1. About this note

This note is designed to help fund managers and particularly company directors understand their responsibilities in setting and leading environmental and social (E&S) and business integrity (BI) agendas when they sit on company boards. It is not intended to be a detailed technical guidance document.

  • Additional considerations
    This note provides an overview and general guidance. Fund managers and company directors should carefully consider each company based on its specific characteristics and circumstances, including jurisdiction, scale, management capacity and commitment, and track record. This note relates to the E&S and BI aspects of board oversight. Please refer to ‘Further resources’ for advice about broader corporate governance issues.

2. Introduction

Understanding a company’s environmental, social and governance (ESG) impact and management capacity has become an increasingly important lens through which to assess its performance and long-term sustainability. Environmental criteria look at how a company performs as a steward of the natural environment; social criteria examine how a company manages relationships with its employees, suppliers, customers and the communities in which it operates. Meanwhile, governance relates to a company’s internal processes and leadership, including executive pay, audit and internal controls, and shareholder rights. BII’s definition of BI takes in a broader scope than simply governance, incorporating the systems and processes that help to manage BI exposure and risks, but also the underlying behaviours, ethics and values.

E&S and BI are complementary disciplines. However, at all levels in an organisation, different sets of skills are needed if both functions are to be effectively managed. It is therefore important to clearly distinguish between the two areas.

  • Environmental and social
    E&S issues include:

    • Labour and working conditions
    • Resource efficiency and pollution prevention
    • Community health, safety and security
    • Land acquisition and involuntary resettlement
    • Biodiversity conservation and sustainable management of natural resources
    • Indigenous people
    • Cultural heritage
    • Human rights

  • Business integrity
    BI encompasses a broad range of subjects. It also requires the development and promotion of an ethically oriented culture. The Business integrity section of this Toolkit provides guidance on key governance and BI topics. Core areas of BI are:

    • Anti-bribery
    • Anti-corruption
    • Anti-money laundering
    • Countering the financing of terrorism
    • Fraud prevention
    • Insider dealing/trading
    • Whistleblowing
    • Tax avoidance
    • Politically exposed persons (PEPs)
    • Ethical messaging

3. Why companies and Fund Managers should address this topic

E&S and BI issues occur in all aspects of a company’s business, from its commercial focus to managing its reputation and brand, ensuring that societal expectations are managed and met, and complying with all relevant regulatory obligations. Addressing E&S and BI risks, impacts and opportunities ultimately helps to secure a company’s licence to operate.

  • Risks for the business
    By failing to incorporate E&S and BI practices in a company, a business puts itself at risk of events occurring that can include:

    • Increased cost of doing business
    • Reduced production efficiency and product quality
    • Negative financial consequences, e.g. penalties, fines, loss of revenue
    • Excessive expenditure in managing E&S risks and impacts
    • Negative operational impacts, e.g. employee strikes
    • Higher staff turnover
    • Community unrest, e.g. protests, sabotage
    • Environmental liabilities for the company
    • Individual director liabilities
    • Reputational damage to the company and individual directors
    • Reduced access to markets, clients and investors
    • Loss of licence to operate

  • Opportunities for the business
    The opportunities for a business that effectively addresses E&S and BI matters include:

    Reduced uncertainties in your own business and associated third parties. Risk reduction and impact avoidance/mitigation, including avoiding costs associated with E&S and BI incidents and potential remedial actions.

    • Avoidance of penalties for non-compliance
    • Increased operational efficiency
    • Reduced costs in areas such as energy consumption
    • Greater employee retention and productivity
    • Reduced insurance premiums
    • Lower cost of capital
    • Increased access to markets and investors who demand robust E&S management
    • Access to premium markets
    • Innovation to move into new markets and products
    • Generating revenue from new streams e.g. waste
    • Attracting human talent on the merits of responsible practices
    • Enhanced brand reputation
    • Improved stakeholder relations
    • Securing and maintaining a licence to operate

The Sector profiles section of this Toolkit explains further some of the risks and opportunities to consider for different sectors that have important E&S and BI aspects such as oil and gas, healthcare, education, retail and agriculture.

