ESG Regulations Guide: Decoding the US, UK, and EU Climate Rules
They look at you like you’re an expert, but you don’t always feel like one. With the rise of each new question or headline about environmental, social, and governance (ESG) risks and regulatory requirements, your organization expects you to have answers. This is the daily conundrum faced by countless internal auditors, risk and compliance managers, board members, C-suite executives, and other professionals whose job descriptions have recently grown to include ESG — a domain where guidance and regulations evolve so rapidly that it’s hard for anyone to keep up.
We’re here to help. AuditBoard’s ESG Regulations Guide was developed to summarize existing and emerging ESG disclosure regulations and proposals from the US, UK, and EU. Read on for guidance across geographies (including a downloadable ESG Regulations Quick Reference PDF covering status, scope, applicability, timing, audit requirements, and more) and best practices on preparing for what’s next. While we can’t guarantee you’ll always feel like the ESG regulations expert they expect you to be, you will feel more well-equipped to field questions, share valuable insights, and begin enacting the changes needed to ready your organization for compliance.
What to Know About the UK, EU, and US Climate Disclosure Requirements: Essentials
Current Status
Why the increasing urgency? The UK requirements are law, the EU proposals take effect in January 2024, and the US rules are expected to be announced in October 2023. All requirements mandate that public companies and certain other entities include various climate-related proposals in their annual reports. In addition, on June 26, 2023, the IFRS Foundation’s International Sustainability Standards Board (ISSB) issued its inaugural sustainability standards, IFRS S1 and IFRS S2. IFRS Accounting Standards are required for use by 140+ jurisdictions worldwide, and the ISSB is positioning S1 and S2 as global standards closely aligned with IFRS. So while S1 and S2 are currently voluntary, jurisdictions may eventually mandate them for IFRS filers.
Applicability
Which ESG regulations apply to your organization? Each set of disclosure requirements has its own set of considerations and thresholds, including where you operate, whether you’re listed on regulated markets, your organizational structure, the number of employees within entities or groups, and your balance sheet total, turnover, and public float. Companies should be working to understand the cross-border implications for their operations. A US-based company registered with the U.S. Securities and Exchange Commission (SEC) with an EU subsidiary meeting the thresholds, for example, would soon need to comply with both US and EU climate disclosure requirements (and possibly others).
Key Timing and Preparation Considerations
What should you keep in mind when planning your approach and timeline? Regardless of location, every organization should get its house in order ASAP, putting in place the processes, controls, and technologies needed to support accurate, reliable, up-to-date, accessible, and auditable ESG reporting from a single source of truth. Below are considerations specific to each set of requirements.
- UK — While the UK’s disclosure requirements apply to fewer companies than the EU’s (and the UK isn’t going as far as the EU on Scope 3 emissions), they are in effect now for 1,300+ of the largest UK-registered companies and financial institutions. However, the UK is creating the UK Sustainability Disclosure Standards (SDS) that “may be referenced in any legal or regulatory requirements for UK entities.” Published by the Department for Business and Trade (DBT), the SDS will be created by July 2024 and based on the IFRS Sustainability Disclosure Standards issued by the ISSB. According to the DBT, the UK SDS “will form the basis of any future requirements in UK legislation or regulation for companies to report on risks and opportunities relating to sustainability matters, including risks and opportunities arising from climate change.”
- EU — The first in-scope companies for European Financial Reporting Advisory Group’s (EFRAG’s) Corporate Sustainability Reporting Directive (CSRD) — companies already subject to the Non Financial Reporting Directive (NFRD), which include ~11,700 EU companies and groups — will have to apply European Sustainability Reporting Standards (ESRS) for annual reporting periods beginning on or after January 1, 2024.
- ISSB — Organizations wishing to voluntarily comply with ISSB S1 and S2 for annual reporting periods beginning on January 1, 2024, essentially have only six months to prepare. Since the ISSB’s standards are most closely aligned with the EU standards, IFRS-compliant organizations in the EU may want to get a jump on complying with both.
