With ESG and Sustainability reporting requirements changing as the European Union (EU), the Securities and Exchange Commission (SEC), and even states like California begin to mandate climate and/or ESG disclosures, companies are about to enter a brave new world. Although the details of some of the newest requirements will vary by company, according to local mandates and jurisdictions, the overall trajectory is clear. Companies will soon be producing ESG reports with more standardized data—and this data will need to be expressed in ways that can be easily compared, digitized (XBRL and iXBRL) and audited.
As daunting as this may sound, global companies are producing ESG reports using one of the many standards and frameworks, including the Taskforce on Climate-related Financial Disclosures (TCFD), the Sustainability Accounting Standards Board (SASB), GHG Protocols and the Global Reporting Initiative (GRI). Beginning this year, the International Financial Reporting Standards (IFRS) S1 and S2, are better prepared than most for any regulations coming their way.
New Laws, Requirements
There may be numerous “known unknowns” out there, but one thing is clear: More stringent requirements around ESG reporting, and a need for a focus on ESG data maturity with strong data management programs, are here.
Consider some of the forces for change:
Corporate Sustainability Reporting Directive (CSRD)
In January 2023, the European Union (EU) adopted a new directive, requiring both public companies based in the EU and those with significant activities there to file annual sustainability reports alongside mandated financial reports. The European Commission estimates that 50,000 companies worldwide will have to comply with the CSRD’s new reporting
requirements.
CSRD requirements go beyond a company’s own operations, extending to direct and indirect relationships up and down the value chain. According to PwC, “These disclosures are expected to be some of the most challenging areas of reporting, given the scope and the reliance on information from parties not controlled by the
company.”
The SEC
On March 6, 2024, the SEC adopted rules to enhance and standardize climate-related disclosures. The final rules require a registrant to disclose, among other things, material climate-related risks; activities to mitigate or adapt to such risks; information about the registrant's board of directors' oversight of climate-related risks and management’s role in managing material climate-related risks; and information on any climate-related targets or goals that are material to the registrant's business, operating results, or financial condition.
In addition, to facilitate investors' assessment of certain climate-related risks, the final rules require disclosure of Scope 1 and/or Scope 2 greenhouse gas (GHG) emissions on a phased-in basis by certain larger registrants when those emissions are material; the filing of an attestation report covering the required disclosure of Scope 1 and/or Scope 2 emissions, also on a phased-in basis; and disclosure of the effects on the financial statement of severe weather events and other natural conditions, including, for example, costs and losses.
The final rules include a phased-in compliance period for all registrants, with the compliance date dependent on the registrant’s filer status and the content of the disclosure. Finally, climate-related disclosures must be electronically tagged in Inline XBRL (iXBRL).
For more information, please see the
SEC Enhanced Climate-Related Disclosures Rule fact sheet on the SEC’s website.
State regulators
On October 7, 2023, California Governor Gavin Newsom signed into law a bill that will compel California-based companies and companies with annual revenues over $1 billion in California to meet more stringent climate-related disclosure requirements. Senate Bill 253 will require Scope 1 and Scope 2 emissions disclosures by 2026 and Scope 3 disclosures by
2027.
A Mature Data Platform
Within the current voluntary reporting regime, sustainability teams have tended to produce ESG reports once a year under somewhat flexible deadlines. In addition, sustainability officers and even IROs might produce an ESG report using information from various departments with little oversight from the board or senior management.
Now that key climate and ESG disclosures are being mandated, this is certain to change.
Producing mandated reporting data will involve a concerted commitment by a cross-functional team at your company–including legal, financial reporting, audit, sustainability, investor relations, IT, procurement, and the list goes on, up to and including the C-suite and board of directors. Experts are, for instance, recommending that companies establish a board-level governance
structure to prepare for the changes ahead. Examples of how to do this are found in DFIN’s
Guide to Effective Proxies.
To meet newly mandated reporting requirements, companies may look to leverage a mature data platform. Data maturity relies on the clear definition of data systems and the linkages among these systems, as well as a well-articulated set of roles and responsibilities for both collecting and reporting key ESG data.
Along with mandated reporting schemes come requirements to audit data, many of which will be phased in over time. Once a company has built and leveraged a mature data platform, auditing climate and ESG data becomes a far less ambitious hurdle to clear.
Fortunately for companies facing a barrage of new mandatory reporting requirements, there are many well-established frameworks in place that can make the changes ahead less onerous. Here are a few worth considering:
COSO
The Commission of Sponsoring Organizations of the Treadway Commission, or COSO, provides guidance on Internal Control over Financial Reporting (ICFR). COSO is also designed for organizations to achieve effective Internal Control over Sustainability Reporting (ICSR) while using the globally recognized COSO Internal Control-Integrated Framework (ICIF). This guidance may help public companies prepare for new ESG-reporting mandates.
DCAM
EDM Council’s DCAM, or the Data Management Capability Assessment Model, gives Chief Data Officers, CFOs and controllers a way to evaluate the strengths and weaknesses of their data management programs. Using this established assessment tool can be an excellent way to prepare for the challenges ahead.
A combined approach.
The EDM Council’s ESG open workgroup has taken COSO and DCAM and mapped both in a way that highlights challenges faced by issuers in collecting and managing their ESG data in a rapidly-evolving reporting landscape. This ESG workgroup has demonstrated that both frameworks have important solutions to data management and reporting challenges–sometimes the same solution, just using a different terminology. Both frameworks can be leveraged to bring data governance and management best practices to ESG and sustainability data.
DFIN is here to help. Click here to learn how our ActiveDisclosure software can assist you in meeting new disclosure requirements.
About DFIN
DFIN is a leading global provider of innovative software and technology-enabled financial regulatory and compliance solutions. We provide domain expertise, enterprise software, and data analytics for every stage of our customers' business and investment lifecycles. Markets fluctuate, regulations evolve, technology advances, and through it all, DFIN delivers confidence with the right solutions in moments that matter. Learn about DFIN's end-to-end risk and compliance solutions online at DFINsolutions.com, or you can also follow us on X (formerly Twitter) @DFINSolutions or LinkedIn.