4. Advice for Fund Managers

Although a fund may have part or full ownership of a company, fund managers need to be clear about their roles and fiduciary responsibilities when they are also directors of the company. The role of a shareholder may sometimes conflict with that of a director.

Shareholders and investors are the owners and ultimate decision makers of a company. They are typically entitled to access information on the company and can vote on company issues at general meetings. Shareholders appoint directors and auditors of the company, and satisfy themselves that the company has the appropriate governance in place to protect its interests. While the board is responsible for overseeing management’s implementation of the company’s strategy, day-to-day decisions are made by management (the executive team). These principles hold for both privately held and publicly listed companies; however, publicly listed companies may have additional requirements from the local stock exchange. In addition, the diversity and degree of activism of shareholders also influences the level of shareholder/investor engagement.

Board members/directors have fiduciary responsibilities which are generally broken down into a duty of loyalty and a duty of care. The duty of loyalty requires a director to act in the best interests of the company, act with the utmost good faith and avoid conflicts of interest. The duty of care requires the director to act with diligence, care and skill; this is often referred to as the ‘business judgement rule’.

The core roles and responsibilities of a board and individual directors in setting and overseeing the E&S and BI agenda of a company include:

Steers and sets strategic direction

  • Steers organisation’s strategy and the way in which specific governance areas are to be approached, addressed and conducted.

Sets risks and tolerance materiality

  • Provides guidance to management.

Approves policy and planning

  • Approves policies that operationalise the strategy and set the direction.

Oversees and monitors

  • Oversees implementation and execution of strategy by management.

Ensures accountability

  • Upholds organisational performance by means of, among other things, reporting and disclosure.

Ultimately, the board should be comfortable that the company has in place:

  • A ‘fit-for-purpose’ E&S and BI management system, and controls which support consistent delivery of the business objectives.
  • The financial and human resources available to deliver the agreed programme.
  • An effective monitoring and evaluation process which tracks E&S and BI performance against key metrics, delivering valuable information which can enhance business decision making and drive better practices.

4.1 General advice

  • Oversight commensurate with level of risks and impacts
    The board and management should be clear about the company’s risk thresholds and tolerances. If the company has a robust risk identification and management process, which adequately accounts for E&S and BI matters and stakeholder views, the material risks should be evident. There also needs to be a clear understanding of how strategic business decisions may impact the E&S and BI practices and performance of a company and conversely, how these issues influence strategic business decisions. It is therefore important to consider the E&S and BI risks and issues across the entire supply chain in assessing the impacts of a decision, operation or activity.

    There are certain factors to consider in assessing the level of risk and potential impact. While taking these into account, it’s important to focus on the quality of governance over the quantity, and recognise that governance is a process of continual learning and improvement – there’s no perfect model.

    Some of the factors to consider in assessing the level of risk associated with a company and, therefore, the appropriate system of oversight include:


    • Small family owned/medium sized privately owned/large publicly listed.
    • Diversity of product, service and/or project portfolio.
    Culture and societal dynamics

    • Expectations on companies from local communities, democratic or controlled processes, societal values.
    Vision and strategy

    • Ambition.
    • Growth strategy: organic/mergers and acquisitions/divestment.
    Emerging sector/industry trends

    • Sector/industry changes in environmental footprint, technological developments, sector and industry reputation, raw material sourcing and pricing.