- US — Once the rules are finalized and effective, they will apply to every US public company, including foreign registrants, emerging growth, and recently IPO’d companies. The SEC has stated that in the year of adoption (still TBD), climate disclosures would be required for all periods presented in the financial statements, which indicates prior-period reporting might be required.
In all cases, the new rules require climate-related and/or sustainability disclosures at the same time as the financial statements, requiring many organizations to prepare and provide climate-related information earlier in the year than they have done historically.
Materiality
How do the disclosure rules assess materiality? Each set of requirements establishes different materiality thresholds for disclosures — based on different definitions of materiality. Key distinctions include whether disclosures consider “single” versus “double” materiality. Whereas the US and ISSB consider single materiality — in which information is material if investors would consider it important in their decision-making — the UK and EU use the concept of double materiality, through the lenses of the financial impact on the company and the impact on the larger community and environment. Different materiality thresholds and approaches also apply to assessing disclosures of Scope 1, 2, and 3 emissions. EY’s Technical Line: How the climate-related disclosure proposals from the SEC, EFRAG, and ISSB compare offers a more detailed overview of how the approaches to materiality differ.
Best Practices for Getting Started With ESG Compliance
What is the most important thing to get right early on? Your organization should have a common framework and strategy to bring together the processes and controls needed to support compliance with ESG regulations across jurisdictions. Designing this up-front creates a foundation you can adapt to accommodate each new set of requirements.
Many organizations start with individual regulations and work backwards, reverse-engineering the needed processes and controls. While this approach ultimately gets the job done, it takes more time, effort, and expense — and in general, fails to provide an easily adaptable framework, such that processes and controls must be rebuilt to fit each new requirement. Starting with an overarching framework avoids this pitfall.
There is good news: You may have a framework in place which you can use to build out your ESG framework: namely, the Committee of Sponsoring Organizations (COSO) Framework. Many companies have built out COSO internal controls over financial reporting to support Sarbanes-Oxley Act (SOX) compliance activities, and ESG reporting requirements will require similar levels of rigor, transparency, and auditability. Many of the processes and tools used to manage SOX (e.g., AuditBoard’s SOXHUB) can be built out to support ESG controls. For guidance and insights on how to move forward with leveraging the COSO framework in building out sustainability controls, see COSO’s March 2023 report, “Achieving Effective Internal Control over Sustainability Reporting (ICSR): Building Trust and Confidence through the COSO Internal Control ― Integrated Framework.”
Simplifying the ESG Regulatory Landscape
The sections below look at each set of climate disclosure requirements in turn. Download the Quick Reference PDF version for an at-a-glance view of the US, UK, and EI climate rules.
What Do I Need to Know About the U.S. Climate-Related Disclosures Proposal?
Basics – US
- Regulation: The Enhancement and Standardization of Climate-Related Disclosures for Investors (Proposed Rule).
- Reporting Requirement Authority: United States Securities and Exchange Commission (SEC).
- Source: Proposed Rule, March 2022.
Key Dates – US
- Final Reporting Requirements Publication: Originally slated for December 2022 but delayed due to comment-period extension — resulting in an unknown publication date. Per US GSA OMB website, final action is currently expected in October 2023.
- Regulation Effective Date: TBD.
- Initial Compliance Deadline: TBD.
Impacted Companies – US
- Number of Companies Impacted: ~6,000 SEC registrants (as of May 2023).
- Applicable to: The proposed rule would apply to all SEC registrants, with different requirements based on issuer type (defined as follows):
- Large Accelerated Filer — The issuer has a public float of $700M or more, as of the last business day of the issuer’s most recently completed second fiscal quarter.
- Accelerated Filer — The issuer has a public float of $75M or more, but less than $700M, as of the last business day of the issuer’s most recently completed second fiscal quarter.
- Non-Accelerated Filer and Smaller Reporting Companies — All other.
Audit Requirements – US
- Voluntary or Mandatory: According to the proposed rule, issuers will be subject to mandatory initial limited assurance, then phased-in mandatory reasonable assurance for accelerated and large accelerated filers. Deloitte offers a comprehensive analysis of the SEC’s proposed rule that includes a section on attestation requirements.
