On November 23, 2021, the International Organization of Securities Commissions (IOSCO)1 issued its “Environmental, Social and Governance (ESG) Ratings and Data Providers” final report (Report) in which IOSCO notes that “the use of environmental, social and governance (ESG) ratings and data products has grown considerably in response to investors’ mounting interest in investing in companies that take account of sustainability in the way they are run. As a result, the role and influence of ESG ratings and data products providers in financial markets more generally, and in the sustainable finance ecosystem more specifically, have grown significantly. This has led some securities markets regulators to take a closer interest in the activities and business models of these providers.”
Reporting on its related preliminary fact-finding exercise, IOSCO said:
- there is little clarity and alignment on definitions, including on what ratings or data products intend to measure;
- there is a lack of transparency about the methodologies underpinning these ratings or data products;
- while there is wide divergence within the ESG ratings and data products industry, there is an uneven coverage of products offered, with certain industries or geographical areas benefitting from more coverage than others, thereby leading to gaps for investors seeking to follow certain investment strategies;
- there may be concerns about the management of conflicts of interest where the ESG ratings and data products provider or an entity closely associated with the provider performs consulting services for companies that are the subject of these ESG ratings or data products; and
- better communication with companies that are the subject of ESG ratings or data products was identified as an area meriting further attention given the importance of ensuring the ESG ratings or other data products are based on sound information.
The Report notes that, “in a rapidly moving and diversified market, and in the absence of global standards for this industry, developing an overview of the market for ESG ratings and data products providers is challenging” and that “while steps have been carried out to map existing providers and products in some jurisdictions, the mapping is only partial. Nonetheless, KPMG estimates that there are 160 ESG ratings and data products providers worldwide. These include both for-profit and non-profit companies that offer large or specialised ESG-related products.” Moreover, “at a regional level, a report recently prepared for the European Commission (EC) identified 30 to 40 other smaller providers of ESG ratings, data and research products and services domiciled in the European Union (EU), although such data is harder to find in other jurisdictions. From a revenue perspective, according to a recent study by UBS, global revenues generated by ESG data and services could more than double by 2025.” Further, IOSCO notes, “[N]evertheless, given the current lack of consistent information at the level of corporate disclosures, ESG-focused investors may need to place greater reliance on the ESG ratings and data products developed by ESG ratings and data products providers.”
However, the Report also notes that “given that the activities of ESG ratings and data products providers are not generally subject to regulatory oversight at the moment, increasing reliance on these services raises concerns about the potential risks they pose to investor protection, the transparency and efficiency of markets, risk pricing, and capital allocation. In addition, the lack of standards in this area may present the risk of greenwashing or misallocation of assets and could lead to a lack of trust in ESG ratings or in the data products’ robustness or relevance.”
The Report concludes with the following 10 recommendations:
Recommendation 1: Regulators could consider focusing more attention on the use of ESG ratings and data products and ESG ratings and data products providers that may be subject to their jurisdiction.
Recommendation 2: ESG ratings and data products providers could consider adopting and implementing written procedures designed to help ensure the issuance of high quality ESG ratings and data products based on publicly disclosed data sources where possible and other information sources where necessary, using transparent and defined methodologies.
Recommendation 3: ESG ratings and data products providers could consider adopting and implementing written policies and procedures designed to help ensure their decisions are independent, free from political or economic interference, and appropriately address potential conflicts of interest that may arise from, among other things, the ESG ratings and data products providers’ organizational structure, business or financial activities, or the financial interests of the ESG ratings and ESG data products providers and their officers and employees.
Recommendation 4: ESG ratings and data products providers could consider identifying, avoiding or appropriately managing, mitigating and disclosing potential conflicts of interest that may compromise the independence and objectivity of the ESG ratings and ESG data products provider’s operations.
Recommendation 5: ESG ratings and data products providers could consider making adequate levels of public disclosure and transparency a priority for their ESG ratings and data products, including their methodologies and processes to enable the users of the product to understand what the product is and how it is produced, including any potential conflicts of interest and while maintaining a balance with respect to proprietary or confidential information, data and methodologies.
Recommendation 6: ESG ratings and data products providers could consider adopting and implementing written policies and procedures designed to address and protect all non-public information received from or communicated to them by any entity, or its agents, related to their ESG ratings and data products, in a manner appropriate in the circumstances.
Recommendation 7: Market participants could consider conducting due diligence or gathering and reviewing information on the ESG ratings and data products that they use in their internal processes. This due diligence or information gathering and review could include an understanding of what is being rated or assessed by the product, how it is being rated or assessed and, limitations and the purposes for which the product is being used.
Recommendation 8: ESG ratings and data products providers could consider improving information gathering processes with entities covered by their products in a manner that leads to more efficient information procurement for both the providers and these entities.
Recommendation 9: Where feasible and appropriate, ESG ratings and data products providers could consider responding to and addressing issues flagged by entities covered by their ESG ratings and data products while maintaining the objectivity of these products.
Recommendation 10: Entities subject to assessment by ESG ratings and data products providers could consider streamlining their disclosure processes for sustainability related information to the extent possible, bearing in mind jurisdictions’ applicable regulatory and other legal requirements.
Some Practical Considerations for SEC-Regulated Entities
The US Securities and Exchange Commission (SEC), an IOSCO member, has been actively preparing to consider increasing regulation with respect to ESG disclosures made by public companies and asset managers. The SEC also oversees certain, but not all, firms that provide ESG ratings. Specifically, the SEC oversees credit rating agencies that are registered as nationally recognized statistical rating organizations (NRSROs). NRSROs have begun incorporating ESG considerations in their ratings and offering other ESG ratings services. The SEC has not publicly announced any plans to increase its focus on ESG ratings firms as part of its “all-agency approach” to climate and ESG risks and opportunities. Notably, the SEC’s Office of Credit Ratings 2020 Annual Report to Congress on NRSROs does not mention ESG. In addition, while the SEC’s Asset Management Advisory Committee raised the questions of “what role should ESG ratings systems and benchmarks play?” and “should particular ESG ratings providers or benchmarks be used as part of the requirements for including ‘ESG’ in the corresponding product name?” when it provided ESG-related recommendations to the SEC in July 2021, the committee did not provide any recommendations with respect to ESG ratings firms. However, this IOSCO report may prompt the SEC to examine ESG ratings firms, both regulated and unregulated.
1 IOSCO describes itself as “the leading international policy forum for securities regulators” and notes that it “is recognized as the global standard setter for securities regulation” and that its “membership regulates more than 95% of the world's securities markets in some 130 jurisdictions.”