*This article was first published in www.counter-fraud.com and www.i-law.com. Permission to republish this has been granted by the publisher.
Authors: Annabel Reoch, Partner and UK Head of Anti-bribery, Corruption investigation and compliance and Sophia Devaney, Manager, Forensic and ESG Integrity
An organisation’s value today amounts to more than its bottom line. Investors, customers, employees, suppliers, regulators and other third parties all have a growing interest in understanding how sustainable an organisation is today and commits to be in the future. ‘ESG’ is a term that has exploded in use and application, leading organisations to communicate these aspects of non-financial performance – namely their ‘Environmental’, ‘Social’ and ‘Governance’ performance.
There’s now a more universal understanding and acceptance of climate change. And, of course, we’ve seen a growing raft of international and domestic policy initiatives that aim to limit global warming to 1.5 degrees above pre-industrial levels.
That has led to organisations making public statements concerning commitments and initiatives to become more sustainable. These include future-looking targets on reducing emissions and waste, as well as efforts to build a just and fair society – themes at the heart of the United Nations Sustainable Development Goals.1
Organisations are also disclosing information about non-financial performance relevant to these targets. And in many cases, they’re choosing to go above and beyond mandatory disclosure requirements to divulge additional information voluntarily on progress against ESG metrics, targets and ambitions.
Greater disclosure and reporting helps organisations inform shareholders and other interested stakeholders, secure continued or preferential access to capital, differentiate themselves from their competition, and attract and retain talent. But it can also foster a new environment for fraud and inaccurate reporting to take place.
In particular, the degree of scrutiny on the sustainability of organisations has cast attention in the public domain on ‘greenwashing’. This is where accusations have been levied against organisations that they are not walking the talk when it comes to what they say about their ESG credentials.
ESG fraud is also a term that has come into use to describe intentionally false or misleading statements on ESG matters.
In this article we discuss how the changes in the regulatory and legal environment, including the new ‘failure to prevent fraud’ offence2, sharpen the focus for organisations on the importance of integrity in their ESG claims and disclosures.
How is ESG changing the fraud landscape?
The Fraud Act 2006 identifies three classes of fraud:
- Fraud by false representation
- Fraud by failing to disclose information
- Fraud by abuse of position
The pressure on organisations to be transparent about their environmental and social impacts creates a new dimension in the landscape of corporate fraud.
Typically, the fraud triangle has been used to explain three conditions which can enable fraud to take place:
- Firstly, fraud can arise as a result of pressure or incentive for an individual or organisation to commit an act of fraud – personal gain for example, or pressures from senior management to achieve performance targets.
- Secondly, an opportunity for the fraud to take place would present itself – for example, a team of only one or two people who are able to override controls designed to prevent or detect fraud.
- Thirdly, the individual or organisation would be able to rationalise why the act of fraud was OK – for example, if they thought no one would find out or there would be no loss or consequence to the business from doing it.
Conventionally, this model has been used to explain how financial fraud can occur – for example, intentional manipulation of sales performance so targets can be met or exceeded. But the model can also be used to illustrate how fraud can occur in relation to an organisation’s ESG claims or metrics:
How is this issue emerging in practice?
The conditions shown in the ESG fraud triangle above give rise to an entirely new application of fraud in a sustainability context. For example:
- The pressure to show progress or commitments on ESG in annual reporting may be so great that reports and disclosures are falsely represented or fail to disclose information in order to present an otherwise more positive story on ESG performance.
- The opportunity for the organisation to gain market share from competitors by publicising ESG claims differentiating itself or its products which are unsubstantiated or false.
New legislation brings ESG fraud further into focus
The main consequences of ESG misstatements so far have been reputational damage. But the introduction of the 'failure to prevent fraud’ offence in the UK Economic Crime and Corporate Transparency Act 2023 introduces a far more serious penalty.
The new ‘failure to prevent fraud’ offence sets out a definition of fraud that also includes:
- Dishonest sales and trading practices that hide information from parties such as consumers or investors
- Dishonest practices in financial markets
This definition of fraud could therefore include ESG statements and claims found to be dishonest or that fail to provide a full, balanced and fair picture – for example, by manipulating or falsely representing ESG data to enhance its image on sustainability. Crucially, whether or not this constitutes a fraud offence will depend on whether it was an intentional act of deception.
Any organisation that is found to be engaging in such practices may be caught under this new legislation. And that means it could face prosecution and potentially unlimited fines.
Furthermore, the ‘failure to prevent fraud’ offence will apply regardless of whether the organisation’s senior management were aware of the offence being committed. If employees in the organisation commit fraud on behalf of the organisation, senior management will not be able to claim it was unaware of the fraud as a mitigation.
The only defence for large organisations will be evidence that they have in place ‘reasonable procedures’ to prevent or detect the fraud from happening in the first place. The government will be providing guidance on ‘reasonable procedures’ to shed further light on this in the coming months. It’s important for large organisations included under the scope of this legislation to use this as a tool to assess their exposure and enhance their compliance.
The responsibility for identifying and mitigating fraud risk typically sits with the finance function - but compliance officers in the organisation are likely to be instrumental when responding to this legislation due to their experience in designing, implementing and monitoring such ‘adequate’ and ‘reasonable’ procedures under the UK Bribery Act and UK Criminal Finance Act.
What should organisations be doing now?
The ‘failure to prevent fraud’ offence came into law on 26 October 2023, so large organisations must take steps now to make sure they are ready.
Firstly, we recommend organisations carry out a robust and comprehensive exercise to identify the risks where fraud has the potential to occur in a way that benefits the organisation. Do not neglect to consider how this could also apply to any ESG claims, statements or disclosures your organisation makes.
Secondly, organisations need to understand their current mitigation response to the risks and whether it is sufficient and appropriate in the circumstances. Would it satisfy what the ‘failure to prevent fraud’ offence considers as a ‘reasonable procedure’? Does it reduce the residual risk level to what the organisation can accept in line with its risk appetite?
When it comes to ESG, organisations should expect to find that they have a much less mature risk management framework in place – and it may not be aligned with the potential impact of claims or accusations of greenwashing or ESG fraud on the organisation’s reputation.
Furthermore, organisations may struggle to understand where accountability lies if ESG data, information or activities feeding into claims or reporting are decentralised across different departments, functions or business units. If employees accountable for these activities do not have any prior compliance or fraud background or awareness, they may not be aware of the risks or what could go wrong and there may be a greater likelihood of accusations or adverse press concerning sustainability.
Three-step approach to understanding and managing ESG fraud risk
If understanding and managing ESG risk in your organisation is a concern, we suggest organisations can start by taking a three-step approach:
- Determine who in your organisation is taking accountability for leading the response to the new ‘failure to prevent fraud’ offence.
- Undertake a refresh of your fraud risk assessment to consider how ESG washing or ESG fraud risk could occur.
- Does the control environment need enhancing?
- Identify where risks exist that are not being adequately managed
- Should you do something about them?
- Does the risk require new or broadened defences or can the level of risk be accepted?
In the current environment of increased regulatory scrutiny and evolving laws and regulations, your organisation needs confidence now more than ever in the ESG information being communicated to regulators, investors and the public.
The stakes are high for organisations falling short, with the potential for irreparable damage to their reputation and potentially unlimited fines. Therefore, the costs facing organisations that get this wrong are likely to be far higher than the costs of ensuring an adequate risk management framework is in place.
