Elevating ESG: how to establish and embed leading practices

By Rachel Nicolson, Jillian Button, Dora Banyasz
Climate Change Environment, Social, Governance Human rights obligations Risk & Compliance

Establishing a flexible framework

A confluence of factors is accelerating the importance of ESG and each of these has material impacts for organisations operating in Australia. The gradual introduction of new laws and standards is creating a strong impetus for organisations to start changing their behaviour now: changes in the EU for example are likely to shift the focus on ESG regulation globally and this is amplifying commercial pressures, while in Australia standards around disclosure issues are expected to become law, such as the climate vulnerability assessment being rolled out by APRA. The issue of generational equity is coming to the fore and being picked up by courts more often. For all of these reasons, it is essential to prioritise ESG. 

However, it is often unclear what an organisation 'should' do to meet, or ideally exceed, its stakeholders expectations. As a consequence, organisations are increasingly looking to international frameworks to guide them. What must a corporation do to meet stakeholder expectations and to empower its people to act with integrity and ask not 'can we?' but ‘should we?’ before making decisions? How can organisations embed a best practice risk and compliance framework that is flexible enough to evolve in line with shifting ESG standards and stakeholder expectations globally?

This insight will assist boards, senior executives, in-house counsel, sustainability teams, and risk and compliance leaders to act as strategic partners within their organisations as it shapes its ESG agenda.

Focus on ESG continues to increase

More than ever before corporations need social legitimacy to operate. In recent years, we have seen numerous significant risk, compliance and culture failings in companies that, at their core, are symptomatic of a lack of a robust and integrated ESG focus.

The three pillars of ESG – Environmental, Social and Governance – require companies to exercise greater scrutiny as to whether they are conducting their business sustainably and responsibly. ESG covers the full gamut of issues regarding:


Environmental impacts, including climate change, resource efficiency, biodiversity and species protection


Social impacts, including impacts on labour, community, vulnerable groups and other social stakeholders


Governance challenges, including anti-bribery and corruption, cyber and privacy, whistleblowing, transparency and disclosure, business ethics, remuneration and incentives, and accountability particularly for risk and compliance matters

Risks and opportunities

Stakeholder expectations and shareholder activism on ESG issues have increased in recent years, and will continue to do so. Having leading ESG commitments and practices embedded in a company's structures and processes from the board down are both a risk mitigant and enabler – they are a real asset and can lead to substantial success. Conversely, ESG failings can have significant commercial, operational and reputational consequences.

It is also clear that there is a high benchmark for companies in setting ESG standards - globally accepted norms that are captured in international laws and soft law standards set a high bar across these subject matter areas. For example:

  • the Paris Agreement on climate change;
  • the UN Declaration on the Rights of Indigenous Peoples as one such standard on engaging with First Nations peoples; and
  • the ILO Declaration on Fundamental Principles and Rights at Work on core labour standards, to name a few.

These international and soft law standards are also informing the development of legislation in these areas – with the global trend in modern slavery laws one such example. The ESG failures we have seen in recent years have shone the spotlight on the importance of going beyond compliance with domestic laws – the bar set by domestic law is too low as a reference point for setting ESG culture. Stakeholder expectations have shifted to align more with the global standards set by international laws and standards.

Looking ahead, companies should be thinking about what kinds of ESG related commitments they have made, what kinds of commitments they want to make, and how those commitments are being implemented and embedded in their risk and compliance frameworks. This is essential to aligning a company's commitments with what is practically happening on the ground. International law and soft law standards provide a framework for organisations to discuss these policy issues internally, to consider where to set the bar and to understand where your appetite sits against the high-water mark these frameworks have established.

International law as a tool to inform a robust ESG policy position and culture

Organisations faces a poly-regulatory environment - domestic laws are a baseline but recent events in Australia and elsewhere demonstrate that compliance with those domestic laws alone are insufficient to shape a robust ESG risk and compliance culture. Stakeholders – investors, employees, civil society – are holding organisations to the higher standards set by international laws and soft law standards. While international law is agreed to and applies between states and does not apply to companies directly, in some cases these state international law commitments are incorporated into domestic law (for instance leading anti-bribery laws and modern slavery laws).  In many cases companies have committed themselves to aligning with those international laws or standards by express reference in their policy commitments. Where such commitments are made, stakeholders are increasingly scrutinising (both before and after something goes wrong) whether companies are honouring those commitments and, in some cases, exercising their leverage to take action where they are not. In some jurisdictions, depending on the regulatory environment, a failure to do so can lead to misleading and deceptive conduct claims or shareholder actions.

International laws and standards are relevant to organisations shaping a strong ESG position and culture here and now. Going forward, these international laws and standards will continue to influence the direction of domestic law obligations imposed on organisations.

Different ESG subject areas are in varied phases of their progression from public opinion, through to international law and finally domestic law. Below we explore examples of relevant subjects where we see the narrative progressing strongly.