    • The company’s growth history significantly influences its culture: entrepreneurial start-up or single sponsor/family owned and controlled.
    Investor/lender requirements and shareholder rights

    • Investor and lender expectations of board and sub-committee structures.
    • Investor demand for board representation.
    Capacity/access to skills and resources

    • Large local industry skills base/limited local skills base/access to international resources.
    Local legislative requirements or voluntary codes

    • Financial reporting and disclosure.
    Material risks (legacy, current and future)

    • Inherited legacy issues (e.g. acquired environmental liabilities, outstanding fines, legal proceedings, public/employee health liabilities).
    • Community and stakeholder opposition.
    • Human rights risks in supply chain.
    • Sector-specific risks (e.g. water and land availability in the agricultural sector, particularly in regions affected by climate change).
    Listing rules and regulatory requirements

    • Stock exchange-specific processes and structures.
    • Aspiration to local stock exchange standards or global standards.
    • Jurisdiction-specific requirements on establishing a separate risk management committee and/or appointing a money laundering reporting officer (MLRO).
    Market economics and outlook; Political and regulatory stability

    • Recognition of the differences between emerging economies and more developed/OECD economies.
    • Predictability, stability, volatility and uncertainty of the political context and regulatory environment.

    • Access to markets, particularly when businesses have operational footprints and supply chains in multiple jurisdictions.
    • Similarly, stakeholder and legal requirements for major linear projects, such as a pipeline which transverses multiple counties, water ways or populations.

  • Oversight versus implementation
    The board’s primary role is one of oversight. It needs to be comfortable that the company’s risk management and controls are sufficient to ensure compliance and sound stewardship of the company’s core business and assets. The board’s oversight of E&S and BI issues is reflected in the strategy and policies drawn up by the board. As the board approves policy (under recommendation from management), they must have the right skillset to understand the implications of the policy for the business. Their scope of oversight on E&S and BI issues must therefore be well-defined, comprehensive and encompass the entire value chain/product life-cycle and company’s jurisdictions/areas of operations. This may sometimes be articulated in the board’s mandate or documented separately in a charter (or similar).

    Based on the policy approved by the board, management is typically tasked with implementing mandatory standards and procedures which support policy objectives, especially internal and external communication. These policies and processes are usually endorsed by the board too. Management is also responsible for implementing and executing the strategy in accordance with policies and plans, which are overseen and supervised by the board.

4.2 Elements of a board E&S and BI oversight framework

  • Board composition
    When considering issues of composition and structure in E&S and BI oversight, it is important to bear in mind ‘quality over quantity’. Diversity in its broadest sense has proven to be a critical factor in improving not just the quality of a company’s leadership and decision making, but also its overall financial and ESG performance. Diverse skillsets and experiences help boards to more effectively discharge their oversight obligations, avoid ‘group think’ and, when necessary, provide robust counsel on ESG issues and other matters. The Organisation for Economic Co-operation and Development (OECD) and the Association of Chartered Certified Accountants (ACCA) have both made efforts to address the need for diversity in board composition. The OECD revised its Principles of Corporate Governance in 2015 and ACCA has included board diversity in its course syllabus. Diversity can include:

    • Industry/business experience
    • Tenure
    • Age
    • Ethnicity
    • Gender
    • Geography
    • Stakeholder experience

    When operating in different markets, boards need to be sensitive to the ethnic mix in their geography. Having a diverse representation of different ethnicities in their geographies allows boards to better understand stakeholder claims, particularly those of their consumers, and therefore make more informed decisions. The same applies to the need for female representation on a company board.

    Female board members have been proven to contribute to increasing the financial performance of companies. For example, in sectors where women are often the largest consumers – such as healthcare, automobiles, home improvement products and consumer electronics – boards benefit from the additional consumer perspective of their female board members. Female board members also help to challenge and steer discussions, often have strong relationship-building skills and have been shown to act in the interest of shareholders, and make fair and ethical decisions. They also act as role models for employees, which can positively affect employee performance. Having female representation on a board also positively affects corporate reputation. Companies such as Safaricom, MTN, East African Breweries and Sasko have been recognised as admired brands by Brand Africa 100 for having more than 30 per cent female representation on their respective boards.

    Regulators have also begun to take note of the importance of diversity, particularly female representation, and are encouraging company boards to become more diverse. In 2013, the Central Bank of Nigeria issued a directive requiring that 30 per cent of board positions in Nigerian banks be reserved for women. In India, the law mandates the presence of at least one female director. In Norway, a recent law bases quotas on the size of the board which, in 2016, saw an average of 42 per cent female board representation achieved.

