Companies operating in multinational markets face an ever-increasing and complex set of obligations, ranging from laws established by governments to the expectations (and criticisms) of investors, customers, neighbors, and environmental and advocacy groups, all in the context of highly variable cultural, social, political, and market situations. Standards can provide a practical governance framework, as well as substantive guidance, to help companies successfully manage these obligations and challenges. This article outlines the environmental compliance and governance challenges facing multinational companies, and then discusses how extra-legal standards can provide a disciplined management framework for achieving compliance and executing subject or sector-specific guidance that supports sustainability, environmental social governance (ESG) and corporate social responsibility (CSR) strategies.
The primary focus of lawyers is on legal obligations, which by themselves can be overwhelming for companies with international operations. Legal obligations appear at the local, provincial/state, national, regional, and international levels. There are significant variabilities in legislative/regulatory processes, enforcement capabilities, practices and consequences, and the availability of adequate infrastructure to support compliance. There can also be major differences in the social, political, and cultural contexts. There is also a kaleidoscope of cultural, ethnic, language, and demographic variability, along with wide swings in labor and health conditions and practices.
These factors make the directive to “comply with applicable law” more difficult and less meaningful than one would hope. It is difficult and resource-intensive for a multinational company to identify, track, and correctly interpret the myriad of applicable legal requirements. Even if this can be successfully done, a far-flung organization (or its stakeholders and critics) may not be comfortable with formal compliance producing different levels of environmental performance depending upon location. Further, compliance on a market-by-market basis may not be practical when a company is selling in the global marketplace. This is not just a “big multinational corporation” issue; in this era of web-based commerce tied to global value chains, small companies may nonetheless have a global reach and an accompanying global legal footprint.
Layered onto legal requirements are what might be called “extra-legal” environmental challenges and obligations. Many of these can be loosely bundled into concepts such as sustainable development, CSR, ESG, and related initiatives such as promoting a “circular economy.”
The extra-legal nature of these concepts does not make them any less concrete or important. First, they can influence the development of legal requirements. Second, stakeholders of all sorts have made clear the importance they attach to these principles, and the power of stakeholder expectations about sustainable and socially equitable operations cannot be measured solely by their formal legal status.
These extra-legal expectations are often expressed in specific economic and public terms. For example, ESG is becoming an increasingly important factor for investors, and many major financial institutions are taking ESG into account when making investment decisions. To provide a few examples in the retail sector, the fashion industry has been challenged to reduce the environmental impacts linked to rapid fashion changes that some allege encourage a “throw-away” lifestyle, and many companies have been publicly “shamed” about the working and environmental conditions of their value chains. Some companies have recently faced significant internal pushback from employees disappointed with their companies’ stance on ESG issues. These extra-legal pressures can have major consequences for some economic sectors, such as the impact of campaigns to “decarbonize” the economy on the energy and transportation sectors.
Investors, financiers, customers, employees, advocacy groups, and the public at large are looking beyond the numbers (e.g., returns on investment, prices, wages, etc.) as the sole measures of organizational performance. Their expectations can be at least as (or even more) important than legal requirements because they can directly affect an organization’s success in markets, workforce morale, access to capital, and community acceptance of their right to operate.
Recognizing these challenges, many companies have launched sustainability, CSR, or ESG strategies. These efforts face the same challenges as those directed to legal compliance: consistently identifying and managing the myriad expectations and obligations, which may be directed at both a company’s operations and its global value chain. This governance challenge is enhanced because stakeholder expectations may be expressed less formally than legal obligations, and modern social media can affect and spread expectations with a speed unknown to the more deliberate process of law.
Legal compliance is increasingly viewed by many companies and stakeholders as an insufficient performance measure and, as a practical matter, poses challenges for those operating in dozens or even hundreds of jurisdictions. This is not to say that legal compliance is trivial; decades of comprehensive regulatory controls have produced impressive results. However, the limits of traditional national regulatory mechanisms have become increasingly clear.
