Coming clean with dirty laundry

This post was originally published in collaboration with Nishitha Parial, who has since moved on from her role at KPMG in Canada.

How should an organization respond to allegations or suspicions of ESG fraud or misconduct? To mitigate the potential for negative financial, legal and reputational consequences arising from alleged ESG misconduct, conducting an effective investigation is critical. The organization must take the investigation seriously and seek out the legitimate facts. Considering the bright spotlight on all things ESG—including public statements made by organizations in response to greenwashing and other negative ESG allegations—several factors should be considered when designing the investigation plan.

If an investigation is perceived to be superficial, perfunctory or biased, it is likely to be viewed as “whitewashing.” As discussed in our first post, organizations whitewash when they present investigation results that confirm a desired conclusion and/or that may not withstand scrutiny. Substandard investigations bear the risk of not providing the organization with the facts it needs to make the right decisions, potentially leading to further financial or reputational damages. Even investigations that are perceived as (but not actually) whitewashing can have their own negative consequences, ultimately putting stakeholder trust at risk. All possible care should be taken at all times.

With all of this in mind, investigations into suspected ESG-related misconduct should be carefully planned and executed. Here are 10 things to consider:

1. Fully understand the allegations 
ESG fraud can present itself in many ways. Because ESG practices and reporting are evolving, it’s important to have a fulsome understanding of the allegations, and their potential consequences, before commencing the investigation. Analyzing the allegations through the lens of the Fraud Diamond, as we discussed previously, can provide insight into the potential motivation, rationalization, opportunity and capability of the alleged fraudster and form a basis for investigative steps.

2. Identify potential stakeholders
Any number of stakeholders may be interested in the results of an ESG investigation, including:

• Regulators. The standards set for ESG-related disclosure requirements are evolving as securities commissions, stock exchanges and governments define requirements. The Competition Bureau has already been involved in enforcement. 
• Banks. Financial institutions are incorporating ESG-related considerations in their credit ratings and investment product offerings. 
• Investors. The importance of ESG is high on the investor agenda and is increasingly included in the investment decision-making process. 
• NGOs, activists or other non-financial interest stakeholders. As knowledge surrounding social issues and the impact of climate change becomes widespread, more activists are pushing for reform and demanding increased organizational accountability and transparency—and they are influencing public perception.  

3. Define clear objectives
Well-defined objectives can help ensure the investigation efforts are targeted and efficient. These might include stopping the misconduct, seeking restitution through civil litigation, turning over findings to law enforcement, recovering losses through insurance, punishing those responsible and discovering and remediating internal control weaknesses. 

In cases of ESG-related allegations made by third parties, objectives often include equipping the organization with the information to respond to potential adverse media coverage.

4. Put together a strong team
The investigation should be overseen and directed by a team that is both qualified and independent.

ESG investigations will typically require a combination of professionals with traditional investigation skills as well as those with deep subject matter knowledge specific to the allegations. For example, allegations of inappropriate biomass collection may require forestry experts.

5. Design a detailed and flexible work plan
Having a well thought-out plan acts as a road-map and helps keep the investigation efforts focused. That said, investigations by their very nature are dynamic, so the work plan should be sufficiently flexible to respond to new information as it is discovered.

6. Preserve and gather the right information
The typical digital information sources include computers, servers, emails and phones. However, as technology advances and digital footprints expand, remember to keep other sources of data in view. Instant messages, swipe card access, metadata, internet activity, geo-data and more can all contribute to a comprehensive view of related activity.

ESG-related data in particular can be both financial and non-financial and is often housed in various databases across an organization. The data collection methodology should be designed for collection at the right points in order to preserve data integrity in a forensically sound manner (e.g., understand the storage, rights of access, jurisdiction, privacy and other considerations). 

7. Identify interviewees with information relevant to the allegations
Think broadly about who should participate in information gathering and information seeking interviews. ESG knowledge often sits in various parts of an organization, and typically outside of Finance, such as within operations or the supply chain where key environmental and social impact data is collected, or human resources for inclusion, diversity and equity (ID&E) information.

8. Perform thoughtful analysis, including with the aid of technology 
ESG investigation steps may be both quantitative (on things like carbon footprint calculations and energy efficiency) and qualitative (on things like business and ethics evaluations, product safety methodologies and policy compliance). Meanwhile, data analytics and visualization are useful tools to help an investigator identify patterns or anomalies for further investigation.

9. Communicate for the audience
Reporting should be tailored to the audience and the intended use of the investigation’s findings.

After all, these may lead the organization to pursue discipline, civil action and even criminal actions, all of which may require different types of reports.  

As already noted, various external stakeholders may be interested in the results of an ESG investigation (regulators, banks, shareholders, activists), and it may be appropriate to prepare different forms of communications for each of these audiences—with legal consultation in the process—especially before making public statements.

10. Apply the lessons learned 
Once the dust settles, organizations should consider how to apply the knowledge gained to mitigate ESG misconduct risks in the future, which may include steps such as internal control remediation, business process improvements and additional training.

Following these tips can help organizations ensure they have a defensible investigation that can withstand public scrutiny—and help to avoid allegations of investigation “whitewashing”.

Stay tuned for the next post in this series, in which we’ll explore the potential consequences of being caught offside with respect to ESG practices and reporting.