    It is important to avoid tokenism when looking at diversity on a board. In certain circumstances, a quota requirement can be an effective way to encourage and benefit from diversity. However, it can lead to non-merit-based recruitment which can critically affect the profitability of a company and render a board ineffective. Quotas without a significant-enough strength in number or without qualified candidates can also negatively impact the dynamics of a board, especially if a forward-thinking attitude is not adopted and board members are not accepting of the new directors. To address the issue of tokenism, fund managers should address diversity from a strategic perspective rather than from a compliance standpoint. Adopting a merit-based recruitment selection based on a 50:50 male to female candidate ratio, broadening the assessment criteria in which candidates are selected, tapping into female business networks and building a pipeline of next generation female leaders, are ways fund managers can financially and strategically benefit from the positive contribution that female diversity can bring to a board.

  • Board structure
    Typical E&S and BI oversight models are:

    Full board oversight

    A decision to oversee E&S and BI issues at full board level will depend on the size of the company and risk assessment of the issues. For smaller companies with limited capacity, E&S and BI issues will typically be included as an agenda item for the board meeting. The key to success is to tackle the issues head on.

    Delegation to existing committee

    When it’s decided that E&S and BI issues need to be discussed at sub-committee level and a separate dedicated committee is not needed, the usual practice is to delegate this to either the audit or risk committee with a mandate to oversee E&S and BI matters and report to the full board. The committee terms of reference should include its E&S and BI responsibility. The relevant committee would discuss the issues in more depth, provide feedback to the full board, and recommend approval of any policies by the full board.

    A dedicated committee

    When deciding to establish a dedicated committee, a sustainability, ESG or health and safety committee is established to provide oversight of E&S and BI matters and report to the full board (and other sub-committees when necessary). Dedicated committees can have an allocated budget and devote attention to particular ‘change agendas’ which would not be appropriate for a full board discussion. In some jurisdictions, it has become a requirement for certain businesses to have a dedicated committee. In South Africa, the Companies Act 2008 authorised the Minister of Trade and Industry to require companies that have an impact on public interest to have a Social and Ethics Committee.

    Companies can establish a dedicated sustainability committee. However, the type of committee is less important than the scope and ambition of its mandate, which may include company-wide oversight of issues such as BI policy, E&S performance, sustainable supply chain management, and health and safety. While there can be overlap across committees, there are also distinct differences, for example, between audit, risk and sustainability committees. It is important to note that committees do not make decisions, but advise and enable the board to make better informed decisions. Decision-making authority and accountability remain with the board.

    Things to consider when deciding on an oversight model for a company include:

    • Is your board focused on the salient E&S and BI risks and issues? Or are they partial in their coverage and focus?
    • Is your board structured in such a way as to adequately and effectively discharge its E&S and BI oversight responsibilities?
    • Has your board been effective in its oversight of E&S and BI matters? Do they have sufficient time to consider these issues? Do they have the right expertise?
    • Is your sector/industry exposed to more unusual risks than others (e.g. fraud in banking, product tampering in pharmaceuticals)?
    • Would a dedicated committee strengthen the governance of the E&S and BI risks?
    • Would introducing a dedicated committee increase or decrease the complexity of E&S and BI risk governance?

  • Board capacity and competency
    It is critical that the board has the right skills and competencies to effectively discharge its oversight obligations and provide guidance (when necessary) to the company on material E&S and BI risk management. Boards should have the expertise to understand the agendas and decision-making processes of key stakeholders, and include members who are familiar with emerging industry ESG trends, standards and benchmarks. Where necessary, a board should seek external expertise to support them in this role.
  • Information adequacy
    Information adequacy refers not only to the quality of information provided but the ability to interpret and understand the information. Management must raise E&S and BI matters at board level in a timely manner and in a format that the board can interpret and digest to accurately address E&S and BI matters. It is also important that:

