Mitigate the Potential Legal Risks of ESG and DEIA Programs

Tenenbaum--mitigate legal risks of ESG July 21, 2023 By: Jeffrey S. Tenenbaum

As associations incorporate ESG principles and practices into their organizations and operations, they must not only be aware of the legal risks that come with them but also how to mitigate them.

ESG refers to the three broad pillars of environmental, social, and governance, which have become increasingly important in assessing certain for-profit businesses, especially publicly traded ones. With for-profit companies increasingly focused on ESG considerations, initiatives, and compliance, ESG-related shareholder and class-action litigation and governmental investigations and enforcement actions in the corporate world have expanded at a rapid clip.

In addition, regulators around the world have announced new mandatory rules, disclosure obligations, and enforcement mechanisms for ESG-related conduct. In the U.S., the Securities and Exchange Commission (SEC), the Federal Trade Commission (FTC), and state attorneys general have taken the regulatory enforcement lead domestically.

While there are no universal definitions of ESG, the three primary pillars generally involve the following issues: environmental (climate change, resource depletion, waste and pollution, and deforestation); social (working conditions, employee relations and DEIA, health and safety, local communities, including indigenous communities, and conflict and humanitarian crises); and governance (board diversity and structure, executive compensation, and ethics).

Although ESG is a broader concept than diversity, equity, inclusion, and accessibility, it includes and incorporates DEIA. DEIA programs fostering the hiring and promotion of African Americans and other minority workers have been prominent in corporate America in recent years. For-profit corporations have been under enormous scrutiny regarding their hiring and promotion policies and practices—from both the left and right sides of the political aisle—and several states have passed laws and issued executive orders both requiring, and in some cases prohibiting, DEIA practices.

Most recently, the U.S. Supreme Court’s June 2023 decision banning race-conscious college admissions—and the rationale underlying it—have raised concerns about the ruling’s potential broader implications, particularly in federal employment law, and perhaps even more broadly, such as in connection with federal funding. And even in advance of future court rulings, concerns have been raised about some employers’ curtailing or halting diversity efforts in the workplace.

In addition, there is a growing pushback from the political right on corporate policies aimed at diversity in hiring and promotion and other social and environmental goals in the form of lawsuits, requesting agency investigations, congressional investigations, public pressure, and in other ways.

So, what does any of this have to do with associations?

While nonprofit, tax-exempt associations are not subject to the specific ESG regulatory requirements and legal standards applicable to certain for-profit companies (such as those enforced by the SEC), associations have incorporated DEIA into their programs, activities, governance, and operations for years, and are increasingly voluntarily incorporating ESG principles and practices into their organizations.

In doing so, associations expose themselves to potential legal jeopardy in a wide array of areas. Here’s a look at some of the legal risks inherent with ESG-related initiatives, as well as guidance on how to effectively mitigate those risks.

The Primary Legal Risks of ESG Programs

When an association voluntarily decides to weave ESG principles and practices into its organizational and operational fabric, it is taking on a certain degree of legal risk. Here are some of them:

Employment law. ESG initiatives—and particularly those that involve DEIA issues—can involve changes to hiring and promotion practices, workplace diversity, and employee compensation and benefits, which can trigger employment-related legal risks such as discrimination, harassment, and wrongful termination. This is nothing new and laws like Title VII of the federal Civil Rights Act and state equivalents have been applied to association employers for over 50 years.

But what is new is the potential impact of the U.S. Supreme Court’s June 2023 ruling rejecting race-conscious admissions in higher education. While the new decision does not impede employers from pursuing diversity in their workforces, many experts maintain that the ruling will likely discourage some employers from putting in place ambitious diversity policies in hiring and promotion—or prompt them to rein in existing policies—by encouraging new lawsuits in the employment arena under the new legal standard.

In principle, the logic of the Court’s ruling on college admissions could threaten employer programs that, as of today, can take race into account, such as if members of a racial minority were previously excluded from a job category or to remove obstacles (such as unconscious bias) that prevent employers from having a more diverse workforce. But the more meaningful effect of the Court’s decision is likely to be greater pressure on policies that were already on questionable legal ground. These could include staff leadership acceleration programs or internship programs that are open only to members of underrepresented minority groups. It also would not be surprising to see the Court use the ruling’s rationale to limit race-conscious initiatives in other aspects of association governance and management in the future, such as in contracting or if federal funds are involved.

