Tag: Business Risk

Why ESG Risk is Business Risk

In 2020, Rio Tinto legally blew up 46,000‑year‑old Aboriginal rock shelters at Juukan Gorge in Western Australia to expand an iron‑ore mine.1 The caves contained evidence of continuous human occupation over tens of thousands of years and were sacred to the Puutu Kunti Kurrama and Pinikura (PKKP) people.2

The blasting was technically lawful under existing approvals,3 but it triggered widespread outrage, a parliamentary inquiry,4 and the resignation of the CEO and two senior executives.5 Investors and ESG analysts had already flagged Rio Tinto as weak on community relations and governance factors capturing “risk of operational disruption due to community opposition”.6

It seems obvious that blasting someone’s spiritual sites to pieces would be considered harmful, so why wasn’t Rio able to see this before they did it?

The short answer is: their risk system did not treat those caves as a business risk. They thought it would be enough to simply get governmental approval rather than understanding the historical and cultural value of the caves. The environmental and social damage did not register as a real problem until after it detonated into a governance crisis.

Traditional finance textbooks worry about market and credit risk, the volatility of asset prices, and company‑specific risk that diversified investors can wash away. ESG risk simply asks a different set of questions about the same business:

  • How fragile is your position if one whistle‑blower email exposes years of “creative” emissions accounting?
  • What happens when your coal plant becomes uninsurable or unprofitable long before the end of its physical life?
  • What is your downside if a supplier’s factory fire kills workers and your brand name is on the label?

Those are not “extra” concerns. They are channels through which financial, legal, operational and reputational damage hits a company.

So,

  • E: “Climate change” becomes a three‑day flood that shuts your main warehouse, a mandatory carbon price that doubles operating costs, or the loss of export markets because you fail EU value‑chain rules.
  • S: “Labour conditions” becomes a factory fire, a strike during peak season, or a viral video of an abusive supervisor.
  • G: “Governance” becomes fraud in a subsidiary, a bribery case under anti‑corruption law, or your board signing off on misleading ESG claims and facing regulators later.

Case 1: Ali Enterprises
In 2012, a fire at the Ali Enterprises garment factory in Karachi killed more than 250 workers and injured many more, making it one of the deadliest factory fires in modern garment production and Pakistan’s worst industrial accident.7 The blaze reportedly followed an explosion, but what turned it into a mass‑casualty event were basic safety failures: locked exits, barred windows, no functioning fire alarm, inadequate equipment, and workers with no emergency training.​7

Weeks before the fire, Italian auditor RINA had certified the factory as compliant with the SA8000 social responsibility standard, on behalf of German discount retailer KiK.8 The audit put a stamp of “safe” on what campaigners later called a death trap.

In ESG terms:

  • Social: labour rights and health and safety were not marginal; they determined whether hundreds of workers lived or died.
  • Governance: both the factory’s internal controls and the external certification regime failed. Social audits functioned more as reputational shields for brands than as real safety controls.

For brands sourcing from similar factories, the risk event is not “labour standards in xyz country”; it is “mass‑casualty factory disaster linked to our supply chain”, with consequences including legal claims, disrupted production, and global coverage featuring your logo.

Case 2: Rana Plaza
Months later, the Rana Plaza building collapse in Bangladesh killed more than 1,100 garment workers and injured thousands.9 Like Ali Enterprises, it exposed structural failings: illegal construction, ignored warning cracks, and workers pushed back into the building under threat of lost wages.910

Together, Ali Enterprises and Rana Plaza turned factory safety from a “CSR” talking point into a core ESG risk for global fashion brands. They were now forced to answer the question: what is the probability and impact of catastrophic supplier accidents affecting our brand value?11

In response:

  • More than 200 brands signed the legally binding Bangladesh Accord, committing to fund and enforce independent safety inspections and improvements in supplier factories.12
  • The Accord’s inspections and remediation programmes significantly reduced safety risks in covered factories, although broader labour standards and the situation in other countries still lagged.13

Again, this is ESG as business risk:

  • Social: worker safety and freedom to refuse unsafe work.
  • Governance: the difference between voluntary codes of conduct and binding, enforceable agreements with unions and NGOs.

