et’s not kid ourselves, no one has ever mistaken their company’s legal and compliance teams for free-wheelers. Legal and Compliance are where ideas go to die. But like mama always said, what doesn’t kill you makes you stronger. So it’s with affection we welcome the important critique from these stakeholders. Legal and compliance teams are, in fact, absolutely essential to a company’s operations. In fact, when empowered to do so, ESG provides a showcase for their added value. 

The Dynamic Duo: Legal and Compliance

The two roles are complementary but separate. Think of them as, respectively, insurance and safety. The legal department’s role is insurance, to reduce liability. Compliance, meanwhile, is safety, preventing activities that may cause liability. One buys the parachute while the other makes sure it is packed and ready to be deployed.

In terms of ESG, the legal and compliance teams make sure that a company’s ESG initiatives have a sound foundational purpose and keep them integrated with operations. Together, the two play a critical role in ensuring that a company’s stakeholder obligations are its priorities. 

Keeping that in mind, here are 10 ways legal and compliance roles shine when considering ESG factors.

The Role of Legal

Legal mitigates a company’s exposure to risk in the following five ways:

1. Litigation risk. Advising on potential litigation risks related to ESG factors, such as those related to environmental liabilities, investments, fair wages and human rights violations. Looking at your company through an ESG lens helps expose such risks and, depending on how well measured those factors are, gives you a clear indication about how pervasive they may or may not be.
2. Contractual obligations. Ensuring that contracts related to ESG initiatives are compliant with relevant laws and regulations, and that the company has the necessary rights and obligations to carry out its ESG initiatives. That’s one side. There are also agreements you can put in place with supplies and customers that also feed into the organization’s ESG efforts. Finally, regulation comes with its own contractual obligations which provide an additional, readymade framework for tracking your ESG work.
3. Reputation risk: You will want to anticipate any potential reputational risks associated with poor ESG results. Reputational risk includes, for example, false or misleading statements, and the potential impact of negative reports on the company’s brand and public reputation. Let’s be clear here. The goal is to know what risks there are and an ESG lens can help tremendously in that capacity. What we don’t want to see is a reactionary stance where ESG evaluation itself gets scapegoated.
4. Data privacy: Securing that the collection, storage, and use of ESG data is compliant with developing data privacy laws and regulations. Think GPPR, CCPA, NYSHIELD, SOC-X, etc. Pick your standards and stick to them. Let your ESG approach guide your approach to which ones make the most sense to your organization.
5. Corporate governance: ESG work is only as good as its mandate. Hence the G in ESG. Make sure that the company’s ESG initiatives are aligned with its governance structure, and that the company has the necessary internal controls and processes in place to manage ESG risks. Make sure it’s top-down and that you get buy-in from any and all stakeholders.

The Role of Compliance 

Similarly, compliance teams help mitigate risk by making sure a company’s ESG initiatives follow relevant laws and regulations, are properly disclosed, align with industry best practices, and are integrated into operations. The work this role does already in the following areas would feed directly into core ESG efforts: 

6. Workplace and labor accountability: Ensuring that your company adheres to legal guidelines and laws regarding the safety and welfare of all employees. 
7. Regulatory compliance: Certifying that ESG initiatives comply with all relevant environmental, health, safety, and labor laws and regulations, both domestically and internationally.
8. Disclosure obligations: Advising on disclosure obligations related to ESG matters, including reporting on ESG risks and impacts in financial statements and annual reports.
9. Due Diligence: Conducting due diligence on suppliers, partners, and other third parties to ensure that they meet the company's ESG standards. This includes assessing their ESG performance, policies, and procedures, and ensuring that they comply with relevant laws and regulations. 
10. Internal Controls: Putting appropriate internal controls in place to monitor and manage ESG risks, such as implementing systems to track ESG performance like Tablecloth, regularly auditing ESG policies and procedures, and including ESG risks in the company's overall risk management framework. 

What does this mean for companies?

Both the legal and compliance roles play a critical role in a company’s ESG strategy. They help identify and manage risks, draft policies and procedures, conduct due diligence, monitor the results, and ensure accurate and complete disclosures. 

Beyond working with each other, both teams work closely with other stakeholders to help companies achieve their ESG objectives while doing their more traditional obligations of mitigating potential legal risks. By being involved in the ESG effort, legal and compliance teams can help companies build a sustainable and responsible business, and maintain stakeholder trust and confidence.