Most Relevant ESG Standards – US
The proposed rule incorporates disclosure frameworks based on the TCFD Framework and the Greenhouse Gas (GHG) Protocol’s Corporate Accounting and Reporting Standard.
Reporting Scope – US
The proposed rule would require SEC registrants to disclose the following:
- Climate-related risks and their actual or likely material impacts on the registrant’s business, strategy, and outlook.
- The registrant’s governance of climate-related risks and relevant risk management processes.
- The registrant’s GHG emissions, which, for accelerated and large accelerated filers and with respect to certain emissions, would be subject to assurance.
- Certain climate-related financial statement metrics and related disclosures in a note to its audited financial statements.
- Information about climate-related targets and goals, and transition plans, if any.
Reporting Audience – US
As expressed in the SEC’s fact sheet, the focus is on addressing the needs of both investors and issuers:
- Investors are seeking more information about the effects of climate-related risks on a company’s business to inform their investment decision-making. Investors also have expressed a need for more consistent, comparable, and reliable information about how a registrant has addressed climate-related risks when conducting its operations and developing its business strategy and financial plan.
- Many issuers currently seek to provide this information to meet investor demand, but current disclosure practices are fragmented and inconsistent. The proposed rules would help issuers more efficiently, effectively, and consistently disclose these risks, which would benefit both investors and issuers.
More Information – US
- FACT SHEET: Enhancement and Standardization of Climate-Related Disclosures
- Comprehensive Analysis of the SEC’s Proposed Rule on Climate Disclosure Requirements
What Do I Need to Know About the EU’s European Sustainability Reporting Standards?
Basics – EU
- Regulations: Corporate Sustainability Reporting Directive (CSRD) and associated European Sustainability Reporting Standards (ESRS).
- Reporting Requirement Authority: European Financial Reporting Advisory Group (EFRAG).
- Sources:
- CSRD, Final Publication, December 2022.
- ESRS, First Set (Draft), June 2023. (Feedback period closed July 2023; commission adoption planned for Q2 2023.)
- EFRAG summary of First Set of draft ESRS (includes educational videos).
Key Dates – EU
- Final Reporting Requirements Publication: The target date is no later than August 31, 2023.
- Regulation Effective Date: January 5, 2023, for EU promulgation; June 16, 2024, deadline for EU Member States to ratify into law.
- Initial Compliance Deadline: Regulation application will take place in four stages:
- Reporting in 2025 on FY2024 for companies already subject to the NFRD.
- Reporting in 2026 on FY2025 for large companies that are not currently subject to the NFRD.
- Reporting in 2027 on FY2026 for listed small to medium enterprises (SMEs) (except micro undertakings), small and non-complex credit institutions, and captive insurance undertakings.
- Reporting in 2029 on FY2028 for third-country undertakings with net turnover above $150M in the EU if they have at least one subsidiary or branch in the EU exceeding certain thresholds.
Impacted Companies – EU
- Number of Companies Impacted: Approximately 50,000 companies.
- Applicable to: EU rules on non-financial information apply to:
- All large companies and all companies listed on regulated markets. These companies are also responsible for assessing the information at the level of their subsidiaries. Large companies are EU entities or an EU consolidated group that exceeds at least two of the following three thresholds:
- Balance sheet total of €20M
- Net turnover of €40M.
- Average of 250 employees during the financial year.
- Listed SMEs, taking into account their specific characteristics. An opt-out will be possible for SMEs during a transitional period, such that they will be exempted from the application of the directive until 2028.
- All non-EU companies generating a net turnover of €150M in the EU and which have at least one subsidiary or branch in the EU. These companies must provide a report on their ESG impacts as defined in the directive.
- All large companies and all companies listed on regulated markets. These companies are also responsible for assessing the information at the level of their subsidiaries. Large companies are EU entities or an EU consolidated group that exceeds at least two of the following three thresholds:
Audit Requirements – EU
- Voluntary or Mandatory: The ESRS initially requires mandatory limited assurance, with a planned transition to reasonable assurance in the following years.