National laws are not always effective solutions to environmental challenges that do not respect national borders (e.g., climate change, transboundary air pollution, overfishing), or public health issues such as pandemics or famine. National controls may not prevent one’s neighbors from creating transboundary pollution or from unsustainably depleting shared resources. Different levels of national environmental regulation and enforcement can also result in “environmentally intensive” activities gravitating to the least-regulated areas. This might shift, but not decrease, overall global environmental loads and disguise from consumers the environmental impacts of the products they purchase.
Another limitation of legal frameworks is that some regions do not have the political or technical capacity to effectively enforce regulatory requirements. Some regions fail to empower citizens with opportunities to effectively participate in economic, environmental, and social decisions. This can result in local concerns being expressed through extra-legal means. Where the legal framework has limited credibility, formal legal compliance might not prevent significant stakeholder opposition.
There have been transnational efforts to overcome the shortcomings of regulating environmental protection through national law. For example, the European Union has established common EU-wide legal environmental requirements through directives that are largely implemented through the national law of individual EU member states. At a broader level, international agreements such as the Basel Convention on the transboundary movement of waste, the Montreal Protocol on reducing the production and use of CFCs, and the Paris Agreement on climate change all try to address transnational environmental issues with varying degrees of success.
The law is also deliberate and does not always react quickly to public concerns or developing science. This can create difficulties for companies forced to act or take public positions where there are limited or no regulatory requirements. For example, though the presence of plastics in the environment had been a concern for decades, a graphic video of straws wedged in the nostrils of a turtle that went viral in social media captured the public’s attention and put immediate added pressure on companies to reduce their use of plastics. Stakeholders may also react more quickly than regulators to uncertain science, pressuring companies to act even where regulators have concluded that there is no substantial risk. Public advocacy groups have become skilled at conducting and communicating their own scientific analyses that can challenge the credibility of governmental and industry evaluations of risk.
Lastly, the law itself does not provide a governance framework for successfully managing the myriad of legal obligations that apply to multinationals’ operations and markets. The law is an even less capable framework for effectively addressing the extra-legal challenges that are important to many companies’ sustained success.
The “we fully complied with all applicable laws” statement often used by companies in the face of negative events is increasingly viewed as unsatisfactory by both companies and their stakeholders and critics. A governance model based primarily on legal compliance is not likely to be comprehensive or agile enough to effectively identify, address, and benefit from the broad range of stakeholder expectations and pressures faced by multinational companies.
The complexity of legal requirements and the jurisdictions in which they are enforced, combined with the range and speed of stakeholder expectations, call for a comprehensive and agile approach to ESG/CSR governance. There are many tools to help manage these obligations, including traditional legal advice, risk management tools, and operational management systems (e.g., operational excellence, operations integrity, or “agile” management). Standards set by standards development organizations (SDOs) and other organizations can play a valuable role in ESG/CSR governance strategies, providing broad management frameworks and more focused subject matter or sector-specific ESG and CSR guidance.
Standards have long played a role in facilitating human activity, whether it was standardizing the measurement of property, defining railroad gauges, or developing safety standards for boilers. In the modern era, the International Organization for Standardization (ISO) has become the “United Nations” of standards writing, with over 150 national SDOs as members. ISO was created to develop consensus international standards aimed at facilitating trade by normalizing technical specifications. In addition, national legal requirements based on recognized consensus standards are presumptively valid against charges that they are illegal nontariff trade barriers.
For decades, the work of ISO focused on technical standards. Beginning in the late 1980s, ISO and other SDOs began expanding into “management systems” standards that significantly increased ISO’s visibility and influence. This trend began with the publication of the ISO 9001 quality management systems standard in 1987, followed by the publication of the ISO 14001 environmental management systems (EMS) standard in 1996 (both were revised in 2015). Since then, ISO has published management systems on information technology and security (ISO 27001), food safety management (ISO 22003), quality management for manufacturing medical devices (ISO 13485), occupational safety management systems (ISO 45001), and anti-bribery management systems (ISO 37001). These ISO standards share a template of common management systems elements to facilitate their implementation with minimum duplication. ISO has also published standards and guidance documents on many environmental issues addressing everything from climate change to water efficiency to nanotechnology, and related issues such as social responsibility (ISO 26000).
