Why ESG Risk is Business Risk

In 2020, Rio Tinto legally blew up 46,000‑year‑old Aboriginal rock shelters at Juukan Gorge in Western Australia to expand an iron‑ore mine.1 The caves contained evidence of continuous human occupation over tens of thousands of years and were sacred to the Puutu Kunti Kurrama and Pinikura (PKKP) people.2

The blasting was technically lawful under existing approvals,3 but it triggered widespread outrage, a parliamentary inquiry,4 and the resignation of the CEO and two senior executives.5 Investors and ESG analysts had already flagged Rio Tinto as weak on community relations and governance factors capturing “risk of operational disruption due to community opposition”.6

It seems obvious that blasting someone’s spiritual sites to pieces would be considered harmful, so why wasn’t Rio able to see this before they did it?

The short answer is: their risk system did not treat those caves as a business risk. They thought it would be enough to simply get governmental approval rather than understanding the historical and cultural value of the caves. The environmental and social damage did not register as a real problem until after it detonated into a governance crisis.

Traditional finance textbooks worry about market and credit risk, the volatility of asset prices, and company‑specific risk that diversified investors can wash away. ESG risk simply asks a different set of questions about the same business:

  • How fragile is your position if one whistle‑blower email exposes years of “creative” emissions accounting?
  • What happens when your coal plant becomes uninsurable or unprofitable long before the end of its physical life?
  • What is your downside if a supplier’s factory fire kills workers and your brand name is on the label?

Those are not “extra” concerns. They are channels through which financial, legal, operational and reputational damage hits a company.

So,

  • E: “Climate change” becomes a three‑day flood that shuts your main warehouse, a mandatory carbon price that doubles operating costs, or the loss of export markets because you fail EU value‑chain rules.
  • S: “Labour conditions” becomes a factory fire, a strike during peak season, or a viral video of an abusive supervisor.
  • G: “Governance” becomes fraud in a subsidiary, a bribery case under anti‑corruption law, or your board signing off on misleading ESG claims and facing regulators later.

Case 1: Ali Enterprises
In 2012, a fire at the Ali Enterprises garment factory in Karachi killed more than 250 workers and injured many more, making it one of the deadliest factory fires in modern garment production and Pakistan’s worst industrial accident.7 The blaze reportedly followed an explosion, but what turned it into a mass‑casualty event were basic safety failures: locked exits, barred windows, no functioning fire alarm, inadequate equipment, and workers with no emergency training.​7

Weeks before the fire, Italian auditor RINA had certified the factory as compliant with the SA8000 social responsibility standard, on behalf of German discount retailer KiK.8 The audit put a stamp of “safe” on what campaigners later called a death trap.

In ESG terms:

  • Social: labour rights and health and safety were not marginal; they determined whether hundreds of workers lived or died.
  • Governance: both the factory’s internal controls and the external certification regime failed. Social audits functioned more as reputational shields for brands than as real safety controls.

For brands sourcing from similar factories, the risk event is not “labour standards in xyz country”; it is “mass‑casualty factory disaster linked to our supply chain”, with consequences including legal claims, disrupted production, and global coverage featuring your logo.

Case 2: Rana Plaza
Months later, the Rana Plaza building collapse in Bangladesh killed more than 1,100 garment workers and injured thousands.9 Like Ali Enterprises, it exposed structural failings: illegal construction, ignored warning cracks, and workers pushed back into the building under threat of lost wages.910

Together, Ali Enterprises and Rana Plaza turned factory safety from a “CSR” talking point into a core ESG risk for global fashion brands. They were now forced to answer the question: what is the probability and impact of catastrophic supplier accidents affecting our brand value?11

In response:

  • More than 200 brands signed the legally binding Bangladesh Accord, committing to fund and enforce independent safety inspections and improvements in supplier factories.12
  • The Accord’s inspections and remediation programmes significantly reduced safety risks in covered factories, although broader labour standards and the situation in other countries still lagged.13

Again, this is ESG as business risk:

  • Social: worker safety and freedom to refuse unsafe work.
  • Governance: the difference between voluntary codes of conduct and binding, enforceable agreements with unions and NGOs.

