ESG risks explained: Examples and tips on managing them

What are common types of ESG risks?

Each of the three main components of ESG encompasses various risks that organizations must identify and manage. The probability and severity of the risks can vary significantly between different industries and geographic regions. Let's first consider the broad categories of ESG risks.

Environmental risks

Environmental risks are associated with an organization's impact on the natural environment plus potential weather- and climate-related business issues. Some of these risks can result from not complying with environmental regulations. But even if negative environmental impacts or unsustainable business practices aren't illegal, they are undesirable and bring the threat of civil actions and long-term reputational damage. Companies that are slow to abandon such practices often pay the penalty both financially and in public perception.

Here are some critical environmental concerns that pose risks to organizations:

• Water and air pollution.
• Excessive greenhouse gas emissions that contribute to both pollution and climate change.
• Depletion of natural resources by overusing them.
• Biodiversity loss from deforestation and destruction of habitats.
• Severe weather events and natural disasters that can disrupt business operations.
• Climate change's effects, which create both immediate and long-term business risks.

Social risks

Social risks relate to the impact of an organization's operations on different groups of people and local communities. Again, the practices or actions need not be illegal to have serious consequences. Such risks can be particularly complex for a multinational organization to manage: What's acceptable, or even expected, in one country might be frowned upon in another. Moreover, companies should recognize that corporate social responsibility is not merely about avoiding negative impacts but also actively contributing to social well-being.

Here are some social risks that companies must navigate:

• Poor labor practices, such as unsafe working conditions and not paying fair wages.
• Human rights violations through child labor, forced labor and other exploitative practices.
• Inadequate community engagement that damages relations with local governments and residents.
• Product safety problems that harm consumer health and lead to recalls.
• Data protection and privacy errors that can result in data breaches, information misuse and failure to comply with privacy regulations.

Governance risks

Governance risks pertain to an organization's internal business practices and often arise from inadequate policies, controls and oversight. Poor governance can lead to ethical breaches, financial mismanagement and a loss of trust by customers, investors and other external stakeholders. Ultimately, that jeopardizes the organization's reputation and, in extreme cases, its operational viability.

Common governance risks include the following:

• Corruption and bribery by executives or other employees.
• A lack of transparency on business practices and financial performance.
• Conflicts of interest that drive corporate leaders to prioritize personal gains in business decisions.
• Excessive executive compensation packages that can lead to conflicts between senior management and investors.

Industry-specific ESG risks

Different industries face unique ESG risks based on their operations, regulatory requirements and potential social impact. Understanding these industry-specific risks is essential for companies to develop effective risk management strategies that often must balance conflicting demands. The following is a look at the ESG risk profiles for several key industries, reflecting the distinct challenges and opportunities that companies in them encounter.

Energy

The energy sector is central to the global economy but also one of the most significant contributors to environmental problems and climate change controversies. Balancing energy production with environmental protection and social responsibility often requires a holistic approach. Here are some of the energy sector's critical risks:

• High greenhouse gas emissions and environmental degradation from fossil fuel extraction and use.
• Negative effects on local communities from energy projects, including displacement and health issues.
• Financial and operational risks associated with the shift to renewable energy sources. This includes stranded assets -- investments in fossil fuels and related infrastructure that might lose value or become obsolete due to regulatory and market changes.

Manufacturing

Manufacturing involves the large-scale production of goods, often with significant environmental and social impacts. To mitigate ESG risks, manufacturers must address resource use, pollution and worker safety issues. Some of the specific risks faced by the industry include the following:

• High consumption of water, energy and raw materials that can lead to resource depletion and environmental harm.
• Pollution and waste that affect air, water and soil quality, potentially leading to regulatory penalties and causing public health issues.
• Worker health and safety risks in production processes that can result in legal actions and loss of employee trust.

Retail

The retail industry has a broad and direct impact on consumers and communities, making social and environmental issues particularly salient. Retailers must manage complex supply chains and respond to consumer demand for sustainable and ethical products. These are some of the ESG risks they face:

• Poor labor practices and environmental damage by supply chain partners that can harm a retailer's reputation and lead to regulatory penalties.
• High levels of waste and inefficiencies in product lifecycle management that contribute to environmental degradation.
• Consumer pressure that requires retailers to modify their product offerings, adapt their business practices and ensure operational transparency.