ISO and its member national standards bodies are not the only source of standards or similar guidance; the U.N., nonprofits, trade associations, and other organizations have generated influential documents. Sometimes these documents are focused on specific economic sectors (e.g., chemicals, mining, banking) or on activities that cut across sectors (e.g., public reporting on sustainability).
Voluntary consensus standards such as those developed by ISO are an integral part of global commerce and the legal landscape. Standards have long been part of enforceable commercial contracts, making them anything but voluntary. Implementing the ISO 9001 quality management systems standard has become a condition of doing business in many economic sectors. Over 1.1 million sites have been issued formal certificates by accredited third-party auditors verifying that the sites have implemented ISO 9001, and countless companies without certifications operate based on the “plan-do-check-act” model standardized in ISO 9001. The influence of the ISO management systems model continues to expand as other ISO standards are implemented.
Though developed in a nonregulatory context, voluntary standards are widely used by governments around the world as either guidance or the basis for binding requirements. In the United States, the National Technology Transfer Act of 1995 directs federal agencies to use applicable standards in regulations (or demonstrate why they should not be used). Thousands of standards have been incorporated by reference into federal regulations.
Standards are woven into the fabric of environmental compliance. For example, many of the technical sampling and analytical methods required by US EPA have been created by ASTM International, and US EPA has incorporated conformance with technical standards into many regulatory requirements. In the EU, standards developed by the European Committee for Standardization, which frequently adopts ISO standards, are often used to provide technical requirements necessary to implement EU Directives. Environmental regulators, including US EPA, are frequent participants in national and international standards-setting activities on topics ranging from climate change to water efficiency.
The ISO 14001 EMS standard has been an influential compliance assurance and environmental governance tool. Hundreds of thousands of facilities around the world, including well over 10 thousand in the US, have third-party-certified ISO 14001 EMS, and many more companies have successfully used ISO 14001 without seeking third-party certification. Governments have also widely employed ISO 14001 as a benchmark for evaluating the adequacy of organizations’ EMS, and in many instances include ISO 14001 in regulatory regimes or guidance. For example, ISO 14001 has been recognized by US EPA as a framework for effective environmental compliance programs, and US EPA and many other federal agencies have implemented ISO 14001–based EMS at their own facilities. When US EPA, the US Department of Justice, or state regulators are evaluating the effectiveness of environmental compliance systems when making enforcement decisions, having an ISO 14001–based EMS can be persuasive in mitigating the enforcement response (assuming effective implementation can be demonstrated). Consent decrees resolving enforcement cases have included requirements to implement ISO 14001–based EMS. ISO 14001 often plays a more prominent role in the legal regimes of other countries.
A salient consequence of the global use of management systems standards has been the propagation of well-recognized and shared vocabularies and practices aimed at successfully managing challenges of all sorts. One can travel the world and find companies familiar with the principles of ISO management systems standards and, with varying degrees of success, experience in implementing them. Multinational companies can take advantage of this “installed base” in their global ESG/CSR strategies.
ISO 14001 illustrates how standards can be used as a framework for ESG/CSR governance, recognizing that ISO 14001 is not the only model and might not suit every company. Companies also do not have to seek third-party certification to effectively use ISO 14001 as a model, and many do not (though it appears that there is an increasing interest in companies seeking some form of third-party assurance or certification of sustainability or ESG disclosures and performance).
The central elements of ISO 14001 reflect common-sense management principles. Companies should evaluate the overall context in which they operate and how that may affect environmental outcomes (to which ESG/CSR outcomes can be added), including identifying and understanding the needs and expectations of stakeholders, as well as applicable legal requirements. Taking this context into account, companies should establish a policy that will be the framework for setting the companies’ objectives. Reflecting that ISO 14001 is not simply a neutral process-oriented standard, the policy must include commitments to compliance, environmental protection, pollution prevention, continual improvement, and meeting any extra-legal commitments that a company might make (e.g., the American Chemistry Council’s Responsible Care program, CERES, the Equator Principles).
