Confused By the ESG Reporting Regulations? Experts Break It Down

Exploring ESG Trends and Impactful Mitigation Efforts

To most efficiently prepare for ESG compliance, companies should focus on the main requirements of upcoming regulations and employ the most impactful course of action to address them (for example, aligning voluntary disclosures and data collection processes to expected regulatory requirements). Doing so could lead to valuable outcomes beyond compliance (employee engagement, customer satisfaction, shareholder approval, and supplier endorsement).

Common ESG drivers by company type

The motivation to implement an ESG program often depends on the size and type of company. Each company type has its own “pain points” that it seeks to remedy via ESG compliance. Although private companies aren’t yet required to comply, there are issues that compel them to invest in a sound ESG program. Their customers, business partners, and suppliers are beginning to require disclosure about their business practices related to the environment, social responsibility, and accountability. To remain competitive, these companies must provide the information that satisfies these groups.

Public companies face pressure from regulators and investors to be transparent about their business practices, so they have no choice but to be ESG compliant. Private equity-backed companies must adhere to their equity owner requirements and the priorities of limited partners, while also considering if a customer or supplier relationship with a public company exists.

The ESG landscape

The ESG ecosystem is complex and encompasses disclosure standards, voluntary frameworks, rating agencies, and many other factors that affect companies’ business and ESG reporting approaches. At the center of the ecosystem are the primary disclosure standards and frameworks on which many regulations are based. The Task Force for Climate-Related Financial Disclosures (TCFD) is one of the most important of the disclosure frameworks. The TCFD recommendations directly inspired the Securities & Exchange Commission (SEC) climate disclosure proposal and other climate regulation globally. The Sustainability Accounting Standards Board (SASB) also resonates with investors and has been integrated into the International Sustainability Standards Board at the IFRS Foundation.

Credit rating agencies and corporate rating agencies like Institutional Shareholder Services (ISS) and MSCI, Inc. are among the other major players that round out the ESG landscape. Although many players are in the ESG ecosystem, only a handful will be relevant to a particular company; it will depend on the company’s industry, competitive edge, and the maturity of its ESG program.

Navigating Global Regulations

The complexity of the ESG landscape is driving toward alignment of investor reporting initiatives and regulation.

ESG Considerations in the United States

In the United States, much focus has been placed on the proposed SEC Climate Disclosure rule, but, more recently, climate bills proposed in California could trigger significant disclosure requirements for companies. Under both proposals, assurance over greenhouse gas emissions data is expected and will be sequenced based on the type of emission and/or the company size.  While private companies may not be required to report these disclosures, they may still need to be prepared to respond to data requests from publicly traded customers, suppliers, and investors.

Beyond climate, a cybersecurity rule was released by the SEC earlier this year, and more ESG disclosures including Human Capital Management (HCM) are expected to be introduced through forthcoming proposals.

Within the United States, however, the breadth of initiatives are expected to be much narrower in scope than the recent European regulation requires.

ESG and the European Union

Recent developments in Europe, through the Corporate Sustainability Reporting Directive (CSRD), include the need for more extensive disclosure of topics outside of climate. These topics include water use, biodiversity, circular economy, supply chain workforce, and human capital management, among other areas. The breadth of topics in the European Sustainability Reporting Standards (ESRS) creates more complexity for businesses as it relates to ESG reporting.  Furthermore, the scope of the legislation will impact both private and public companies headquartered outside of the region, and mandatory assurance is expected for broader topics than just greenhouse gas emissions.

CSRD updates noted in October 2023: the EU Commission made an announcement on CSRD considerations and its 2024 work program.  The announcement included relevant updates for companies preparing for CSRD compliance and implementation, including:

• Criteria thresholds for EU large companies were increased by 25% to account for inflation – changing the scoping criteria for “large undertakings” to include Net Assets of 25 million euros or more, net revenues of 50 million euros or more, and 250 employees (no changes on headcount or to non-EU reporting criteria thresholds of 150 million euros of EU-wide revenue and 40 million euros for revenues at an EU branch).
• Sector-specific guidance and standards for non-EU domiciled companies were delayed, allowing the prioritization of cross-cutting European Sustainability Reporting Standards and the release of sector-specific and non-EU standards that were originally anticipated in mid-2024 for more imminent adoption.
• The initial set of cross-cutting ESRS reporting will continue as scheduled – with implementation guidance and transition relief on the 12 standards to be prioritized by the EU in the near term.

