Skip to main content

ESG is here to stay: is your policy management framework ready?

Why a lackluster policy framework will create steep hurdles for ESG success


The world has experienced continuous change over the last few years, with it sometimes being difficult to know where the focus should be placed. The newest change facing the world has been brought about through generational shifts and increasing climate concerns: environmental, social, governance (ESG). From the introduction of a standard EU taxonomy for ESG to ESG data challenges (see [Zhig22] and [Delf22] respectively), it has become the buzzword of 2021/2022 for organizations and governments globally. However, those in ethics and compliance functions understand that ESG is not a new concept. In reality, this is more of a resurgence of concepts that have been combined due to their interdependence and growth from “nice to have” into regulatory obligations.

The ESG challenge

The United Nations Principles for Responsible Investment define ESG as shown in Figure 1 ([UNPR18]).


Figure 1. United Nations Principles for Responsible Investment definition of ESG. [Click on the image for a larger image]

The breadth of these definitions may be daunting for those functions tasked with developing successful ESG strategies in their organizations. What’s more, it challenges – and largely prohibits – the traditional approach by organizations to delegate an emerging risk or legislative change to a single function in accordance with their risk framework. Implementing and managing ESG successfully will require an integrated approach that stretches across borders and areas of expertise.

Regulators driving change

ESG-centered regulatory guidance and obligations have steadily grown over the past few years, and there are expectations that these regulations will come with teeth ([Roge19]); a key factor in driving real change. To date, regulations have been largely targeted at the sustainable investing and financial reporting obligations, supply chains or third-party risk and diversity requirements. For example, the EU Taxonomy was released to establish a common language when discussing and reporting on sustainability topics and metrics ([Link22]). The Dutch Central Bank (de Nederlandsche Bank (DNB)) has also taken steps to drive change by monitoring the level of ESG commitment in the financial sector. As of January 2022, “Climate-related risks are now also part of the fit and proper assessments of (co)policymakers of banks, insurers and pension funds. The financial undertaking in question must include in its screening application the candidate’s knowledge and experience with regard to such risks. DNB amended its suitability matrices to explicitly include this.” ([Link22])

Apart from new requirements, regulators like the United States Department of Justice (DoJ) have also chosen to reiterate existing obligations that remain relevant for the success of governance, risk, and compliance (GRC) frameworks. The updated DoJ guidance on evaluating corporate compliance programs is one such example that would also support a sound ESG strategy. As noted by [Bell20], “the adequacy of compliance programs is frequently relevant in civil enforcement brought by federal agencies such as the United States Environmental Protection Agency (EPA) and state environmental enforcers … and are generally recognized as foundations for effective environmental risk management”. This suggests that while the onset of new regulations will require change, organizations should also utilize their compliance frameworks to approach ESG needs in an integrated manner.

Where should you start?

With the increase in regulations and societal demand, organizations are seeking solutions to implement ESG into their organization. As a first step, conducting a materiality assessment of ESG topics will support the focus on the areas which are most relevant and impactful to build the ESG strategy ([KPMG20]). Through existing frameworks, organizations can bring their strategy to life by tailoring their ESG approach to what works for their organization without causing significant business disruptions in the process.

A policy management framework is one such framework that is both foundational and a connector between topics. Policies and procedures are the resource that organizations use to set common standards across their organization and support the realization of the organization’s mission, vision, values, and strategy ([Nave21]). The policy management framework is the resource to ensure that those standards are communicated, the roles and responsibilities concerning the standards are understood, and that the designated metrics are monitored and reported accordingly; all crucial elements for the success of ESG ([KPMG20]). Traditionally, siloed topics also naturally converge within the policy management framework. This supports a cross-functional approach to interdependent risks – of which ESG has in abundance.

Successful policy management frameworks should include at least the areas mentioned in Figure 2 to be effective and efficient.


Figure 2. KPMG Policies and Procedures Management Framework. [Click on the image for a larger image]

The policy management framework should build upon existing fundamentals that are in place in the organization. When bringing the policy management framework to life, organizations should ensure consistency amongst policies, accuracy to relevant laws and concerns, relations between policies and concepts, and the application of a risk / value-driven approach. Moreover, multinational organizations should ensure that the global framework accounts for local regulatory requirements and association to the global policies, as this is often a where misalignment can occur.

