ESG and the risks of digitalisation

by Charles Radclyffe, CEO, EthicsGrade

Share this post

Charles Radclyffe explores why technology might not be the universal force for good it has always assumed to be and why the sector should be thinking about technology governance to mitigate and manage potential harms.

The technology industry has developed in broadly three phases to date. The era of the nerds, the reverence, and now the tech-lash.

But first, let’s rewind to an earlier simpler time. In the days of cheque books and ZipZap machines (credit card imprinters – does anyone remember those?) tech leaders didn’t get a seat at the top table.

To the extent that companies had technology departments, it was to streamline correspondence, for the implementation of efficient accounting systems, and for the management of administrative tasks such as those in HR.

A company might have had a head of technology, but they certainly wouldn’t have been consulted for strategic decisions, nor would they have been invited to play a role in product design or innovation. The techie nerds were cast in the same light as others who literally ‘keep the lights on’: facilities management, janitorial staff, and maintenance. IT governance was similarly not a board level matter. It was simply the domain of the RAG report.

The worldwide web changed everything. Within a decade of Tim Berners-Lee’s gift to humanity, the nerds had moved from a position of derision to one of exultation. The .com boom of the late 90s suddenly had not just made tech respectable, but for the first time: cool.

A quarter century later we still talk about digital transformation and digital strategy, but really all we’re talking about is finally completing the dreams and visions that were created a generation ago, when many of us were embarking first in our careers.

Yet, while tech became a strategic differentiator, the governance of technology didn’t shift up the same gear. RAG reports were still de rigeur, and tech delivery was seen only in terms of opportunity cost, not in terms of corporate risk.

The high watermark in the rising tide of importance of the nerds probably came in the form of Mark Zuckerberg’s award as Time Person of the Year in 2010. This was the year that the iPad was released, and consequently the era of the app was born.

Yet eight short years later, Zuckerberg had been hauled in front of Congress to answer questions about the Cambridge Analytica controversy, where Facebook was accused of colluding with a start-up allegedly paid to manipulate voters leading to potentially change the outcome of elections around the world. Most notably, the election of President Trump in the US, and the winning Leave campaign for the Brexit referendum in the UK in the same year.

For big tech, 2016 might be the equivalent to 1985 for heavy industry: the year the ozone layer hole was discovered and the truth that the industrial era wasn’t without existential consequence was revealed to us all. This is perhaps what’s most troubling about describing our own times as the ‘fourth industrial revolution’: doing so simultaneously evokes images of not just incredible shifts in wealth and prosperity, but inequality, exploitation, and environmental destruction.

The social harms of big tech are, thanks to the Cambridge Analytica controversy, clear – but what of the environmental harms? And is digitalisation really an ESG factor?

Although ESG has only been widely written and spoken about in recent years, the discipline began a quarter century ago as some investors started to realise that while taking shortcuts on corporate governance might convey short-term benefits, it was a practice that in the long-term was highly destructive of capital value.

Similarly, it was realised that firms who factored in environmental harms and mitigated them, outperformed their peers, as did those who had a strong sense of social justice integrated within their operations.

This is the origin of so-called materiality assessments – the extent to which an organisation is exposed to risk by a particular factor. An example would be a casino operator on the Miami shoreline compared to its equivalent in central Paris. If ocean levels were to rise by half a meter in Florida, it might have some impact on footfall – but at two meters greater, it would be existential. For the Parisian operator – neither scenarios would have much consequence.

However, this singular understanding of materiality is problematic – it doesn’t account for the harm caused by the company. Consider another example: a chemical company and the issue of river pollution.

While dead fish might not be a financial factor that the chemical company needs to consider in its input workings, if you consider the risk of the chemical company causing pollution – then indeed it might be a highly material factor, and financially too, if you consider the risk of litigation and regulatory intervention.

So, this is the crux of ESG: what are the external factors (broadly laid out along lines of environment, social, and governance), which need to be layered on top of the company’s financial reports and projections to better model its future performance.

And of course, this is not just data that investors need to make more informed decisions, but companies also need it to understand their operational risks stemming from their supply chain.

Perhaps, most importantly, it’s data that all of us care about (although are unlikely to pay for) to understand the alignment of organisations to causes we follow, whether that be environmental harm mitigation, the promotion of social justice, or the implementation of best-practice towards corporate governance.