What do these updates mean for companies that might fall within the scope of CSRD?  It will be helpful to continue preparing for potential EU reporting requirements and conduct a CSRD scoping assessment against new “large undertaking” thresholds.

According to a Refinitiv study, the EU CSRD legislation will likely impact more than 10,000 companies outside of the EU, including 3,000 companies in the United States. The timing of compliance will depend on business size, the nature of operations, and other criteria.  US-based companies can start by considering these triggers, which would influence timing and the level of reporting – EU level or global consolidated.

1. If your company has listed securities, such as stocks or bonds, on European regulated markets, the timeline for reporting may be more accelerated and warrant immediate assessment.

2. Some companies headquartered in the United States may be required to report EU-level data as early as 2026 – depending on whether an EU subsidiary, or group of companies, has EU operations that meet certain thresholds to qualify as a “large company.” An entity is considered large if it exceeds two out of three of the following criteria for two consecutive annual periods:

• net assets of 25 million euros or more,
• net revenues of 50 million euros or more, and
• an average of 250 employees.

Note: the assets and revenue thresholds have been increased for inflation per the October 2023 announcement.

3. Companies with consolidated EU revenues of 150 million euros or more, which have a local subsidiary that qualifies under the scope of CSRD or has at least one EU branch generating at least 40 million euros in revenue, would be scoped into CSRD and required to report global consolidated data in 2029.

When considering the above triggers, the level of reporting is equally as important as the timeline, since a company’s reporting processes may not be designed for EU reporting today. The initial CSRD diagnostic is critical to designing an effective roadmap that can meet your ESG reporting requirements in the EU as well as other markets.

Supply Chain Drivers

For many global companies, supply chain factors are also emerging as a key driver, with regulations potentially forcing their customers, suppliers, and investors to request human rights, climate risk, and other environmental and social metrics. This has been observed in the US through the Federal Supplier Climate Risks and Resilience proposed rule for climate reporting and in Europe through the Corporate Sustainability Due Diligence Directive (CSDDD). Similarly, across other markets, such as Canada, the United Kingdom, and Switzerland, regulation is pushing companies to disclose data on environmental metrics and human rights in their supply chains.

IFRS Foundation

Globally, the International Financial Reporting Standards (IFRS) Foundation consolidated many market-led, voluntary ESG frameworks into its International Sustainability Standards Board (ISSB) in November 2021. The purpose was to streamline the sustainability frameworks of many organizations to provide consistent disclosures and comparable information through a set of global standards for investors globally. This integration is expected to also help companies more easily prepare sustainability disclosures.

The first two standards were officially issued in June 2023 in the form of a general disclosure of sustainability risks and opportunities (IFRS S1) as well as a climate-related disclosure standard (IFRS S2).  Shortly after release, International Organization of Securities Commissions (IOSCO), an association representing 95% of the world’s securities markets, endorsed the new sustainability disclosure standards, motivating the review of the standards for interpretation and adoption by regulators across global markets.

How frameworks and regulations align

The image above illustrates how the three main global initiatives incorporate existing frameworks and best practices from other standard-setting bodies. For example, the basis of the SEC Climate Disclosure proposal is TCFD and the Greenhouse Gas (GHG) protocol. For climate risk disclosures, companies will need to focus on the risk section of the 10-K annual report and identify activities that directly or indirectly relate to climate change impacts or GHG emissions. These two frameworks are also directly aligned with some of the foundational concepts of the climate standards proposed in Europe (ESRS E1) and by the IFRS Foundation (IFRS S2).

