Regulatory risk related to environmental, social and governance (ESG) disclosures has rapidly risen to the second overall position in Gartner’s latest Emerging Risks Monitor Report.

ESG regulatory requirements present organisations with both notable risks and opportunities, according to the survey of 153 senior executives in the second quarter of 2021.

“The survey data partly reflect a global inflection point as ESG disclosures move from voluntary to required,” says Matt Shinkman, vice-president with the Gartner Risk and Audit Practice. “The major move towards the top of executives’ concerns suggests many organisations might be playing catch-up to this incoming reality.”

ESG regulatory requirements landed in the second position in 2Q21 after not previously registering in the top five risks in 1Q21, which still mostly reflected pandemic-related concerns. Cybersecurity control failures, last quarter’s top risk, remained as the top risk reported in 2Q21.

Investor pressure related to ESG disclosures is not a new concern for executives, but established regulatory frameworks are only just beginning to become effective in some jurisdictions. The UK has become the first country to require companies to report on climate change, with the EU adopting a universal classification system. Major Australian banks and insurers are publishing the first comprehensive climate change reporting framework. Organisations will likely be faced with a patchwork of requirements until clear global standards emerge.

ESG: Risk and opportunity

While ESG regulatory requirements present a challenge to executives and their organisations this year, unlike many other “high velocity” risks, such as cybersecurity control failures, ESG is a slower moving risk. This presents proactive organizations and their enterprise risk management (ERM) teams with the ability to turn this area of risk into an organizational opportunity.

The senior executives polled in the latest survey agreed with this sentiment, ranking ESG regulatory risk as the second most viable risk to be seen as an opportunity, behind diversity, equity and inclusion (DEI) responsiveness, a risk that contributes to an organisation’s overall ESG posture.

“ESG can be a challenging and amorphous area for ERM teams to fully engage with,” says Shinkman. “With so much of the regulatory landscape yet to be written, ESG can present organizations and their ERM teams with opportunities related to being an early adopter in this space, potentially attracting new investors and ultimately reducing the cost of capital.”

Shinkman recommends that ERM teams co-ordinate across assurance functions and with the Investor Relations team to identify gaps in ESG-related risk management activities. Recent Gartner research highlighted one such example of a potential gap, showing that only 8% of referenced ESG metrics among S&P 500 companies related to governance concerns.

While continuing to engage and monitor stakeholder expectations for ESG disclosures, Shinkman says organisations should seek opportunities to become early adopters of measures such as sustainability reporting and other established frameworks that are likely to be codified within a future global regulatory framework.