Gordon Tveito-Duncan, Head of ESG Technology at GaiaLens, examines how the regulatory landscape is shaping up for ESG ratings and data providers.
Investors’ increasing reliance on ESG ratings and data products from private providers may have been compounded by the fact that ESG reporting by companies is a relatively new consideration, in contrast to financial reporting.
This immaturity makes it difficult for investors to assess ESG performance and risk management based on standardised criteria, hence their inclination to use ESG ratings and data products.
Transparency in ESG ratings and data methodologies is paramount – particularly as these methodologies vary significantly in terms of the ESG topics they cover, how these topics are weighted and the metrics used to measure ESG performance.
Given that the activities of ESG ratings and data products providers are not yet subject to regulatory oversight, increasing reliance on these services raises concerns about the potential risks they pose to investor protection, the transparency and efficiency of markets, risk pricing and capital allocation. In addition, the lack of standards in this area increases the risk of ‘greenwashing’ or misallocation of assets and could lead to a lack of trust in ESG ratings or in the data products’ robustness or relevance.
As such, it seems likely that the ESG ratings and data product provider markets will be regulated at a national level over the next two to three years. With this in mind, what is the likely shape of upcoming regulation?
IOSCO shows the way
For a good steer, you need to look no further than International Organisation of Securities Commissions (IOSCO) Final Report (FR09/2021), and recommendations for future regulation of ESG rating and data product providers. We’ll scan from there to the UK Financial Conduct Authority’s (FCA) consultation paper mapping out the regulator’s thinking on UK Sustainability Disclosure Requirements (SDR) and ESG product labelling, to complete this investigation.
During 2021, the FCA published a discussion paper seeking feedback on certain ESG issues in capital markets, including the currently unregulated field of ESG data and ratings. The consultation set out governance, transparency and conflicts, seeking feedback about the case for regulatory intervention in this market.
The UK’s HM Treasury then published a roadmap to sustainable investing in which it confirmed that the government was considering bringing relevant firms into the scope of FCA authorisation and regulation.
IOSCO regulatory recommendations
IOSCO, as the leading international policy forum for securities regulators and the global standard setter for securities regulation, is always worth checking on when looking for indications of future direction. Its membership regulates more than 95% of the world’s securities markets across some 130 jurisdictions.
With respect to sustainability-related issues in capital markets, IOSCO is addressing three core workstreams right now:
- sustainability-related disclosures for issuers
- sustainability-related disclosures for asset managers, including ‘greenwashing’, and
- credit rating agencies (CRAs), ESG ratings, and ESG data providers.
As regards ESG ratings and ESG data providers, the organisation’s Workstream 3 noted the following ‘unhelpful characteristics’ in this burgeoning market of nearly 200 firms, already collectively worth more than US$1 billion and set to double by 2025. These characteristics are likely to make up the focus of future regulation:
- Evidence of little clarity and alignment on definitions, including on what ratings or data products intend to measure.
- Lack of transparency about the methodologies underpinning these ratings or data products.
- Uneven coverage of products by ESG ratings and data providers, with certain industries or geographical areas benefitting from more coverage than others, thereby leading to gaps for investors seeking to follow certain investment strategies.
- Concerns about the management of conflicts of interest where the ESG ratings and data products provider (or an entity closely associated with the provider) performs consulting services for companies that are the subject of these ESG ratings or data products; and
- Need for better communication with companies that are the subject of ESG ratings or data products given the importance of ensuring the ESG ratings or other data products are based on sound information.
Six areas for provider regulation
IOSCO offers guidance and recommendations for ESG ratings and data products providers, including requests to disclose data sources, define methodologies, manage conflicts of interest, and generally increase levels of transparency. The six key areas are outlined below:
- ESG ratings and data products providers could consider adopting and implementing written procedures designed to help ensure the issuance of high quality ESG ratings and data products based on publicly disclosed data sources where possible and other information sources where necessary, using transparent and defined methodologies. One specific granular recommendation stood out:
“providing transparency around the sources of data used in determining providers’ ESG ratings and data products, including the use of any industry averages, estimations or other methodologies when actual data is not available.
“This may include transparency around whether the data used is up to date, and the time period that data is relevant to as well as whether the data is publicly sourced or proprietary in nature, including through approximations.”
- They should also consider adopting and implementing written policies and procedures designed to help ensure their decisions are independent, free from political or economic interference, and appropriately address potential conflicts of interest that may arise from the ESG ratings and data products providers’ organisational structure, business or financial activities, or the financial interests of the ESG ratings and ESG data products providers and their officers and employees.