Most Relevant ESG Standards – EU
The EU standards closely align with the IFRS/ISSB standards. (ISSB’s inaugural standards, IFRS S1 and S2, were issued on June 26, 2023. ISSB has committed to aligning with ESRS, and CSRD has indicated operability with SASB standards.) Reportedly, the EU standards also closely align with Global Reporting Initiative (GRI) standards.
Reporting Scope – EU
The CSRD uses the term “sustainability matters,” which covers various ESG topics including, among others, climate-related or environmental issues (e.g., GHG emissions), fundamental rights-related issues (e.g., child labor and employment matters), anti-corruption and bribery-related issues (e.g., Foreign Corrupt Practices Act and other anti-bribery acts compliance), and diversity-related issues (e.g., board diversity).
Companies will be required to assess sustainability impacts from a “double materiality” perspective, capturing both:
- The impacts to the company (i.e., how sustainability matters affect a company, including its financial performance); and
- The impacts of the company on the larger community and the environment.
Generally, these disclosures must be made in companies’ management reports, which are existing reports that must be prepared by many EU companies in accordance with the Accounting Directive and by EU and non-EU companies listed on EU regulated markets in accordance with the Transparency Directive.
The 12 draft ESRS are organized as follows. Refer to the draft standards for more detail.
- Cross-cutting Standards:
- ESRS 1 General requirements
- ESRS 2 General disclosures
- Environmental:
- ESRS E1 Climate change
- ESRS E2 Pollution
- ESRS E3 Water and marine resources
- ESRS E4 Biodiversity and ecosystems
- ESRS E5 Resource use and circular economy
- Social:
- ESRS S1 Own workforce
- ESRS S2 Workers in the value chain
- ESRS S3 Affected communities
- ESRS S4 Consumers and end-users
- Governance:
- ESRS G1 Business conduct
Reporting Audience – EU
As noted in the CSRD, reporting is intended for a range of stakeholders, including:
- Investors, including asset managers, who want to better understand the risks and opportunities that sustainability issues pose for their investments and the impacts of those investments on people and the environment.
- Civil society actors, including non-governmental organizations and social partners that wish to better hold undertakings to account for their impacts on people and the environment.
- Customers, who want to understand and, where necessary, report on sustainability risks and impacts throughout their own value chains.
- Policy makers and environmental agencies, as part of monitoring environmental and social trends and to inform public policy.
More Information – EU
- EFRAG Delivers the First Set of Draft ESRS to the European Commission
- Corporate Sustainability Reporting Directive: New EU ESG Disclosure Requirements for EU and Non-EU Companies
- Council Gives Final Green Light to Corporate Sustainability Reporting Directive
What Do I Need to Know About the UK’s Climate-Related Financial Disclosure Requirements?
Basics – UK
- Regulations:
- The Companies (Strategic Report) (Climate-related Financial Disclosure) Regulations 2022 & The Limited Liability Partnerships (Climate-related Financial Disclosure) Regulations 2022.
- Reporting Requirement Authority:
- United Kingdom Financial Reporting Council (FRC) for Climate-related Financial Disclosure Regulations.
- Sources:
Key Dates – UK
- Final Reporting Requirements Publication: January 17, 2022, for Climate-related Financial Disclosure Regulations
- Regulation Effective Date: April 6, 2022, for Climate-related Financial Disclosure Regulations.
- Initial Compliance Deadline: The new climate-related financial disclosure obligations now apply to entities where their accounting periods start on or after April 6, 2022.
Impacted Companies – UK
- Number of Companies Impacted: 1,300+ companies for Climate-related Financial Disclosure Regulations.
- The Climate-related Financial Disclosure Regulations are applicable to:
- UK Registered Companies which include:
- Publicly quoted companies with (i) 500+ employees and (ii) transferable securities trading on a UK regulated market or AIM.
- Private limited companies with (i) 500+ employees and (ii) a turnover of more than £500M.
- Relevant public interest entities such as insurance or banking companies with 500+ employees.
- Limited Liability Partnerships (LLPs) which include:
- Traded or banking LLPs with 500+ employees.
