Environmental, social and corporate governance regulations are evolving quickly, and companies must contend with a host of new and upcoming guidelines and rules to ensure compliance.
Companies will need to gather information on ESG concerns such as environmental impacts from all corners of the enterprise, including finance, operations and compliance groups, according to participants in the recent "Keeping Pace With Climate Regulations" webinar hosted by The Wall Street Journal's Chief Compliance Officer Council.
ESG reporting largely started as a voluntary effort in most enterprises, driven by investor expectations, customer demands and employee input. But now, companies are increasingly subject to mandatory reporting regulations, said Beth Sasfai, partner at Cooley, a global law firm in Boston, during the webinar.
The European Union's Corporate Sustainability Reporting Directive (CSRD), which went into effect Jan. 1, is the most pressing example. It requires companies to file annual sustainability reports alongside financial statements. The CSRD applies to EU-based companies as well as companies that conduct a certain threshold of business in the EU.
A key aspect of CSRD is double materiality, which requires companies to report on how the business is affected by sustainability issues and how the business affects sustainability issues, Sasfai said.
"We're seeing companies focus on whether they're subject to the CSRD and whether certain areas are material to them," she said. "And if they are, how they measure that, think about that and where they start."
The California Climate Accountability Package should be another area of regulatory focus. It combines California Senate Bill 253 and Senate Bill 261, and requires large corporations to publicly disclose greenhouse gas emissions, carbon embedded in supply chains and climate risks.
The California Climate Accountability Package is subject to a recent lawsuit, so the regulations are not fully in effect. But companies should prepare for the package's potential, Sasfai said.
Companies with a total annual revenue of more than $1 billion that conduct business in California will have to publish scope 1, 2 and 3 carbon emissions data annually starting in 2026, while companies with lower revenues will have to publish a biennial climate-related risk report starting in 2026.
Lurking in the background is the U.S. Securities and Exchange Commission's (SEC's) proposed climate rule, which might come into effect in 2024, Sasfai said. The SEC's proposed rule would require publicly traded companies to report on climate-related risks facing the business, such as flooding, wildfires, hurricanes and other extreme weather events.
"Companies have those new laws on their radar screen," she said. "We don't have a lot of details about [how regulations will be implemented], which will probably come in the next year, but companies are laser-focused on what they need to do to get started measuring their emissions."
Preparing now builds foundation for future
Companies striving to meet existing ESG regulations are hoping their efforts will pay off as more come into effect, said Emily Pierce, chief global policy officer at Persefoni, a Tempe, Ariz., vendor of carbon measurement and reporting software.
The frameworks for most ESG regulations are built on the foundation from the Task Force on Climate-Related Financial Disclosures, Pierce said, and focus on four pillars: governance, strategy, risk management, and measures and targets.
Disclosures built on the first three pillars -- governance, strategy and risk management -- will feed into all the existing reporting obligations. But the fourth pillar -- metrics and targets -- will require companies to look at different data points and targets across sustainability topics, she said. Regardless, adopting a process to meet one requirement could help companies meet others.
"There's good news here as there's an existing protocol for calculating carbon emissions, where you take activity data from across your organization and value chain, and transform that into a CO2 equivalent," Pierce said.
Sustainability regulations are all built on or accept the Greenhouse Gas Protocol, which provides companies with requirements and guidance for preparing enterprise-wide greenhouse gas emissions accounting.
If companies build their emissions disclosure reporting systems around the Greenhouse Gas Protocol, and can document how they calculate emissions and what assumptions and estimates they incorporate into those calculations, they will be prepared for the varying reporting obligations to come, Pierce said.
Consistency and risk management
One of the risks that companies will face in mandatory reporting is the lack of consistency among the frameworks and required reports needed for different purposes and audiences, Sasfai said. For example, many companies provide voluntary reporting for customers or public policy purposes, much of which grew out without legal review.
Now, companies need to think collectively about their ESG reporting to ensure consistency, she said.
"There should be a partnership between legal, communications, and ESG and sustainability [groups] to make sure that you're describing what you're doing accurately, that you have backup for whatever you're putting out there and that you have data governance around the numbers that you're communicating," Sasfai said.
Legal teams need to be involved because of the potential for consumer class-action lawsuits around issues such as greenwashing, she said. The SEC is also issuing comment letters to companies about inconsistencies between their ESG reporting claims and their SEC filings.
Companies should also be intentional about assigning responsibility for the ESG agenda, Sasfai said. This can be difficult because it involves cross-functional interactions, but it can ensure ESG is incorporated throughout the company.
"You need to have different people in different groups coordinated and working together to make sure that you're mitigating risk and you're integrating things like climate risk into your existing strategic planning, your enterprise risk management processes or your internal controls," she said.
Keeping up with the regimes
Companies will need to continually monitor what's happening globally with ESG regulations, because all of it can affect the markets they operate in, according to Pierce.
Emily PierceChief global policy officer, Persefoni
It's also important to watch "reporting-adjacent policies," she said, which include consumer protection regulations such as California's Voluntary Carbon Market Disclosures Act -- which went into effect Jan. 1 -- that places disclosure obligations on companies making net zero claims at the enterprise or product level.
"We're going to see different kinds of regulation in the non-securities space that impact companies' claims, and they'll need data to back up what they're saying," Pierce said.
Disclosure requires companies to be transparent about what they are doing, Sasfai said, but rules are coming -- particularly in the EU -- that will require companies to take action. For example, several countries have passed or proposed legislation that mandates human rights and environmental due diligence in supply chains.
"To comply with those laws, companies would need to map their supply chains to identify the potential for certain risks, looking at things like forced labor," she said. "It's a very different exercise than just disclosing what you do or don't have."
Jim O'Donnell is a senior news writer who covers ERP and other enterprise applications for TechTarget Editorial.