As sustainability regulations reshape the global business landscape, risk professionals are increasingly expected to align enterprise risk management with evolving disclosure standards. In this RIMS 2025 session, Lisa Lipuma, Director of Enterprise Risk Consulting at Willis, discussed how integrating double materiality assessments can unlock long-term value by addressing both financial and impact risks. The discussion explored the practical application of the EU Corporate Sustainability Reporting Directive (CSRD) and Corporate Sustainability Due Diligence Directive (CSDDD), and how these frameworks expand risk oversight across the value chain and can be embedded within existing ERM structures for more sustainable, responsible governance.

Regulatory Landscape

North America – California State Bills

• SB253 – GHG emissions
  • Public and private entities with annual revenue of $1 billion
  • Scope 1 and 2 emissions from 2026 onwards
  • Scope 3 emissions from 2027 onwards
• SB261 – Climate-related financial risks
  • Public and private entities with total annual revenue of $500 million
  • On or before January 1, 2026

UK

• Streamlined Energy and Caron Reporting (SECR)
  • Companies must share energy use and carbon emissions information

Global

• International Financial Reporting Standards (IFRS) S1 and S2 – to supersede TCFD
  • Broader sustainability in IFRS S1, climate-specific disclosures in IFRS S2
  • Subject to local market adoption: 15 G20 countries adopted (e.g., Australia, New Zealand, Malaysia, Brazil, Turkey, etc.) with more in the process of adopting (UK, Japan, Canada, Singapore, EU)

Europe

• EU Corporate Sustainability Reporting Directive (CSRD)
  • Applies to around 50,000 public and private companies
• EU Corporate Sustainability Due Diligence Directive (CSDDD)
  • Requires businesses to conduct thorough due diligence on human rights and environmental impacts across their entire value chain
  • 2028 compliance
  • Not yet finalized
• EU Taxonomy
  • Climate change mitigation and adaptation, water and marine resources, circular economy, pollution, biodiversity and ecosystems

APAC

• Hong Kong, Singapore, Japan, and Malaysia
  • Mandatory TCFD climate disclosures
• Australian National Greenhouse and Energy Reporting (NGER)
  • Greenhouse gas emissions, energy production and consumption

Organizational Response

Multiple reactions, but the approach is typically one of these three:

1. Full steam ahead: some companies wish to disclose early and voluntarily
2. Making use of found time: many companies realizing that even with the delay, there is no time to spare in analysis, data collection, and assurance
3. Wait and see (a risky approach)

What is Double Materiality?

A Double Materiality Assessment (DMA) is a process used to identify and evaluate impacts and risks of environment, social, and governance topics from multiple perspectives.

The CSRD requires a DMA of the topics outlined by the European Sustainability Reporting Standards (ESRS) from two perspectives:

1. Impact Materiality: Evaluates actual or potential consequences to people or the environment resulting from the organization and its value chain
2. Financial Materiality: Evaluates the risks to and opportunities for the organization’s business success

Defining Impacts, Risks, and Opportunities (IROs)

A topic is material when it has actual or potential positive or negative impacts on people or the environment over the short-, medium-, or long-term. This can relate to own operations, upstream, or downstream value chain.

A topic is material when it has risks and opportunities that affect or could reasonably be expected to affect financial position,  financial performance, cash flows, access to finance or cost of capital over the short-, medium-, or long-term.

Topics to Consider in CSRD-Aligned Double Materiality

• Climate Change: Climate change adaptation and mitigation, and energy
• Pollution: Pollution of air, water, soil, living organisms and food resources, substances of concern, and microplastics
• Circular Economy: Resources inflows, including resource use, resource outflows related to products and services, and waste
• Water and Marine Resources: Water consumption, withdrawals, discharges, discharges in the ocean, and extraction and use of marine resources
• Biodiversity and Ecosystems: Direct impact drivers of biodiversity loss, impacts on the state of species, extent and condition of ecosystems, and dependencies on ecosystem services
• Own Workforce and Workers in the Value Chain: Working conditions, equal treatment and opportunities for all, other work-related rights
• Affected Communities: Communities’ economic, social, cultural, civil, and political rights, and the rights of indigenous people
• Consumers and End-Users: Information-related impacts for consumers and/or end-users, personal safety of consumers and/or end-users, social inclusion of consumers and/or end-users
• Business Conduct: Corporate culture, protection of whistleblowers, animal welfare, political engagement and lobbying activities, management of relationships with suppliers, and corruption and bribery

Benefits of Enterprise Risk Management

Companies in the top 20% of risk maturity generate three times the level of EBITDA as those in the bottom 20%. Companies with robust ERM practices rebound faster challenging economic conditions. Effective ERM practices help companies anticipate and address risks that could damage their reputation. Two independent studies find that ERM boosts company value by around 20%, while mature risk management practices increase value growth potential by up to 25%, implying greater financial benefits as ERM becomes more embedded.

Benefits of DMA and Climate Risk Assessment

There are many benefits of DMA and climate risk assessments including:

• Strengthens long-term business resilience – Identifies climate-related risks and vulnerabilities across the value chain, enabling proactive mitigation.
• Uncovers new market opportunities – Highlights areas for innovation, product development, and competitive differentiation in a transitioning economy.
• Enhances business continuity management – Provides visibility into environmental and social risks across own-operations, suppliers and partners, reducing disruption.

Data collection and assurance might take two years, so it is important to start the process now. These assessments can be fully integrated into your risk management framework, and the best disclosures do exactly that, strengthening your ERM in the process.