Case 3: Prologis14
Prologis, a global logistics real estate company, analysed energy consumption across its portfolio, identified inefficiencies, invested in energy‑efficient technologies and renewables, and built this into its tenant proposition. The results included:

  • Lower energy costs across the portfolio.
  • A reduced carbon footprint.
  • Stronger positioning with ESG‑conscious tenants looking for efficient, low‑carbon facilities.

Here:

  • Environmental risk is transition risk: rising carbon prices, stricter building codes, and tenant demand for green buildings that could otherwise turn older assets into stranded ones.
  • Social shows up in tenant relationships and expectations.

Prologis treated these as business hazards, not future CSR talking points. It used ESG data to find where margins would quietly erode over time and acted early.

And what about Rio Tinto and the sacred caves? Through an ESG lens:

  • Environmental: irreversible destruction of a unique cultural and natural heritage site.
  • Social: Indigenous rights and loss of trust with local communities.
  • Governance: failure of board and management to treat community opposition and cultural heritage as material risks, not tick‑box compliance.

The risk event here is not “cultural heritage”. It is “destruction of a sacred site leading to loss of social licence, political and investor backlash, and leadership crisis”. The fact that approvals were in place did not prevent reputational loss or the internal disruption of a forced leadership change.

Once you see these stories together, the claim “ESG risk is business risk” stops being a slogan:

  • Ali Enterprises and Rana Plaza show social and governance failures turning into catastrophic operational, legal, and reputational losses.
  • Prologis shows environmental and social foresight translating into lower costs and stronger market position.
  • Juukan Gorge shows an environmental and social misjudgement leading to a governance crisis and loss of social licence.

That is why ESG‑related risks should sit inside the same enterprise risk management framework as credit, operational, and market risks, not in a separate CSR annex. Assess climate, environmental, social, and governance risks on the same likelihood and impact scales you use elsewhere, so boards can compare them directly and prioritise consistently.

Proactive ESG risk management then looks like any good risk practice:

  • Watching for weak signals and early warning indicators (accidents in similar factories, community complaints, climate policy shifts).
  • Stress‑testing strategies against multiple futures, including more aggressive climate policy or stricter human‑rights regulation.
  • Updating assumptions as technology, regulation, and stakeholder expectations move.

ESG does not create new categories of risk. It forces companies to confront risks they were already running but not properly measuring. Ultimately, value is shaped as much by social licence, institutional trust and regulatory trajectory as by commodity prices or quarterly earnings, and companies that treat ESG signals as peripheral optics problems discover too late that they were early warnings of business loss. Those that integrate them into core decision-making, capital allocation and board oversight are not being “ethical” in a narrow sense; they are protecting asset value, preserving optionality, and reducing the probability of reputational damage.

Sources

  1. Results from Juukan Gorge show 47,000 years of Aboriginal heritage was destroyed in mining blast
  2. Rio Tinto blasts 46,000-year-old Aboriginal site to expand iron ore mine
  3. Mining firm apologises for destruction of 46,000-year-old Aboriginal caves
  4. Juukan Gorge inquiry statement on Rio Tinto resignations
  5. A Mining Company Blew Up A 46,000-Year-Old Aboriginal Site. Its CEO Is Resigning
  6. Corporate Governance at Rio Tinto – an ESG case study
  7. Case Study: Ali Enterprises (Pakistan)
  8. Justice for the Ali Enterprises victims
  9. Rana Plaza
  10. Failures – Rana Plaza Building Collapse
  11. The Impact of Rana Plaza on Corporate Safety Initiatives
  12. Accord on Fire and Building Safety in Bangladesh
  13. A decade of workplace health and safety under the Accord
  14. Case Studies: Success Stories of Companies Utilizing ESG Data
Unknown's avatar

Author: Finrod Bites Wolves

A blogger.

Leave a comment