"The ESG Report - Increasing the Speed of ESG Risk Management with Todd Boehler."

Todd Boehler has over 25 years of experience in the governance risk and compliance software space. He is currently Senior Vice President of Strategy at ProcessUnity, where he oversees third-party risk management. ProcessUnity is a company making good governance, risk, and compliance (GRC) practices and tools available to organizations via cloud-based, third-party risk and cybersecurity program management tools. I welcome Todd to this week’s episode of the ESG Report to discuss the relationship between third-party risk management and ESG.?

The Biggest Risk

?“In my opinion, third-party risk management has been the biggest risk in anti-corruption compliance,” I say. It’s something everyone in the company – up to the board level – has to be more consistent with. Todd agrees; he adds that it’s becoming more complex as time goes on. More businesses are outsourcing to compete. This brings accelerated risk. “You have to know where the risk lies inside of those [third-party] companies; otherwise, you’re going to be accountable for that to your customers and your regulators and your examiners,” Todd points out. Your company needs to understand and mitigate risk before doing business with prospective third-party vendors.?

Evolving Risk

Todd runs ProcessUnity’s Partners and Alliances program and its product teams. His role involves growing the company ecosystem and investing in technology to help clients manage risk and solve their problems more efficiently. “ESG has been an evolving risk area,” Todd tells me. “We help companies monitor and manage their third-party [risk] specifically, across all different areas of risk [including ESG risk].” ESG is a social mandate nowadays, and he continues; that more companies and regulators are acknowledging its importance. “We integrate and connect ESG data providers into our customer’s risk programs so that they can cover and understand ESG risk against their third parties,” he points out.

Monitoring Third-Party Risk

?I ask Todd whether potential clients fully understand the need to monitor ESG risk and how ProcessUnity allows them to manage that risk. It depends on the maturity of the company, Todd responds. “Smaller companies that are highly regulated may be more mature than larger companies that are not so highly regulated,” he points out. It also depends on the stage they are in their roadmap and how much they prioritize ESG risk against other types of risk. ProcessUnity helps them figure this out and how to grow their ESG program over time based on their specific industry. Building a culture of ESG is vital, as are sustainable procurement practices. Sustainable procurement refers to how businesses can identify and reduce the environmental impact of their supply chains. This requires monitoring third parties and ensuring that procurement practices align with the ESG framework. Todd and I discuss the evolving work landscape, accelerated by the pandemic, and the accompanying increase in cybersecurity risk. The Russian invasion of Ukraine also spurred an uptick in sanctions screening. All this impacts how organizations manage third-party risk, Todd and I agree. “It’s an evolving world,” Todd comments, “things are changing fast, and you have to manage to the speed of change.”

Financial Resiliency

I comment on the importance of the financial resiliency of your third-party partners. If a company is not doing well financially, it may be unable to supply your products. They are more vulnerable to cyber-attacks because they may not be able to invest in cybersecurity, and they may be more easily persuaded to engage in bribery and corruption. Financial resiliency is a must, Todd says. Your company needs it, and your suppliers must also have it. “If your critical suppliers are having problems financially, you need to have a backup plan to be able to switch them out in dire straits,” he tells listeners. You also need to have a system to monitor those companies. Financial tracking is a good strategy here, and he points out. He describes how ProcessUnity helps clients build a financial profile of their suppliers.

The Rise of ESG

ProcessUnity recently released a white paper,?The Rise of ESG in Third-Party Risk Management. I ask, “What do you see as some of the key factors contributing to the relevancy of ESG on a worldwide basis?” Todd and I talk about the global push towards ESG and the corporate world’s response. A cultural shift coupled with new regulations is bringing ESG to the fore. Proper documentation of our ESG program will help you make better business decisions as well, both men agree. Your business will become more efficient and robust as well.

Looking Ahead

?I ask Todd where he sees third-party risk management in ESG in 2025 and beyond. Risk professionals are thinking about and prioritizing ESG risk more, they agree. Todd adds that ESG risk attention will increase because there will be more data and regulations. Additionally, more people will take over executive positions who wish to implement ESG cultures and regulations in businesses requiring ESG risk management.?

What compliance and leadership lessons from the Star Trek TOS episode, And The Children Shall Lead? Join Tom Fox and learn about today's Trekking Through Compliance on the Compliance Podcast Network.?https://bit.ly/3BJTLd5

#startrekfan #enterprise #trekker #spock #tos #kirk #trekkie #captainkirk #startrektng #startrektos #staArtrekfan #startrekkers #startrektheoriginalseries