With this in mind, what are the ESG risks of digitalisation? Well, for Facebook (now Meta – a business about the monetisation of metadata), the initial impact of Cambridge Analytica, according to Bloomberg, was 15% in the short-term and 58% over a long-term view. Highly material for investors, in other words.

‘But Facebook’s business model isn’t our business model,’ I hear you cry. Yes, but this category of harm applies across all companies embarking on digitalisation – as evidenced by International Distribution Services plc (aka Royal Mail) who were unable to provide any international distribution services over the 2022/23 New Year owing to a cyber-attack; or British Airways, which negotiated down a record GDPR fine for data privacy violations in 2018; or TSB’s £48 million fine for IT system failures (on top of nearly £300 million of losses relating to an outage in 2018).

And now, with the advent of artificial intelligence (AI), the EU is poised to introduce a regulation, which will consider the high-risk impacts of algorithmic systems such as in creditscoring and HR.

Every company has an HR system that is likely to use algorithms either in performance reviews, or for hiring. But how misogynist or racist are such algorithms? That’s an ESG risk that your investors and customers will be trying to assess.

Also, the EU’s Circular Economy Action Plan is evidence that e-waste is rising up the agenda, so that questions such as which devices does your app support, and thus the role you play towards planned obsolescence come into focus.

This is on top of questions such as the efficiency of your code from an electricity usage perspective. We all know the debate about proof-of-work versus proof-of-stake in relation to blockchain consensus mechanisms, but did you know that a recent study found that using Microsoft Teams was 2.5 times less efficient than an equivalent call in Zoom? And that virtual backgrounds would use up to 18% more energy than simply tidying your bookcase?

But finally, for fintechs – surely its corporate governance that once again is the biggest ESG factor – taking this whole subject full circle. In recent years, the boring stuff of corporate governance has been largely overshadowed by the positive virtual signalling of the ‘E’ and the ‘S’.

Yet, all the while it’s been once again proven that taking shortcuts in corporate governance is disastrous from a capital value perspective – to name Wirecard and FTX as just two examples. While these were examples of companies being badly run, not necessarily technology being badly implemented, what they did reveal was how many ESG analysts simply overlooked the risks because they were tech companies. And that is a risk to us all, just because we’re in tech, doesn’t mean we’re green.


Charles Radclyffe is CEO at EthicsGrade and a member of Project ESG at The Payments Association.

More To Explore


Are you a member of The Payments Association?

Member benefits include free tickets, discounts to more tickets, elevated brand visibility and more. Sign in to book tickets and find out more.


Log in to access complimentary passes or discounts and access exclusive content as part of your membership. An auto-login link will be sent directly to your email.

Having trouble signing?

We use an auto-login link to ensure optimum security for your members hub. Simply enter your professional work e-mail address into the input area and you’ll receive a link to directly access your account.

First things first

Have you set up your Member account yet? If not, click here to do so.

Still not receiving your auto-login link?

Instead of using passwords, we e-mail you a link to log in to the site. This allows us to automatically verify you and apply member benefits based on your e-mail domain name.

Please click the button below which relates to the issue you’re having.

I didn't receive an e-mail

Tip: Check your spam

Sometimes our e-mails end up in spam. Make sure to check your spam folder for e-mails from The Payments Association

Tip: Check “other” tabs

Most modern e-mail clients now separate e-mails into different tabs. For example, Outlook has an “Other” tab, and Gmail has tabs for different types of e-mails, such as promotional.

Tip: Click the link within 60 minutes

For security reasons the link will expire after 60 minutes. Try submitting the login form again and wait a few seconds for the e-mail to arrive.

Tip: Only click once

The link will only work one time – once it’s been clicked, the link won’t log you in again. Instead, you’ll need to go back to the login screen and generate a new link.

Tip: Delete old login e-mails

Make sure you’re clicking the link on the most recent e-mail that’s been sent to you. We recommend deleting the e-mail once you’ve clicked the link.

Tip: Check your security policies

Some security systems will automatically click on links in e-mails to check for phishing, malware, viruses and other malicious threats. If these have been clicked, it won’t work when you try to click on the link.

Need to change your e-mail address?

For security reasons, e-mail address changes can only be complete by your Member Engagement Manager. Please contact the team directly for further help.

Still got a question?