Skip to content

ESG compliance – what it is, why it matters and what you need to know, October 2017

27 September 2017

Environmental, social and governance (ESG) compliance has become an increasingly complex and challenging regulatory environment for companies to navigate.

This briefing looks at the context for ESG compliance and some basic guidance for how to achieve it, and offers an overview of some key pieces of UK legislation, including the Criminal Finances Act 2017 which comes into force on 30 September 2017. These should form the basis of a company’s wider ESG compliance and reporting policy.


Increased levels of corporate transparency have been brought about by whistleblowing, corporate leaks and the huge dissemination of corporate information online, often through social media campaigns. Corporates and CEOs are increasingly being asked to exercise a high degree of moral and ethical leadership. These factors have forced companies to look more closely at their health and safety, environmental and wider human rights practices to ensure compliance not only with legislation, but also with developing moral and ethical expectations.

ISO Standards

On the global stage, the International Organization for Standardization (ISO) has issued two important reference texts in the form of international standards, one for risk and one for compliance:

  • ISO 31000 (Risk management – Principles and guidelines), published in 2009
  • ISO 19600 (Compliance management systems – Guidelines), published in 2014

The ISO 31000 has developed into a global standard for risk management, while the ISO 19600 is the first global compliance management system standard.

Risk management

ISO 31000 identifies a number of principles to be satisfied in order to make risk management effective. If an organisation’s risk management is effective, this should allow that organisation to have effective compliance management. ISO 31000 establishes a process by which organisations can manage risk by seeking to identify it, analyse it and evaluate whether the risk should be modified by risk treatment in order to meet their risk criteria.

Compliance management

The introduction to ISO 19600 defines compliance as “an outcome of an organisation meeting its obligations” which is “made sustainable by embedding it in the culture of the organisation and in the behaviour and attitude of people working for it.” ISO 19600 does not specify requirements, but provides guidance on compliance management systems and recommended practices.

What is “compliance”?

There are three key elements which impact on how businesses view compliance:

  1. The customer’s perspective
  2. The competitor’s perspective
  3. The regulator’s perspective

With customers demanding more from the companies they buy from, competitors looking to gain an advantage by highlighting their superior positive social contributions and regulators coming down hard on breaches of new legislation which imposes new reporting obligations, there is a heavy compliance burden on companies.

Recently, there has been a move by regulators to impose liability for compliance on entire organisations (as opposed to particular individuals). This has meant that companies have to be able to show a global culture of compliance and avoid structural issues that lead to non-compliance. Compliance is no longer confined to dealing with one-off cases and “bad apples” within organisations. The challenge lies in building and demonstrating a culture of compliance.

We discuss below several key pieces of UK legislation:

  1. The Corporate Manslaughter and Homicide Act 2007
  2. The Bribery Act 2010
  3. The Modern Slavery Act 2015
  4. The Criminal Finances Act 2017 (which amends and expands the Proceeds of Crime Act 2002)

The Corporate Manslaughter and Homicide Act 2007 (CMHA)

The CMHA was a landmark in the law when it was introduced in April 2008. For the first time, companies could be found guilty of corporate manslaughter following the death of a person as a result of serious management failures leading to a gross breach of a duty of care by the organisation.

The test contained in the CMHA provides that an organisation is guilty of an offence only if the way in which its activities are managed or organised by its senior management is a substantial element in the breach.

That is a lower burden for prosecutors to satisfy than the previous position, which required evidence that a senior individual who could be said to embody the company (also known as a “controlling mind”) was guilty of the offence.

Sanctions for a conviction of corporate manslaughter include unlimited fines, remedial orders and publicity orders.

Bribery Act 2010 (UKBA)

The UKBA created a new offence which is committed by a corporate body which fails to prevent persons associated with them from bribing another person on their behalf. This focus on criminalising organisations which fail to prevent conduct by other parties marks a new approach by the UK regulators. There are indications that the UK regulators will adopt this approach more widely, demonstrated by the new offences which are contained in the Criminal Finances Act 2017 (see below).

A company could be liable if a very senior person in the organisation (e.g. managing director) commits a bribery offence, or if an employee or agent pays a bribe in order to obtain a benefit for the company.

Corporate liability for bribery by associated persons can be strict, without any proof of any intent or wilful default on the part of the company, but the company will have a full defence if it can show that it had adequate procedures in place to prevent bribery. The UKBA covers offences committed in the UK and offences committed by a person with a close connection to the UK.

Modern Slavery Act 2015 (MSA)

The MSA has forced companies to look at their entire supply chain and to ask difficult questions of suppliers, contractors and their counterparts. Companies, whether public or private or a partnership, must comply with the provisions of the MSA if they meet the following two criteria:

  1. Global turnover of £36 million
  2. Carries on its business, or part of it business, in any part of the United Kingdom

Businesses that meet these criteria must publish a “slavery and human trafficking statement” for each financial year. This statement must disclose steps taken to ensure that slavery and human trafficking are not taking place in the organisation or in its supply chain. Alternatively, the statement should confirm that the company has taken no such steps.

