With the likelihood and potential impact of climate change-related risk only becoming more pressing, what can risk managers do to help their companies assess their exposure and determine how to respond?
Last October, the United Nations’ Intergovernmental Panel on Climate Change (IPCC) reported in its Summary for Policymakers that the world is failing to keep the global temperature increase below the recommended 1.5°C from pre-industrial levels, and temperatures are instead climbing toward a 3°C rise.
Even reaching 2°C above pre-industrial levels will mean a likelihood of more frequent extreme weather events, resulting in significant economic shocks and major business interruption losses. A 3°C temperature rise will likely be catastrophic. The IPCC said that limiting the increase to 1.5°C will require “rapid, far-reaching and unprecedented changes in all aspects of society.” For example, the transition to a cleaner energy system alone will require an investment of around 2.5% of global GDP—equivalent to the value of all goods and services produced worldwide—every year for the next two decades.
On Nov. 22, the U.N. released its Emissions Gap Report, which said levels of heat-trapping greenhouse gases in the atmosphere—responsible for climate change, sea level rise, ocean acidification and extreme weather—have reached another new record high and that there is no sign that this trend is reversing. After recording the first rise in carbon dioxide emissions in four years, the report said that global efforts to tackle climate change are way off track.
The following day, 13 U.S. federal agencies issued the Fourth National Climate Assessment, which offered the starkest warnings to date of the consequences of climate change for the United States. If significant steps are not taken to rein in global warming, by the end of the century, it predicted the damage will knock as much as 10% off the size of the U.S. economy and result in specific costs of $141 billion from heat-related deaths, $118 billion from sea-level rise, and $32 billion from infrastructure damage.
The report warned that trade and agriculture will be among the hardest hit, as extreme weather events driven by global warming are “virtually certain to increasingly affect U.S. trade and economy, including import and export prices and businesses with overseas operations and supply chains.” Disasters like droughts and wildfires will temporarily shutter factories both in the United States and abroad, causing price spikes for products ranging from apples to automotive parts. And because American companies rely so heavily on international supply chains, almost no industry will be immune to the effects of climate change at home or abroad.
The report cites as an example the extreme flooding in Thailand in 2011. Western Digital, an American company that produces 60% of its hard drives there, sustained $199 million in losses and halved its hard drive shipments in the last quarter of 2011. The shortages temporarily doubled hard drive prices, affecting other U.S. companies like Apple, HP and Dell.
The 1,656-page climate assessment goes so far as to say that climate change is taking the United States into uncharted territory. “The assumption that current and future climate conditions will resemble the recent past is no longer valid,” it said.
Disclosing Climate Risks
Climate risk could have a serious impact on the way companies operate. As a result, there have been greater efforts over the past decade to encourage—and force—companies to take steps to reduce their carbon footprints and greenhouse gas emissions, and to publicly report on the measures they plan to take and the financial (material) impact climate risk may have on their operations in the near- and long-term.
Climate change reporting has become increasingly standardized in the United States and Europe through SEC and EU reporting requirements. The SEC’s 2010 guidance on climate change disclosures in Regulation S- K, the “central repository for [the SEC’s] non-financial disclosure requirements,” clarified that existing SEC disclosure regulations require companies to consider the consequences of climate change and emphasized the need for “appropriate disclosure…as to the material effects.” Likewise, a 2014 EU directive required large companies to disclose relevant and useful information on specified topics including climate change in annual reports beginning in 2018.
Despite this, climate risk still does not feature predominantly on the risk registers of many of the world’s largest companies. The Task Force on Climate-related Financial Disclosures (TCFD), an initiative aimed at encouraging the financial services sector to look at how it might be impacted by climate risk, found in its 2018 Status Report that relatively few companies disclose the financial impact of climate change on their operations or business model, and that information on the resilience of companies’ strategies under different climate-related scenarios is also limited. Even companies that do report need to include more actionable climate-related information.
According to research released last March by the Climate Disclosure Standards Board, an international consortium of business and environmental NGOs committed to improving corporate environmental reporting, U.S. firms generally lag behind their European peers at incorporating climate risks into long-term strategic planning. While over 90% of companies surveyed from the U.K., France, Germany, Japan and India have established board-level mandates for climate risk oversight, only two-thirds of U.S. firms have done so, which is the lowest percentage among surveyed countries.
Other surveys have also found a disconnect between what risks companies look at and what they should prioritize. For example, a recently-published annual report called Risk in Focus from seven European Institutes of Internal Audit found that, from a list of 16 organizational risks, environmental and climate change risks came in last, both in terms of risk priority and the amount of audit time spent on them. In part, this is because boards regard cyberrisk, data security and general compliance as more immediate priorities that require their focus.
This discrepancy is not lost on stakeholders. Investors are increasingly pushing for better disclosure, more transparency, and changes to operational practices and long-term planning. Several have joined forces to press for disclosure through groups such as Climate Action 100+ and the International Investors Group for Climate Change (IIGCC). In 2018, ISS and Glass Lewis—which account for over 90% of the shareholder advisory services market—updated their proxy voting policies to make clear that they will assess the adequacy of climate disclosure.
Shareholders are also becomingly increasingly active on the issue. For example, oil giant Royal Dutch Shell has said that it will set carbon emission targets and link them to executive pay following investor pressure, while a coalition of investors with around $6.5 trillion under management is calling on McDonald’s, KFC and other fast food suppliers to take swift action on climate change by cutting carbon and water risks among their dairy and meat suppliers.
Some of the world’s largest asset managers—including the two largest, Blackrock and Vanguard—have also written to a number of public companies calling for better climate risk disclosures. Furthermore, in 2017—a year that saw the biggest insurance payouts for damages caused by natural catastrophes—motions backing shareholder actions on carbon disclosure from investment managers controlling over 45% of global assets under management increased threefold. While disinvestment may yet prove to be a step too far for institutional investors, experts suggest that it is an outcome that looks increasingly likely in the future.
