Meeting the Data Demands of Looming ESG Disclosure Rules: Ten Takeaways

Sponsored by DFIN

Developing an ESG reporting program equipped to move seamlessly into a new regulatory landscape of mandated disclosures.

Developing an ESG reporting program flexible enough to change as new regulatory disclosures, assurance, and auditability are mandated is no small task.

In fact, Robert Hirth, former COSO Chair, SASB co-vice Chair, and Managing Director of global consulting firm Protiviti, likened the challenge to a game of three-dimensional chess. During a March 27, 2024, webcast titled “ESG Data: Moving Along the Data Maturity Curve,” sponsored by both FEI (Financial Executives International) and FERF (Financial Education & Research Foundation), Hirth joined three DFIN executives to offer practical advice for preparing for the new ESG reporting challenges ahead.
The chess analogy arises from the three major regulatory mandates for ESG reporting, each with its own jurisdiction and twist on what information needs to be supplied.

Hirth advises companies to look first to the European Union’s Corporate Sustainability Reporting Directive (CSRD), which, by some estimates, will affect 50,000 organizations. He recommends CSRD as a starting point because, when applicable, it’s the most “onerous” of the new reporting requirements out there.

Next, he suggests understanding the new California laws (CA 261 and 253) that mandate climate disclosures for public and private companies doing significant business with the state. Finally, he describes the SEC’s landmark climate disclosure rule, issued in its final form on March 6, 2024, as the third dimension to be investigated and planned for.  Although the SEC’s rule has attracted enormous attention, Hirth notes, “the other two rulings are more front burner in a number of areas especially because of their earlier implementation dates.” This statement becomes more pertinent since the SEC voluntarily stayed its recently released Climate Rules on April 4, 2024, pending judicial review.

When preparing for the changes ahead, companies should consider the following takeaways from this informative program:

Takeaway 1: Plan for internal controls first.

Hirth dismisses the notion that internal controls can be decided after establishing an ESG reporting strategy. “We need to have a plan to get [internal controls] right, and we need it from the beginning,” he says.

What lies ahead might be viewed as the “SOXification of sustainability reporting,” explains Hirth. He continues, “You’re going to be able to look to existing controls you have in financial reporting to help you with the controls for sustainability reporting.”

For a strong start in establishing internal controls, Hirth urges companies to go to and look at the most recent supplemental guidance entitled Achieving Effective Internal Control over Sustainability Reporting (ICSR).

Takeaway 2: Prepare for assurance and auditability.

One of the more daunting aspects of new and mandatory sustainability disclosures are the pressures that assurance and audits will bring.

Mike Lemus, CPA, Subject Matter Expert, Global Capital Markets, at DFIN, identifies an increasing “overlap” between financial reporting and sustainability functions from an internal control standpoint. Although ESG disclosures will bring numerous new requirements, they also “begin to mimic [the processes of] financial reporting and accounting,” he says. For this reason, familiarity with the various steps taken by finance departments can be an enormous boon.

Lemus emphasizes the need for “a repeatable process” to ensure sustainability disclosures are made in a timely manner, are complete, and are accurate. Lemus suggests “an auditable software and data management platform can make a significant difference”.

Assurance will be required in every final and pending regulation on sustainability reporting. For CSRD and the CA rule 263, independent third-party assurance is mandated in the first year of reporting.  In most cases, assurance requirements start at the limited level and move to the reasonable level within a few years. (See “Limited Assurance vs Reasonable Assurance”)

The risks of unreliable or untimely sustainability disclosures are daunting. Lemus notes that while non-compliance is an obvious problem, poorly developed or inconsistent disclosures can also potentially damage a company’s reputation, result in monetary fines and penalties, and even jeopardize access to some sources of capital.

Takeaway 3: Think through “the people piece.”

While many companies are tackling sustainability reporting with the help of legal and IR, “the new wrinkle” is bringing in experts from financial reporting to steer the ship, according to Frank Kelley, Director of ESG & Compliance Services at DFIN.

“It’s very important to build out your ESG team with members from financial reporting so you can meet assurance and auditability standards,” says Kelley. To illustrate, he notes that in the past, when he was an analyst, he’d often question a company’s data – a potentially damaging, “egg-on-the-face moment” -- unless there’s someone present who is well versed in financial reporting and can furnish credible explanations.

Hirth recommends hiring outside consultants to “get ten steps ahead very quickly.”  He also suggests designating one or more executives to educate the board about new ESG disclosures, given that “the board’s going to get plenty of questions.”