- ESG ratings and data products providers should identify, avoid or appropriately manage, and disclose potential conflicts of interest that may compromise their independence and objectivity.
- Information regarding methodologies that ESG ratings and data products providers could consider publishing include:
- Measurement objective of the ESG rating or data product
- Criteria used to assess the entity or company
- KPIs used to assess the entity against each criterion
- Relative weighting of these criteria to that assessment
- Scope of business activities and group entities included in the assessment
- Principal sources of qualitative and quantitative information used in the assessment as well as information on how the absence of information was treated
- Time horizon of the assessment; and the
- Meaning of each assessment category.
- They could consider improving information gathering processes with entities covered by their products in a manner that leads to more efficient information procurement for both the providers and these entities.
- To this end, IOSCO also recommends that entities subject to assessment by ESG ratings and data products providers could create a dedicated section of their website, which includes links to, all the entities’ sustainability related publications.
All 10 final IOSCO recommendations for ESG ratings and data providers are listed on page 46 of FR09/2021.
Regional developments
The European Commission launched its own consultation into the functioning of the ESG ratings market in the EU as part of its renewed sustainable finance strategy. This consultation ran from April to June this year and garnered a total of 168 responses, over 80% of which agreed that the market was not operating well.
Almost all respondents replied that they valued transparency in data sourcing, methodologies, and timeliness, as well as accuracy and reliability of ESG ratings. Yet 83% of respondents made it clear that the lack of transparency on the methodologies used by providers is a problem in the ESG ratings market. There is considerable disquiet in the investment community and 94% agreed that intervention is necessary. Of these, over 80% favoured legislative intervention; the remainder favouring a non-regulatory code of conduct.
The EU is still contemplating its next move amidst a barrage of push back from the major ESG ratings providers.
Across in the United States, the Security and Exchange Commission (SEC) has to date failed to allay concerns about ESG ratings providers through rulemaking or oversight and has been facing criticism of its ESG disclosure enhancement proposals from an increasingly vocal Republican-led anti-ESG lobby.
What will the SEC’s next move be in this area? Some speculate that it may need to collaborate with standards-setters like the International Sustainability Standards Board to devise definitions, metrics or methodologies for ESG ratings providers. Certainly, the adversarial political mood in the US is making progress on increased regulation of ESG ratings providers harder and slower in the short term. But again, the ESG ratings providers are firmly in the regulator’s sights for all the same reasons which IOSCO and others have highlighted.
FCA fights shy of prescriptive regulation
To summarise the UK regulator’s Feedback Statement (FS22/4) published in June 2022 after its Consultation Paper (CP21/18), together with PS21/24 entitled ‘Enhancing climate-related disclosures by asset managers, life insurers and FCA-regulated pension providers’ (December 2021), it is clear that the UK financial regulator has ESG ratings and data providers in its sights. To quote CP21/18:
“As industry participants more fully integrate ESG into their activities and expand their ESG‑focussed product offerings, they are increasingly reliant on third‑party ESG data and rating services. These services are increasingly embedded within investment processes (including mandates and benchmark indices), directly influencing capital allocation.
“To avoid potential for harm to markets and, ultimately, consumers, we consider that ESG data and rating services should be transparent, well‑governed, independent, objective, and based on reliable and systematic methodologies and processes. Where ESG data and rating services aim to measure specific ESG attributes, users of those services should be able to clearly interpret their objectives and access sufficient information to be able to assess whether their outputs are fit for purpose.”
In this sense, the FCA seems to be heavily aligned with IOSCO’s thinking. However, last month’s CP22/20, entitled ‘Sustainability Disclosure Requirements (SDR) and investment labels’, offers no prescription for ESG ratings and data providers just yet. Instead, there are reiterations of entity-level concerns about ESG data availability and methodological challenges. It does stipulate however that “asset managers must disclose the sustainability research, data and analytical tools that it uses in supporting the product’s sustainability objective”.
Protecting consumers against greenwashing
It’s also clear that the FCA remains laser-guided in its focus on protecting the consumer as regards ESG disclosure. So, the ESG data and ratings providers that asset managers may use to assess corporates’ ESG performance seems a little beyond the scope of SDR. Much later in the paper the following reference to ‘sourcing data’ underlines the importance of being able to drill down into source data:
“We recognise that (ESG) data availability remains a major challenge. So, we are not proposing to impose sustainability-related metrics on firms at this stage. Where firms are disclosing metrics/KPIs to demonstrate performance against a stated sustainability objective, or provide consumers with additional information on their approach, we expect the firm to have access to the relevant data – or to use proxies or assumptions, provided that the methodologies and limitations are explained.”