    • Relevant E&S and BI issues are included in the committee and board meeting agendas
    • Information is provided at an appropriate decision-making stage of the project/product or service life-cycle
    • The level of information reflects the reporting structure being used, i.e. committee level or board level
    • Directors are comfortable in requesting the information they need
    • At least one director is fully conversant with the issues
    • Subject experts are used where needed, i.e. operational ESG managers, consultants
    • Directors are kept informed of regulatory changes
    • Committee members are provided with regular training to ensure they can fulfil their responsibilities

    Information presented to the board may include:

    • Lagging and leading environmental, health, safety and social indicators. Key performance indicators can be defined by the board and management, with support from consultants, where needed
    • Serious incidents, such as fatalities and environmental incidents
    • Compliance metrics and breaches
    • Emerging trends
    • Performance against benchmarks/targets
    • Budget targets
    • Company and industry standards
    • Reputational risks, including material criticism from NGOs, the media and social media

  • Oversight of regulatory compliance and business integrity
    The role of the board is to:

    • Ensure policies are in line with associated risks, such as anti-corruption and anti-bribery, and that there is effective communication of the policies in the business.
    • Set minimum standards and approve the policies.
    • Ensure effective record-keeping and monitoring of compliance.
    • Ensure policies are in place to counter the financing of terrorism and prevent fraud.

    The board and management also need to determine the company’s key anti-money laundering (AML) risks and oversee compliance with relevant AML regulations. The Anti-money laundering section of this Toolkit provides guidance on this.

  • Codes of conduct
    An organisation’s code of ethical conduct is a critical tool in managing BI risks as it provides a clear benchmark for ethical behaviour; it guides and supports people in making decisions and carrying out their work in ways that are compatible with the organisation’s values.

    For a code of ethical conduct to be effective, it must be promoted and championed throughout the organisation. Managers and staff, at all levels, must be provided with the necessary training and support, and the code must be supported by appropriate disciplinary and whistleblowing procedures. The ‘tone at the top’ should permeate through the organisation, and the code must be owned by all staff.

    Each company should develop a code of conduct that suits the needs of employees and other associates in defining behaviours and addressing the risks, challenges and customs in operational areas. A code should also reflect the attributes of the specific industry.

    A code of conduct can be a key step in establishing an inclusive culture, but it’s not a comprehensive solution on its own. An ethical culture is created by the organisation’s leaders who manifest their ethics in their attitudes and behaviour. As the highest governing authority in the company structure, the board of directors plays a critical role. A company’s leaders need to practice and demonstrate the values and guidelines in their code of conduct, providing positive, authoritative examples for employees to emulate. They also need to ensure the code is reviewed and updated regularly to comply with the applicable legal framework.

    There is guidance on the process for developing a code of conduct but critical steps for the board and management to follow include:

    • Define the operational and reputational risks the organisation faces.
    • Establish the purpose of the code and why it matters.
    • Focus on principles by first highlighting the organisation’s ethical commitments followed by its expected behaviours
    • Build a framework.

  • Stakeholder engagement
    Understanding stakeholder perspectives is critical to determining, assessing and managing key risks and issues. As such, companies must have an active interest in the views, concerns and perspectives of the company’s key stakeholders, including employees and those working across the supply chain. A company can proactively manage both current and expected stakeholder issues via a comprehensive stakeholder management strategy and plan.

    It is the board’s responsibility to approve policies on stakeholder engagement and external communication. Management must therefore make the board aware of key stakeholder issues raised in engagement and consultation processes through agreed reporting structures and raise awareness of any major changes in the composition or views of key stakeholders. The board needs to provide guidance to management on the type of issues it would like to discuss.

  • Role of leadership and culture
    Directors occupy important leadership roles in an organisation and quite often within the broader industry. Establishing the culture, values and ethics of the company is a central part of the board’s mandate. It is also important to recognise that good corporate governance depends on the personal integrity of those on a board and in management. Directors, individually and collectively, must ‘set the tone’ at the top – leading by example and ensuring that good standards of behaviour permeate all levels of the organisation.