Reinvent or refresh?

Once an organization completes the materiality assessment and sets their ESG strategy, they need to build a solid governance structure and process to maintain it. Having a mature policy management framework will provide a standard template for ESG to be incorporated into the organization like other emerging risks. Leveraging regulatory monitoring and change management within the policy management framework would enable swift mapping of existing topics and functional areas to ESG, thereby identifying alignment opportunities and in-house expertise. For example, it may be the case that the organization already has established policies on the focus areas of their strategy. These could be refreshed to specifically tie in the ESG strategy, rather than creating a new set of ESG policies and procedures.

However, if an organization has treated policy management as an administrative necessity, further work will be required to be successful with ESG. As noted by [Doct21], “without effective policies in place, organizations will struggle to follow through with their ESG values as well as fail to effectively report.” Apart from an unrealized strategy, ineffective policy management can also result in increased legal costs and regulatory scrutiny. Therefore, organizations wishing to implement their ESG strategy should first review their policy management framework to ensure that the foundation is solid.

We have supported a variety of organizations in strengthening their Policy Houses and associated policy and procedure management frameworks. In one such case, we assisted a large financial services organization in establishing a meta-policy which detailed the overall framework approach, including governance, policy lifecycle, training and communications, as well as ongoing monitoring and effectiveness reviews. The benefits for that organization were to leverage a structured framework with sufficient documentation and tool-enabled to enable consistency for all core laws and topics to be covered based on their risk appetite and strategy. The organization successfully moved from a rule-based approach to a value-driven approach. This supports the overall understanding of and adherence to policies and procedures and fosters the desired culture.


Strong policy management frameworks lay the foundation for risk management. Organizations without this are likely to experience ESG implementation that is siloed and has overlapping existing risk areas, as well as a lack of structured monitoring to support compliance with extensive ESG regulations. So, from stakeholders and CEOs to compliance officers and general counsels, the decision makers and responsible persons across any organization should take stock of their policy management frameworks to prepare for ESG. A few questions to consider:

  • Have you invested in your framework recently?
  • Is your framework currently effective?
  • Do resourcing constraints point towards the opportunity to automate?
  • Is your framework sufficiently integrated to manage the multi-faceted risks that ESG brings?

If these cannot be answered “yes” with certainty, now is the time for proactive change; before it’s too late.

See also the other ESG article on Risk Management in this edition.


[Bell20] Bell, C.L. (2020, June 3). U.S. Department of Justice Revises its Guidance on Evaluating Corporate Compliance Programs. GreenbergTraurig E2 Law Blog. Retrieved from:

[Delf22] van Delft, M., Hoffman, C., Verhaar, E., & Pieroen, P. (2022). Mastering the ESG Reporting and Data Challenges. Compact, 2022(1). Retrieved from:

[Doct21] DocTract (2021, December 13). Why ESG Demands a Strong Policy Framework. Retrieved from:

[KPMG20] KPMG China (2020). Integrating ESG into your business. A step-by-step ESG guide for Hong Kong-listed issuers. Retrieved from:

[Link22] LinkLaters (2022). ESG Outlook in the Netherlands. Retrieved from:

[Nave21] Navex Global (N.D.). Definitive Guide to Policy & Procedure Management, second edition. Retrieved from:

[Roge19] Rogers, J. & Richardson, S. (2019, December). ESG investing: The sharpening teeth of disclosure. How to stay ahead of the curve, minimize future costs of compliance and feed the growing demand from investors for responsible products and services. White & Case Financial Regulatory Observer. Retrieved from:

[UNPR18] United Nations Principles for Responsible Investment (2018). PRI Reporting Framework Main Definitions. Retrieved from:

[Zhig22] Zhigalov, A. & de Graaff, G. (2022). Emerging Global and European Sustainability Reporting Requirements. Navigating the complexity and getting ready. Compact, 2022(1). Retrieved from: