GSK and Morgan Stanley make headlines this week. But for staggeringly different reasons.
How two industry giants manage ESG oversight.
This week, as the world observed its country leaders and delegates broadcast their intergovernmental, economic and climate priorities from the 2022 UN General Assembly, a couple of important press releases made their way into conversation about ESG and supplier oversight, but for very different reasons.
It was during Climate Week NYC (part of the UNGA) that pharma giant Glaxosmithkline unveiled its plans to put suppliers on the hook for their own carbon footprint. GSK's existing ESG goals are established and well documented, if not aggressive (as below), as they've acknowledged their own active pharmaceutical ingredients contribute to GHGs with 40% of their net carbon contribution produced by their suppliers.
Image source: https://www.gsk.com/en-gb/responsibility/environmental-sustainability/
With the above deadlines fast approaching, it would have been impossible for GSK to achieve these goals without directly influencing that 40% from 3rd party suppliers. Enter their Sustainable Procurement Program that, starting from 2023, will require certain suppliers to align with GSK’s responsible sourcing minimum standards requiring suppliers to:
disclose their own emissions
set carbon reduction targets
switch to renewable energy
achieve water neutrality in water-stressed areas
achieve 10% waste reduction
switch to green transport
That seems like a big ask , right? Well, it takes a village as they say, and so GSK have committed to providing training and tools to help their suppliers to be successful, starting with an ESG-focused supplier summit next month where they will host 160 of their top suppliers to brainstorm and agree ways to make this program work. Watch this space.
Meanwhile, Morgan Stanley this week also made the news with respect to supplier oversight. What started as planned hardware disposal activities back in 2015 ended with a $35 million fine from the SEC for "extensive failures to safeguard personal information of millions of customers". So what happened?
In one example cited, Morgan Stanley hired a moving company (that's right, not a hardware disposal company) to dispose of thousands of hard drives and servers, which were then sold to a 3rd party, only to be re-sold to an internet auction site, and again resold from there. The really bad part? The devices contained unencrypted personal identifying information of thousands of Morgan Stanley clients. The firm was able to recover some of the devices but the "vast majority" were never recovered.
Morgan Stanley's failures in the case were "astonishing," said Gurbir Grewal, director of the SEC's enforcement division. "If not properly safeguarded, this sensitive information can end up in the wrong hands and have disastrous consequences for investors."
Keep in mind that while the UK/EU have federal laws mandating certain disposal and recycling standards for hardware and electronic equipment (the WEEE directive), the US doesn't yet have the same in place as each state governs differently (see the list here). So what's the best thing to do to avoid this ever happening in your company?
Invest in a defined and board-approved ESG program
Establish your internal Data Disposal Policy
Establish ESG liabilities and reporting in your Tier 1 & 2 supplier contracts (this should include your IT & OEM contracts by default)
Publish your Supplier Code of Conduct
Tie employee KPIs to completion of annual training on the importance of safe equipment disposal and data protection laws
You should also visit sites like the CISA https://www.cisa.gov/tips/st18-005 who provide detailed information and resources on how to safely store and dispose of data.
Kelli Wilks is Management Consultant at Spring CPO where she advises clients on ESG priorities, procurement transformation, negotiation strategies, and supplier performance.