ESG Has Moved Into Your Compliance Perimeter. Has Your Compliance Programme Kept Pace?
Greenwashing is a criminal offence. Proceeds from environmental crime are subject to AML controls. ESG data failures trigger DORA. These are not future risks. They are live enforcement obligations, and most firms are managing them in the wrong function.
Aegis Compass | ESG™ · Coming soon
Aegis Compass | ESG™ is Argus Pro’s forthcoming assessment framework for regulated firms. It is not a sustainability reporting tool. It is the compliance layer that sits behind the disclosure.
Greenwashing is not a reputational risk. It is a financial crime.
DWS received a combined €44 million in fines across the US and Germany for describing ESG as ‘an integral part of our DNA’ when the operational reality did not match. Drax was fined £25 million for misreporting biomass sourcing data. The UK’s Failure to Prevent Fraud offence, in force since September 2025, creates unlimited corporate criminal liability for any misleading ESG claim made by an employee, agent, or subsidiary. The standard is not intent. It is whether adequate prevention procedures were in place.
At the international level, FATF designates environmental crime — illegal logging, waste trafficking, mining, wildlife trade — as a predicate offence for money laundering. Illicit proceeds are estimated at US$110 to 281 billion each year. The voluntary carbon credit market, projected to reach US$250 billion by 2050, already has its first criminal prosecution: in October 2024, US federal prosecutors charged CQC Impact Investors executives with wire fraud, securities fraud, and commodities fraud for falsifying environmental impact data.
CSRD requires material ESG risk disclosure. CSDDD makes supply chain due diligence legally mandatory from 2027. 6AMLD classifies environmental crime as an AML predicate. DORA extends resilience obligations to the systems that support ESG reporting. The obligations are already in force. Firms managing ESG as a reporting exercise are managing it in the wrong function.
US$110–281bn
Annual illicit proceeds from environmental crime globally. FATF, 2021 (updated 2024).
€44mn
Combined fines against DWS (Deutsche Bank) for greenwashing across the US and Germany, 2023–2025.
$250bn
Projected voluntary carbon market by 2050 (Morgan Stanley). Already subject to DOJ/SEC/CFTC criminal prosecution.
10% Global Turnover
Maximum fine the UK CMA can now impose for misleading sustainability claims. Digital Markets, Competition and Consumers Act 2024.
Built from the controls you already own.
Argus Pro’s AFC and CDOR frameworks already cover the risk domains that drive ESG compliance failures. Aegis Compass | ESG™ maps the overlap, fills the gaps, and adds the domains where the obligations are genuinely new.
Pillar 1:
AFC x ESG
Environmental crime is an AML predicate. Greenwashing is a fraud offence. Supply chain financial crime — forced labour, sanctions exposure, bribery in carbon procurement — is simultaneously an ESG and a financial crime obligation.
Argus Pro’s AFC framework (14 domains, 30 jurisdictions) already maps the controls that apply here.
Central zone:
All Three Converge
Carbon credit fraud combines financial crime, data falsification, and false ESG disclosure in a single act. Green finance structures used for money laundering combine AML exposure with ESG label fraud. No single existing framework addresses this zone.
Aegis Compass | ESG™ does.
Pillar 2:
CDOR x ESG
DORA applies to all systems supporting regulated reporting, including ESG reporting systems and their third-party data providers. A cyberattack corrupting ESG data before a CSRD disclosure creates simultaneous cyber, resilience, and disclosure obligations.
Argus Pro’s CDOR framework (26 domains, 30 jurisdictions) maps directly to this.
Six places where ESG becomes a financial crime or cyber risk.
Most compliance programmes address these as separate problems in separate teams. They are not separate problems.
The ESG regulatory perimeter now runs through every risk and control function.
Aegis Compass | ESG™ is built for the compliance leaders who own these obligations in practice, not the sustainability team that writes the report.
Not an audit. The compliance layer that sits before one.
Aegis Compass | ESG™ assesses your ESG governance framework against the regulatory standards that now apply to it across financial crime, cybersecurity, and operational resilience — across three domains: ESG and Anti-Financial Crime; ESG Data Integrity and Operational Resilience; and ESG Governance and Disclosure Controls.
The assessment draws directly on Argus Pro’s Anti-Financial Crime (AFC) and Cybersecurity & Digital Operational Resilience (CDOR) frameworks, maps your existing controls against ESG obligations, identifies coverage gaps, and produces three outputs:
- An executive-level dashboard
- A prioritised gap analysis
- A Traceability Pack that supports your governance reporting and audit relationships.
One gap in the loop is enough for a regulator to find.
A firm that manages financial crime risk without assessing its ESG exposure has a compliance gap. A firm that manages ESG disclosure without assessing the resilience of its ESG data infrastructure has another. Aegis Compass | AFC™, Aegis Compass | CDOR™, and Aegis Compass | ESG™ — supported by NexEdge™ and Argus Pro Assess — close the loop.
Frequently Asked Questions
Is greenwashing a criminal offence in the UK?
Yes, since September 2025. Under the Failure to Prevent Fraud offence (ECCTA 2023), a firm faces unlimited criminal liability for misleading ESG claims made by any employee or agent — unless it can show adequate prevention procedures were in place. The FCA’s anti-greenwashing rule (May 2024) separately provides criminal sanctions for knowing or reckless breaches.
Is environmental crime a money laundering predicate offence?
Yes. 6AMLD classifies it explicitly. FATF’s Recommendations include environmental crime as a designated category, with equivalent provisions in the UK, US, Singapore, and Hong Kong legislation. FATF estimates annual illicit proceeds at US$110 to 281 billion.
What connects ESG compliance and operational resilience?
DORA, in force since January 2025, extends resilience obligations to every system supporting regulated reporting, including ESG reporting systems and their third-party data providers. A cyberattack corrupting ESG data before a CSRD or SDR disclosure triggers simultaneous cyber, resilience, and regulatory obligations. Average global breach cost: US$4.88 million in 2024.
What is carbon credit fraud and why does it matter to compliance?
Carbon credit fraud involves fabricating or inflating the environmental impact of offset projects. In October 2024, US prosecutors brought the first criminal case: wire fraud, securities fraud, commodities fraud against CQC Impact Investors executives. For any firm using carbon credits to support net-zero disclosures, the financial crime and disclosure accuracy risk is material.
How is this different from a sustainability reporting tool?
Aegis Compass | ESG™ does not produce sustainability reports. It assesses whether your compliance framework covers the ESG obligations that now sit inside financial crime, cybersecurity, and operational resilience legislation, across multiple jurisdictions. Think of it as the compliance review that sits before the disclosure.
Be first to know when Aegis Compass | ESG™ launches.
Aegis Compass | ESG™ is in active development. Register your interest to receive early briefing materials and an invitation to engage with the Argus Pro team during the development process.