ESG Integrity: Safeguarding against the rise in ESG-related fraud

As featured on BusinessMirror:  ESG Integrity: Safeguarding against the rise in ESG-related fraud

The landscape around ESG-related disclosures and compliance is evolving. Regulators are accelerating efforts over mandatory disclosure requirements and taking action against ESG-related misconduct, in a bid to boost the transparency and accountability of companies. For instance, the Singapore Exchange (SGX) has introduced mandatory climate reporting on a “comply or explain” basis commencing financial year 2023. While there has not been any enforcement action taken in Singapore, the SGX could soon take other countries' lead in doing so.

Against this backdrop, it is no surprise that ESG-related fraud is also on the rise. ESG-related fraud refers to misrepresentations of ESG practices or performance to improve ESG ratings, demonstrate compliance with ESG-related disclosures or to attract stakeholders (e.g., greenwashing).

ESG-related fraud is not new, as it shares many characteristics with financial fraud and misstatement. Companies may misstate ESG-related targets and disclosures to deceive their stakeholders, which may include non-financial disclosures, such as total water consumption or greenhouse gas emissions.

Like other frauds, ESG-related fraud could lead to expensive and disruptive consequences, including fines and penalties, reputational damage, and loss of investor confidence. ESG-related fraud has the potential for additional impact on the environment and on society, as it means that a company may ultimately have failed to operate sustainably.

To achieve ESG integrity, ESG-related fraud risks should be a core component of your company’s risk management strategy, encompassing both proactive and reactive controls.

• Tone at the top – Do your Board and management "walk the talk" on the importance of ESG and the integrity of its reporting? How is this commitment and expectation communicated and reinforced to the rest of the company?
• Oversight – Is there appropriate oversight of ESG controls and segregation of duties to mitigate the risk of ESG misconduct and misstatement? Are there defined roles and responsibilities for your ESG compliance programs and disclosures?
• Communication and training – Are ESG topics incorporated into your employee training? How is their awareness of ESG and ESG-related fraud measured?
• Fraud risk assessments – Have you refreshed your fraud risk assessment plans to include specific ESG-related risks (e.g. human rights breaches or environmental breaches)? Does your fraud risk assessment consider ESG misconduct (e.g. greenwashing) or mandatory reporting breaches?
• Third party risk management – Are ESG risk assessments applied throughout your supply chain? If vendors provide you with ESG data (e.g. greenhouse gas emissions), how do you gain comfort on the reliability of this data?
• Policies and procedures – Do your policies, procedures and internal controls cover ESG-focused risks (e.g. supply chain related bribery & corruption, verification of non-financial disclosures of ESG metrics, and human rights issues in human resource policies)?
• Technology – Do you leverage automated reporting to monitor the data used for your mandatory ESG disclosures? Are you using technology to proactively identify ESG-related fraud risks before they happen?

• Data analytics – Are you using data analytics to detect unusual ESG metrics that may be too good to be true? How do you scrutinize ESG data provided by vendors to gain comfort on its reliability?
• Independent reporting channels – Are there independent channels of communications to facilitate the reporting of potential ESG-related fraud?

• Planning – Do you have a formalized process to respond to allegations or suspicions of ESG-related fraud or misconduct? Does your investigation withstand scrutiny or is it at risk of being viewed as “whitewashing”?
• Stakeholders – Have you considered all relevant stakeholders, both internal and external (e.g. regulators, investors or non-financial interest stakeholders)?
• The right team – Is your investigation team both qualified and independent, with the appropriate subject matter expertise?
• Investigation methodology – Does your investigation encompass both quantitative (e.g. total workforce composition) and qualitative data (e.g. witness evidence on working conditions)? Are you utilizing technology to retain and analyze complex and disparate data in a forensically sound manner that can withstand scrutiny?
• Communication – Are the results of your investigation tailored to and shared with the appropriate parties? Do you have a communications plan to address any public fallout from investigations?

• Once the dust settles and the root cause of the ESG-related fraud is identified, do you have a plan to apply the knowledge gained to mitigate ESG misconduct risks in the future (e.g. internal control remediation, business process improvement, technology implementation or external assurance and review)?

We can work with you to design, implement, and assess your ESG integrity compliance programs, based on KPMG proprietary methodologies, regulatory guidance and globally recognized leading practices. We have extensive experience in assisting clients in responding to ESG integrity concerns, whistleblower allegations and litigation.