Environment – climate change


Climate change is an area in which international law is serving as a precursor to and, in a number of jurisdictions, a substitute for the development of domestic law around climate change abatement and mitigation.

Key benchmark: The Paris Agreement

The Paris Agreement sets out the global aspiration and high-water mark in relation to climate change. It will be extremely difficult to achieve the ambitious goals set by the agreement unless the private sector gets involved in a substantive and meaningful manner, but for this businesses need the right policy and finance signals in place to warrant retooling their strategies. On this front, and free of the complexities and extended timelines that often stymie or delay government regulation in Australia and elsewhere, there has been an increasing number of soft law instruments that seek to impact corporate responses to climate change. 

The key development here has been the proliferation of voluntary reporting standards that companies might adopt to aid disclosure of climate change-related financial risk. Notably, in 2016, the G20 Financial Stability Board established the Task Force on Climate-Related Financial Disclosures (TCFD), which released a set of recommendations for the voluntary disclosure of climate change-related financial risks in 2017. What sets the TCFD recommendations apart is their sophistication – they require companies to disclose qualitative data, including scenario analysis, which identify risks based on differing climate change-driven scenarios.

Similar to the UN Guiding Principles, the TCFD recommendations, are a voluntary reporting initiative that that is rapidly becoming mainstream given their endorsement by major investors, regulators and many major companies worldwide.

A global perspective 

There is currently no proposal to change the law in Australia to make climate-related disclosures mandatory. By contrast, the UK plans to take a phased approach to making climate-related disclosures under TCFD mandatory by 2025 for corporates, banks, asset managers and pension schemes, with premium listed companies required to report first in respect of the reporting periods starting after 1 January 2021.

In the EU, asset managers and other financial market participants will have to disclose a whole array of new sustainability data under the Sustainable Finance Disclosure Regulation, which in turn will mean investee companies will be under pressure to provide this information to their investors. The US and various other jurisdictions are also considering changes to their climate-related disclosure regimes. Closer to home, in April 2021, the Financial Sector (Climate-related Disclosures and Other Matters) Amendment Bill was introduced in the Parliament of New Zealand, which will require certain large organisations to report on their climate-related financial risk.

Australian regulatory bodies

As the business community converged on the TCFD recommendations as the authoritative standard for climate change narrative reporting, so too did Australian regulatory bodies. At the moment, such convergence remains indirect.

  • ASIC: In recent years ASIC has published a range of reports and guides concerning climate-risk disclosures and the circumstances in which a company may need to make such disclosures in its operating and financial review.1 These publications highlighted climate change as a systemic risk.
  • APRA: in its 24 February 2020 open letter to regulated entities, APRA reiterated that it encourages entities to disclose under the TCFD recommendations framework. Further, in its recently published draft cross-industry prudential guidance CPG 229 Climate Change Financial Risks, APRA seeks to assist companies to take a strategic and risk-based approach to the management of climate risks through existing risk management and governance frameworks.
  • ASX: In the 4th edition of the Corporate Governance Principles and Recommendations, released in February 2019, climate change is expressly mentioned for the first time. The Principles and Recommendations provide that a listed entity should disclose whether it has any material exposure to climate change risks and, if so, how it manages or intends to manage those risks. The ASX Corporate Governance Council recommends that listed entities adopt the disclosure framework set out in the TCFD recommendations.

Social – the corporate responsibility to respect human rights


The growing social reach and impact of business enterprises has sharpened understanding of the responsibility of business to respect human rights, with human rights covering the field of social impact, including engagement with labour and social stakeholders like communities and Indigenous Peoples who are either directly or indirectly affected by business activity.

There are many domestic laws that apply to business that aim to protect international human rights law standards – anti-discrimination laws, native title and cultural heritage laws and labour laws including most recently modern slavery laws, to name a few. However, it was widely recognised that these domestic laws failed to be comprehensive in their human rights protections against business impacts and, where they are in place, often set a bar that is significantly lower than the international human rights laws from which they originate.

Key benchmark: UN Guiding Principles on Business and Human Rights

As a consequence of these regulatory shortcomings, the UN developed the UN Guiding Principles on Business and Human Rights (UN Guiding Principles). These were endorsed unanimously by the UN Human Rights Council in 2011.

The UN Guiding Principles clarified the respective roles of states and companies regarding human rights – that it is the state's duty to protect those within their jurisdiction from human rights harms while it is the corporate's responsibility to respect the human rights of those persons it impacts directly or indirectly through its operations. The UN Guiding Principles set a baseline of standards for corporates to meet to achieve that respect for human rights. This is done by reference to: 

  • established international human rights laws that cover civil and political rights like the right to life or freedom from cruel, inhuman or degrading treatment or freedom of expression;
  • economic, social and cultural rights like the right to education, housing and work; and
  • issue-specific international human rights laws including those focused on eliminating discrimination on the basis of sex, race and disability, as well as those international laws that set out the specific rights of Indigenous Peoples, including in relation to land and cultural heritage.

