There’s a Hidden Divide to ESG Risk in the U.S. vs. the EU

Article Highlights:

• ESG risk refers to “An environmental, social, or governance event, or condition that, if it occurs, could cause an actual or a potential material negative impact on the value of the investment arising from an adverse sustainability impact.”
• While ESG risk in the EU is now tantamount to legal risk, with a slew of major regulatory directives established in recent years, in the U.S. it remains primarily a matter of reputational stakes. 
• Those stakes, however, can be significant, with a growing body of research pointing to major financial consequences stemming from so-called “ESG shocks.”
  

Over the past half-decade, the concept of ESG—which stands for environmental, social, and governance—has gradually moved toward the center of discussions surrounding sustainability, climate action, and ethical sourcing. As this framework has become an increasingly critical part of the way consumers, investors, and other key stakeholders think about corporate behavior and social responsibility, a related, offshoot term has been popularized: ESG risk. ESG risk refers to the myriad potential negative impacts to a business that stem from the environmental, social, or governance pillars. The European Commission defines the term as “An environmental, social, or governance event, or condition that, if it occurs, could cause an actual or a potential material negative impact on the value of the investment arising from an adverse sustainability impact.”

Though these definitions may sound relatively straightforward on their face—business risks that in some way relate back to one of ESG’s three titular pillars—there is a great deal of variability in what the term looks like on the ground. Nowhere is this divergence on stronger display than between the world’s two largest markets, the U.S. and the EU. Businesses that are serious about protecting themselves from ESG risk and cultivating supply chain resilience need to understand what the actual, veritable threats are in each of these economic zones. Only by grasping these crucial distinctions can firms and their leadership begin developing risk management strategies that are effectively tailored to each region and its respective government, regulators, and consumers. 

ESG Risk in the European Union

It would not be an overstatement to characterize the European Union as the preeminent global leader in ESG principles and priorities. For much of this decade, various EU government bodies—including the European Commission, the Council of the EU, and European Parliament—have discussed, negotiated over, and ultimately passed a number of groundbreaking regulations that codify the ESG framework into law. Examples of these laws include the Corporate Sustainability Reporting Directive (CSRD), the Corporate Sustainability Due Diligence Directive (CSDDD), and the EU Deforestation Regulation (EUDR). 

The emergence and gradual implementation of these directives are reshaping what ESG risk means in the European Union. ESG in the EU is no longer an aspirational concept or a loose, unregulated initiative subject to different interpretations from one company to the next. It’s now been ratified into law. Consequently, ESG risk has become tantamount to legal risk; when you’re vulnerable to it, you’re effectively putting yourself in jeopardy of breaking the law. 

ESG risk has become tantamount to legal risk; when you’re vulnerable to it, you’re effectively putting yourself in jeopardy of breaking the law. 

As more and more businesses fall into the scope of these laws, organizations that do business in any of the bloc’s 27 member nations will need to start taking the ESG framework’s three pillars more seriously. That’s because these directives are legally binding, and come with serious financial penalties that dramatically alter the stakes and composition of ESG risk in Europe. The European Parliament, for example, stipulates that penalties for noncompliance with the CSDDD carry a maximum limit that “shall be not less than 5% of the net worldwide turnover of the company in the financial year preceding that of the decision to impose the fine.” 

For a large corporation with $1 billion in annual revenue, that represents a financial penalty of $50 million. The directive also outlines potential repercussions for businesses that fail to pay financial penalties within the allotted time frame, including issuing a “public statement indicating the company responsible for the infringement and the nature of the infringement.” This is colloquially referred to as “naming and shaming,” a form of punishment equivalent to publicly calling out a firm and broadcasting their ethical failures to consumers and other potential stakeholders. 

In addition to the codification of the ESG framework in the EU, there’s also a strong reputational dimension to ESG risk in the region. A 2023 report conducted by risk management firm WTW found that more companies than ever are recognizing and accounting for the relationship between ESG risk and reputation. Over half of the executives surveyed by WTW cited reputation as a top-five risk for their company, with ESG issues in particular “emerging as major reputation risks.” Moreover, 95% of the businesses that participated in the report were allocating budgets for the explicit purpose of managing and mitigating reputational damage. 

Studies like the WTW report generally do not focus on a specific geographical region. The regulatory landscape in the EU, however, combined with the demonstrable importance European culture assigns to sustainability and related issues, makes serious reputational damage an inextricable aspect of ESG risk in the economic bloc. 

Key Examples of ESG Risk in the EU

• Volkswagen Emissions Scandal

Type of ESG Risk: Environmental Pillar

Summary: In 2015, the U.S. Environmental Protection Agency (EPA) sent a notice to the German automaker informing the manufacturer that it had violated the country’s Clean Air Act. It would eventually be revealed to the world that VW had installed special software in their cars that recognized when the vehicles were undergoing emissions testing, triggering emissions controls that passed the necessary performance thresholds. The automaker eventually admitted that it had outfitted roughly 11 million cars with software that came to be referred to as “defeat devices.” 

The reputational fallout from “diesel gate” was substantial and protracted. As of 2020, the ESG-related scandal has cost Volkswagen over $30 billion in fines, financial settlements, and buybacks for their vehicles. 

• Danske Bank Money Laundering Operation

Type of ESG Risk: Social Pillar

Summary: One of the largest financial scandals in European history, in 2017 international regulators learned that Danske Bank, Denmark’s top bank, had been laundering vast sums of money through its Estonia branch. The U.S. Department of Justice, along with Danish authorities, would eventually discover that the financial institution had laundered hundreds of billions of dollars over an eight-year-period beginning in 2007.

