Fair warning: The cost of inaction is great
Looking at regulatory fines and tangible costs
Undoubtedly, the attention on ESG has been focused on comparable data for the markets that have led to global regulations and regulatory frameworks. The pressure created has led ESG to become equated to ESG data and, therefore, to a compliance exercise.
In talking with companies, it is clear that this pressure is driving them to collect and disclose a set of metrics for fear of regulatory retaliation. Of course, downstream value chains create similar pressure, as B2B customers want to understand who they are doing business with and report their holistic metrics, like Scope 3 emissions.
Despite CSRD and ISSB focusing on materiality, companies miss the connection between the data, ESG, and action. Reported data must be returned internally to build resilience, prevent fundamental, self-inflicted issues, and minimize the effect of unpredictable external disasters.
We are still early on with ESG regulations. Still, I wonder whether disclosures, which consume the mindshare of the management team, cost less or more than the damage that can be done when companies mismanage ESG issues.
Regulatory Risk: Fines
The EU’s CSRD has to be implemented by individual countries, making the exact fines and their language unavailable. Most websites about CSRD look to the previous ESG regulation, NFRD, for guidance. The penalties for not complying with NFRD could be €10M or up to 5% of global turnover (the company’s total revenues). Of course, there is a chance that the company could also have its operating license revoked. Along these lines, the lack of Governance, as always, could take the company down.
NOTE: There are also reputational risks with not complying with regulations or acting, but I will leave those aside for this comparison.
For an EU company like SAP with €31B in annual revenue, a fine like this would represent up to around €1.5B. This is no small number, but as each member country can define its process, it is unclear what the actual repercussions will be.
Another way to look at this is through the investment in complying. Earlier this year, a PwC-Workiva survey found that 61% of CEOs believe this regulatory compliance would cost around $750k (€686k) in the first year. For any company making over €13M in annual revenue, that investment is worth an ounce of prevention, especially if they can find the right automated tooling and implement the right data collection strategies and processes to lower costs.
This seems like a Governance no-brainer since the investment would save on the penalty: Invest now to avoid heavy fines in the future. Still, unless in an extreme case where the operating license would be revoked, which is a severe risk, we’re talking about what amounts to a minimal investment against revenue.
Remember that CSRD expects companies to be indirectly incentivized to disclose metrics and risk through reporting and scrutiny. It requires publishing goals and transition plans, meaning ongoing investment is needed to improve operations. The effect of the regulation in driving action, as with the fines, remains to be seen.
ESG: Fines, Costs, and Disruption
While there are emerging fines for not complying with ESG disclosures, there is only one way to compare against the potential costs of an ESG issue: look at existing regulatory fines and compare them to the actual costs to the company for the same event.
Case Study 1: The Dam Breaks for Vale
In January 2019, a dam near Brumadinho, Brazil, collapsed and flooded. The dam was holding wastewater for Vale, a mining company. The flood drowned the workers’ cafeteria, flooded several homes, and polluted the waterways.
ESG Relationship: A Governance issue that had an Environmental and Social Impact.
SEC fines for misleading investors on the issue: $55.9M
Reported costs to the company: $7B
Vale’s 2022 revenue was reported to be $43.8B, so the cost represents approximately 16% of annual revenues.
Case Study 2: Profit Derailed
In early 2023, a train operated by Norfolk Southern derailed in East Palestine, Ohio. Several toxic chemicals entered the atmosphere and spilled into the soil. I’m fascinated by this case as it introduced new stakeholders to the company in the form of the community affected.
ESG Relationship: A Governance issue that had an Environmental and Social Impact.
EPA fines per day if the cleanup by the company wasn’t sufficient: $70k
Reported costs to the company (so far): $1B
It would take over 14,285 days (or 39 years) of daily EPA fines to reach $1B. Norfolk Southern’s annual revenue for 2022 was $12.7B, putting the cost at just around 8%.
The costs of inaction are greater
Regarding ESG issues, the costs are more significant than the fines, so why is the corporate world so focused on regulatory disclosures? Oof - that is an excellent question.
Observationally, the regulations serve as a focal point for companies. They must comply, there is a clear timeline to complete this work, and the fines and repercussions will be set. On the other hand, addressing an ESG issue is like insurance; even the most risk-averse companies miss the connections around what ‘might be.’
Still, the company that ignores its ESG risks will be worse off, disclosures or not. These particular examples are related to externalities that the companies appear to have wrought on themselves. Yet, there is still a massive, overlooked risk in the rush to disclose that so many companies are missing, so let’s do one more.
Case Study 3: The Earth Strikes Back
The costs of extreme weather keep piling up, making climate risk one of the top material issues for any company with assets in the physical world, which is every company, digital native or not. And so it isn’t always a Governance failure that leads to an issue.
In July 2023, a tornado ripped through a manufacturing facility owned by Pfizer. Tornadoes are notoriously difficult to predict and defend against.
ESG Relationship: An Environmental effect on the company, leading to a business risk
Fines: None
Reported costs to the company: $209M
For context, Pfizer’s 2022 revenue was $100B, so this one represents a paltry .2% of their revenue. So, what can we learn here?
First, Pfizer’s ESG report contains environmental metrics, including carbon, water, and waste. They even have a materiality matrix (or Priority ESG Issues) and list Product Innovation as their top priority. I love to see thoughtful ESG approaches like this. Relevant to this topic, one of the upper right quadrant items and highest priorities is climate change.
Yet, despite these disclosures and alignment with this material issue, it didn’t save the company $209M from tornado damage.
Second, with extreme weather increasing dramatically due to climate change, these events will likely become more frequent for companies and their value chain. In other words, Pfizer’s singular $209M event is likely not a one-off event, and companies should heed the warning: Climate risk is material for all and will only compound if you and your suppliers don’t adapt.
Third, the nature of business is changing due to globalization, intangibles, new corporate accountabilities, and interconnected risks. Climate risk is just one of the outside forces affecting companies from the outside.
When considering your approach to ESG, remember that disclosures are required in some jurisdictions, and there is a cost to ignore. Still, there is greater value in the data to prevent ESG issues that will help the company save on actual costs if you’re willing to make the proactive investment.
Is it worth a short-term investment to ensure long-term resilience?
This is the kind of analysis you will find in my upcoming book, “ESG Mindset,” coming from Kogan Page in April 2024. If you like it, pre-order it here!