ESG and internal investigations: New compliance challenges

The Rising Tide of ESG-Driven Investigations

Historically, internal investigations focused primarily on legal and compliance policy allegations involving fraud, corruption, sanctions, health and safety, and money-laundering. However, as Environmental, Social and Governance (ESG) concerns have come to the forefront in different jurisdictions, the scope of these inquiries is expanding in kind. This is spurred on by the introduction of new sustainability-related laws, such as the EU Corporate Sustainability Reporting Directive (CSRD) and Corporate Sustainability Due Diligence Directive (CS3D) and other jurisdiction-specific climate reporting regimes, as well as international frameworks such as the UN Guiding Principles on Business and Human Rights (UNGPs). As a result, the focus of today's investigations is increasingly shifting towards:

• Environmental compliance violations: Instances of improper waste disposal, violations of environmental laws, greenwashing, or misreporting of sustainability metrics.
• Social impacts: Allegations related to forced or child labour in the supply chain, community displacement or links to armed conflict that could damage a company’s reputation and result in significant penalties.
• Governance lapses: Failures in transparency, conflicts of interest, mishandling of whistleblower complaints, cybersecurity breaches, or lapses in ethical oversight that may undermine investor trust or invite regulatory scrutiny.

The integration of ESG into the investigation process brings new layers of complexity. Companies must now evaluate not only increasing ESG-related legal risks, such as those around mandatory human rights and environmental due diligence (mHREDD) mentioned above, but also reputational damage and stakeholder trust. In addition to typical investigation steps, new special procedures such as a human rights impact assessment (HRIA) or an environmental and social impact assessment (ESIA) may be required to analyze potential risks and violations in sufficient depth. This is made all the more complex as different jurisdictions have taken very different approaches to ESG. For companies operating globally, this requires navigating divergent legal and political expectations and reconciling expectations on how compliance functions must address alleged ESG violation.

Navigating the Complex Landscape

1. Interconnected Risks

ESG risks are often interconnected. For example, poor labour practices often occur in complex supply chains with governance challenges and community-related risks may be higher in jurisdictions with a history of conflict or systemic governance failures. Environmental harm inevitably impacts human rights, including the interconnected right to a clean, healthy and sustainable environment. Unraveling these complex relationships frequently requires a multidisciplinary approach and collaboration among experts from different fields, both within and outside the company.

As a result, in jurisdictions where ESG regulations have expanded, there is by necessity a need to expand the scope of internal investigations to consider such interconnected risks. The traditional focus on isolated incidents of misconduct is giving way to a broader examination of systemic issues that require taking a more holistic approach. Given the nature of emerging due diligence and reporting obligations, investigations now need to assess not only the particular allegation at hand, but also the impact of the alleged misconduct on the environment, climate, workers in the company’s own operations and value chain and local communities and indigenous populations.

2. Managing Communications and Reputational Risk

Managing internal and external communication is always essential in conducting internal investigations. In the age of social media and digital communication, investigations must be managed carefully with an eye on potential reputational fallout. With the rapid dissemination of information online, perceived delays in addressing an issue can amplify reputational damage. Internal investigations must therefore be capable of operating under intense public and regulatory scrutiny.

In the ESG context, this concern can be heightened. In some jurisdictions, there is a growing legal and regulatory focus on sustainability reporting. ESG performance is closely monitored by investors and the public and many stakeholders increasingly expect companies to respond swiftly and decisively when allegations of adverse impacts arise. In some jurisdictions, there can be increased pressure on companies to report on the outcomes of internal investigations, along with the steps taken to remediate issues and prevent recurrences. Balancing such transparency with legal privilege and confidentiality concerns (e.g., under applicable laws or to mitigate litigation risks) is a delicate act that requires a coherent strategic approach.

3. Integration of Advanced Technologies

Advancements in technology are playing a dual role in the ESG landscape. On one hand, digital tools and data analytics are revolutionizing how adverse impacts are identified and investigations are conducted. On the other hand, these very technologies introduce new risks and compliance challenges. Enforcement agencies have adopted advanced data analysis tools and expect companies to implement the same in their compliance and investigations functions.

• Data and analytics: Modern investigations frequently rely on vast amounts of data—from digital communications to environmental monitoring reports and supply chain information. Increasingly, such information needs to be gathered in response to ESG due diligence laws. In the context of an investigation, sifting through this data to uncover patterns and anomalies may present a challenge, particularly where there may be gaps in the information available.
• Cybersecurity and data privacy: As companies harness data to drive ESG reporting, they must also navigate the risks associated with data breaches and privacy violations. Protecting sensitive information while ensuring transparency requires robust cybersecurity measures, strict data governance protocols and fit-for-purpose mitigation measures designed to address the risks specific to the circumstances.
• Artificial Intelligence (AI): AI-driven predictive analytics can be critical to identifying potential investigation risk areas before they escalate into full-blown crises. These tools can help prioritise investigations based on the severity and likelihood of systemic issues. However, reliance on AI also raises concerns about algorithmic bias and the ethical implications of automated decision-making processes. New laws such as the EU AI Act increasingly seek to mitigate the negative impacts of AI, including by requiring human oversight in particular contexts.