Case 3: Prologis14
Prologis, a global logistics real estate company, analysed energy consumption across its portfolio, identified inefficiencies, invested in energy‑efficient technologies and renewables, and built this into its tenant proposition. The results included:

  • Lower energy costs across the portfolio.
  • A reduced carbon footprint.
  • Stronger positioning with ESG‑conscious tenants looking for efficient, low‑carbon facilities.

Here:

  • Environmental risk is transition risk: rising carbon prices, stricter building codes, and tenant demand for green buildings that could otherwise turn older assets into stranded ones.
  • Social shows up in tenant relationships and expectations.

Prologis treated these as business hazards, not future CSR talking points. It used ESG data to find where margins would quietly erode over time and acted early.

And what about Rio Tinto and the sacred caves? Through an ESG lens:

  • Environmental: irreversible destruction of a unique cultural and natural heritage site.
  • Social: Indigenous rights and loss of trust with local communities.
  • Governance: failure of board and management to treat community opposition and cultural heritage as material risks, not tick‑box compliance.

The risk event here is not “cultural heritage”. It is “destruction of a sacred site leading to loss of social licence, political and investor backlash, and leadership crisis”. The fact that approvals were in place did not prevent reputational loss or the internal disruption of a forced leadership change.

Once you see these stories together, the claim “ESG risk is business risk” stops being a slogan:

  • Ali Enterprises and Rana Plaza show social and governance failures turning into catastrophic operational, legal, and reputational losses.
  • Prologis shows environmental and social foresight translating into lower costs and stronger market position.
  • Juukan Gorge shows an environmental and social misjudgement leading to a governance crisis and loss of social licence.

That is why ESG‑related risks should sit inside the same enterprise risk management framework as credit, operational, and market risks, not in a separate CSR annex. Assess climate, environmental, social, and governance risks on the same likelihood and impact scales you use elsewhere, so boards can compare them directly and prioritise consistently.

Proactive ESG risk management then looks like any good risk practice:

  • Watching for weak signals and early warning indicators (accidents in similar factories, community complaints, climate policy shifts).
  • Stress‑testing strategies against multiple futures, including more aggressive climate policy or stricter human‑rights regulation.
  • Updating assumptions as technology, regulation, and stakeholder expectations move.

ESG does not create new categories of risk. It forces companies to confront risks they were already running but not properly measuring. Ultimately, value is shaped as much by social licence, institutional trust and regulatory trajectory as by commodity prices or quarterly earnings, and companies that treat ESG signals as peripheral optics problems discover too late that they were early warnings of business loss. Those that integrate them into core decision-making, capital allocation and board oversight are not being “ethical” in a narrow sense; they are protecting asset value, preserving optionality, and reducing the probability of reputational damage.

Sources

  1. Results from Juukan Gorge show 47,000 years of Aboriginal heritage was destroyed in mining blast
  2. Rio Tinto blasts 46,000-year-old Aboriginal site to expand iron ore mine
  3. Mining firm apologises for destruction of 46,000-year-old Aboriginal caves
  4. Juukan Gorge inquiry statement on Rio Tinto resignations
  5. A Mining Company Blew Up A 46,000-Year-Old Aboriginal Site. Its CEO Is Resigning
  6. Corporate Governance at Rio Tinto – an ESG case study
  7. Case Study: Ali Enterprises (Pakistan)
  8. Justice for the Ali Enterprises victims
  9. Rana Plaza
  10. Failures – Rana Plaza Building Collapse
  11. The Impact of Rana Plaza on Corporate Safety Initiatives
  12. Accord on Fire and Building Safety in Bangladesh
  13. A decade of workplace health and safety under the Accord
  14. Case Studies: Success Stories of Companies Utilizing ESG Data

Risk – IV: When Climate Risk Becomes Competitive Risk

In 2013, while conducting research for my Master’s thesis, I met corporate leaders who did not understand why climate change was something businesses were being held responsible for. They were often quite resentful, and yet, nearly all of their organisations had suffered from the Mumbai floods that happened that year- for one of them, a logistics company, the losses were so heavy they planned to shift their warehouses out of the city.