State laws and executive orders restricting DEIA policies, trainings, and practices. Observers widely expect a proliferation of laws and executive orders restricting DEIA policies, trainings, and practices in a variety of red states. Beyond the employment realm, it would not be surprising to see new state laws and executive orders that could effectively prohibit DEIA initiatives in other aspects of association governance and management, such as board composition, volunteer leader selection, grantmaking, contracting, and government grants, contracts, and cooperative agreements.

Misrepresentation and greenwashing. There is a risk of publicly misrepresenting or overstating an association’s ESG performance, which could lead to charges of “greenwashing” or otherwise engaging in deceptive or misleading conduct. This could result in member backlash, reputational damage, and potentially even regulatory enforcement by the FTC or state attorneys general, as well as private litigation. While associations should always be mindful of these longstanding risks of making misleading or non-substantiated claims in connection with all their programs and activities, the legal and public relations risks can be particularly acute here.

Member “derivative” suits. Associations that incorporate ESG into their investment policy statement and base investment decisions, in part, on ESG criteria and then face material investment losses may risk being on the opposite end of “derivative”-type lawsuits from members alleging that the association’s board or investment committee were not prudent stewards of the association’s resources.

Data privacy and security. ESG activities often involve associations collecting, processing, and storing sensitive data about volunteer leaders, employees, members, and other stakeholders. There is a risk of data breaches or mishandling of information, which could result in legal action, regulatory penalties, and reputational harm. If a data breach occurs, there is an ever-increasing web of requirements imposed by state, federal, and international laws that must be followed.

Reducing Legal Risks

To mitigate these legal risks, there are several proactive steps that associations can take. Among them:

  • Ensure that your association’s employment policies and practices are fully compliant with all current federal and state legal standards in areas involving discrimination, harassment, wrongful termination, and otherwise. For those associations with remote employees in different states, remember that state employment laws generally apply to any employee who regularly works from the state, irrespective of where the association is based. Be sure to always consult with employment counsel fluent in both federal law and the laws of the applicable states. Finally, outside of the workplace setting, keep an eye on future rulings from the U.S. Supreme Court and other courts that could apply the rationale underlying the college admission decision to other aspects of association governance and management.

  • While Florida’s Individual Freedom Act restricts diversity-related training in private Florida workplaces—including associations based in Florida or (presumably) which have Florida-based employees—most other state laws and executive orders to date that restrict DEIA policies, trainings, and practices do not apply to associations. But that may well change in the coming months and years. It is important to stay on top of all new state developments in this area—both those affecting the workplace and potentially other aspects of association governance and management, such as board composition, volunteer leader selection, grantmaking, contracting, and government grants, contracts, and cooperative agreements—and take all necessary steps to comply with them.

  • Ensure that all public statements regarding your association’s ESG performance are accurate; fully substantiated with appropriate data and documentation; and not in any way overstated, misleading, or deceptive.

  • Working with a professional investment advisor, adopt an investment policy statement that reflects the association’s priorities, goals, risk tolerance, and financial needs, but that is defensible as being reasonable, prudent, and appropriate. Be sure to review it regularly and update as needed.

  • Implement strong data privacy and security measures to protect sensitive information about association volunteer leaders, employees, members, and other stakeholders and to mitigate the risk of data breaches or mishandling of such information. If a data breach occurs, be sure to follow the requirements imposed by state, federal, and international laws.

  • Develop clear and consistent ESG policies and practices that align with your association’s values, mission, and member and other stakeholder expectations.

  • Regularly engage with stakeholders to ensure that your association’s ESG initiatives are transparent and meet their needs.

  • Maintain up-to-date knowledge of applicable state, federal, and international ESG-related laws and regulations, and ensure full compliance with them.

  • Work with experienced legal counsel to help your association navigate the complex and ever-changing legal landscape governing ESG initiatives.

While ESG initiatives are not mandated for associations as they are for certain for-profit companies, associations are increasingly incorporating ESG principles and practices into their organizations and operations. While doing so does expose them to potential legal risk in a wide array of areas, those risks can be effectively mitigated by incorporating several practical tips and suggestions.

Jeffrey S. Tenenbaum

Jeffrey S. Tenenbaum, Esq., is managing partner at Tenenbaum Law Group PLLC in Washington, DC.