A patchwork of ESG regulations across borders is impacting financial institutions globally.
High Contrast
A patchwork of ESG regulations across borders is impacting financial institutions globally.
Many do not know their ESG reporting risks, nor do they have the proper controls in place,
To ensure compliance, financial institutions need to improve their ESG internal controls.
Regulations are rapidly emerging concerning environmental, social and governance (ESG) reporting. And for many global financial institutions, current and pending ESG reporting rules prompt far more questions than answers.
Financial institutions—especially those with a home office in one region and locations scattered throughout different regions—struggle to identify which regulations they need to follow. They also seek guidance on how to remain consistent in their interpretation of data, risk and controls based on those regulations.
Similar to the implementation of Sarbanes-Oxley (SOX) two decades ago, regulators will expect financial institutions to be compliant with ESG regulations and their various implementation dates. Accordingly, financial institutions must act now to fully develop their ESG risk framework, risk and control matrices, reporting systems and structure so they are prepared for the coming changes.
The European Union (EU) has led the way in upgrading corporate ESG reporting requirements with the adoption of the Corporate Sustainability Reporting Directive (CSRD) earlier this year. The CSRD, developed by the European Commission, expands on the former Non-Financial Reporting Directive (NFRD) by requiring a larger number of businesses, including financial institutions, to disclose their ESG impacts to investors and consumers in their annual reports.
In the U.S., the Securities and Exchange Commission (SEC) and various banking regulators have proposed rule changes requiring companies to include certain climate-related disclosures in their annual reports. While those rules have not yet gone into effect, California recently passed two laws that affect companies that do business in the state.
To meet evolving global regulations, companies in Asia and other regions are following the Task Force on Climate-Related Financial Disclosures (TCFD) framework. Developed by the Financial Stability Board, the TCFD framework covers ESG governance, strategy, risk management and metrics.
Right now, even with expanded definitions, many of the existing and future ESG regulations focus on the “E” (i.e., climate reporting related to carbon emissions). But there’s more for financial institutions to consider than reducing the environmental impact of moving money around. They must also measure ESG-related risks and outcomes reported by the corporations within their investment portfolios. Additionally, they must report on ESG impacts created by their products and those generated throughout their entire supply chain.
By putting the framework in place now to ensure accurate and timely ESG reporting, financial institutions of all sizes can ensure compliance. These four steps can help organizations create a future-focused ESG reporting strategy:
Many institutions have proven systems in place for collecting financial data. But gathering and reporting on climate-related data requires new capabilities and, potentially, new systems. Financial institutions must consider which data they need to collect and know where to store and control that data to ensure completeness and accuracy.
One of the most complex considerations financial institutions face is understanding their organizational and operational boundaries. Consider, for example, a global bank with a home office in Japan. Does it follow Japanese regulations based on its home office location? What about its subsidiaries operating in different regions? Does a Paris subsidiary, for example, need to report using the Central Securities Depositories Regulation (CSDR)? The challenge for global institutions is consolidating all these various areas under one streamlined ESG data reporting structure.
Additionally, financial institutions must find ways to capture ESG data across Scopes 1, 2 and 3 emissions based on the Greenhouse Gas Protocol. This can include capturing accurate data about operational disruptions in countries like Indonesia or states like Florida that are prone to extreme weather events. Financial institutions must also accurately calculate carbon impacts throughout their entire supply chain. These can include gathering and reporting on emissions generated by leased armored vehicles or calculating the energy consumed by leased or off-site data centers.
Once financial institutions collect the right ESG data, they need to put in place adequate controls over the information they’re reporting. Right now, many institutions ask personnel who may not have the necessary technical knowledge to do this kind of work as an adjunct to their primary responsibilities. But in an increasingly regulated future, banks will need dedicated personnel with technical knowledge to complete this work efficiently and effectively.
To this end, we’ve seen some banks create dedicated ESG teams that carry responsibility for control functions. Another emerging trend is employing an ESG controller, and these specialists are already highly sought-after by many financial institutions.
The trickiest part of hiring for a role like ESG controller is finding a candidate with adequate expertise. Professionals with a solid ESG background may not have the necessary risk and audit knowledge needed to develop adequate controls. Conversely, a professional skilled in risk and audit may lack foundational ESG understanding and capabilities.
The other consideration with hiring an ESG controller—or building an ESG team—is knowing where this department should live within an institution’s organizational hierarchy. The right answer will vary for different organizations. Right now, we’ve most often seen financial institutions align their ESG control function with their finance or human resource functions.
Financial institutions should consider how their ESG approach fits into their firm’s strategic objectives, risk management framework and risk appetite. Then, they should consider which areas of the organization will be responsible for specific tasks and determine which human and technological resources the organization will need to move forward. Taking this type of thoughtful approach can help institutions develop ESG reporting strategies built for the future.
Creating a cross-functional ESG team and carving out roles for ESG data scientists and ESG controllers are also positive steps forward for financial institutions. But the broadening requirements of new and emerging regulations could become overwhelming for even the most qualified professionals.
Stress testing for ESG compliance is a two-step process. Both an independent, third-party strategy group and an internal audit team should perform testing, verify that the right risks have been identified and confirm that controls are working as expected.
Part of this essential work will include a materiality assessment to ensure data is being collected from all sources and is being reported in accordance with the proper regulations. Internal audit should also provide continuous monitoring and oversight to ensure accurate and compliant reporting.
While regulations are mandating ESG reporting, financial institutions should view this not as an obligation, but as an opportunity. As investors demand more transparency into a company’s sustainability initiatives, institutions that prove they are good stewards of ESG principles through trusted data and controls will gain a competitive advantage.
Listen to Episode 4 of our podcast to hear more about the convergence of internal audit with ESG and sustainability.