’ practices. Increased political momentum globally, the COVID-19 pandemic and new research on the benefits of ESG have been major driving forces in this shift.  

Today’s ESG reporting mandates require organizations to establish reporting protocols for key metrics on resource use, waste management and ethical sourcing, to name a few. Some of today’s most prevalent include:  

  • Dodd-Frank Act – Section 1502 (U.S. Conflict Minerals Law): Requires U.S. publicly-listed companies to check their supply chains for tin, tungsten, tantalum and gold, if they might originate in Congo or its neighbors, take steps to address any risks they find, and to report on their efforts every year to the U.S. Securities and Exchange Commission (SEC). Companies are not encouraged to stop sourcing from this region but are required to show they are working with the appropriate care—what is now known as “due diligence”—to make sure they are not funding armed groups or human rights abuses.   
  • U.K. 2015 Modern Slavery Act: Designed to combat modern slavery in the U.K. and consolidates previous offenses relating to trafficking and slavery. Organizations must produce a transparency statement that includes details of any steps taken during the relevant financial year to ensure that modern slavery does not occur in the organization and its supply chains.   
  • 2020 Dutch Child Labor Due Diligence Act: Requires companies selling goods and services to Dutch end-users to determine whether child labor occurs in their supply chains. If so, companies must set out a plan to combat it and issue a due diligence statement on their investigation and plan of action. 
  • Australia Modern Slavery Bill 2018: Requires large Australian and foreign entities operating in Australia to report annually on the risks of modern slavery in their operations and supply chains and the actions taken to address those risks.   
  • 2010 California Transparency in Supply Chains Act: Geared towards providing consumers with critical information about companies’ efforts to prevent and drive out human trafficking and slavery in their supply chains – both domestically and internationally. Organizations that operate in California are required to disclose on their website their efforts to eradicate slavery and human trafficking from their direct supply chain for tangible goods offered for sale. 

These mandates don’t paint with a broad stroke across every organization’s focus, size and location, but they are important to be aware of. Organizations should understand their third party’s practices around these mandates to protect against ESG-related risk.  

Anticipated ESG Reporting Mandates

As ESG gains traction, more mandates are expected to be introduced as early as the end of 2021. This includes one of the most encompassing mandatory due diligence and disclosure mandates yet —   Mandatory Corporate Human Rights and Environmental Due Diligence from Europe. This regulation, and those below, set the tone for the most stringent regulations in the years to come:  

  • Transparency In Supply Chains Act (Canada): Imposes obligations on Canadian businesses to take steps to prevent the use of modern slavery in their overseas supply chains and create reporting obligations on qualifying entities, including completion of a supply chain questionnaire on a company’s policies and procedures related to forced labor, child labor and human trafficking.  
  • Uyghur Forced Labor Prevention Act (United States): Imposes various restrictions on China’s Xinjiang Uyghur Autonomous region, including prohibiting certain imports from Xinjiang and imposing sanctions on those responsible for human rights violations there.  
  • Mandatory Corporate Human Rights and Environmental Due Diligence (Europe): Imposes requirements on companies to conduct environmental and human rights due diligence within their supply chains, including their operations, direct and indirect business relations and investment chains. The proposed rules would apply to any company that operates within the E.U. market, regardless of whether or not they are established in the E.U.  
  • Initiative Multinationales Responsables (Switzerland): Similar to the E.U.’s Mandatory Corporate Human Rights and Environmental Due Diligence, this initiative establishes mandatory due diligence for environmental and human rights issues. Firms would be liable for any human rights abuses, and environmental violations caused abroad by companies under their control.  

The growing list of mandates offers a taste of what’s to come for ESG reporting. Even if your organization has a solid ESG posture, there’s likely to be weaknesses within your vendor population. Organizations should prepare by taking a proactive approach to managing ESG-related risk in their third parties. 

ESG-Related Risk and Vendor Management

It can’t be assumed that vendors hold themselves to the same standards as the organization. At the same time, ESG-related risk in your organization’s third parties can be easily overlooked while the organization focuses on its own ESG initiatives.  

Remember, a third party’s ESG risk is the organization’s risk. The world has turned its attention towards the key issues ESG addresses – climate change, human rights abuses, responsible resource use and more – making it mission-critical that organizations understand their vendors’ practices. Affiliation with an organization that violates ESG regulations can directly impact the organization’s profitability and continuity. 

Tackling ESG-related risk in your vendor population begins with a centralized third-party risk management program. Each vendor’s ESG-related risk areas should be determined and weighed before onboarding. ESG risk ratings can be leveraged to help the organization determine the frequency and scope of ongoing monitoring during the relationship. Depending on the organization’s priorities, it may be worthwhile to implement due diligence systems regarding key ESG-related risks in operations and the supply chain.  

Automate Third-Party Risk Management for Improved ESG Visibility

Organizations can automate their vendor risk management processes to closely monitor third parties for ESG-related risk throughout the vendor lifecycle – from onboarding to ongoing monitoring. ProcessUnity Vendor ESG Intelligence seamlessly and automatically incorporates Ecovadis’ business sustainability ratings into ProcessUnity’s Vendor Risk Management platform to provide actionable insights for environmental, social and ethical risks. ProcessUnity’s VEI solution provides greater visibility for the onboarding and continuous monitoring process of a vendor’s lifecycle using business data and insights. 

ProcessUnity Vendor Risk Management offers the visibility needed to gain insight into a vendor’s ESG policies and practices. To learn how automation can streamline your third-party risk management process, schedule a ProcessUnity Vendor Risk Management demo today. 

Related Articles

About Us

ProcessUnity is a leading provider of cloud-based applications for risk and compliance management. The company’s software as a service (SaaS) platform gives organizations the control to assess, measure, and mitigate risk and to ensure the optimal performance of key business processes. ProcessUnity’s flagship solution, ProcessUnity Vendor Risk Management, protects companies and their brands by reducing risks from third-party vendors and suppliers. ProcessUnity helps customers effectively and efficiently assess and monitor both new and existing vendors – from initial due diligence and onboarding through termination. Headquartered outside of Boston, Massachusetts, ProcessUnity is used by the world’s leading financial service firms and commercial enterprises. For more information, visit