Insurers need to shift gear to keep pace with sustainability reporting
While the application of CSRD is not limited to the insurance sector, this article focuses on the challenges and practical implementation considerations for insurance companies as they embark on their sustainability reporting journey.
CSRD – What does it seek to achieve and what does it involve?
Under CSRD, an in-scope company (or group) must incorporate sustainability reporting into its management report which sits alongside the financial statements and corporate governance statement in its annual report. Within this, organizations must report on sustainability matters in line with the ‘double materiality’ principle (further detailed below). And finally, a company must obtain a limited assurance opinion from an independent third-party over the reporting.
- Increases the number of companies required to report on sustainability metrics from around 12,000 to over 50,000;
- Improves the comparability of disclosures by prescribing around 120 metrics and additional qualitative disclosures under the European Sustainability Reporting Standards (ESRSs); and
- Enhances the reliability of reporting through mandatory limited assurance.
Tip #1: As more companies are required to report on sustainability matters in the future, the availability and quality of relevant data should increase. Insurers are expected to be both producers and consumers of this data. They should identify the potential uses of data relating to its counterparties (including investee companies, policyholders, reinsurers, suppliers) beyond reporting and integrate it into developing strategies (including climate transition plans), risk screening, managing exposures and reaching board decisions. Equipped with this information, insurers can then monitor the progress they are making against commitments to reduce their financed and insurance-associated emissions. In turn they should be able to make better pricing, underwriting and product design decisions as they use these measures to better understand the underlying nature of the risk.
Which organizations does this apply to and when does CSRD come in?
- European insurance companies with more than 500 employees must presently comply with the Non-Financial Reporting Directive (NFRD), the predecessor to CSRD. These companies must report in accordance with CSRD in 2025 for FY2024.
- European insurance companies with fewer than 500 employees were not required to comply with NFRD. European insurers that meet at least two of the following criteria (more than 250 employees, gross written premiums (GWP) in excess of €40m, or more than €20m in total assets) must report in line with CSRD from 2026 for FY2025.
- Certain European captive insurers that meet at least 2 of the following criteria (more than 10 employees, GWP in excess of €700k, or more than €350k in total assets) must report in 2027 for FY2026.
- Non-European insurance subsidiaries of EU corporate groups are, subject to materiality, potentially caught by reporting requirements at a group level which might add additional layers of complexity to any local reporting requirements.
- Non-European corporate groups with substantial activity in the EU will be caught by the CSRD requirements. ‘Substantial activity’ is defined as generating GWP of more than €150m in the EU for each of the last two consecutive years and owning at least one subsidiary that meets the general scoping criteria or at least one branch that generated more than €40m in the preceding year. This will potentially apply at a group level, not just to the EU subsidiary, with such groups required to report in relation to FY2028 onwards.
Insurance companies based in the EU and around the world might easily find themselves subject to the CSRD requirements. Given the global nature of the commercial insurance market and the need to have an EU-authorized insurer to access the EU Single Market, there will likely be few international insurance groups that are not affected by these requirements.
Tip #2: It is critical before embarking on any implementation program that the group performs a scoping exercise that considers application of the CSRD requirements on each of its legal entities and establishes a group-wide reporting strategy. This can also help allocate both group and local entity level responsibilities. The group should also explore whether any exemptions (see next section) are available and how they might be applied most efficiently.
Are there any exemptions?
There are three exemptions that insurers should be aware of:
- 'Subsidiary exemption’: An in-scope subsidiary does not need to produce its own ‘solo’ report where its ultimate parent company prepares a consolidated CSRD-compliant report. However, this exemption is not available to a European insurance company with more than 500 employees.
- ‘Multiple entities exemption’: Multiple in-scope entities that belong to a third country group do not need to produce separate ‘solo’ reports where their data is included in the CSRD-compliant report produced by the largest EU subsidiary. This exemption is available until 2030.
- 'Equivalence exemption’: The European Commission has the power to designate individual sustainability reporting frameworks or reporting regimes as ‘equivalent’ to reporting under the CSRD. While the Commission has not yet taken any equivalence decision in respect of sustainability reporting, an equivalent sustainability reporting regime must meet two criteria: (1) it must capture environmental, social and governance factors; and (2) the standards must apply the ‘double materiality’ principle. Given their differences in scope and the lack of the ‘double materiality’ principle it is difficult to see how standards issued by the International Sustainability Standards Board (ISSB) could gain equivalence for now.
What is double materiality?
Recognizing that the needs of users of sustainability information may differ, the ESRSs require firms to report on sustainability matters based on the ‘double materiality’ principle. Reporting firms must consider whether a matter is material either from an impact or financial perspective, or both.
- Impact materiality – What is the firm’s impact on people and/or the environment?
