ESG Reporting & Risk Management: Are You Ready for New Rules?

In the 50 years since economist Milton Friedman published his mantra that a corporation’s primary responsibility is to make money for its shareholders, investors and the general public have come to expect more from the companies they support. As a result, the lens on corporate responsibility has expanded beyond shareholders and profits to encompass other stakeholders, including customers, employees, suppliers and communities.

Although ESG means different things to different companies, depending on the industry and business strategy, it’s now a critical part of enterprise risk management for any organization. This goes beyond regulatory compliance — and the penalties that can result from incomplete or inaccurate disclosures. It might also extend to legal and contractual requirements or workplace safety. And what about the risk of losing customers or not being able to attract talented employees if your ESG posture falls short?

Proposed SEC Rules Tackle Climate Risk

Until recently, regulatory standards have not kept up with growing demands from shareholders and other stakeholders. Reporting has been mostly voluntary, ad hoc or inconsistent. But that’s about to change, at least as far as climate risk is concerned.

In March 2022, the Securities and Exchange Commission (SEC) proposed rule changes to enhance and standardize climate-related risk disclosures. The changes would require registrants to report on “climate-related risks that are reasonably likely to have a material impact on their business, results of operations, or financial condition as well as certain climate-related financial statement metrics in a note to their audited financial statements.” This would include disclosure of greenhouse gas (GHG) emissions.

While many were anticipating the SEC to finalize in April 2023, this proposed rule is currently on the SEC’s agenda scheduled to finalize in October 2023. If finalized, the new reporting standards would require public companies to disclose additional details when filing registration statements and/or annual reports, such as:

• Oversight and governance
• Material impact to the business and the future outlook
• Process to identify, assess and manage the risks
• GHG emissions (Scope 1 and Scope 2; Scope 3 if material)
• Impact of possible climate-related events
• Details on climate-related targets or goals publicly set or stated
• Other information, such as whether scenario analysis was conducted or a transition plan defined

Climate risk disclosures would also need to be tagged in Inline XBRL and subject to the SEC’s rule on disclosure controls and procedures (DCP). And larger organizations, or accelerated or large accelerated filers, will have to obtain an attestation report from an independent attestation service provider on Scope 1 and 2 emissions.

These multiple disclosure requirements may seem daunting, but the SEC proposal includes a phased approach for implementation (see table below). Note: This timeline  is based on the 2022 proposed rule. The SEC will likely adjust and present updated timelines in the final rule to align with effective date of ruling.

The public comment period for this significant change to climate disclosure rules closed on November 1, 2022. And all parties are monitoring the SEC’s next steps closely. Meanwhile, momentum is building in both the U.S. and abroad for regulatory bodies to streamline and strengthen the reporting requirements for more consistent interpretation across companies’ ESG reporting.

Developing Your ESG Compliance Roadmap

As we noted, the scope and focus of ESG varies based on your industry and business strategy. But there are common elements that all organizations should consider, which fall into two categories:

• Mandated reporting, as specified in the final SEC proposed rules
• Voluntary disclosures communicated to stakeholders and market constituents

Beyond the potential mandatory regulatory requirements on the near horizon, how should your company begin to develop a roadmap for reporting on ESG matters, including those related to climate risk?

1. Identify and engage with your organization’s key stakeholders — not just the investor community—and understand what’s important to them. This may include your employees, community, customers and suppliers.
2. Gather supporting data and other benchmarks for analysis, such as considerations for your organization’s industry profile. This may include evaluating industry market research and peer organizations to identify priorities. It may also include evaluating recommended topics from reporting frameworks (GRI, SASB, TCFD, etc.) for input and assessing for relevance and applicability.
3. Determine priorities or focus areas that are material to your business and stakeholders and identify related opportunities to create value or risks to mitigate.
4. Assess your organization’s ESG risks. Effective management of ESG will require a broader perspective on assessing and managing enterprise risk. Each organization will need to develop its own ESG risk profile — focusing on industry-specific risks — and determine risk mitigation plans accordingly. The Task Force on Climate-related Financial Disclosures (TCFD) recommends bringing together multidisciplinary teams to work together on climate-related risks using approaches and metrics appropriate for your organization.
5. Consider what is “likely” from an ESG risk standpoint. Then implement or enhance risk management plans as needed to mitigate potential business impacts.
6. Consider leveraging a tool to facilitate your ESG program management journey.

Preparing for the New Era of ESG Reporting & Risk Management

Assuming the proposed climate risk disclosure rules are finally approved and other ESG-related standards are introduced, they’ll add to the regulatory challenges your organization must account for. And just as Sarbanes-Oxley and similar requirements are now status quo, ESG will quickly become a routine part of doing business.

As Economist Impact wrote in 2018, “At the end of this process, [ESG] will cease to exist as something separate from financial reporting, and we will look back on the journey and wonder at the flat-earth nature of where we were.”

As a business leader, your primary responsibility may always be to provide returns for shareholders. But as ESG compliance and expectations around corporate social responsibility evolve, your ability to successfully deliver on that promise will increasingly be tied to your performance as a good corporate citizen.

As you prepare for this new era of ESG reporting and risk management as well as risk mitigation approaches, we’re here to help. RGP consultants have decades of experience and expertise in implementing complex regulatory requirements, from SOX to conflict minerals compliance. 

Editor’s note: This article was originally published June 2, 2022 and was updated on July 21, 2023.