Companies must identify their significant environmental issues (“environmental aspects” in “ISO-talk”) and associated impacts related to their activities, products, and services, a process that can include ESG/CSR issues. This is intended to be a holistic exercise not limited to just a slice of the company and should be done from a life-cycle perspective (which can create a platform for “circular economy” initiatives). This promotes comprehensive and systemic strategies and discourages narrow “single issue” approaches to sustainability. Objectives must then be established to manage these significant environmental aspects in line with the company’s policy (e.g., compliance, pollution prevention), stakeholder expectations, legal requirements, and other commitments. In addition to compliance objectives, considering stakeholder expectations and preventing pollution can lead to extra-legal objectives (e.g., decreased natural resources use, reduced carbon footprint, etc.). Other standards and documents can inform potential ESG/CSR objectives and be plugged into this framework, such as the Equator Principles on finance, or the work of the World Business Council on Sustainable Development or CERES. While aimed largely at nations, the United Nation’s Sustainable Development Goals can also be instructive.
Objectives are only window dressing unless companies establish and execute plans to achieve them (the “who, when, where, how”) and provide the necessary resources. At a more detailed level, operational controls and procedures must be implemented as necessary. Again, a life-cycle approach is encouraged, from procurement to the end of life of products to the activities of third parties, consistent with ESG/CSR strategies aimed at value chains and a circular economy.
None of this works unless the company has a competent, trained, and aware workforce, including appropriate communications to suppliers and contractors. This includes implementing internal as well as external communications procedures. The external communications procedures could encompass everything from community dialogues to annual sustainability reports. ESG reporting in financial disclosures is getting increasing attention from financial regulators around the world. Further, the spare language on external communications in ISO 14001 can be enhanced by looking to additional guidance, such as that developed by the Global Reporting Initiative. There is a large literature on “sustainability accounting” and ESG reporting in which many organizations are involved, including ISO, GRI (which has recently proposed enhanced ESG reporting standards), the Sustainability Accounting Standards Board, and many others. Using these reporting standards in the context of a disciplined and comprehensive management framework can help companies avoid gaps between what they do and what they report (which can generate liability and reputational harms) and facilitate obtaining third-party assurance of ESG disclosures for those companies who desire or need it.
Companies must measure their performance (“what gets measured gets done”), including regularly evaluating legal compliance, which supports sustainable performance and credible reporting. The flexible ISO framework accommodates innovative performance metrics from all sources. For example, a company measuring the carbon footprint of its value chain might use the greenhouse gas (GHG) protocol developed by the WBCSD and the World Resources Institute, or a company with a plastic pollution reduction strategy might use the Plastic Leak Project Guidelines aimed at measuring “plastic leakage” across value chains. In addition, the system itself must be regularly audited to verify that it has been adequately designed and implemented. The measurement and auditing provisions are accompanied by requirements for preventive and corrective action procedures.
A central element is management participation in and review of the implementation of the system and the organization’s performance, with an eye towards changing and improving the system. Without direct, visible, and regular management involvement integrated into regular business activities, most EMS and accompanying ESG/CSR strategies are not likely to be effective. Consistent with the principle of continual improvement, this system is not static: Change management is an essential part of the framework, with information, objectives, and plans being regularly reviewed and adjusted or improved as necessary. This creates a comprehensive and integrated framework that reaches from the boardroom to the product design team, facility floor, and delivery truck. It also reaches beyond the boundaries of the organization to encompass the value chain and the life cycle of its products and services.
Some of the features of ISO 14001 that make it useful as an ESG/CSR framework include:
Familiarity. The ISO management systems framework is familiar to hundreds of thousands of organizations around the world, making it useful to companies operating in a multinational context. A US multinational might have more success and encounter less resistance driving ESG/CSR through the company using a framework such as ISO 14001 rather than a model based on the US legal system. Using principles and terminology that have already achieved global recognition and acceptance should also facilitate ESG/CSR strategies aimed at global value chains. To the extent that suppliers or operations need help, there are many consulting firms around the world who are familiar with this framework, which can take some of the burden off corporate staff who might otherwise have to span the globe to implement or audit a custom-designed system or one based on a specific legal framework.
