I argued why it was time that financial institutions brought their sustainability risk management (often referred to as environmental and social risk management) to the next level in the editorial of the July 2020 issue of the ESG Risk Quarterly. This owing to significant developments in the realm of soft and hard law, as well as new supervisory expectations and evolving peer practices.

All of these pressure points have grown even stronger since. Still, today, many financial institutions struggle to operate comprehensive sustainability risk management systems. The typical challenges they face:

• They address an incomplete list of industry sectors and do not broaden the scope to cover companies from other sectors that are linked to sustainability risks, such as information technology (e.g. surveillance issues), chemicals (e.g. disaster risk), or other financial institutions (e.g. those with elevated exposure to highly controversial sectors);
• They don’t cover all relevant business areas, such as those that provide general purpose loans, commodity trade finance or property and casualty insurance at the group level (in contrast to insurance coverage for specific projects);
• They do not align their processes with relevant international due diligence standards such as the guidance from the OECD;
• They take a too narrow view when assessing risks by mitigating (reputational) risk for the institution itself and not aiming at mitigating adverse impacts linked to the client’s business activities, in other words they do not take a double materiality perspective – why this is an issue is explained here; and
• They may not have an effective system in place, e.g. the first line of defense does not have the necessary expertise or tools to assess risks properly, or they work with pure box ticking solutions.

In the views of the public and policy makers, financial institutions are an enabler of business, regardless whether they engage at the level of the corporate entity or an individual. Financial institutions won’t yield the value of managing sustainability risks appropriately, if they do not address them in a sufficiently comprehensive manner.

To mention this explicitly: In no way should this be seen as a criticism of sustainability risk teams. Despite some growth of their teams, they remain mostly understaffed and are therefore not able to do all the work they should be doing, despite good intentions, hard work, and long hours. It is the responsibility of the board and the executive committee to direct the implementation of sustainability risk management and the corresponding due diligence rules and processes. Not getting this right will expose financial institutions to financial risks, legal liabilities, and reputational issues such as greenwashing allegations. It is time to provide sustainability risk units with the budgets they require to ensure that the institution manages sustainability risks appropriately.