- LLPs which (i) are not traded or banking LLPs, (ii) have 500+ employees, and (iii) have a turnover of more than £500M.
- UK Registered Companies which include:
Audit Requirements – UK
- Voluntary or Mandatory: The UK’s climate-related financial disclosure requirements are based on Task Force on Climate-Related Financial Disclosures (TCFD) recommendations. Currently, the requirement for external assurance over disclosures is voluntary. That said, it’s likely to become mandatory in the near future. Deloitte offers a great resource breaking down the reporting requirements and assurance considerations, including the various TCFD assurance options, recommended disclosures, questions for audit committees to ask, and more.
Most Relevant ESG Standards – UK
Current: Again, at this point, the UK’s requirements are closely aligned with the TCFD Framework, which is broken down into four themes — governance, strategy, risk management, and metrics and targets — each of which is supported by specific disclosures that organizations can include in financial filings or other reports to provide decision-useful information to investors and others.
Future: Notably, however, the TCFD Framework will be monitored and maintained by the ISSB beginning January 1, 2024, and the creation of the UK Sustainability Disclosure Standards (UK SDS) by July 2024 will solidify this alignment.
Companies should also be aware the UK SDS “will form the basis of any future requirements in UK legislation or regulation for companies to report on risks and opportunities relating to sustainability matters, including risks and opportunities arising from climate change” and “may be referenced in any legal or regulatory requirements for UK entities.” UK SDS will be based on the IFRS Sustainability Disclosure Standards issued by the ISSB, and the UK endorsed standards “will only divert from the global baseline if absolutely necessary for UK specific matters.”
Reporting Scope – UK
The organizations impacted by the Climate-related Financial Disclosure Regulations legislation must now produce a sustainability statement on climate-related disclosures in their annual strategic or energy and carbon reports. While the new regulations are commonly being referred to as ESG laws, the language of the regulations only applies to environmental risk factors.
The sustainability information statement requires companies to report the following:
- A listing and description of environmental risks identified as impacting the company’s operations.
- The company’s governance strategy for assessing and managing environmental risk that takes into account different environmental outcomes.
- The scope for the assessment (e.g., fiscal year 20xx).
- List and description of environmental goals and key performance indicators (KPIs) used to measure environmental risk performance.
- The process used to identify, assess, and manage environmental risks.
- The company’s process for integrating environmental risk into the broader enterprise risk management (ERM) strategy.
Reporting Audience – UK
Climate change poses risks to companies, financial institutions, investors, and individuals alike, since:
- Both physical and transition risks could have material impacts on the value of companies and their assets:
- Physical risks arise from the climatic impact of higher average temperatures (e.g., the increased frequency and severity of extreme weather events).
- Transition risks arise from the changes in technology, markets, policy, regulation, and consumer sentiment which will result from the transition to net zero.
- Disclosures of material climate-related financial information can help support investment decisions as we move towards a low-carbon economy. As it becomes easier to compare companies’ exposures to climate-related risks and opportunities, investors will be better equipped to incorporate these risks into their investment and business decisions. This also provides greater information to other stakeholders for relevant decisions.
- The preparation by businesses of disclosures on what the changing climate will mean for them, its impacts, risks, and opportunities, may help businesses gauge what they need to do to address these for their organization, operations, and people.
More Information – UK
What Other ESG Regulations Are on the Horizon?
Organizations should be aware that the wave of ESG regulations isn’t limited to the above US, UK, and EU mandates and ISSB recommendations. It’s also happening at other levels of federal, state, and local government. For example:
- The Biden-Harris administration’s Federal Supplier Climate Risks and Resilience Rule is a far-reaching plan requiring government contractors to report climate impacts and risks — as well as a near-mirror-image of the SEC’s climate disclosure proposal.
- The California State Senate Climate Accountability Package goes further than the SEC’s proposal, requiring compliance from both public and private companies doing business in California and requirements for disclosing Scope 1, 2, and 3 emissions. SB 253 would require companies with $1B+ in annual revenues to publicly report GHG emissions (independently verified by a third-party auditor). SB 261 would require companies with $500M+ in gross revenues to report on climate-related financial risks by providing any report prepared for federal regulators.