4. Evolving Regulatory and Legal Standards

As mentioned above, regulatory frameworks around ESG are evolving at pace. As governments and international bodies implement due diligence and reporting requirements, companies must adapt their internal investigation practices accordingly.

• Global variability: ESG legislation and regulation differs widely across jurisdictions, and global supply chain laws require due diligence relating to impacts regardless of where they occur. Companies operating on a global scale need to navigate the actual and potential impacts that may occur in divergent contexts.
• Increased enforcement: Regulatory bodies across the EU and elsewhere are becoming more proactive in enforcing ESG standards and new legislation when implemented. This means that internal investigations must be thorough, well-documented, and capable of withstanding rigorous external scrutiny. Public statements in relation ESG issues need to be objectively defensible.
• Litigation risks: More onerous legal requirements also bring an increased risk of litigation. Companies need to be prepared for legal challenges; robust due diligence and investigation processes are important in ensuring companies gather the information necessary to respond to such claims.

The Essential Future of Internal ESG Investigations

1. Embracing Innovation for Continuous Improvement

As ESG becomes increasingly embedded in business strategy, internal investigations must continue to evolve. Future trends indicate a shift toward:

• Proactive monitoring: Instead of reacting to incidents, companies will increasingly need to adopt continuous monitoring systems that use real-time data to detect actual and potential ESG risks before they escalate.
• Integrated platforms: The development of integrated investigation platforms that combine data from various sources—financial, environmental, social, and operational—will provide a holistic view of a company’s risk landscape.
• Regulatory Technology (RegTech): Advances in RegTech will further streamline compliance processes, automating regulatory reporting and facilitating internal investigations to be both rigorous and compliant with ever-changing legal standards.

2. Building Resilience through Strategic ESG Alignment

For companies to thrive in this new compliance environment, they must view internal investigations as a strategic asset rather than a reactive necessity. By aligning investigative processes with ESG principles, organizations can:

• Enhance stakeholder trust: Transparent and proactive investigations build confidence among investors, employees, customers, and regulators.
• Mitigate long-term risks: Early detection and remediation of ESG-related issues can prevent costly legal battles and reputational damage.
• Foster a culture of accountability: Integrating ESG considerations into everyday business practices encourages ethical behaviour and continuous improvement across the organisation and its value chain.

3. Collaboration between Legal, Compliance, and ESG Functions

Breaking down silos within the organisation is essential for a holistic approach to ESG-related investigations. This requires businesses to adopt an innovative and agile approach to internal investigations:

• Cross-functional teams: As appropriate depending on the ESG risk area, form cross-functional teams that include legal, compliance, risk management, procurement, human resources and ESG / sustainability experts. These teams can bring diverse perspectives to the investigation process, ensuring that all relevant angles are considered. Be conscious of the design and operation of these teams in jurisdictions where legal professional privilege is a right.
• Centralized reporting: Establish a centralized reporting mechanism for ESG-related issues. This not only streamlines the investigation process but also facilitates comprehensive risk analysis and timely remedial actions.
• External collaboration: In some cases, it may be beneficial to collaborate with external experts or regulatory bodies. Independent audits and third-party reviews can add credibility to your internal investigations and enhance stakeholder trust.
• Crisis Management: Develop a cross-functional crisis communication plan specifically for ESG-related issues before a crisis arises. This plan should outline how to manage public perception, address media inquiries, and coordinate with regulatory authorities in the event of an investigation that garners public attention. Additionally, companies should also proactively consider how to remedy the adverse impact of an ESG-related issue.

4. The Role of Leadership in Shaping the Future

Ultimately, the success of ESG-aligned internal investigations hinges on leadership. Executives and board members must not only endorse these practices but also actively participate in shaping the company’s ethical landscape. By setting a clear vision for sustainability and accountability, leaders can drive the cultural changes necessary for effective ESG risk management.

Conclusion

As ESG issues become deeply intertwined with business performance, regulatory compliance, and legal risk, companies must adopt innovative and proactive investigative practices. The challenges are complex, but the rewards are significant: enhanced stakeholder trust, improved regulatory compliance, and a resilient corporate reputation.