Good governance practices are essential for managing both ABC and ESG risks. Poor governance and the associated lack of transparency and oversight can enhance the opportunities for corruption and increase the risk that a company will fail to achieve its environmental and social goals or comply with related regulatory requirements. Putting into place good governance is therefore the foundation for both ABC and ESG compliance programmes.

Effective governance models facilitate regular communication and reporting to identify patterns and compliance risks across the business, as well as setting the tone and strategy for a “culture of compliance”. ESG covers a much wider range of issues than ABC, requiring input from around the business (such as procurement, production, finance, IT, legal, people operations/HR, and marketing) and therefore can demand a more cross-organisational approach to governance. Where ESG sits within a company's governance structure will depend on its risk profile and the maturity of its existing compliance framework. Some businesses are expanding on existing ABC structures to absorb the wider ESG mandate, whereas others are establishing additional structures, such as cross-functional sustainability committees comprising representatives from across the business to manage specific ESG risks.

Businesses should consider whether their existing governance structures are fit for purpose to address broader ESG compliance, or whether additional structures and reporting lines should be established. Situating ESG within an appropriate governance framework will help embed ESG as a key, strategic concern across the business and ensure alignment, efficiency gains, effective reporting of risks and avoid duplication of effort.

Risk assessments are instrumental in helping a business identify its risk exposure, design appropriate controls to mitigate those risks and inform where resources should be allocated, and focus applied. Expanding the scope of an enterprise-wide ABC risk assessment to include ESG risks, such as human rights abuses, environmental crimes or social washing, can give the business a more detailed and nuanced risk profile and shine a spotlight on the business's particular areas of vulnerability to ESG risks in its operations and wider supply chain.

Mapping ESG risks as part of underlying ABC risk assessments, can bring operational efficiencies preventing the business from having to redesign new systems from scratch. Given the links between ABC and ESG (for example bribery that enables environmental crimes like illegal deforestation or unpermitted waste dumping), folding ESG due diligence into existing ABC risk assessment processes can also help to uncover potential risk areas more quickly, enabling the business to design effective controls in response.

Businesses should consider how ESG can be embedded into existing policies. For example, updating an existing “Speak Up” or Whistleblowing Policy to enable workers to raise concerns about environmental or social wrongdoing by the company (see below), or updating a Third Party Due Diligence Policy to include specific human rights and environmental risks that employees should consider when onboarding suppliers. These risks can also be built into existing supplier questionnaires as part of the onboarding process.

Ongoing monitoring and review of any compliance programme is also essential to ensure there are continual improvements to how risks are identified and managed across the business. Companies should regularly review their policies against the company's risk profile, changes to internal and external corporate structures, and any legal and best practice developments.

Effective management of third-party risks is a crucial element of a robust ABC compliance program. Many businesses are already used to implementing some form of ABC due diligence for their third-party relationships (as well as due diligence relating to other financial crime issues such as money laundering and sanctions) and the same processes of identification, assessment, and mitigation of risks can be used and adapted to ensure that the business's commercial partners align with a company’s standards and any incoming regulatory requirements. Companies can use their existing due diligence systems as a foundation, incorporating ESG-specific metrics into their due diligence processes and risk typologies, such as evaluating third parties’ environmental impact, labour practices, and governance structures.

In response to increasingly complex risk landscapes and third-party environments, companies are turning to technology as a more streamlined and cost-effective way to identify, manage and report ABC risks. Such technology can play an important role in collating data and information about potential third party ABC risks, such as through whistleblower lines, third party due diligence systems, training platforms and public sources like news and media outlets. Businesses can leverage this kind of technology to support broader ESG compliance. There is now a plethora of new software tools on the market, using technologies like AI, blockchain and geospatial technology, to help businesses map their supply chains, gather ESG data and draw out insights, such as “hot spots” and key risk areas. Given the increasing legal requirements for companies to monitor and report granular ESG data, like greenhouse gas emissions and geolocation data relating to deforestation, these tools can help fast-track companies' sustainability efforts and support legal compliance.

To mitigate against the inherent ABC risks of procurement and contracting, businesses often include contractual safeguards in their agreements with third parties to address ABC risks in its business activities and supply chain. These include anti-corruption clauses in supplier contracts, supplier codes of conduct and related warranties and robust enforcement mechanisms, such as audit rights and suspension and termination provisions. Businesses should review these provisions and consider any updates to ensure they are fit for purpose for broader ESG compliance. For example, contractual clauses in relation to ESG may need to go further than existing ABC requirements by including reporting requirements for specific ESG data, audit rights, and "flow-down” or “back-to-back” clauses to enable companies to conduct due diligence on their supply chain.

Companies should be particularly careful when contracting with small and medium-sized enterprises (SMEs) as certain ESG regulations, including the CSDDD, require that any contractual clauses with SMEs must be fair, reasonable and non-discriminatory to prevent companies simply shifting the compliance burden further up the supply chain. Unlike traditional ABC compliance, such contractual clauses may also need to be accompanied by other targeted and proportionate support for SMEs to facilitate compliance, such as training or low-interest loans.

A cornerstone of an effective ABC compliance programme is ensuring that training is rolled out to employees and directors to equip them with the knowledge and tools to help the business identify and manage ABC risks. Enterprise-wide and targeted training on a proportionality basis also helps instil a culture of compliance across a business. Training sessions should be regularly reviewed and updated to ensure they reflect updates to legal developments, international best practice, and internal policies. Building on existing ABC training programmes by including additional ESG-related material can help employees understand how ESG risks materialise in the context of their day-to-day business activities. It is important to ensure that training is not just a “check box” exercise but requires individuals to demonstrate understanding of how policies apply in practice in the business and include real life scenarios relevant to the business and its risk profile. Empowering employees to understand how ESG intersects with their day-to-day work and feeds into the business's broader sustainability programme helps to drive progress, ensure compliance and prevents teams accidentally undermining good progress that's happening elsewhere in the business.

Reporting mechanisms, such as whistleblower hotlines or 'speak up' channels, allow workers and other third parties to raise concerns on an anonymous basis. These mechanisms are vital to protect reporters, establish a culture that encourages reporting, and help the business understand and manage risks. Whistleblowing is now playing a pivotal role in ESG compliance and is increasingly used by employees as a tool to expose corporate ESG wrongdoing. At the same time, whistleblowing also provides an opportunity for the business to better understand and identify ESG risks, which it can then quickly rectify.

Businesses can leverage existing ABC reporting lines by expanding their scope to cover wider ESG issues. This would enable employees and third parties to report a broader range of concerns, such as child labour or worker exploitation linked with the business's suppliers. This can help the business monitor ESG risks and promote a culture of trust around the company's response to ESG concerns. To ensure your reporting mechanisms are robust and fit for purpose, it is important to ensure that those who "blow the whistle" are protected from retaliation for raising concerns by maintaining confidentiality and offering them support for speaking up. Monitoring from which parts of a business concerns are or are not being raised, will also be key risk mitigating factor.