It feels like the FCA is still considering how deep it needs to go down the ESG data supply chain to ensure that the consumer is not being greenwashed when buying a ‘Sustainable Focus’, ‘Sustainable Improver’ or ‘Sustainable Impact’ labelled financial product.
SDR labelling, naming and marketing and initial disclosure requirements are set to go live from 30th June 2024, 12 months after the FCA plans to publish its final rules.
It’s clear from our reading of IOSCO, EU, US SEC and FCA documentation on this issue, that ESG ratings and ESG data providers which have not built their methodologies with transparency and disclosure and avoidance of conflicts of interest in mind will eventually fall foul of regulatory requirements when they go live.
In other words, within the next few years, national financial regulators will come after them if they adhere to the much-criticised ‘black box’ approach which fails to explain how ESG data is sourced, how often it is refreshed, and how it is analysed and scored.
Gordon Tveito-Duncan, Head of ESG Technology at GaiaLens, examines how the regulatory landscape is shaping up for ESG ratings and data providers.
Investors’ increasing reliance on ESG ratings and data products from private providers may have been compounded by the fact that ESG reporting by companies is a relatively new consideration, in contrast to financial reporting.
This immaturity makes it difficult for investors to assess ESG performance and risk management based on standardised criteria, hence their inclination to use ESG ratings and data products.
Transparency in ESG ratings and data methodologies is paramount – particularly as these methodologies vary significantly in terms of the ESG topics they cover, how these topics are weighted and the metrics used to measure ESG performance.
Given that the activities of ESG ratings and data products providers are not yet subject to regulatory oversight, increasing reliance on these services raises concerns about the potential risks they pose to investor protection, the transparency and efficiency of markets, risk pricing and capital allocation. In addition, the lack of standards in this area increases the risk of ‘greenwashing’ or misallocation of assets and could lead to a lack of trust in ESG ratings or in the data products’ robustness or relevance.
As such, it seems likely that the ESG ratings and data product provider markets will be regulated at a national level over the next two to three years. With this in mind, what is the likely shape of upcoming regulation?
IOSCO shows the way
For a good steer, you need to look no further than International Organisation of Securities Commissions (IOSCO) Final Report (FR09/2021), and recommendations for future regulation of ESG rating and data product providers. We’ll scan from there to the UK Financial Conduct Authority’s (FCA) consultation paper mapping out the regulator’s thinking on UK Sustainability Disclosure Requirements (SDR) and ESG product labelling, to complete this investigation.
During 2021, the FCA published a discussion paper seeking feedback on certain ESG issues in capital markets, including the currently unregulated field of ESG data and ratings. The consultation set out governance, transparency and conflicts, seeking feedback about the case for regulatory intervention in this market.
The UK’s HM Treasury then published a roadmap to sustainable investing in which it confirmed that the government was considering bringing relevant firms into the scope of FCA authorisation and regulation.
IOSCO regulatory recommendations
IOSCO, as the leading international policy forum for securities regulators and the global standard setter for securities regulation, is always worth checking on when looking for indications of future direction. Its membership regulates more than 95% of the world’s securities markets across some 130 jurisdictions.
With respect to sustainability-related issues in capital markets, IOSCO is addressing three core workstreams right now:
As regards ESG ratings and ESG data providers, the organisation’s Workstream 3 noted the following ‘unhelpful characteristics’ in this burgeoning market of nearly 200 firms, already collectively worth more than US$1 billion and set to double by 2025. These characteristics are likely to make up the focus of future regulation:
Six areas for provider regulation
IOSCO offers guidance and recommendations for ESG ratings and data products providers, including requests to disclose data sources, define methodologies, manage conflicts of interest, and generally increase levels of transparency. The six key areas are outlined below:
“providing transparency around the sources of data used in determining providers’ ESG ratings and data products, including the use of any industry averages, estimations or other methodologies when actual data is not available.
“This may include transparency around whether the data used is up to date, and the time period that data is relevant to as well as whether the data is publicly sourced or proprietary in nature, including through approximations.”
All 10 final IOSCO recommendations for ESG ratings and data providers are listed on page 46 of FR09/2021.