Healthcare

The healthcare industry faces complex ESG risks related to ethical concerns in patient care and supply chain operations. Effectively managing these risks is essential for regulatory compliance and to maintain public trust. These are some of the risks that healthcare organizations encounter:

• Breaches of patient data that cause privacy issues and can result in significant penalties, reputational damage and loss of trust.
• Ensuring that drugs, treatments and medical products are safe and effective. Product safety failures can lead to recalls, legal actions and patient harm, as seen in cases of defective medical devices or contaminated pharmaceuticals.
• Ethical considerations in clinical trials, including informed consent and the fair treatment of participants. Failures in this area can also harm participants and have legal repercussions.
• Various worker safety risks, including exposure to infectious diseases, hazardous materials and workplace violence.

Financial services

This industry faces significant ESG risks due to its operating practices and its extensive influence on other sectors. Financial institutions are often scrutinized for their investment choices, especially when they involve companies with poor ESG performance. Potential risks for banks and other financial services firms include the following:

• Climate risk exposure from investments in carbon-intensive industries, which can lead to financial losses due to regulatory changes and market shifts toward sustainable practices.
• Reputational damage from being associated with unethical companies, controversial projects or other industries with high ESG risks.
• Stringent regulatory requirements that can cause compliance problems for financial institutions.
• Failing to meet the needs of underserved communities and provide equitable access to financial services. Doing so can result in social backlash, heightened regulatory scrutiny and missed market opportunities.

Getting it wrong: Examples of companies that mismanaged ESG risks

The consequences of mismanaging ESG risks can be severe and far-reaching, as mentioned previously. The following examples illustrate how some of the world's most prominent companies have grappled with ESG-related crises, highlighting the critical importance of ethical business practices and proactive risk management programs.

• Wells Fargo. In 2013, aggressive and unethical sales practices emerged in a cross-selling scandal that involved bank employees creating millions of unauthorized customer accounts. As a result, Wells Fargo was fined $185 million by regulators in 2016 and then agreed in 2020 to pay $3 billion to resolve potential civil and criminal liability. It also lost customer trust and saw a significant drop in its stock value. The bank has since worked to rebuild its reputation by implementing stricter oversight and compliance measures.
• Volkswagen. The automaker faced global reputational damage and financial penalties due to a 2015 diesel emissions scandal. Volkswagen had surreptitiously installed software in millions of diesel vehicles to manipulate emissions tests, making the cars appear more environmentally friendly than they were. The discovery of this deception led to over $30 billion in fines, settlements and vehicle buyback costs, as well as significant damage to the company's brand and a drop in sales. Volkswagen has since committed to move toward electric vehicles and enhance its environmental compliance efforts.
• BP. The oil and gas company faced severe legal and environmental repercussions due to the Deepwater Horizon oil spill in 2010, one of the most significant ecological disasters in history. Following an explosion on an offshore drilling rig, millions of barrels of oil devastated marine and coastal ecosystems in the Gulf of Mexico, affecting local communities and industries, particularly fishing and tourism. In addition, the explosion killed 11 workers and injured 17 others. BP has paid more than $65 billion in fines, cleanup costs and compensation claims. The disaster severely damaged its reputation and led to increased regulatory scrutiny of offshore drilling practices throughout the energy industry. In the spill's aftermath, BP committed to improve its safety standards and operational practices.
• Nike. The footwear and apparel company faced significant backlash and reputational damage due to allegations of poor labor practices during the late 1990s and early 2000s. That included the use of sweatshops and child labor as well as unsafe working conditions in its supply chain. There were widespread protests and calls for boycotts, ultimately forcing Nike to implement stricter labor policies and improve supply chain working conditions. It introduced a code of conduct for suppliers, increased factory monitoring and partnered with independent organizations to ensure compliance with labor standards. These efforts have helped Nike rebuild its brand and demonstrate a commitment to ethical manufacturing practices.