    Fostering a culture of mutual respect and trust is another critical success factor – trust among the board, between the board and management, and externally with stakeholders. Openness between non-executives and executives is essential, with confidence that information is openly shared and differences of opinion are discussed and resolved in a collegiate manner, making sure the vision and values truly permeate the company.

  • Monitor and review
    Poorly managed E&S and BI issues can result in crisis situations, leading to changes in the company’s management, culture and financial well-being. Managers and the board need to understand these risks and how they impact the business model. Once the material risks of the business have been identified and thresholds set, the board and executive management can then decide how they are monitored and reported on an ongoing basis.

    As the operating context and the process of managing E&S and BI risks evolves over time, it is important that both current and future risks are accounted for and regularly reviewed. Companies often fall short during periods of major change, such as mergers and acquisitions or divestment. Investors will typically also have an interest in a company’s preparedness for the known and unknown.

    A company must adopt an active approach to managing E&S and BI issues. It is best practice to have a quarterly report on key E&S and BI metrics from the internal audit, compliance and risk functions to the relevant board committees. Following the discussion at committee level, the full board can then be updated on key issues, especially those requiring approval or follow-up. Companies also need to have a mechanism for flagging key issues which can affect a company’s short- and long-term performance, reputation and ultimately value to relevant committee chairs and board chair for inclusion in the main board meetings.

    Another function of the board is to approve company policies. Policies are one of the mechanisms via which compliance is assessed, specifically where a company may have a contractual, legal or regulatory obligation towards E&S performance standards or BI practices. It is therefore important that a system is in place for the continuous review and monitoring of policies and performance. Integrating sustainability performance data into executive-level scorecards informs decision making at the highest level, underpins robust leadership and helps to ‘set the right tone’ for the rest of the organisation. The board can also link remuneration to E&S and BI performance and integrate performance into ‘SMART’ key performance indicators. SMART indicators – specific, measurable, attainable, relevant and time-bound – help create accountability in organisations.

5. Further resources

  • Guides to broader corporate governance and best practice
    OECD Guidelines for Multinational Enterprises In a global environment, it is important for companies to make sure they adhere to all relevant regulatory obligations. These guidelines provide a global context of a non-binding standard for responsible business practice.

    Subsidiary board governance When considering the effectiveness of board governance, it’s important to remember all aspects of a company’s business, which includes subsidiaries.

    Institute of Directors’ Corporate Governance Code Corporate governance has many definitions. The Institute of Directors provides a factsheet that discusses the definition of corporate governance and the legal framework around the concept, outlining the main principles of the UK Corporate Governance Code.

    IFC Corporate Governance Progression Matrix IFC provides a toolkit to help assess current governance in a company.

    Ethics Resource Centre Board members have a responsibility to act with diligence, care and skill, in the best interests of a company. The Ethics Resource Centre provides organisations with a platform to engage with peers and learn new insights into ethics and compliance.

    Institute for Global Ethics Directors have a fiduciary responsibility to act with a duty of care. The Institute for Global Ethics provides members with tools, frameworks and processes to help analyse ethical decision making and act accordingly.

    UK CCAB’s guidelines An organisation’s code of ethical conduct is a critical tool in managing BI risks. The Consultative Committee of Accountancy Bodies provides a guide for businesses on developing and implementing a code of ethical conduct.

    IFAC’s guide Defining and Developing an Effective Code of Conduct A company’s ethical code of conduct must be effective and implemented with the support of the board. The International Federation of Accountants provides guidance on developing and implementing a code of conduct in a value-based culture.

    EY’s Global Code of Conduct A code of conduct must reflect a company’s operating environment. The EY Global Code of Conduct provides an example of a company’s ethical framework forming the basis of its business decisions in its operating context.

    Unilever Committee TORs A company that has sub-committees must clearly state its terms of reference (TORs), which should include the scope of its E&S and BI responsibility. An example of clearly outlined TORs can be seen in Unilever sub-committees.