In Europe, there is alignment with the Global Reporting Initiative (GRI) on topics such as double materiality and a broader disclosure topic set.

• Companies in scope of CSRD will need to conduct a double materiality assessment, a key difference of the EU regulation and other markets. Under CSRD, companies would have to report how sustainability issues impact their business (outside-in) and how their business impacts society and the environment (inside-out).
• Conversely, within US and IFRS standards, materiality focuses primarily on outside-in financial considerations (for example, how external ESG risks and opportunities impact financial performance, cash flows, cost of financing, and access to capital.

While the EU allows companies to determine which topics are material (and therefore require disclosure), the double materiality assessment process will require input from a variety of affected stakeholders across a company’s value chain in addition to finance, legal, sustainability, and operational leaders to determine the scale, scope, and severity of identified sustainability risks.

The EU is also contributing to the IFRS Foundation’s work to develop a global baseline and drive toward interoperability with other jurisdictions.  Given its integrated ESG frameworks and standard setting bodies, the IFRS standards are a natural bridge between voluntary reporting and the shift to mandatory ESG reporting. The foundational concepts and expectations from investor reporting frameworks and ESG standards that are commonly used by companies are now found in the regulatory proposals and legislation seen globally.

As CFOs and sustainability leaders help their companies navigate relevant ESG standards, frameworks, and the latest ESG reporting guidance, it is especially important to understand the nuances of climate-related data and reporting.

Alignment of climate data and disclosures across regulations

As highlighted above, TCFD-aligned climate risk disclosures are present across the major regulatory developments and proposals.  For GHG emissions disclosures, three categories —or scopes— are used to describe a company’s emissions activity. Generally speaking:

• Scope 1 refers to a company’s direct consumption of fuel and energy production.
• Scope 2 describes the consumption of energy produced by another company, such as through utility providers.
• Scope 3 encompasses all other emissions associated with a company’s value chain activities.

The inclusion of Scope 3 in the SEC rule has received a lot of pushback, but it is becoming standard practice for companies to report it, and it may be required to report in other markets under ESRS E1, IFRS S2, and the proposed CA climate bills.

Considering Climate Risk Strategies

How are companies preparing for reporting?

Regardless of where a company is in terms of ESG reporting or which of the above regulations apply, certain steps can help prepare for climate-related reporting compliance.

The path to full compliance starts with determining where a company is in its journey. No matter a company’s level of disclosure, a regulatory diagnostic is the recommended first step to determine applicable reporting requirements given the recent regulatory updates. Perhaps the company has already recorded Scope 1 and 2 emissions but hasn’t started a climate risk assessment or set reduction targets. The company may also wish to enhance its governance structures by adhering to additional frameworks.

The path to full compliance can be thought of as having three components: (1) the emissions inventory, (2) the risk assessment and management, and (3) framework alignment and risk reporting. Collectively, these components lead to a comprehensive risk management program and disclosure. A company should now be fully prepared to meet previously mentioned regulations.

GHG emissions calculations

As stated earlier, Scope 1 is direct energy consumption, such as burning fuel; Scope 2 is purchased energy; value chain emissions are part of Scope 3. A scope 1 and 2 inventory is the natural starting point when preparing for climate reporting requirements. This allows companies to disclose metrics, track progress, and ensure a consistent data collection approach. This method also informs subsequent considerations around climate risk and target setting.

The emissions inventory process consists of two phases:

Phase One would involve defining the scope of the company’s inventory and the process for collecting data:

• What are the bounds of the company’s operations included in the inventory?
• Where do the emission-producing activities under the company’s control occur?
• Who owns the data? Who has access to it?

After completing Phase One, the company should have a firm handle on the data that needs to be collected, which falls into two categories: (1) direct energy consumption: power generation on-site, backup emergency generators, and vehicles directly owned or leased by the company, (2) purchased energy: electricity, heat, steam, and natural gas.

