Categories
The ESG Report

Increasing the Speed of ESG Risk Management with Todd Boehler

 

Todd Boehler has over 25 years experience in the governance risk and compliance software space. He is currently Senior Vice President of Strategy at ProcessUnity, where he oversees third-party risk management. ProcessUnity is a company that is making good governance, risk, and compliance (GRC) practices and tools available to organizations via cloud-based, third-party risk and cybersecurity program management tools. Tom Fox welcomes Todd to this week’s episode of the ESG Report to discuss the relationship between third-party risk management and ESG. 

 

 

The Biggest Risk 

“In my opinion, third-party risk management has been the biggest risk in anti-corruption compliance,” Tom says. It’s something everyone in the company – up to the board level – has to be more consistent with. Todd agrees; it’s becoming more complex as time goes on, he adds. More businesses are outsourcing in order to compete. This brings accelerated risk. “You have to know where the risk lies inside of those [third-party] companies, otherwise you’re going to be accountable for that to your customers and your regulators and your examiners,” Todd points out. Your company needs to understand and mitigate risk prior to doing business with prospective third-party vendors. 

 

Evolving Risk

Todd runs ProcessUnity’s Partners and Alliances program and its product teams. His role involves growing the company ecosystem and investing in technology to help their clients manage risk and solve their problems more efficiently. “ESG has been an evolving risk area,” Todd tells Tom. “We help companies monitor and manage their third-party [risk] specifically, across all different areas of risk [including ESG risk].” ESG is a social mandate nowadays, he continues; more companies and regulators are acknowledging its importance. “We integrate and connect ESG data providers into our customer’s risk programs so that they can cover and understand ESG risk against their third parties,” he points out.

 

Monitoring Third-Party Risk

Tom asks Todd whether potential clients fully understand the need to monitor ESG risk and how ProcessUnity allows them to manage that risk. It depends on the maturity of the company, Todd responds. “Smaller companies that are highly regulated may be more mature than larger companies that are not so highly regulated,” he points out. It also depends on the stage they are in their roadmap, as well as how much they prioritize ESG risk against other types of risk. ProcessUnity helps them figure this out and how to grow their ESG program over time based on their specific industry. Building a culture of ESG is vital, as are sustainable procurement practices. Sustainable procurement refers to how businesses can identify and reduce the environmental impact of their supply chains. This requires monitoring third parties and ensuring that procurement practices are aligned to the ESG framework. He and Tom discuss the evolving work landscape, accelerated by the pandemic, and the accompanying increase in cybersecurity risk. The Russian invasion of Ukraine also spurred an uptick in sanctions screening. All this impacts how organizations manage third-party risk, Tom and Todd agree. “It’s an evolving world,” Todd comments, “things are changing fast, and you have to manage to the speed of change.”

 

Financial Resiliency 

Tom comments on the importance of financial resiliency of your third-party partners. If a company is not doing well financially, they may be unable to supply your products. They are more vulnerable to cyber attack because they may not be able to invest in cybersecurity, and they may be more easily persuaded to engage in bribery and corruption. Financial resiliency is a must, Todd says. Your company needs it, and your suppliers must also have it. “If your critical suppliers are having problems financially, you need to have a backup plan to be able to switch them out in dire straits,” he tells listeners. You also need to have a system to monitor those companies. Financial tracking is a good strategy here, he points out. He describes how ProcessUnity helps clients build a financial profile of their suppliers.

 

The Rise of ESG

ProcessUnity recently released a white paper, The Rise of ESG in Third-Party Risk Management. Tom asks, “What do you see as some of the key factors contributing to the relevancy of ESG on a worldwide basis?” He and Todd talk about the global push towards ESG and the corporate world’s response. A cultural shift coupled with new regulation is bringing ESG to the fore. Proper documentation of our ESG program will help you make better business decisions as well, both men agree. Your business will become more efficient and robust as well.

 

Looking Ahead

Tom asks Todd where he sees third-party risk management in ESG in 2025 and beyond. Risk professionals are thinking about and prioritizing ESG risk more, they agree. Todd adds that ESG risk attention will increase because there will be more data and more regulations. Additionally, there will be more people taking over executive positions who wish to implement ESG cultures and regulations in businesses that require ESG risk management. 

 

Resources 

Todd Boehler | LinkedIn | ProcessUnity 

The Rise of ESG in Third-Party Risk Management