These incidents share common threads. In addition to penalties, reputational damage and a loss of public trust, the fallout from them extended beyond the companies, affecting employees, suppliers, communities and even entire industries.

In response, each company was compelled to implement significant reforms. This is an important lesson: While ESG risks pose real business threats, they can also present opportunities for companies to become more sustainable, ethical and resilient.

Greenwashing by companies

A particular kind of ESG risk -- greenwashing -- arises when a company makes misleading claims about the environmental benefits of its products, services or operations. In some cases, this might be a deliberately deceptive marketing tactic. More often, it results from an over-optimistic view of an organization's ESG progress or a naive interpretation of the ESG metrics being tracked.

Volkswagen's diesel emissions scandal was a case of deliberate deception. Other examples are more complex. In 2019, the fast fashion retailer H&M launched its Conscious Collection, which was marketed as being made from "more sustainable materials." But the company faced a backlash when it was revealed that the collection contained more synthetic materials derived from fossil fuels than H&M's primary product line. This incident not only damaged H&M's reputation but also led to increased scrutiny of its overall sustainability claims. Multiple legal complaints were filed against the company, too, although two class action lawsuits in the U.S. were eventually dismissed.

These cases highlight the consequences of overstating or misrepresenting ESG efforts. As regulatory bodies worldwide tighten rules around ESG disclosures and marketing claims, companies must ensure that their sustainability communications are authentic, transparent and backed by verifiable data on ESG initiatives.

Best practices for managing ESG risks

Effectively managing ESG risks requires a structured approach. Here are some best practices to adopt:

• Identify and assess risks. First, evaluate your internal business operations and supply chain for possible ESG-related issues. You should also consider the likelihood of incidents and the potential scale of their impact. Creating risk assessment matrixes and impact assessment statements is helpful, especially when prioritizing the most critical risks.
• Mitigate risks. Develop strategies to reduce the likelihood and impact of ESG risks, starting with the highest-priority ones. This might include implementing new technologies, changing operational practices or enhancing compliance measures. Effective risk mitigation requires a proactive approach and a commitment to continuous improvement. In some cases, companies also opt for risk avoidance, which seeks to eliminate potential risks from business operations.
• Engage stakeholders. Involve both internal and external stakeholders in the risk management process for broader perspectives and support. They can include employees, customers, suppliers, investors, and local officials and residents. Regular engagement helps ensure that diverse viewpoints are considered and that the organization's ESG strategy and initiatives align with stakeholder expectations.
• Implement risk management policies. Establish clear policies and procedures to address ESG risks. Risk management policies should be aligned with industry standards and best practices; they should also be reviewed and updated regularly. Such policies provide a framework for consistent and responsible decision-making on ESG issues throughout an organization.
• Monitor and report on ESG risks. Continuously monitor ESG risks and report on them and your organization's ESG performance. This includes tracking key metrics, conducting regular audits and using available ESG reporting frameworks -- for example, the Global Reporting Initiative's GRI Standards plus the IFRS Sustainability Disclosure Standards and the SASB Standards, which are both overseen by the International Sustainability Standards Board. Transparent ESG reporting builds trust and accountability.
• Develop a crisis response plan. Prepare for ESG crises or incidents in advance. Despite best efforts, ESG issues can still arise, but a well-designed response plan will help fix problems more quickly. Create a designated crisis management team along with procedures for rapid risk assessment and remediation, a stakeholder communications strategy and a process for post-crisis reviews to identify improvements that can prevent future occurrences.

Since Apple's Foxconn crisis in 2010, the business stakes of ESG risks have only increased. Apple's response to the Foxconn incident -- implementing stricter supplier guidelines, improving transparency and investing in worker well-being -- demonstrates how companies can turn ESG crises into opportunities for meaningful change.

Companies that will thrive in this environment view ESG not as a burden but as an integral part of their business strategy and ethos. Managing ESG risks is not just about avoiding pitfalls -- it's also about seizing the opportunity to shape a more sustainable and equitable future.

Donald Farmer is principal of TreeHive Strategy and advises software vendors, enterprises and investors on data and advanced analytics strategies. He has worked on some of the leading data technologies in the market and previously led design and innovation teams at Microsoft and Qlik.