Taking Greater Action
Despite improved regulator and investor scrutiny, however, experts believe that most companies are still sitting on their hands. “While climate risk may be climbing up the board’s risk agenda, it still does not come anywhere close to cyberrisk in terms of executive consideration,” said Don Reed, executive director at sustainability consultancy Anthesis Group.
Climate risk awareness and preparation varies across companies and across industry sectors, Reed said. “Those that are directly impacted, like utilities and manufacturers, tend to have a very good understanding of how climate change may impact their operations over the immediate and long-term, whereas retail, for example, probably doesn’t,” he explained. “Even with the IPCC report giving the world a 12-year warning that global warming needs to be held at below 2°C degrees or else risk irrevocable harm, many companies still regard it as a long-term risk and think that they have plenty of time to address it.”
Reed believes that investors, however, will ensure that the risk is not ignored. “In many cases, institutional investors are taking a longer-term view of corporate performance and risk than the companies they invest in are,” he said. “Shareholders are demanding more information about how boards are addressing climate risk and what steps they are taking to ensure that the business can adapt to the long-term effects that climate change is likely to present, and they are also more inclined to vote against corporate strategies that fail to consider these impacts.”
As a result, Reed said that there are several key questions that a risk manager needs to ask about his or her organization’s approach to climate risk. First, they will need to determine which aspects of climate risk will have the biggest material impact on the organization and which areas of the business will be hit hardest by its effects. They also need to assess if there a risk that products or services could become unsustainable, and what the costs to the business could be if physical assets—such as buildings and infrastructure—are damaged as a result of adverse weather or changes in the environment.
Then, risk managers will need to determine what actions should be prioritized to offset climate risk now, and which ones the organization will need to put in place in two or three years. Getting input from all stakeholders will help gauge the true extent of organizational preparedness. “Even if individual departments are aware of the risks, they may be working in silos with no proper unified response,” Reed said. “Risk management can really add value by formulating an organization-wide approach.”
Gary Davis, CEO at Ecometrica, a consultancy that monitors environmental trends and hazards using satellite technology, said that any appreciation of climate risk should start with an organization’s look at its own levels of energy consumption and greenhouse gas emissions to work out ways to reduce both.
“It is only a matter of time before more stringent requirements—perhaps even limits—regarding energy consumption, waste and emissions come into force in some jurisdictions, which could see companies being fined for excessive energy use and waste production,” he said. “As a result, they should act now to seek greener and more cost-efficient solutions before they are legally mandated to. Not only will this reduce expenditure, but it could also help make them more competitive if lower energy costs, for example, contribute to lower production costs.”
Davis suggested that organizations also look at their supply chains and assess suppliers’ risk-awareness and resilience to climate change. “If a supplier is exposed to supply chain failure, or is not prepared for floods or other natural catastrophes, what contingencies do you have to cope? What impact would it have on your operations? Where could you source materials and services from quickly if there was a crisis? These are key questions that risk managers need to ask and to make sure that the organization has answers for,” he said.
Companies also need to push for more disclosure and better assurance from key suppliers that they are regularly reviewing the possible impact of climate risk to their operations, and that they too are conscious of the need to act more sustainably. “There is now a much greater focus on third-party risks and supplier conduct,” Davis said. “A company’s reputation can be shredded if behavior within its supply chain falls below legal and stakeholder expectations, such as using illegal logging, causing deforestation to make way for palm oil plantations, diverting water courses away from local populations to use for agricultural purposes, and so on.”
Costs and Benefits
The key problem with climate risk—or any regulatory or legal compliance—is that it is regarded as a cost and not as a value generator. Illya Azaroff is an associate professor in architecture at City University of New York and founding co-chair of the Design for Risk and Reconstruction Committee, an organization that promotes disaster mitigation and adaptation measures in building design and construction. He believes risk managers should look at the short- and long-term financial and risk benefits of being an “early adopter” and try to sell them to the board.
“Many executives will simply not correlate the fact that the planet is heading towards catastrophe and that their companies are playing a role in that,” he said. “But if you can make a financial case stating that it makes sense to change the way the company operates, where its offices are located and the types of buildings they are based in, the way it uses transport, energy, water and so on, and how that impacts operating costs, insurance and travel, then you will have their attention.”
To build that case, Azaroff said that risk managers should conduct “SWOT” analysis and put together a list of strengths, weaknesses, opportunities and threats, and then use a threat-hazard analysis metric to see how exposed the organization could be to the risks it has identified. He also suggested categorizing risks as “hard” and “soft,” with the former relating to physical areas such as investment in infrastructure, flood defenses, new equipment and so on, while the latter includes issues such as staff training and supply chain management.
“Climate risk is a long-term financial and operational risk that all organizations need to deal with—it cannot be ignored,” Azaroff said. “Boardroom failure to appreciate its financial implications can easily result in a company going out of business quickly.”
At the end of January, for example, utility company Pacific Gas & Electric Corp. (PG&E) filed for bankruptcy protection after it was linked to the deadliest California wildfire to date, which was thought to have started when one of the company’s power lines came into contact with nearby vegetation. The area has experienced dozens of large wildfires in the past 20 years, which many experts, including the authors of the Fourth National Climate Assessment, believe have been exacerbated by drought conditions caused by climate change. It appears that the company underestimated the risk and failed to adapt. Now, it is facing an estimated $30 billions in wildfire-related liability.
“Climate risk analysis is still in its early days,” Reed said. “However, it is not tenable for companies to do nothing. Risk managers need to at least start taking baby steps to assess the level of exposure that climate risks pose to the business.”