Todd Boehler has over 25 years experience in the governance risk and compliance software space. He is currently Senior Vice President of Strategy at ProcessUnity, where he oversees third-party risk management. ProcessUnity is a company that is making good governance, risk, and compliance (GRC) practices and tools available to organizations via cloud-based, third-party risk and cybersecurity program management tools. Tom Fox welcomes Todd to this week’s episode of the ESG Report to discuss the relationship between third-party risk management and ESG.
The Biggest Risk
“In my opinion, third-party risk management has been the biggest risk in anti-corruption compliance,” Tom says. It’s something everyone in the company - up to the board level - has to be more consistent with. Todd agrees; it’s becoming more complex as time goes on, he adds. More businesses are outsourcing in order to compete. This brings accelerated risk. “You have to know where the risk lies inside of those [third-party] companies, otherwise you're going to be accountable for that to your customers and your regulators and your examiners,” Todd points out.
Evolving Risk
Todd runs ProcessUnity’s Partners and Alliances program and its product teams. His role involves growing the company ecosystem and investing in technology to help their clients manage risk and solve their problems more efficiently. “ESG has been an evolving risk area,” Todd tells Tom. “We help companies monitor and manage their third-party [risk] specifically, across all different areas of risk [including ESG risk].” ESG is a social mandate nowadays, he continues; more companies and regulators are acknowledging its importance. “We integrate and connect ESG data providers into our customer's risk programs so that they can cover and understand ESG risk against their third parties,” he points out.
Monitoring Third-Party Risk
Tom asks Todd whether potential clients fully understand the need to monitor ESG risk and how ProcessUnity allows them to manage that risk. It depends on the maturity of the company, Todd responds. “Smaller companies that are highly regulated may be more mature than larger companies that are not so highly regulated,” he points out. It also depends on the stage they are in their roadmap, as well as how much they prioritize ESG risk against other types of risk.
Financial Resiliency
Tom comments on the importance of financial resiliency of your third-party partners. If a company is not doing well financially, they may be unable to supply your products. They are more vulnerable to cyber attack because they may not be able to invest in cybersecurity, and they may be more easily persuaded to engage in bribery and corruption. Financial resiliency is a must, Todd says. Your company needs it, and your suppliers must also have it.
The Rise of ESG
ProcessUnity recently released a white paper, The Rise of ESG in Third-Party Risk Management. Tom asks, “What do you see as some of the key factors contributing to the relevancy of ESG on a worldwide basis?” He and Todd talk about the global push towards ESG and the corporate world’s response. A cultural shift coupled with new regulation is bringing ESG to the fore. Proper documentation of our ESG program will help you make better business decisions as well, both men agree. Your business will become more efficient and robust as well.
Looking Ahead
Tom asks Todd where he sees third-party risk management in ESG in 2025 and beyond. Risk professionals are thinking about and prioritizing ESG risk more, they agree. Todd adds that ESG risk attention will increase because there will be more data and more regulations. Additionally, there will be more people taking over executive positions who wish to implement ESG cultures and regulations in businesses that require ESG risk management.
Resources
Todd Boehler | LinkedIn | ProcessUnity
The Rise of ESG in Third-Party Risk Management
