ESG data and ratings

ESG data and ratings provider may face increasing regulation in the near future, with regulatory initiatives proposed in the UK, EU and elsewhere in the world.

ESG data and ratings encompass a wide range of services and products. Providers offer sets of publicly available and privately sourced data relating to non-financial performance of companies, such as greenhouse gas emissions and risk exposure data. Ratings products aggregate and rank this data, allowing users to compare targets at a glance and simplifying strategic decision-making processes.

The market for ESG data and ratings has grown swiftly in response to market demand for inputs to decision making and modelling processes at all levels of firms' businesses, driven by ESG regulation and investor appetite. Information may be required by an asset manager to monitor the sustainability profiles of ESG-linked investment portfolios, or by banks and insurers to measure risk exposure and inform risk exposure appetite limits. Some of the largest credit ratings agencies offer ESG-linked products, and bespoke, highly specialised data and ratings agencies are also emerging.

The move towards increased regulation of ESG data and ratings providers seeks to tackle issues observed in the early stage of the market using this information.

First, the quality and availability of source input data varies. ESMA's call for evidence (PDF 461KB) found that financial services firms face difficulties in collecting ESG data which covers all of the required sectors or financial products from third parties. They are forced to contract with multiple third parties to ensure adequate coverage.

The need to use multiple providers is compounded by a lack of transparency and comparability in the product offerings and their underlying methodologies. Users of ESG data may combine or contrast data sets from external providers without full understanding of the limitations of each approach and without appropriate strategies to mitigate any resulting risks. For example, real estate lenders using different ESG data and ratings products to understand the physical risk profile of their residential and commercial properties could inadvertently set inconsistent risk appetites where ratings from different providers are not comparable.

The appropriateness of data and ratings providers' internal risk management and governance structures has also been called into question. Conflict of interest issues may arise where a firm provides data and ratings products to a firm, and also provides consulting services to that firm. Given that the primary purpose of ESG data and ratings is to allow users to make informed investment decisions, the reliability of information and the way it is interpreted is key.

Finally, the way in which data and ratings providers interact with the companies they are assessing can often be inefficient and may not allow challenge to the providers on factual errors or the resulting rating. Given the rapidly developing landscape of ESG disclosures, not all information consumed by data and ratings providers is readily available. Respondents to IOSCO's 2021 fact-finding exercise (PDF 577KB) noted that the process of providing requested data can be resource-intense for companies, and the ultimate use of this data is not always clear. However, there is a delicate balance as efforts to facilitate the reporting process with rated companies may give rise to questions as to the independence of ratings providers and the objectivity of data and ratings products. Data and ratings providers must ensure that they maintain appropriate ethical standards in their communication with rated companies.

There is one area of ESG data that is already regulated. The EU Benchmarks regulation and the on-shored UK version set specific requirements around named categories of benchmarks e.g. EU Climate Transition Benchmarks and EU Paris-Aligned Benchmarks.

A recent FCA review of these benchmarks found many of the issues highlighted above, in particular that:

• The quality of information disclosed fell below the required standard.
• There was a lack of transparency in methodologies, with little explanation of the ESG factors used in benchmarks and the thresholds that benchmark administrators chose to apply when measuring them.
• Benchmark administrators do not always have appropriate checks and balances in governance and review structures to ensure ESG factors are correctly applied, that ratings are not outdated and that mistakes are corrected.

The FCA is concerned that these issues could contribute to greenwashing and make it more difficult for users to compare outputs across administrators, with potential negative effects on competition and end-investors.

IOSCO is developing a regulatory framework that aims to improve ESG data and ratings providers' practices. Its 2021 Final Report (PDF 609KB) provides recommendations for regulators seeking to manage the risks identified above, including consideration of whether there are sufficient levels of oversight of ESG data and ratings providers in existing regulatory regimes. Where the oversight of or regulatory obligations relating to ESG data and rating providers need to be increased, IOSCO suggests including measures to:

• Identify, manage and mitigate potential conflicts of interest.
• Increase the integrity, transparency and independence of ESG ratings and data product methodologies.
• Disclose ESG rating and data products terminology to help improve understanding of these terms in the markets.

IOSCO also makes recommendations for ESG data and ratings providers to improve the reliability, comparability and interpretability of their data. These include building internal frameworks to proactively manage conflicts of interest, as well as the market perception of the provider's independence and objectivity, as well publicly disclosing sufficient information to allow the market to understand methodological approaches. By following these measures, providers are likely to proactively manage their regulatory risk exposure as the framework develops.

In the UK, the FCA supports the regulatory oversight of providers in line with the IOSCO recommendations. HM Treasury (HMT) has published a consultation on bringing ESG ratings providers within the FCA's regulatory remit. ESMA requested similar powers (PDF 82.4KB) from the European Commission in early 2021, and although a timeline for implementation is as yet unclear, it seems likely that UK and EU supervisory practices will converge in this area.

The Japanese Financial Services Agency (JFSA) has gone one step further, developing a code of conduct (PDF 708KB) for ESG data and ratings providers. The code of conduct is principles-based and includes commitments such as putting up firewalls between consulting and data-providing staff to improve objectivity, as well as prioritising methodological transparency and balancing the need for market understanding with maintaining intellectual property.

A similar initiative is underway in the UK, with the FCA convening an industry group to develop a voluntary code of conduct to govern data and ratings providers operating in the UK. HMT and the Bank of England will sit as active observers on this group. The JFSA's approach is likely to inform the work of the UK group, which is due to be consulted on in summer 2023 and finalised before the end of 2023. Given that many ESG data and ratings providers are likely to have a foothold in the UK and EU markets, steps taken to improve the regulatory landscape in the UK may inform the priorities of a future European regulatory regime.

What is not yet clear, however, is how the exact scope of ESG data and ratings providers will be defined. HMT’s consultation defines such information broadly, encompassing ‘assessments’ of environmental, social or governance factors, even if the product is not labelled as such. Therefore, only the most simplistic or minimally processed data products would be excluded. Where credit-related information implicitly and explicitly contains ESG-related elements and is already subject to regulatory frameworks, firms may be required to navigate two layers of regulation. Firms which provide limited or simplistic ESG data and ratings products alongside more extensive consultancy services, or vice versa, will also be eager to understand the potential implications of a formal regulatory definition.

ESG data and ratings providers should already be taking steps to proactively manage their exposure to potential future regulatory change. As a first step, they should seek to understand the extent to which data and ratings products they provide to customers involve ESG elements, including those that are not labelled as such. Until the detailed scope of future ESG data and ratings regulations is known, it would be prudent to make this a broad exercise, considering standard disclosure requirements such as carbon emissions alongside other inputs such as how EPC ratings are incorporated into credit scores.

Internal governance structures should be assessed for appropriateness, particularly where firms offer both data and ratings products and consultancy services. Information barriers, blocks on staff performing both services, or other measures which reduce the risk of conflicts of interest should be implemented. Even where pre-existing internal governance measures are deemed appropriate, firms should ensure that they do not appear, to regulators, clients or rated firms, to lack independence or objectivity.

The transparency and comparability of data and ratings will continue to grow in importance as the ESG reporting landscape develops. Where providers are prepared to make full and transparent public disclosures about their methodologies this is likely to promote confidence in their product offerings.