The exact contents of the statement are not prescribed by the legislation. However, the MSA recommends six areas for consideration, including due diligence processes for understanding the supply chain and regular risk assessments on what parts of the business are most exposed to slavery and human trafficking.1

The statement should be published as soon as reasonably practical after close of each financial year and should be placed on the company’s website with a prominent link on its homepage.

A company publishing a statement that it has taken no steps to ensure these activities are not taking place is fully compliant with the legislation. However, this invites the obvious reputational risk which may prove more harmful than any other types of sanctions.

Criminal Finances Act 2017 (CFA)

When it comes into force on 30 September 2017, the CFA will impose a new raft of measures aimed at increasing state powers to tackle financial crime. It contains measures to obtain information, share knowledge and recover criminal property from companies in breach of the law.

The CFA amends and expands the Proceeds of Crime Act 2002 (POCA).

Part 1 of the CFA creates a new enforcement tool, known as an Unexplained Wealth Order (UWO). In essence the UWO requires a person (who need not be in the UK) to explain how property (which need not be in the UK) was obtained, in circumstances where the High Court is satisfied that there are reasonable grounds for suspecting firstly, that the known sources of the respondent’s lawfully obtained income would have been insufficient for the purposes of enabling the respondent to obtain the property and, secondly, that the respondent (or someone connected with them) has been involved in serious crime (which need not have taken place in the UK).

Part 2 of the CFA extends the money laundering powers under POCA to offences under the Terrorism Act 2000.

Part 3 of the CFA creates two new offences which relate to tax evasion, and which adopt a similar approach to the failure to prevent bribery offence under section 7 of the UKBA. The new offences give UK enforcement agencies powers to prosecute corporate bodies whose agents or employees fail to prevent the facilitation of tax evasion carried out by another person, including customers and suppliers, and changes the regime for suspicious activity reports.

The two new offences created by the Act are separate but related. The first targets facilitation of UK tax evasion and the second targets facilitation of foreign tax evasion. In either case, it is irrelevant whether or not the relevant conduct takes place in the UK.

The only defence available to a corporate body facing an accusation of committing either offence will be to show that the body has “reasonable prevention procedures” in place to prevent tax evasion being facilitated.

Institutional investors voting with money

Institutional investors such as sovereign wealth funds are increasingly taking a role in ensuring ESG compliance by voting for ESG changes at AGMs and even withdrawing investments where companies are seen to be lacking. By using financial clout to promote positive corporate behaviour, these investors are forcing companies into compliance.

One example is the Norwegian Sovereign Wealth Fund, the largest such fund in the world. With global investments of approximately £800 billion, the fund owns approximately 1.3% of global equities. This fund has recently focused on excessive CEO pay and voting rights. It refuses to invest in companies that fail to live up to environmental and ethical standards, including tobacco companies and manufacturers of certain weapons. Some publicly-listed companies (approximately 100 to date) have been banned from the fund for breaching human rights and causing environmental damage.

Challenges in the natural resources and commodities industries

Companies in the natural resources and commodities industries are particularly exposed to ESG challenges, in particular in relation to environmental issues, human rights issues and financial transparency: many of the largest and most complex oil and gas and mining projects are in remote and undeveloped regions of the world which may therefore involve particular environmental sensitivities. In addition, these areas may lack well developed legal systems or human rights protections. Recent years have also seen class action lawsuits brought against oil majors for pollution events where villages and local fishing industries have been impacted.

Many companies involved in these industries are therefore at the forefront of implementing corporate social responsibility and ESG compliance programmes.


It is more important than ever for companies to have comprehensive ESG policies in place. Businesses can no longer sweep breaches under the carpet by sanctioning and removing certain individuals within their organisations but must instead build a culture of compliance.

It is of course not possible for companies to monitor and supervise every action carried out by every individual within their organisation, but they can (and should) implement comprehensive policies and corporate governance structures, using the available resources such as the ISO standards for risk and compliance management.

Today’s rapidly evolving compliance landscape is increasingly technical and multi-jurisdictional in nature. Particular rules apply differently depending on which jurisdictions companies are operating in. Internal corporate policies and regulatory frameworks may benefit from regular independent audits by external lawyers, to help ensure – and demonstrate – compliance.

HFW is delighted to announce that it has won the dual accolade of being awarded the World ECR Export Controls and Sanctions Law Firm of the Year (Europe) 2017.

For further information, please contact the authors of this briefing:

Sarah Hunt
Partner, Geneva
T +41 (0)22 322 4816

Georges Racine
Partner, Geneva
T +41 (0)22 322 4812

Daniel Martin
Partner, London
T +44 (0)207 264 8189


  1. The six areas for consideration are; (1) The organisation’s structure, its business and supply chains; (2) Its policies in relation to slavery and human trafficking; (3) Its due diligence processes in relation to slavery and human trafficking in its business and supply chains; (4) The parts of its business and supply chains where there is risk of slavery and human trafficking taking place, and the steps it has taken to assess and manage that risk; (5) Its effectiveness in ensuring that slavery and human trafficking is not taking place in its business or supply chains, measured against such performance indicators as it considers appropriate; (6) The training about slavery and human trafficking that is available to its staff.
Download Briefing

Download a PDF version of ‘ESG compliance – what it is, why it matters and what you need to know, October 2017’