ESG regulations to fall under risk and compliance teams
Updated ESG regulations related to disclosure are likely to compel firms to move their ESG activities to fall under the compliance team’s purview.
Under the updated ESG regulations and disclosure requirements announced in early 2021, the Securities and Exchange Commission (SEC) now requires public companies to improve and systematise climate-related disclosures. These enhanced disclosures require the governance of risk management processes to also be included. While across the EU, the Corporate Sustainability Reporting Directive (CSRD) has been revised and will distribute regular reports on the environmental and social impact of certain companies’ activities from FY 23 onwards.
During the past few years, larger companies have used a combination of the various frameworks for sustainability and climate-related reporting, such as Global Reporting Initiative (GRI), Sustainability Accounting Standards Board (SASB), the Task Force of Financial Disclosures and the Carbon Disclosure Project to name a few. But the need for standardised ESG regulations reporting criteria has become clear.
Until now, these reporting efforts have been the responsibility of sustainability officers within companies, responsible for the business’s environmental impact. They make recommendations for sustainability and environmental practices. Thanks to the additional mandatory reporting announced by the SEC, certain information and reporting is being required by law, and the responsibilities and ESG reporting requirements would fall under the risk and compliance teams. While the sustainability officers’ responsibilities will involve additional strategic responsibility and data collection.
There are also activities that fall under the social reporting category that are shifting ESG reporting decisively under the oversight of compliance officers.
ESG regulations are not just a box ticking exercise
The strategic effects of ESG are not being considered in most reporting and this is just one of the reasons for the proposed changes. ESG-related disclosures should be centred on a risk-based approach and considered within corporate risk assessments carried out by the risk team led by the CFO. ESG activities should also be incorporated into longer term plans within the business, clearly outlining the opportunities and the risks. A straightforward compliance attitude and just “ticking” the boxes could see the company falling well short of investor and customer expectations, and even leave them open to future risks.
Effective data strategy for ESG regulatory activities
Gathering ESG data for disclosure purposes is a challenge for more than half of respondents in a recent Deloitte survey. The respondents revealed that the quality of data and the access to data were amongst their biggest challenges. This can be effectively managed if companies implement data collection strategies that include a combination of external data sources as well as the company disclosures.
An EFFECTIVE strategy includes:
Collection of all ESG-related data
Standardisation of the collected data
Management and directing of the data to decision makers
Analysis of the data
Utilising the data into the company’s risk process
Not all the above are required by law – yet. However, future-focused companies would do well to continuously assess their ESG risks by combining the above because whether compliance professionals are ready or not, the inclusion of ESG data in strategizing and reporting is becoming the standard approach.
Considering the current ESG regulations, although not well defined, it is clear that ESG reporting and activities are moving from a predominantly voluntary disclosure approach to a regulatory one, thereby causing a significant change to the way in which ESG information is collected and used within businesses.