By Shaun Hurst, Principal Regulatory Advisor for EMEA, Smarsh.
ESG, the acronym that refers to the alignment of environmental, social, and governance performance and objectives with company practices and investor strategies, has evolved from being a ‘nice to have’ for companies and financial institutions to a concrete expectation. But with rising regulation, litigation and growing scrutiny from all stakeholders, the material – and also financial – implications for those who do not take ESG risks seriously are becoming ever more apparent.
Key to taking ESG seriously is capturing and monitoring data on business-critical ESG risks – after all, you cannot manage what you do not measure. While gathering, tracking and reporting environmental data is relatively straightforward, companies and financial institutions are more limited when it comes to finding a reliable method for monitoring the more human issues of social and governance within companies. How, for instance, can you spot the warning signs of potential misconduct and corruption until it is too late?
Social and governance
The answer to analysing these human issues is looking at human data, essentially communications. Moving from manual processes to digitising communication data capture and monitoring can allow social and governance risks within a company to be automatically identified and flagged. What’s more, it becomes possible to generate ESG value and better protect employee privacy and data security, and could go some way to reduce a company’s emissions.
ESG ambitions require accountability
Financial institutions are increasingly integrating ESG into their operations and investment strategies. This is due to rising awareness of the financial materiality of ESG risks and opportunities, as well as consumer preferences, talent acquisition pressures and market preferences. But as focus on ESG has increased, so has oversight by the regulators, pressuring financial institutions to monitor and disclose their own ESG performance and progress, as well as requiring the same of the companies in which they invest.
Reporting on environmental issues is an established activity. These factors can be monitored and reported with quantitative metrics. Emissions can be reduced in metric tons, for example, while reforestation can be disclosed by the number of new trees planted. Things get tricker, however, when it comes to the ‘S’ and the ‘G’. How can companies measure the more abstract issues of social and governance within their business to ensure compliance with regulations and their own ESG commitments?
Digitisation is the key
As ESG has taken hold of the business and financial worlds, so too, has another trend, digitisation. And as more business is conducted digitally, what organisations have in abundance is communications data. This data, unlike other types, is inherently human and may be the key to improving social and governance risk management.
Organisations rely heavily on communication tools and apps such as Microsoft Teams, Zoom, Slack, and WhatsApp to encourage collaboration and efficiency. Buried inside a company’s communications data are operational errors, insights, and so on that can help companies manage risk, offer more transparency, and better serve their customers.
Monitoring these channels has traditionally been a manual job exposed to risks such as human error and poor governance, which in turn, could lead to material financial outcomes such as regulatory actions from breaching directives such as MiFID II, and the FCA’s Senior Managers and Certification Regime and Treating Customers Fairly initiative. Still worse, some firms aren’t even monitoring certain channels, as seen in the recent high-profile SEC fines to banks whose employees used unsupervised WhatsApp channels to do business. In turn, the material financial risks are amplified by the potential reputational damage following such breaches.
However, there is scope to use technology to capture and interrogate this data. We now have cloud-based tools that can pierce the noise of communications to identify and manage non-compliance by using solutions that have strong capabilities for data archiving with full contextual detail, and AI/ML for data analysis and predictive risk detection.
For financial institutions, this enhanced monitoring via the cloud is beneficial on two levels: it helps them manage their own compliance better, and enables their portfolio companies to transparently report their performance to investors and shareholders.
Unlocking social value
The case for digitisation does not stop at risk mitigation. There are further ways that companies can use this information to be more agile, responsive, and better able to meet the needs of customers, partners and potential employees.
Using technology to monitor communications data means companies can monitor cultural issues, which can lead to reducing employee misconduct, improving employee productivity and boosting company morale and culture. Compliance, legal and HR teams can be equipped with tools that provide earlier visibility into information risks, and purpose-built solutions that capture, monitor and understand the conversational context of each content source are critical for understanding and responding to human behaviours.
Applying technology to monitor communications enables organisations to uncover policy violations and vulnerabilities across multiple functions and business processes. Legal, HR, infosec, audit and investigative teams can spot red flags that range from code of conduct violations, perhaps harassment or bullying, to loss of intellectual property, security exposures, and privacy violations.
Crucially, replacing on-premise servers with cloud-based technology means employee privacy and data security are less vulnerable to data breaches and cyber-attacks. This is because investment in cloud security R&D and cybersecurity expertise far exceeds what a large bank is capable of. Look at a company like Microsoft that invests around $1 billion a year on cloud security and employs more than 3,500 cybersecurity experts. Compliance with critical GDPR regulations, too, can be more easily managed through automated content retention and destruction policies.
A word on the environment
Of course, despite our social and governance focus thus far, we cannot talk about ESG solutions without weighing up the impact on the environment. Many existing compliance technologies were designed when on-premise storage was adequate for managing communications data such as email. Think large physical servers sitting in data rooms, swallowing up energy to run and cool the room. Times have changed.
As the overall volume and variety of data continues to increase, cloud-based servers have become a much-improved feature in the carbon footprint of information communications. This means shifting from energy-intensive servers to cloud-based technology can reduce a company or financial institution’s emissions, and even that of the latter’s portfolio.
Research into Amazon Web Services revealed that connecting to cloud-based servers can lower customers’ workload carbon footprints by nearly 80% compared to surveyed enterprise data centres. AWS claims this reduction could increase up to 96% once it hits its 100% renewable energy target by 2025.
Public cloud-storage services, too, are designed to accommodate exponential data growth and do this in an environmentally conscious manner. Moving to solutions hosted by the likes of Microsoft Azure or AWS allows organisations to take advantage of those companies’ existing, scalable data centres powered by renewables. The above research on AWS further showed that cloud-based infrastructure is 3.6 times more energy efficient than the median of US enterprise data centres and up to five times those in Europe.
The E, S, and G case for digitising communications data is clear – not only for protecting against operational, financial and reputational risk, but also for generating value.
Subscribe to our newsletter