With environmental, social and governance (ESG) issues top of mind in almost every industry, including at the recently concluded COP26 climate change conference in Glasgow, the burgeoning US regulatory landscape and accompanying litigation trends are giving rise to a variety of related commercial risks.

ESG-focused regulatory enforcement, shareholder litigation and shareholder activism, not to mention the associated risk of reputational harm, undoubtedly remain persistent and growing boardroom concerns. But these risks, which are summarized below, lay the groundwork for a new threat: ESG-related exposure from other entities with whom companies do business and in the value chain, such as joint-venture partners, suppliers, contractors and subsidiaries, whose own ESG failures could have disastrous consequences for a company that otherwise has its ESG house in order.

These risks could potentially have far greater and longer lasting value consequences, including subjecting the company to additional enforcement activity, securities litigation and consumer litigation; increasing the probability of commercial litigation with counterparties and third parties; and impairing or even destroying the underlying transactional or project value.

ESG comprises factors by which investors evaluate a company’s social and environmental conscientiousness and risk. The “E” focuses on climate risk and considers the impact a company has on the environment, such as greenhouse gas emissions, and the impact the changing environment has on the company, such as the transition to a carbon neutral economy. The “S” refers to a company’s human capital, including diversity and inclusion, as well as workplace conditions and human rights. The “G” embraces risk management and accountability: what are the firm’s business and investment strategies, commitments and risks; is the firm appropriately ensuring compliance with those commitments and attending to the risks; and is the firm properly disclosing material information related to “E,” “S” and “G”?

Investors care deeply about these issues. A recent poll of more than 2,000 Americans conducted by Morning Consult revealed that approximately three quarters of frequent investors believe that ESG is “very” or “somewhat” important when it comes to investing.

Not surprisingly, regulators are aiming to keep pace with the investment community’s ESG concerns. Perhaps most prominently, in March 2021 the US Securities and Exchange Commission created a Climate and ESG Task Force in its Division of Enforcement. The task force is focused on identifying material gaps or misstatements in public company disclosures of climate risks under the SEC’s existing disclosure requirements. The SEC is also in the process of formulating new climate disclosure requirements, spurred in part by President Biden’s executive orders implementing a “whole of government approach” to climate change.

These new disclosure rules are expected to be announced soon, and although the rulemaking process will take time, the SEC has made clear they will be designed to provide consistency, comparability and “decision usefulness.”

Climate risk is not the SEC’s only area of focus, and new disclosures could also involve board diversity, human capital management and cybersecurity risks, among other ESG issues. The SEC’s Division of Enforcement has already begun to tackle these “S” and “G” matters, with investigations into companies like Activision, regarding an alleged failure to disclose risks related to sexual harassment and discrimination, and an action against First American Financial Corp., charging failure to timely disclose cybersecurity risks.

The Department of Justice also has its eyes on ESG. In October 2021, the Deputy Attorney General announced that the agency is taking aggressive new actions to strengthen its approach to corporate crime, including in the areas of environmental justice and cybersecurity.

Other regulators and government agencies have likewise taken notice. For example, the US Treasury Department has called for enhanced disclosures; stock exchanges like Nasdaq have implemented board diversity rules requiring listed companies to have at least one “diverse” board member by 2023, and two by 2025; the Commodity Futures Trading Commission has formed a Climate Risk Unit that will focus on the role of derivatives in understanding, pricing and addressing climate risk; and US Customs and Border Protection is utilizing withhold release orders to prevent materials produced with forced labor from being imported into the United States. State agencies and attorneys general are also involved, suing companies like Exxon for allegedly failing to adequately disclose climate change risk and Activision, mentioned above, over workplace harassment allegations.

This investor focus on ESG issues and the resulting regulatory dragnet make clear that companies should develop identifiable and measurable ESG initiatives. Critically, companies must implement, or reinforce, compliance programs to ensure the company is taking steps to comply with those initiatives, and to ensure the accuracy of public disclosures about ESG, whether within formal SEC filings, or less formal sustainability reports or marketing materials. Firms must also be careful not to engage in “greenwashing,” where companies deceptively try to persuade the market that an organization’s products and practices are more environmentally friendly than they are.

Importantly, a failure of a company’s ESG compliance and faulty disclosure could result not only in regulatory enforcement action, but also securities class action lawsuits by investors alleging they were misled, as well as derivative claims by shareholders seeking to implement ESG reform through litigation. Regardless of the merits of these claims, they often prove costly, both for a company’s finances and reputation.

Given these regulatory enforcement and shareholder litigation risks, companies must be aware of and evaluate their exposure to ESG risks from other parties in the value chain, including contractual counterparties and acquisitions, for those parties’ failure to meet ESG commitments or comply with contractual or statutory ESG requirements.

For example, Company A states in its annual Form 10-K that it has policies and procedures in place to prevent illegal activity as to human capital, like forced labor, anywhere in its production chain. The market eventually learns, however, that Company A’s largest supplier of manufacturing components, Company B, uses forced labor to assemble parts. Not only is Company A sure to face regulatory enforcement action and shareholder litigation, in addition to reputational risk, but it must also address the breakdown of its ESG compliance with respect to its relationship with Company B, potentially through commercial litigation or arbitration.

Moreover, Company A’s inability to secure needed components could impact the success of the underlying investment, project or transaction, such that it may cause significant delays in delivery, construction, operation, loss of revenue or other consequential effects. Financing considerations may be implicated at any stage.

While there is no way to completely guard against these risks, companies can take steps to avoid them. For example, contracts should contain representations and warranties and commitments regarding relevant ESG matters, and companies should consider an audit right allowing them to review the adequacy of compliance programs within its value chain. Similar principles apply to M&A transactions, where enhanced due diligence may be necessary, and appropriately tailored ESG reps and warranties, as well as other material provisions, should be considered as part of the deal structure.

Commercial ESG risks are not just for public companies or large transactions. ESG issues affect all companies, and they should consider how ESG factors into everyday business. For example, given the evolving nature of the ESG regulatory environment, companies might consider such issues as whether a change in ESG-related regulations should be carved out of a contract’s force majeure or termination provisions.

In sum, in light of all the current sources of ESG enforcement and litigation risk, it is not enough to focus solely on ESG risk within an organization, as it is equally important to manage ESG-related risk outside the organization and allocate that risk accordingly.

Originally published in Reuters.