How Can Technology Help With ESG Compliance?
Again, the time is now to put in place the processes, controls, and technologies to ensure that your company will be ready for current and upcoming ESG regulatory requirements. That means building a tech-enabled foundation to support ESG reporting data that is accurate, reliable, up-to-date, and readily accessible within a centralized system of record supporting transparency and auditability — the ESG regulatory landscape demands it. Plus, when that auditor asks you to substantiate a given key metric that has been disclosed, you need to be able to confidently point to a single source of truth embedded with activity logs, certifications, reviews, and evidence — not to mention references to upstream controls that have been documented and tested, giving you further confidence in the completeness and accuracy of the data. A cloud-based connected risk platform like AuditBoard offers key benefits such as:
- Efficient, streamlined data management and controls: Whereas manual processes to collect and verify data across disparate owners, tools, spreadsheets, and systems can be inefficient, high-effort, and prone to error, technology can enable workflows that streamline the process of verifying data, collecting supporting evidence, and providing approvals. Owners receive regular reminders to upload data, and the organization has ready access to timely, auditable data. Also, control repositories designed around internal control over financial reporting can be easily leveraged for internal control over sustainability reporting.
- Improved visibility for effective prioritization: In manual environments, businesses often struggle to gain a comprehensive understanding of their ESG data or the visibility required to pinpoint the risks that matter most. Technology can offer the robust, flexible risk and materiality assessment functionality that helps you identify and evaluate ESG data, risks, and opportunities, standardize how risks are rated and monitored, and drive insights about how they evolve over time. It also offers teams the data needed to justify focus areas and levels of effort as requested by the board, management, or audit committee.
- Clear business alignment and engagement: In organizations where ownership of ESG is still forming, it can be challenging to gain focus on ESG initiatives, buy-in among cross-functional leadership, or clarity on data ownership. Plus, without a central reporting mechanism, it’s difficult to collect evidence of business impact or know where you stand compared to your own targets. A real-time, unified dashboard simplifies data requests and reporting into a single format, helping to reduce confusion and ensure data owner clarity. It also gives stakeholders access to track, update, and view the data that matters for their work. Centralized evidence collection and verification approval workflows provide auditability, making it easier to monitor progress toward goals and make informed decisions based on verified data.
- Ability to flex framework coverage to fit regulatory shifts: Framework-agnostic technology enables adding or removing ESG requirements — and subsequently mapping each requirement to specific ESG disclosures and initiatives — thereby ensuring appropriate coverage and gap identification in reporting and scoping.
- Transparency and agility for timely identification and mitigation of gaps: A unified risk dashboard enables teams to easily identify and track gaps for specific reporting frameworks and create associated action or mitigation plans. This supports ongoing transparency, timely surfacing of “calls to action,” increased agility in responding to issues, and continued maturation of your ESG risk management program.
- Integration with overall risk management: A connected risk platform can assist you in tracking ESG priorities alongside other business risks and identifying your ESG program’s larger impact to strategic business objectives. In addition, as reporting around physical and transition risks becomes mandatory, ensuring your ESG program is effectively integrated into your broader ERM program is critical.
Become the ESG Expert They Expect You to Be
You’re on the hook to make sense of the ESG regulatory landscape — a daunting task, given its complexity and ongoing evolution. Why not make the most of the tools and resources at your disposal? They are all around you, from lessons learned from SOX compliance and The IIA’s ESG Knowledge Center to AuditBoard’s growing collection of ESG resources, including our ESG Audit Checklist, ESG Reporting Guide, and ebooks such as the Deloitte-coauthored How to Audit ESG Risk and Reporting and AuditBoard’s Step-by-Step Guide to Building Your ESG Program.
For a bite-sized helping, download the PDF version of AuditBoard’s ESG Regulations Guide. For a more in-depth look at the requirements, their implications, and best practices for investor-grade reporting, download the AuditBoard-sponsored IDC Spotlight The Coming ESG Reporting Imperative. And stay tuned for more articles on what to expect from the various ESG regulations — and how to prepare for their fast-approaching deadlines.
