The distinction between an ESG program and a compliance program is a recurring topic in conversations with clients and colleagues. The key lies in understanding the difference between regulatory compliance and a broader compliance program, which goes beyond adhering to regulations to encompass ethical aspects, risk management, and prevention of harmful behaviors. Some experts believe that a comprehensive compliance program culminates in what is known as GRC (Governance, Risk and Compliance), integrating governance, risk, and regulatory compliance. A compliance program covers all risks in the organization's processes, from senior management to suppliers, focusing on the "proper control" of the organization and promoting an ethical culture. Key aspects within compliance, such as reporting and the involvement of an independent compliance officer, are essential to ensure the organization's adequate control. In Mexico, the compliance officer role is primarily linked to the prevention of money laundering and terrorism financing, which represents a limited view of their role in organizations. In my opinion, these professionals should be referred to as "Anti-Money Laundering and Terrorism Financing Prevention Specialists" instead of "compliance officers" due to their focus and involvement within the organization primarily on these aspects, and often lacking the independence and participation required for a true compliance officer.Compliance systems emerged initially in a rudimentary manner in 1974 after the Watergate scandal in the United States and have evolved over time with the implementation of various legislations, such as the FCPA, Sarbanes Oxley, Dodd Frank Gramm Leach Bliley Act, the US Federal Sentencing Guidelines, leading up to what we know today. Standards like ISO 37301:2021 are followed to regulate the establishment of these compliance programs. While their origins were mainly related to financial aspects, compliance has evolved to include ethics as a fundamental component.
On the other hand, ESG (Environmental, Social, and Governance) focuses on corporate sustainability and dates back to around 1970. Its goal is not to prevent unethical or criminal behavior within an organization, but to disclose ethical and social factors for investment purposes. There is an intersection between compliance and ESG, especially concerning governance. Both ISO 37000:2021 and ISO 37301 have similarities.
The ISO 37000 standard, which is not certifiable, lays out a set of principles aimed at understanding the expectations of stakeholders and "applying the necessary elements to meet the organization's objectives in line with its purpose and values. These principles assist governing bodies in carrying out their roles effectively, prudently, and efficiently, fostering trust, inclusivity, accountability, legitimacy, responsiveness, transparency, and fairness." It is emphasized that this is not about control, but rather about organizational culture. Despite the significance of ESG programs, they may focus more on external impact and third-party interests, potentially neglecting the prevention and detection of misconduct within the organization. In my view, they may fall short in ensuring adequate organizational control and preventing criminal sanctions, both in Mexico and other countries.
The truth is that both can complement each other without contradiction, but compliance offers a much more holistic perspective on the "proper control of the organization."
Comments