Takeaway 4: Revisit your proxy.

Considering ESG disclosures, Kelley describes the proxy as “the most underrated tool” out there. In light of this neglect, he urges companies to work with legal and “build out and bolster” a standalone ESG section for proxies.

Although a dedicated ESG section is desirable, it’s not enough. He also recommends peppering the entire proxy – from the chairman and CEO letters to board bios and skills matrices — with relevant ESG information.

Takeaway 5: Take taxonomies into account early.

Patricia Myles, CPA, Global Regulatory Compliance and Strategy Consultant at DFIN, explains that the disclosure rule will require digitization of climate and emissions data. Beginning in 2027, Large Accelerated filers must file sustainability disclosures with the SEC in both xhtml and XBRL formats.
While it's known that a specific SEC climate-related taxonomy will eventually be combined with existing taxonomies for the 10-K, the taxonomy itself has not been made public.

Complicating matters, the EU’s CSRD has its own tagging requirements (XHTML format with XBRL tagging). Its final taxonomy has yet to be established and approved by the European regulator EFRAG.
Even though ESG-related taxonomies are in various stages of creation and finalization, paying attention to taxonomies early is a very good idea, maintains Myles.

“Take a taxonomy-centric approach when you’re looking at your data gathering through to the eventual reporting within your annual report,” she says. “All of this really helps in terms of your readiness for regulated digital disclosures to the US and EU regulators.”

Providing consistent information across formats is essential. Myles points out that the European Securities and Markets Authority (ESMA), in its enforcement of European Single Electronic Format (ESEF) standards, has been quick to identify discrepancies between the ESEF version of the annual report, the digital version, and the annual report published in pdf.

Takeaway 6: Focus on climate.

While the term “ESG” encompasses a broad swath of activities, “E,” or the environmental piece, is currently demanding the most attention, especially related to greenhouse emissions, which will need to be assured, says Hirth. And within “E,” the real name of the game is “climate,” he says. Like it or not, he continues, climate “is number one, and the thing that you’ve got to get your arms around quickly.”

Takeaway 7: Don’t skimp on design.

Even though ESG reporting is becoming a central element of regulatory filings, design continues to matter, advises Kelley.

“[ESG reports] are marketable. Employees read them, and so do future employees,” he says.  For this reason, Kelley urges companies to make the most of ESG reporting opportunities “to elucidate your branding and who you are.” 

Takeaway 8: Remember that more is frequently better in ESG communications.

“Historically, sustainability was kind of baling wire and bubble gum…. It was a low-tech process,” says Kelley, adding, “that’s not going to pass muster with a lot of auditors and assurance and attestation standards out there.”  Because of these added demands, he encourages companies to consider a disclosure management solution to draft and design ESG reports.

Kelley also notes that more is better regarding ESG disclosures, and now is an excellent time to make sure that a company’s official policies are readily available. Posting everything up to and including a global code of conduct, a greenhouse gas policy, a conflict mineral policy, an insider trade policy, and an anti-harassment policy can help your good intentions get noticed.

Takeaway 9: Keep abreast of voluntary standards.

“If you’re not reporting through CDP, you might look into it,” says Hirth. “More and more large companies are requiring their vendors to complete the CDP questionnaire so they can evaluate your sustainability activity and your greenhouse gas emissions.” 

While CDP is important, he urges companies to explore the wealth of voluntary standards out there, including the ISSB. Over time, the ISSB standards will be applicable to most IFRS reporters in major countries, excluding the US. Blackrock’s 2024 Proxy guidance suggests using the ISSB standards to make climate-relevant disclosures.

Takeaway 10: Take a holistic approach.

While the upcoming ESG disclosure mandates are attracting enormous attention, Kelley emphasizes that complying with mandates is not enough. Companies need to remember that ESG is “ultimately investor-driven.” Companies should, therefore, look to investors’ wants and preferences, as well as those of index funds, many of which are clamoring for more detailed information about ESG topics.

Kelley also underscores the importance of satisfying the information needs of both the “raters and rankers,” and the Moody’s, Fitches, and S&P Globals of the world.

Finally, Hirth urges companies to consider future demands and create a holistic approach. He suggests trying to concurrently address the data needs for all three disclosure mandates whenever possible.  “The good news,” he says, “is that as you conquer one, you’ll conquer some pieces of the others, too.” And finally, look at this as an opportunity to create more current and long-term value including potential benefits such as higher revenues, lower costs, better employee retention, improved customer satisfaction, new products, and enhanced risk management.