Climate change was viewed as a political issue, even as it was already disrupting operations. However, climate risk is no longer about ethics or disclosure; it is about competitive survival.

A viral picture of the Goldman Sachs building that remained powered and largely unscathed despite being in a mandatory evacuation zone during Hurricane Sandy in 2012.1

The point is not abstract. During Hurricane Sandy in 2012, a widely shared image showed the Goldman Sachs building in lower Manhattan lit and operational while much of the surrounding area was dark. The firm had invested heavily in resilience infrastructure. Business continuity became a competitive advantage.

In a 2015 speech,2 Mark Carney, then Governor of the Bank of England, argued that climate change is a “tragedy of the horizon” because its worst effects will be felt beyond the traditional horizons of business planning, political cycles, monetary policy, and financial regulation. Current decision‑makers therefore have weak incentives to act even though future generations will bear the costs, creating a structural mismatch between where the risks sit and where the power to respond lies.

He highlighted three channels through which climate change threatens financial stability:2

  • Physical risks: losses from more frequent and severe floods, storms, heatwaves, and other weather‑related disasters.
  • Liability risks: lawsuits and compensation claims against firms and directors for contributing to or failing to manage climate harms.
  • Transition risks: repricing of assets as policy, technology, and consumer preferences shift toward a low‑carbon economy, creating “stranded assets,” especially in fossil fuels.

Because standard risk models and planning cycles rarely look out beyond a decade, they miss non‑linear climate shocks and underestimate the scale of structural change required, especially under scenarios that keep warming well below 2°C.34

Climate change is no longer a CSR issue; it is a core strategic, financial, and operational risk56 affecting supply chains, asset location decisions, insurance costs, regulatory exposure, consumer demand, and access to capital.

Breaking the tragedy of the horizon requires extending risk management beyond conventional timeframes and embedding climate risk into today’s decision systems. We are already experiencing climate risk, and there is no way to fully insulate every asset from its effects.

For financial institutions, climate risk shows up as credit risk (borrowers’ ability to repay), market risk (asset price changes), operational risk (disruptions to operations), and reputational risk (backlash over financing high‑emitting activities). Empirical work on banks shows that exposures to transition risk are currently modest in portfolio terms but concentrated in specific sectors, and that banks signing net‑zero alliances have begun to reduce lending to the riskiest industries.78

For corporations, the following may help:

  • Risk identification: Map climate hazards and drivers (heat, floods, drought, storms, sea‑level rise; carbon prices; regulations; technology shifts) to specific assets, operations, and supply chains.
  • Assessment and quantification: Use tools ranging from high‑level heatmaps to asset‑level hazard models and financial impact assessments (e.g., revenue at risk, cost of goods sold, capex needs).
  • Integration into Enterprise Risk Management (ERM): Incorporate climate risks into risk registers, materiality assessments, internal controls, and capital budgeting, with clear thresholds for escalation.

For financial institutions, more technical steps include:

  • Exposure mapping: Quantify portfolio exposure to vulnerable sectors and geographies as a share of lending and investment books.
  • Climate-adjusted credit analysis: Incorporate emissions intensity, transition plans, and physical risk exposure into underwriting and pricing.
  • Scenario stress testing: Use Network for Greening the Financial System (NGFS) or equivalent scenarios to assess losses under combinations of policy tightening and physical shocks.

Regulators increasingly expect banks and insurers to demonstrate that climate risks are integrated into their internal capital adequacy assessments, risk appetite statements, and supervisory dialogues.9

For banks and investors, an important nuance is that reducing portfolio emissions too mechanically by divesting from high‑emitting sectors can undermine real‑economy transition, because those same sectors (power, steel, transport) require capital to decarbonise. Leading practice therefore shifts from simple “brown exclusion” to engagement, conditional finance, and transition‑linked instruments.1011

All of this reframes climate change from a distant macro-risk into an immediate business continuity problem. The question is no longer whether climate risk matters, but how organisations operationalise it within decisions made today. Businesses and financial institutions must change how they allocate capital and design products. Climate‑aligned finance involves both reducing exposure to misaligned activities and growing exposure to solutions.12