The UN Guiding Principles go on to provide a roadmap for corporates to meet these international human rights law standards through practical risk and compliance mechanisms including policies, risk assessments, due diligence, training and reporting.

The UN Guiding Principles

As a guideline made at the international level, the UN Guiding Principles are not binding on business. However, they set a clear and accepted benchmark for corporate conduct regarding its social impacts. There has been widespread convergence around the UN Guiding Principles (so much so that the Hague District Court in the Netherlands in a recent decision referred to the 'universally endorsed content' of the UN Guiding Principles). In the business community the UN Guiding Principles are cited in many company policy suites and are commonly used as an audit tool to assess social impacts. They are increasingly a threshold issue for investors, and there is also increasing regulatory convergence around the UN Guiding Principles. We are seeing:

  • Issue-specific human rights laws, like modern slavery laws, referring to them. For example in 2018, the Australian Government passed the Commonwealth Modern Slavery Act 2018, which established Australia's national modern slavery reporting requirement. Under this requirement, certain large entities must publish annual modern slavery statements describing the actions they have taken to assess and address modern slavery risks within their operations and supply chain. The Commonwealth Guidance to the Modern Slavery Act explicitly refers to the UN Guiding Principles as a justification for introducing the Act, as well as a tool which can assist corporates to report robustly.
  • the UN Guiding Principles forming the bedrock for more comprehensive law reform in relation to business human rights impacts. The flagship proposal in this area has come in Europe where the European Commission has committed to introducing legislation in 2021 to make human rights (and environmental) due diligence mandatory for companies operating or domiciled in the EU. The Commission has noted that the proposal is meant to build on existing standards, such as the OECD Due Diligence Guidance for Responsible Business Conduct or the UN Guiding Principles on Business and Human Rights (UNGPs) – 'soft' laws that have paved the way for what 'good' looks like in this area.

This trend of embedment of the UN Guiding Principles in domestic law and business policy and practice will only increase, given the international legitimacy of this standard and the increasing focus on the 'S' in ESG.

Governance – bribery and corruption


A strong example of the 'hardening' of international law is found in the bribery and corruption sphere.

Bribery has long been considered inconsistent with fair and efficient economic development principles. However, despite this, for a long time the global approach to the regulation of bribery and corruption was piecemeal and at times inconsistent. Certain countries, in particular the United States, were early movers on anti-bribery measures – enacting the Foreign Corrupt Practices Act in 1977 in response to widespread payments made to foreign government officials by large US. companies. For a long time, though, other countries viewed bribery as a part of the cost of doing business in certain places and did not take steps to prohibit it

Key benchmark: OECD Anti-Bribery Convention

The OECD, at the behest of the United States, began to tackle bribery more directly in the early 1990s, establishing a Working Group on Bribery in International Business Transactions (OECD Anti-Bribery Convention). The working group included member nations as well as members of civil society, including Transparency International, other international organizations such as the World Bank and prosecutors from the United States and Europe. This culminated in the adoption of the 1997 Convention on Combating Bribery of Foreign Officials in International Business Transactions (OECD Anti-Bribery Convention). The Convention entered into force on 15 February 1999 and has been ratified by 44 countries, including Australia. Australia moved relatively quickly to incorporate these international law obligations into domestic law, criminalising bribery of domestic and foreign public officials in our Commonwealth Criminal Code. The UN Convention Against Corruption was adopted in 2003 and led to many more states passing similar domestic laws that applies to conduct at home and overseas. These international laws being incorporated into domestic laws have led to a global web of anti-bribery regulation that increasingly means that anywhere on the globe, a corporation and those acting on its behalf will be subject to very similar prohibitions regarding bribery.

What's next

We expect to see soft laws evolving into hard laws in numerous areas of ESG, in particular: engagement with indigenous peoples and protection of cultural heritage; racial discrimination; biodiversity impacts and water scarcity; and cyber and data governance. So understanding, and committing to, standards set out in international law makes good business sense – it is integral to building a robust ESG culture and essential in preparing your organisation for the inevitable introduction of domestic laws that take their guide from these international standards.

The increase in domestic regulation of ESG issues will place stronger pressure on companies to commit to global standards across their operations and supply chains and will likely be accompanied by greater regulatory enforcement and third-party litigation. Meanwhile, institutional investors, shareholders and community groups will continue to expect companies to report publicly against international and soft law standards to which they say they align. The rise in shareholder activism seeking disclosure on corporate alignment with the UN Guiding Principles and climate change commitments (such as alignment with the goals of the Paris Agreement or winding up of fossil fuel operations) demonstrates this trend.


  1. See ASIC Report 593 on Climate Risk Disclosure by Australia's Listed Companies published in 2018, and RG228 and RG247 published in 2019.