Comprehensive, Open, and Flexible Architecture. This framework is constructed on a foundation of compliance, pollution prevention, and continual improvement, but is not tied to any specific legal or political-economic regime, enhancing its value for multinational companies. It demands that companies holistically consider their overall context, issues, value chain, and stakeholders and is not tied or limited to any specific issue or economic sector, enabling a comprehensive and open-minded approach to ESG/CSR. This open architecture allows it to serve as a platform for accommodating and executing disciplined sustainability strategies from sources such as CERES, GEMI, or the World Business Council on Sustainable Development; sector-specific initiatives such as the Equator Principles (finance), Responsible Care (chemicals), or the Higg Index (apparel, footwear, and textiles); or efforts aimed at specific goals such as reducing GHG emissions or executing “circular economy” strategies. At the same time, it encourages companies to look beyond narrow ESG/CSR efforts that may only address a slice of a company’s operations or focus on a single element of ESG/CSR (e.g., reporting). This encourages comprehensive and coordinated ESG/CSR strategies rather than isolated initiatives emanating from different parts of a company (e.g., corporate communications initiating GRI-based reporting while procurement separately launches a sustainable value chain strategy). It can also enable disciplined compliance programs and account for national or regional variabilities without having to impose them throughout an organization’s entire global system. For example, it is prudent to incorporate the U.S. Sentencing Guidelines and U.S. DOJ’s guidance on effective compliance systems into U.S. operations, but not all elements of the US government’s expectations may be appropriate (or even legal) for operations outside of the United States.
Scalablility. This framework has been successfully implemented by some of the largest corporations in the world and by small companies working deep in the global value chain. A large multinational can migrate this framework throughout its value chain to companies of all sizes, adjusting it as necessary. This scalability, combined with the framework’s global familiarity, can be “leveraged” by small companies that nonetheless have a multinational footprint.
Integration. These principles are consistent with operational systems used by companies to run their businesses. An ESG/CSR framework based on ISO 14001 can easily be integrated with business systems such as Operational Excellence, “lean” management, or similar business models. Similarly, the process of identifying significant environmental aspects can be built into a company’s enterprise risk management system. The consistent ISO management systems framework also allows integration with other ISO-based systems such as quality (ISO 9001), occupational safety (ISO 45001), and antibribery (ISO 37001) management. Ease of integration can help avoid the pitfall of ESG/CSR programs that are foreign to a company’s everyday operations, which can produce uneven and inconsistent results and may be difficult to sustain.
Discipline. A principle of the ISO management systems standards is “say what you do, do what you say.” This discipline is intended to connect the dots between high-level aspirational statements about sustainability or ESG/CSR with concrete and verifiable ground-level execution. Organizations that make promises but do not (or cannot) follow through with consistent and measurable performance driven by a disciplined system may have difficulty persuading enforcers, stakeholders, or critical advocacy groups that they are credible. One strategy to avoid credibility gaps between commitments and performance and be prepared to defend against charges of “green washing” or “social washing” is to have demonstrably taken specific actions with actual results (i.e., “walk the talk,” or perhaps, “walk before you talk”). While this framework does not guarantee results, its disciplined approach should increase the likelihood that ESG/CSR will be consistently and concretely integrated into an organization’s performance.
Agility. Effective governance must be open and responsive to new information from all angles, not just new legal developments. The ISO 14001 model is based on openness to the views of stakeholders, a holistic approach to identifying issues, continual improvement, and management of change. For example, the identification of significant environmental aspects is an ongoing process, and the obligation to systemically identify and consider the views of “interested parties” (including critical ones) better places an organization to anticipate, not just react, to ESG issues. Agility is also increased by embedding ESG/CSR governance in the everyday management of an organization rather than locking it into a defined “silo.”
A governance framework based on a standard such as ISO 14001 does not guarantee specific outcomes. This framework is a good tool, but it is up to the organization to achieve results. While ISO 14001 is based on commitments to compliance, environmental protection, pollution prevention, and continual improvement, it does not mandate carbon footprint sizes, recycling rates, or what a living wage is. However, it provides a comprehensive and flexible “plug and play” framework through which ESG/CSR goals can be identified, evaluated, applied, and executed in a disciplined, coordinated, and sustainable manner. In a complicated and fast-moving world, such standards can be a valuable tool for multinational companies seeking to implement a sustainability/CSR/ESG governance framework that is flexible, is familiar to most global value chains, is consistent with common business models, and serves as a foundation for superior and improving performance.