For non‑financial corporates:

  • Shift capex toward energy efficiency, low‑carbon technologies, and resilience measures (e.g., relocating assets, flood‑proofing, cooling infrastructure), guided by scenario‑tested business cases.
  • Integrate internal carbon pricing into investment decisions and product design to reflect transition risk and incentivise low‑carbon choices.
  • Explore innovative risk‑sharing instruments, such as parametric insurance for climate‑related losses or resilience bonds linked to infrastructure upgrades.

For financial institutions:

  • Develop green and sustainability‑linked products (green bonds, sustainability‑linked loans, transition bonds) with clear use‑of‑proceeds criteria and performance‑based pricing.
  • Use portfolio alignment tools (e.g., implied temperature rise metrics, sectoral pathways) to steer lending and investment toward net‑zero‑compatible activities, while monitoring credit risk.
  • Avoid “paper decarbonisation” that simply sells high‑emitting assets to less regulated owners; instead, engage with clients to finance credible transition plans and set conditions for continued support.

Research shows that, so far, banks’ transitions have been gradual and often focus more on emissions metrics than on real‑economy outcomes, underscoring the need to link commitments to enforceable policies and incentives.

To translate this into an actionable agenda, organisations can focus on a staged approach:

  1. Diagnose and govern: Brief boards on climate risk exposure. Assign clear oversight at board and executive levels.
  2. Measure and disclose: Strengthen scenario analysis, emissions tracking, and exposure metrics. Build data systems aligned with emerging standards.
  3. Integrate into risk and strategy: Embed climate considerations into ERM, capital budgeting, procurement, and sector strategies.
  4. Align capital and incentives: Set science-based targets with interim milestones. Adjust lending and investment policies to phase out clearly misaligned activities while scaling transition and resilience finance.
  5. Engage and collaborate: Work with regulators, alliances, clients, and suppliers to raise standards and avoid a race to the bottom.

Traditional business continuity frameworks assume that shocks are temporary, insurable, and geographically contained. Climate risk increasingly violates all three assumptions. The tragedy of the horizon is therefore not just about time, but about governance. Climate risks accumulate slowly, crystallise suddenly, and cascade across balance sheets, supply chains, and communities. By the time they appear in backward-looking metrics, strategic options have already narrowed.

For corporations and financial institutions alike, the challenge is no longer one of awareness or disclosure. It is whether decision-making systems — capital allocation, product design, credit assessment, and continuity planning — can be rewired to operate under conditions of deep uncertainty and irreversible change. Those that succeed will not eliminate climate risk (that’s impossible). They will internalise it early, adapt faster, and preserve optionality as the transition unfolds. Those that do not may find themselves where many firms were in the early 2010s—surprised by risks that were already visible, and outperformed by competitors who prepared earlier.

Sources

  1. Sandy Tech – Business Unusual
  2. Breaking the Tragedy of the Horizon – Speech by Mark Carney
  3. Guide to Climate Scenario Analysis for Central Banks and Supervisors (NGFS – 2025 Update, PDF)
  4. Climate Analysis Likely Understates Risk, Say FSB and NGFS – Central Banking
  5. Climate Risk Applications: Guidance and Practices (UNEP FI – From Disclosure to Action)
  6. Global ESG Standards & Climate Risk Alignment – Council Fire Guide
  7. U.S. Banks’ Exposures to Climate Transition Risks (SSRN Working Paper)
  8. U.S. Banks’ Exposures to Climate Transition Risks (New York Fed Staff Report)
  9. Enhancing Banks’ and Insurers’ Approaches to Managing Climate‑Related Risks – BCLP
  10. Divestment and Engagement: The Effect of Green Investors on Corporate Carbon Emissions – Harvard Law School Forum
  11. Greening Brown Sectors Through Transition Finance – SMU Centre for Climate Finance & Investment
  12. IMPACT+ Principles for Climate‑Aligned Finance (Climate Alignment Initiative / RMI, PDF)