- Financial materiality – What are the present or likely effects of a sustainability matter on the firm’s cash flows, development, performance or position in the short-, medium- and long-term time horizons that will be relevant to investors, lenders and other creditors?
Impact materiality and financial materiality assessments are interrelated and the independencies between these two dimensions should be considered.
As highlighted above, sustainability reporting will be embedded within the management report that accompanies the financial statements. Therefore, there is a direct link (and need for consistency) between the management report and the financial statements. Insurers should consider whether any of the sustainability matters identified in its sustainability reporting impacts the assumptions used in the production of the ‘back half’ of the annual report. Transition risk arising from climate change might impact asset valuations. Physical risk factors might impact the valuation of insurance liabilities.
Tip #3: Insurers should expect to perform a materiality assessment to identify those sustainability matters on which they should be reporting. An effective materiality assessment will likely improve the quality of the report, allowing the company to focus on those areas that are most relevant to its stakeholders and help reduce future reporting efforts.
What do the ESRSs cover?
The European Financial Reporting Advisory Group (EFRAG) released the following 12 sector-agnostic draft ESRSs in November 2022. The European Commission will consult with EU bodies and Member States, before adopting the final standards as delegated acts in June 2023.
Each standard follows a similar structure, setting out reporting requirements in relation to a reporter’s governance, strategy, implementation, and metrics and targets.
EFRAG has a work program to develop sector specific standards for 41 sectors, starting with priority sectors. It expects to develop an insurance-specific standard in 2024-25.
Therefore, depending on when they are first required to report, firms will need to develop implementation plans that anticipate further work to reflect the insurance-specific standards. Waiting to receive complete information on the future reporting requirements will likely be too late - affected insurers need to start planning their reporting journey now but strive to ensure that they can respond to future development.
It’s important to keep in mind that CSRD is only one of many mandatory reporting requirements and frameworks that are being developed both within the EU (such as the Sustainable Finance Disclosures Regulation – SFDR and the EU Taxonomy) and beyond (such as the International Sustainability Standards Board, ISSB, and the SEC requirements in the US). Insurers should recognize the interactions between CSRD and these different requirements. Furthermore, where an insurance group has operations in jurisdictions outside of the EU, they may also need to incorporate local mandatory requirements.
Tip #4: Insurers should consider not only the impacts of their operations and value chains, but also where there might be relevant risks and opportunities relating to their underwriting and investment portfolios. They should expect to perform a detailed gap analysis to understand what data, processes, systems and technology, controls, resources, and organization are required, how much existing infrastructure can be leveraged and what needs to be designed and built (or bought and tailored) to be able to deliver the reporting in an efficient way. The challenge for large international groups will likely be around alignment and optimization of these processes and systems (see TIP#5 below).
What should firms think about now when designing their response in light of the assurance requirements?
Limited assurance typically results in an auditor expressing an opinion that nothing has been identified to conclude that the subject matter is materially misstated. It is a negative form of assurance which requires an auditor to perform fewer tests than a reasonable assurance engagement. The European Commission anticipates moving to reasonable assurance at a later stage.
While limited assurance is a lower standard than reasonable assurance, it represents a shift in the assurance requirements over sustainability information. Some insurers already receive limited assurance over their sustainability information on a voluntary basis, while those opting to follow a higher standard are moving towards reasonable assurance.
Tip #5: Insurers should remember that the production of the sustainability report is only one aspect of the transformation change that needs to occur within their organization. Insurers need to develop a target state design that answers the following key questions:
Which metrics do we want to report externally to tell our sustainability story and which of these do we consider to be our Key Performance Indicators?
Do we have appropriate and consistent definitions in place and governance established to support future changes to these?
What operating model should be in place to support this reporting, including consideration of roles and responsibilities, accountabilities, and structures such as centres of excellence and/or shared services?
What are the broad data and systems solutions required to deliver the reporting of these metrics both internally and externally?
Do we have a control framework in place over our non-financial reporting and what assurance (both internal and external) do we need over these metrics?
What management information do we require internally to track our progress against forecasts and what is the required cadence across each aspect of E, S & G?
KPMG professionals have been working with finance teams in the insurance sector that have taken the lead on ESG reporting and have developed a number of accelerators to support this design process, including:
- Detailed benchmarking of financial sector ESG metric disclosures;
- An insurance framework data and systems architecture for non-financial reporting;
- An ESG reporting data model;
- A non-financial reporting controls framework;
- A suite of entity and group level controls;
- Process and control templates and libraries for common processes, such as scope 3 in sovereign investments, climate scenario modelling and selection of data proxies;
- Illustrative metric definitions and business requirements documents.
If you’re about to begin your sustainability reporting journey, and have some questions around where to start, please speak to a member of the team.