In our recent bulletin, we included an article on increased due diligence and reporting obligations in Switzerland and the EU, in which we observed that the world is moving towards an enhanced regulatory environment for ESG issues. Here, we consider in more detail what that increasing level of regulation and growing sensitivity around ESG issues means for the boards of commodities companies now.

The key messages are that boards must carry out careful due diligence and act on it, taking into account a range of factors, when assessing ESG risk; and they must take a global, rather than a "backyard," approach to doing so.

Identifying "red flags"

When assessing ESG risk factors, doing business with a counterparty where "red flags" are highlighted in due diligence goes beyond merely performing standard adverse press and sanctions listing checks. It extends to a broader understanding of what counterparty risks are. For example, if the country where the business is being done is in a conflict zone, what is the relationship with the supplier? Is the supplier flagged for, or is the board otherwise aware that the supplier has a history of high-risk activities such as funding terrorists, fraud, environmentally irresponsible waste dumping, or a poor record on broader human rights issues such as child labour? Do other risk factors suggest that the supplier might be listed for sanctions violations? Is the product being traded subject to special limitations in terms of customs, sanctions, or other due diligence considerations? Has the board taken appropriate advice on special risks and acted in accordance with that advice?

A global approach - ISO standards

Where "red flags" exist, boards must be prepared to demonstrate that they have exercised sufficient due diligence and made an appropriate response so as to ensure that the business done does not breach applicable standards. A good place to start in any jurisdiction is by getting familiar with the ISO 31000:2018 (Risk Management - Guidelines) and ISO 37301:2021 (Compliance Management Systems – Requirements With Guidance for Use), as published by the International Organization for Standardization (ISO).

The ISO 31000:2018, which replaced the ISO 31000:2009, has developed into a global standard for risk management. It identifies a number of principles to be satisfied in order to make risk management effective and establishes a process by which organisations can manage risk by seeking to identify it, analyse it and evaluate whether the risk should be modified in order to meet its risk criteria. The premise is that if an organisation's risk management is effective, it should be able to achieve effective compliance management. The ISO 37301:2021 builds on the ISO 19600:2014, which was the first global compliance management system standard.

A local approach

Directors and management should consider carefully what initiatives their company has put into place to give back to local communities, particularly when considering the impact of large mining operations or trades that significantly affect those communities.

They should also continue to monitor local developments throughout a project, rather than doing so once, at the outset. For example, a change in government could lead to a deterioration in respect for human rights or adversely impact the product supply chain (for example, if a company is suddenly required to make payments to, say, a militia group to ensure supply).

If there are unaddressed community or land rights claims, or keeping the supply chain working can be directly linked to escalating governmental violence, these are red flags that are likely to re-surface in both plaintiff claims and negative press. Ultimately, if counterparties cannot meet due diligence requirements, shutting down operations entirely may be a better, more ethical solution than future, damaging plaintiff-led legal action.

Increased scrutiny

A number of recent events have shown that companies are becoming subject to wider and more pro-active pressure to "raise their game" in relation to ESG. The voting of two members of an activist hedge fund onto the board of Exxon Mobil and the success of a Dutch class action against Royal Dutch Shell PLC in the Netherlands, requiring it to reduce its emissions by 2030 by 45% from 2019 levels are two recent examples.

Another example of the scrutiny which corporations are under is an initiative on operational grievance mechanisms (OGMs), set up by the International Commission of Jurists ("ICJ"). Businesses have a responsibility to respect human rights and many have developed their own OGMs or are part of a scheme to allow individuals or local communities affected by a company's operations to raise concerns. The ICJ's initiative looks at instances where these mechanisms, which were initially meant to assist local communities, resulted in unfair or unclear procedures and inadequate outcomes. A Consultative Group convened by the ICJ is comprised of academics and practitioners with practical expertise on OGMs. Its reports are published and lawyers will typically refer to such reports in court to explain the basis of class action or plaintiff grievances.

HFW comment

All the signs are that higher levels of corporate responsibility will be required in future, even if this is in exchange for direct profitability. Boards will want to meet these expectations and to ensure that the reputation of their brand is preserved. They should deal carefully with counterparties in situations where compliance raises "red flags" by putting into place realistic policies and procedures that they can demonstrate are being followed. In the long run, it is less expensive and more sustainable to invest in proper corporate due diligence, backed up by independently assessable metrics such as traceability.