Frequently Asked Questions About ESG Regulations
What do I need to know about the US climate-related disclosures proposal?
Answer: The proposed rule for “Enhancement and Standardization of Climate-Related Disclosures for Investors” would require SEC registrants to disclose (1) climate-related risks and their actual or likely material impacts on the registrant’s business, strategy, and outlook, (2) governance of climate-related risks and relevant risk management processes, (3) GHG emissions (which, for accelerated and large accelerated filers and with respect to certain emissions, would be subject to assurance), (4) certain climate-related financial statement metrics and related disclosures in a note to its audited financial statements, and (5) climate-related targets and goals, and transition plan, if any.
What do I need to know about the EU’s European Sustainability Reporting Standards?
Answer: The EU’s Corporate Sustainability Reporting Directive (CSRD) and associated European Sustainability Reporting Standards (ESRS) use the term “sustainability matters,” which covers various ESG topics including, among others, climate-related or environmental issues, fundamental rights-related issues, anti-corruption and bribery-related issues, and diversity-related issues. Companies will be required to assess sustainability impacts from a “double materiality” perspective, capturing both the impacts to the company (i.e., how sustainability matters affect a company, including its financial performance) and the impacts of the company on the larger community and the environment. Generally, disclosures must be made in companies’ management reports; the 12 draft ESRS include (1) cross-cutting standards (general requirements and disclosures), (2) environmental standards (climate change, pollution, water and marine resources, biodiversity and ecosystems, resource use and circular economy), (3) social standards (own workforce, workers in the value chain, affected communities, consumers and end-users), and (4) governance standards (business conduct).
What do I need to know about the UK’s climate-related financial disclosure requirements?
Answer: Organizations impacted by the UK’s climate-related financial disclosure legislation must produce a sustainability statement on climate-related disclosures in their annual strategic or energy and carbon reports. The statement must report on the (1) environmental risks identified as impacting the company’s operations, (2) governance strategy for assessing and managing environmental risk that takes into account different environmental outcomes, (3) assessment scope (e.g., fiscal year 20xx), (4) environmental goals and KPIs used to measure environmental risk performance, (5) process used to identify, assess, and manage environmental risks, and (6) process for integrating environmental risk into the broader ERM strategy.
What other ESG regulations are on the horizon?
Answer: ESG regulations are also happening at other levels of federal, state, and local government. For example, the Biden-Harris administration’s Federal Supplier Climate Risks and Resilience Rule is a far-reaching plan requiring government contractors to report climate impacts and risks — as well as a near-mirror-image of the SEC’s climate disclosure proposal. In addition, the California State Senate Climate Accountability Package goes further than the SEC’s proposal, requiring compliance from both public and private companies doing business in California and requirements for disclosing Scope 1, 2, and 3 emissions.
How can technology help with ESG compliance?
Answer: The time is now to put in place the processes, controls, and technologies to ensure that your company will be ready for ESG compliance. That means building a foundation to support ESG reporting data that is accurate, reliable, up-to-date, and readily accessible within a centralized system of record supporting transparency and auditability. Cloud-based connected risk technologies offer key benefits such as efficient, streamlined data management and controls; improved visibility for effective prioritization; clear business alignment and engagement; ability to flex framework coverage to fit regulatory shifts; transparency and agility for timely identification and mitigation of gaps; and integration with overall risk management.
John A. Wheeler is the founder and CEO of Wheelhouse Advisors, and former Senior Advisor, Risk and Technology for AuditBoard. He is a former Gartner analyst and senior risk management executive with companies including Truist Financial (formerly SunTrust), Turner Broadcasting, Emory Healthcare, EY, and Accenture. Connect with John on LinkedIn.
Judson Aiken is a Senior Director of Risk and ESG Solutions driving strategic growth across AuditBoard’s enterprise risk management and ESG customer base, with an emphasis on product development. Prior to AuditBoard, Judson was at EY in their Risk Advisory practice supporting enterprise risk management, SOX, and internal audit. Connect with Judson on LinkedIn.