Phase Two is the actual collection of data. This is where the raw activity data from Phase One will be converted into emissions figures. The company decides on the collection process and assembles the relevant team members for the collection and calculation. A repeatable centralized process is recommended since annual reporting will be required. External advisors can make this process less daunting.

A Scope 3 inventory is generally undertaken after Scopes 1 and 2. It’s comprised of 15 categories that are based on where emissions occur in a company’s value chain, both upstream and downstream. Not all 15 categories are universally applicable; the categories that apply will depend on a company’s operations and industry. Relevance of the categories can be assessed using industry guidance, resources from TCFD and The GHG Protocol, as well as peer disclosure research.

Additionally, it is important for a company to assess the availability of data from its supply chain. Scope 3 categories are rated both on the size of each categories’ contribution to total Scope 3 emissions and ease of data collection. Creating a prioritized list of Scope 3 categories is ideal for starting an inventory.  Actual calculations, not estimations, should then be performed on the high-value emissions categories with the best data visibility. The lower priority categories can be estimated with using widely accepted assumptions, such as spend data.

Scope 3 calculations are a work in progress for most companies. As more companies report, data visibility and methodologies will improve; however, getting a start on assessing the Scope 3 categories for relevance is a good idea.

Climate risk considerations

Once an emissions inventory is in place, a company may want to conduct a climate risk assessment. Many of the current regulations and frameworks ask how a company identifies, assesses, and manages material climate risks. A climate risk assessment is an important step, revealing the implications of climate change to the company, its strategy, and current and future operations.

Organizations with multiple locations, or a large physical footprint, would benefit from focusing a climate risk assessment on the facilities and activities that are most business critical in order to identify impacts that are most material to the company. There are two types of risk to consider when completing the assessment.  Physical risks include the environmental effects of climate change (drought, flooding, severe storms) and the resulting impacts on the company’s operations and facilities. Transition risks arise from the actions taken to mitigate climate change. Examples include complying with carbon taxes, switching to renewable energy sources, or investing in more energy-efficient technology and processes. Both risk types combines to create a risk environment that requires assessment, management, and integration into a company’s overall strategy.

An effective climate risk assessment involves a five-step process:

• It’s best to start with mapping the physical footprint and focusing on the most material risks.
• Next, identify the physical and transition risks and opportunities.
• The third step, climate scenario analysis, integrates physical and transition climate scenarios to project future risks. Proposal frameworks like CDP and TCFD ask for this.
• An assessment of the current risk management framework is the fourth step, asking: what processes and measures has the company already implemented to ensure climate resiliency?
• The final step is to prepare the findings as a 10-K disclosure (in the US) that will be integrated into the CRM program. The completed climate risk assessment confirms all the risks the company will disclose.

Climate disclosure frameworks

CDP (formerly known as Carbon Disclosure Project) and TCFD have become favorite frameworks among different stakeholder groups. CDP is metric-heavy, and functions as a large repository of environmental data. Many organizations are using it to assess the impacts on their supply chains – customer requests for their suppliers to fill out the questionnaire rose to record levels in 2023. CDP can be requested of practically any company, meaning it applies to both public and private companies.

TCFD, on the other hand, is the framework favored by investor and financial groups. It is less data-heavy, focusing instead on a company’s process for climate risk management. Both CDP and TCFD offer guidance in forming global regulations and frameworks like IFRS and ISSB. As stated earlier, the SEC proposed rule is built on the TCFD framework. The rule incorporates its four pillars (governance, strategy, risk management, and metrics and targets). If a company takes the steps suggested earlier (take inventory of emissions, conduct climate risk assessment, incorporate management processes, and report to one of these frameworks), it will be well-prepared to disclose the data required of TCFD’s four pillars.

Depending on stakeholders’ priorities, companies often start with either CDP or TCFD to prepare for compliance and may transition to the other framework within a year or two. These frameworks are an important part of any organization’s reporting strategy and form the backbone for recent regulatory updates. The path to full regulatory reporting compliance is a long one. No matter a companies’ current state, understanding the end goal and required steps will inform a more effective strategy.