ESG and Vendor Management

Written by M&M Consulting

February 14, 2023

ESG via the Vendor Management Program

Much of the messaging surrounding ESG being provided to small community bank centers “start with ESG in your Vendor Management Program.” But what does that mean?

We know that even the smallest community banks have developed Vendor Management Programs, because regulatory examiners have been focusing on vendor management for over a decade. We also know that financial institutions of all sizes inherit the risks arising from the relationship with the vendor. If an institution has a vendor that makes any type of mistake, the institution’s customers hold the institution responsible. Such is banking.

What can community banks do to improve their ESG Programs via their Vendor Management Program? Below are some steps that are considered easy lifting that community banks can do over the short term. The short-term timeframe is important because ESG among small vendors is still in its infancy. There shouldn’t be an expectation that they have fully-developed ESG Programs – but they should have something. Why? Because vendors providing products and services to the banking industry should be aware of the developments in ESG and need to support community banks in this manner.

Vendors that aren’t Independently Scored

The list of steps below assumes that not every vendor is a large national vendor with an ESG score from an ESG analytics and scoring company. Community banks will have some of these vendors with ESG scores, but they will also have smaller non-scored vendors as well.

  1. Create or update your Vendor Code of Conduct document, which is typically sent to existing vendors and all vendors the bank is considering. This document conveys to the vendor that the bank expects the vendor to have an ESG Program in place.  It doesn’t necessarily define what that is, or place expectations around the maturity of that Program, but it’s reasonable to expect that there be one in place. Send this document to all vendors under consideration.
  2. For existing vendors, or vendors under consideration outside of a formal RFP process, request documentation of the vendor’s ESG Program along with the other vendor management documents requested. Each vendor will likely send something different – with some having well-developed Programs, and others not so much – but the expectation is they need to send something.
  3. Do research on vendors’ websites and social media pages in terms of what they convey about environmental, social, or governance issues. It is difficult to score the results of this research, as it’s subjective, but it’s still important to conduct the research. Add notes in the vendor management documentation about what the research reveals.
  4. Update the RFP process to address ESG. Example, update the RFP template to include an ESG section, and require vendors to include information about how they are addressing environmental, social, and governance issues. At the very least, vendors should provide information about how they are addressing diversity at all levels of the company, and this data should be verified. This is especially important if part of your vendor selection process includes the consideration of ESG factors.  Community banks wouldn’t want to select a vendor, and de-select other vendors, only to learn that the selected vendor provided inaccurate information. Examples of inaccurate data could include setting forth contractors as employees and setting forth an entry-level person who is a minority as holding a senior management position.

The question that many ESG Managers from community banks ask is “do I use the information gathered from above to create an ESG ‘score’ for these small vendors? That can certainly be done, but will still be very subjective. A scoring matrix can be created, like others that are used to score a vendor. Again, this area is in its infancy, so this scoring will be more art than science.

Vendors that are Independently Scored

Community banks should identify those larger vendors that do have an ESG score from an ESG analytics and scoring company, and ensure that their score is added to the vendor management documentation for that vendor. More likely than not, the bank’s core processing vendor, network security solution vendors, insurance carriers, telephony carriers, and even their audit firm might have an independent ESG score already.

What to do with the information

Very few Vendor Management software firms have added a field for an ESG score, but community banks should consider using a user defined field to store the information.  The goal is to move the needle over time. Over time, vendors should start to mature their ESG Programs, and this in turn will mature the community bank’s Program. Over time, more information will be available to community banks regarding what their own ESG Programs should include. Until then, though, it’s relatively easy to start with the vendor management program.

For more information about how your community bank can address ESG, contact us at by using the RFP or Contact Us form located on in the top right of the menu.

You May Also Like…