Dive Brief:
- Risks associated with business conduct have increased in frequency, complexity and cost over the last 12 months, according to more than half of 513 global C-suite executives surveyed for a recent report by ESG research firm RepRisk. The average number of significant business conduct risk incidents jumped 55% from 2023 to 2025, per the report.
- While financial crime and cybersecurity breaches were the top-cited risks for the last three years, greenwashing and climate-related issues have risen in importance. RepRisk also anticipates artificial intelligence-related conduct issues to emerge as the top risk over the next three years — cited by 56% of respondents — followed by climate and energy transition-related conduct issues.
- While 40% of executives said their companies had a formal, cross-functional governance structure, only 12% said their company has integrated business conduct risks across systems and platforms. But companies are on the way there, with 58% of executives saying such data is partially or largely integrated.
Dive Insight:
While regulation focused on sustainability or climate-risk disclosures has softened in recent years, litigation has increased, as has the focus on ESG and sustainability in other regulatory contexts, according to Yohan Hill, Director of ESG and Responsible Investing at Chicago-based private equity firm Adams Street Partners. Hill said during an April 15 webinar hosted by RepRisk that geopolitical issues have further amplified business conduct risks.
The average business conduct risk incident over the last three years cost $14.2 million, RepRisk said in the webinar. The most recurring costs cited by executives included loss of key investors or clients, followed by regulatory sanctions and brand damage.
However, Hill said in the webinar that impacts to a company’s reputation or brand are likely to far exceed any financial impact that can fully be quantified from an operational sense as that affects future earnings. Hill added that misconduct could also put companies at risk under future regulations, hence making it difficult to “estimate the full impact of these incidents.”
To avoid such consequences, 61% of executives said their companies have increased business investment in business conduct risk data in the last year, and more than a quarter are growing these investments by over 20%, per the report. However, most of those investments were reactive, following a significant risk incidence.
The vast majority — 81% of respondents — agreed that business conduct risk data will be more valuable to their company in the next two to three years due to more complex risks on the horizon, the report found.
Despite AI’s ubiquity, AI-only approaches to risk data and decision-making were ranked the least trustworthy compared to human-only and human-AI approaches. Sixty-seven percent of respondents said they trusted hybrid human-AI approaches the most, with this option being ranked first across almost all quality dimensions, including relevance, breadth and depth of coverage, accuracy, value, and timeliness.
While business conduct risk data is still relatively siloed, about a third of executives reported moderate improvements in areas where it has been embedded into routine processes. These include operational efficiency and reduced costs of compliance functions, improved investment outcome, and competitive advantage.
The findings of the report are based on a survey RepRisk carried out in January, gleaning responses from C‑suite executives across banks, asset managers, and asset owners in the US, Europe, and Asia, whose companies reported $50 billion to $1 trillion in assets under management.
