<img src="https://ws.zoominfo.com/pixel/pIUYSip8PKsGpxhxzC1V" width="1" height="1" style="display: none;">

ESG and Vendor Risk Management: What You Need to Know

2 min read
Jun 20, 2023

As environmental, social, and governance (ESG) issues continue to gain prominence, some financial institutions are looking for ways to integrate ESG considerations into their vendor risk management processes. These financial institutions want to ensure third-party partners have internal guidelines, ethics, and controls that align with the institution’s ESG policies. 

Although ESG is not yet a regulatory requirement within the U. S. vendor management framework, aligning internal policies with those of their vendors can play an essential role in reflecting a financial institution’s ethics, controls, and culture. It’s also something a financial institution might embrace as part of its mission, vision, and values.  For instance, an institution might want to identify and set up monitoring of vendors involved in green or brown industries. 

ESG, vendor management and regulatory requirements 

From a vendor management regulatory standpoint, ESG standards are not specifically addressed, although elements of ESG appear in other regulatory requirements and best practices (and by extension Ncontracts’ Nvendor Professional Services risk reporting and Nrisk’s ESG-related risk assessment templates). These include: 


Regulatory guidance related to governance is already incorporated into Nvendor SOC Executive Summaries and risk reports. 

Related: What Is a SOC Report and How Can I Use it for Vendor Management? 


Extreme weather conditions, which fall under the climate change umbrella and business continuity, are covered in Nvendor SOC Executive Summaries and transaction risk reports as per FFIEC guidelines. Environmental and energy saving standards aren’t included yet. 

Related: Have You Prepared for Climate Change Risk?


Topics like whistleblower policies and fair labor standards, which can be associated with the social aspect of ESG, are also covered in SOC Executive Summaries and various risk reports. The same is true of non-discrimination policies, many of which are codified by law. That includes fair lending. 

Financial institutions can look for these elements within standard due diligence vendor questionnaires, procedures, and policies without specifically asking vendors for ESG policies. 

Asking vendors about ESG 

Some early adopters of ESG have begun sending vendor questionnaires asking about ESG. They’ll ask if the vendor has a policy on the topic. Typically, they receive a yes or no answer – or sometimes no answer at all. 

Financial institutions can find many of these policies and practices on their larger vendors’ websites under Social Responsibility or Sustainability titles. While this is helpful, it presents two challenges: 

  1. Lack of standardized definitions. There is no regulatory guidance defining common ESG terminology. The absence of standardized definitions for ESG elements makes it difficult to compare policies across different companies. 
  2. Varying interpretations. Companies may have similar policies in place, but their implementation and interpretation can differ significantly. 

As ESG becomes increasingly important, financial institutions will have to adapt their vendor risk management processes to accommodate these considerations and reflect their own institutional values and culture. Until then, financial institutions should continue to stay informed about regulatory developments and collaborate with vendors if they are determined to successfully integrate ESG into their vendor risk management strategies.


Want to learn more? Listen to our on-demand webinar: A Financial Institution's Guide to Managing Climate Risk 



Subscribe to the Nsight Blog