94% of executives face external pressure to prioritize ESG strategies. That pressure will only intensify, as new ESG reporting regulations coming in 2024 will introduce formal policies on how information is reported, substantiated, and assured. A closer examination of current regulatory initiatives will illuminate the substance of these regulations and how organizations must adjust to become compliant.
The IDC Spotlight, sponsored by AuditBoard, The Coming ESG Reporting Imperative, is designed to bring audit, risk, and compliance leaders up to speed on best practices for a new era of compliance-driven ESG reporting. Download the full guide here, and continue reading below for an overview of the current regulatory environment and implications of ESG reporting.
The Current ESG Regulatory Environment
Regulations are emerging globally, with Europe currently at the forefront of legislating ESG reporting requirements. A key piece of European legislation is the EU’s Corporate Social Responsibility Directive (CSRD), which enforces accountability and mandates that companies audit their reported sustainability information.
North America is a few steps behind Europe in implementing ESG disclosure legislation. The U.S. Securities and Exchange Commission (SEC) proposed rule changes in March 2022 that would require companies to disclose certain climate-related risk information.
Implications for ESG Reporting
The Cost of Compliance
The formalization of reporting processes will also alter the economics of ESG reporting, with more stringent requirements necessitating increased investment from organizations as the costs for compliance rise. The SEC has released estimated costs for complying with its proposed rules, predicting first-year costs at $640,000 and annual ongoing costs for issuers at $530,000 (compared with SOX compliance costs that in 2022 exceeded $2 million annually for most companies). This expenditure is to ensure that ESG disclosures are accurate, data-backed, and assured.
While these costs of compliance are not insignificant, the cost of noncompliance is higher. The incident of ESG litigation is rising with notable recent cases, such as the pending litigation brought by the SEC, which levied a $56 million fraud fine in March 2023 against mining firm Vale SA due to misstatements regarding the safety of a dam that collapsed and led to 270 deaths.
There are other business risks associated with unvalidated noncompliant ESG reporting. Reputational damage, particularly associated with “greenwashing,” or the act of making unsubstantiated claims about an organization’s ESG performance, is a significant concern for companies.
Assurance Required
In addition to the costs associated with ESG reporting compliance, emerging legislation will also significantly impact the degree of assurance that is associated with the data reported. As ESG reporting transitions from voluntary to mandatory, expectations around the accuracy and transparency of the supporting data will amplify.
Because ESG has largely been reported qualitatively, this transition to quantitative, metric-driven analysis will be a significant shift for organizations. It will necessitate more thoughtful collection of data that ties specifically to metrics supporting ESG statements in a process akin to that established for financial reporting.
Furthermore, transparency in how metrics are derived will offset greenwashing claims and help protect the organization’s reputation against such. New legislation is also establishing expectations around assurance. For instance, the CSRD will require companies to have their sustainability disclosures audited.
While the degree of assurance will likely vary among jurisdictions and may pertain to only specific metrics or certain organizations, establishing ESG reporting practices initially around a framework of auditability will ensure that organizations are positioned to respond to changes in the rapidly mutating ESG reporting regulatory environment.
IDC’s Spotlight sponsored by AuditBoard, The Coming ESG Reporting Imperative, educates leaders on best practices for a compliant, purpose-built era of ESG reporting.
Amy Cravens is Research Manager for IDC’s Security and Trust Group responsible for the Governance, Risk, and Compliance (GRC) Technology practice. Ms. Cravens is responsible for research related to the innovation and transformation of governance, risk, and compliance software including analyzing technologies aimed at solving fraud, third-party risk, and other types of risk across the enterprise. Connect with Amy on LinkedIn.