Regional developments
The European Commission launched its own consultation into the functioning of the ESG ratings market in the EU as part of its renewed sustainable finance strategy. This consultation ran from April to June this year and garnered a total of 168 responses, over 80% of which agreed that the market was not operating well.
Almost all respondents replied that they valued transparency in data sourcing, methodologies, and timeliness, as well as accuracy and reliability of ESG ratings. Yet 83% of respondents made it clear that the lack of transparency on the methodologies used by providers is a problem in the ESG ratings market. There is considerable disquiet in the investment community and 94% agreed that intervention is necessary. Of these, over 80% favoured legislative intervention; the remainder favouring a non-regulatory code of conduct.
The EU is still contemplating its next move amidst a barrage of push back from the major ESG ratings providers.
Across in the United States, the Security and Exchange Commission (SEC) has to date failed to allay concerns about ESG ratings providers through rulemaking or oversight and has been facing criticism of its ESG disclosure enhancement proposals from an increasingly vocal Republican-led anti-ESG lobby.
What will the SEC’s next move be in this area? Some speculate that it may need to collaborate with standards-setters like the International Sustainability Standards Board to devise definitions, metrics or methodologies for ESG ratings providers. Certainly, the adversarial political mood in the US is making progress on increased regulation of ESG ratings providers harder and slower in the short term. But again, the ESG ratings providers are firmly in the regulator’s sights for all the same reasons which IOSCO and others have highlighted.
FCA fights shy of prescriptive regulation
To summarise the UK regulator’s Feedback Statement (FS22/4) published in June 2022 after its Consultation Paper (CP21/18), together with PS21/24 entitled ‘Enhancing climate-related disclosures by asset managers, life insurers and FCA-regulated pension providers’ (December 2021), it is clear that the UK financial regulator has ESG ratings and data providers in its sights. To quote CP21/18:
“As industry participants more fully integrate ESG into their activities and expand their ESG‑focussed product offerings, they are increasingly reliant on third‑party ESG data and rating services. These services are increasingly embedded within investment processes (including mandates and benchmark indices), directly influencing capital allocation.
“To avoid potential for harm to markets and, ultimately, consumers, we consider that ESG data and rating services should be transparent, well‑governed, independent, objective, and based on reliable and systematic methodologies and processes. Where ESG data and rating services aim to measure specific ESG attributes, users of those services should be able to clearly interpret their objectives and access sufficient information to be able to assess whether their outputs are fit for purpose.”
In this sense, the FCA seems to be heavily aligned with IOSCO’s thinking. However, last month’s CP22/20, entitled ‘Sustainability Disclosure Requirements (SDR) and investment labels’, offers no prescription for ESG ratings and data providers just yet. Instead, there are reiterations of entity-level concerns about ESG data availability and methodological challenges. It does stipulate however that “asset managers must disclose the sustainability research, data and analytical tools that it uses in supporting the product’s sustainability objective”.
Protecting consumers against greenwashing
It’s also clear that the FCA remains laser-guided in its focus on protecting the consumer as regards ESG disclosure. So, the ESG data and ratings providers that asset managers may use to assess corporates’ ESG performance seems a little beyond the scope of SDR. Much later in the paper the following reference to ‘sourcing data’ underlines the importance of being able to drill down into source data:
“We recognise that (ESG) data availability remains a major challenge. So, we are not proposing to impose sustainability-related metrics on firms at this stage. Where firms are disclosing metrics/KPIs to demonstrate performance against a stated sustainability objective, or provide consumers with additional information on their approach, we expect the firm to have access to the relevant data – or to use proxies or assumptions, provided that the methodologies and limitations are explained.”
It feels like the FCA is still considering how deep it needs to go down the ESG data supply chain to ensure that the consumer is not being greenwashed when buying a ‘Sustainable Focus’, ‘Sustainable Improver’ or ‘Sustainable Impact’ labelled financial product.
SDR labelling, naming and marketing and initial disclosure requirements are set to go live from 30th June 2024, 12 months after the FCA plans to publish its final rules.
It’s clear from our reading of IOSCO, EU, US SEC and FCA documentation on this issue, that ESG ratings and ESG data providers which have not built their methodologies with transparency and disclosure and avoidance of conflicts of interest in mind will eventually fall foul of regulatory requirements when they go live.
In other words, within the next few years, national financial regulators will come after them if they adhere to the much-criticised ‘black box’ approach which fails to explain how ESG data is sourced, how often it is refreshed, and how it is analysed and scored.
Share via:
Recommended for you