Clients implicated in this financial scheme included Russian President Vladimir Putin and the president of Azerbaijan. The fallout for Danske Bank was long and costly. By the end of 2018, the value of the company had plummeted by half. Government investigations, arrests, and settlements dragged on for years, and in December 2022 the bank agreed to pay a $2 billion fine to the Department of Justice. 

ESG Risk in the U.S. 

Unlike the EU, the United States does not have a robust regulatory infrastructure to enforce the ESG framework and its key principles. Efforts in recent years to pass legislation aimed at prioritizing sustainability in the corporate sector and holding businesses accountable for their ESG impacts have been stymied by outside pressures. 

In March 2024, the Securities and Exchange Commission finalized a rule that would have required public companies to disclose information on climate-related financial risks, greenhouse gas (GHG) emissions, and other ESG considerations. The rule faced widespread legal pushback almost immediately, however, with a slew of court petitions filed all over the country arguing that the SEC’s rule would impose an undue reporting burden on businesses. Before long, 25 states and a range of additional entities filed suits with the regulatory body. In April, the SEC announced that it would be pausing the implementation of its climate-related disclosure rule. It insisted, however, that it would continue “vigorously defending the Final Rules’ validity in court.”

Though the U.S. has weak laws surrounding the environmental pillar of ESG—especially when compared with the EU—it is arguably more rigorous in its enforcement of the social pillar. Forced labor is strictly prohibited through 19 U.S.C. § 1307, which prevents all “goods, wares, articles, and merchandise mined, produced, or manufactured wholly or in part in any foreign country by convict labor or/and forced labor or/and indentured labor” from being imported into the U.S. In addition, the Uyghur Forced Labor Prevention Act (UFLPA), which entered into force in 2022, has allocated significant resources and manpower to bar goods made through systematic forced labor in China’s XUAR region from entering the U.S. market. 

Though the U.S. has weak laws surrounding the environmental pillar of ESG—especially when compared with the EU—it is arguably more rigorous in its enforcement of the social pillar.

In general, however, the comparative dearth of ESG regulations in the U.S. means that many sustainability initiatives are self-driven within individual businesses, based on internal priorities. While one organization may prioritize its diversity, equity, and inclusion (DEI) program, leadership at another firm might choose to focus on achieving its carbon neutrality goal. Whatever the specific priorities, though, such efforts are not legally binding, and thus falling short of any stated ESG objective rarely triggers any tangible consequences. 

Where ESG risk does gain more purchase in the U.S., however, is when it comes to reputational damage. A working paper written by researchers at Fordham, the University of Florida, the University of Hong Kong, and Auburn University found that “negative ESG shocks have a profound effect on customer actions.” The researchers looked at over 1,600 negative ESG-related events, as well as millions of purchases, and determined that the average ESG scandal “triggers a 5–10 percent drop in customer sales that extends for at least six months.”

A study conducted by researchers at Bank of America in 2020 further bolstered the financial consequences of ESG shocks. The Bank of America research team estimated that 

“more than $600bn of market cap for S&P 500 companies has been lost to ‘ESG controversies,’” in the preceding seven years alone. Moreover, they found that stock prices for impacted firms took up to a year to fully recover from the reputational fallout. 

Key Examples of ESG Risk in the U.S.

• Cambridge Analytica Data Scandal 

Type of ESG Risk: Social Pillar

Summary: In another ESG scandal that sent shockwaves rippling through the tech world, multiple publications ran exposés in 2018 detailing how the personal data of tens of millions of Facebook users had been collected by British consulting firm Cambridge Analytica. Reporting revealed that Cambridge Analytica had harvested the personal data of up to 87 million users to construct “psychological profiles” that would later be used in several U.S. political campaigns. The data privacy catastrophe led Facebook’s CEO, Mark Zuckerberg, to testify before Congress. 

A year after the scandal first broke, in the summer of 2019, the Federal Trade Commission (FTC) announced that Facebook would be fined $5 billion for the large-scale privacy violations. In response to the substantial reputational fallout, Facebook implemented a new privacy strategy that included doubling its cybersecurity staff to 20,000 employees. 

Adhering to ESG Is Now a Global Imperative

While the prominence of ESG may fluctuate in the U.S., it remains a high priority for governments, regulatory agencies, consumers, and shareholders throughout the rest of the world. The growing influence of the framework across the globe has been matched by a commensurate increase in ESG risk. Although the concept can sometimes come across as vague and subjective, it’s best understood today as a term encompassing two major baskets: reputational risk and regulatory noncompliance. Taken collectively, these are real, consequential hazards for organizations across a range of industries. 

Firms that want to manage their ESG vulnerabilities with insight and precision can gain significant value from supply chain risk management (SCRM) platform Z2Data. The SCRM software features a depth of actionable data on thousands of direct and sub-tier suppliers all over the world, giving companies valuable access to potential ESG hazards along their supply chains. In addition, Z2Data offers comprehensive compliance management, with out-of-the-box compliance analysis for your products on a wide range of relevant regulations. 

No matter your specific vulnerability or supply chain resilience goals, Z2Data has the intelligence and capabilities to help you expertly navigate all manner of ESG risk. To learn more about the Z2Data platform and how its tools can help you steer clear of ESG-related disruptions in 2025, schedule a free demo with one of our product experts.