ESG for Lawyers

Compliance Regime for ESG Ratings Providers – a Brief Overview

Samarpita
5–7 minutes
, , , , , ,

Who oversees the ratings providers? While ESG ratings have been around for a while, it was not till quite recently that the providers started to come under the scanner.

In this article, I have tried to provide a brief overview of the evolution from recommendations to legislations in this space. It is important to understand the evolution to be able to understand the legislations, which are still based on similar fundamental principles.

Setting the Stage with the IOSCO Recommendations

It starts in November 2021 when IOSCO published a set of 10 recommendations for the ESG industry. While the recommendations do not have a binding power, they have set the basis for several codes of conduct and legislations all over the world.

IOSCO noticed that there has been a surge of ESG ratings and data products but the unregulated nature of the market led to concerns about several potential risks from investor protection to greenwashing.

To better understand this part of the sustainable finance ecosystem, IOSCO conducted a fact-finding exercise, consisting of a roundtable in December 2020 and a survey questionnaire in January 2021.

Voluntary Codes of Conduct Start to Show Up

This was followed by what I call the Generation One of regulations, the Voluntary Codes of Conduct.

Japan’s Financial Services Agency (FSA) decided to launch their Code of Conduct, the first of its kind in the world to be issued by a national regulator. The draft code was issued in July 2022 and the final version was adopted in December 2022.

Following the publication of the IOSCO report, in 2022, the Financial Conduct Authority of UK appointed International Capital Market Association (ICMA) and the International Regulatory Strategy Group to convene an industry group to develop a globally consistent voluntary code of conduct under a joint secretariat.

In December 2023, the ICMA Code of Conduct for ESG Ratings and Data Products Providers (“ICMA Code”) was launched, heavily based on the IOSCO recommendations of the four key outcomes.  This is a voluntary code of conduct and interested providers can sign-up by notifying ICMA, completing the implementation period (6-12 months), and publishing a statement on their website as to how they have applied the ICMA Code. This statement of application should be reviewed annually.

The Singapore Code of Conduct followed in December 2023 and the Hong Kong Code of Conduct was launched in October 2024.

The Key Principles Derived from the IOSCO Recommendations and the Generation One of Codes of Conducts

The IOSCO Report made several recommendations, the key being:

  1. Recommendations regarding process improvement for better products. These recommendations cover several areas like:
    • Transparency of data source;
    • Adoption of transparent methodologies, which are applied consistently and reviewed regularly;
    • Having sufficient human resources and technological capacity to provide the assessment; and
    • Offering ratings and data products in a machine readable format.
  2. Recommendations regarding policies and procedures and on resolving conflicts of interest. The recommendations include:
    • adoption of written internal policies and procedures, which can identify and manage actual or potential conflicts of interest;
    • taking steps to ensure that the ESG ratings and data products are not affected by the existence of a potential for a business relationship;
    • putting in place measures to help ensure that conflicts of interest do not arise from personnel, for example, putting in restrictions on trading by the staff, eliminating potential conflicts of interest like remuneration linked to revenue from an evaluated entity; and
    • disclosing, if appropriate, the nature of compensation arrangement that might exist with an entity for which ESG ratings and data product are provided.
  3. Recommendations for transparency. Apart from the recommendations mentioned above, these recommendations include:
    • Public disclosure about data and information sources, and the procedures and methodologies, that are used, to help the user understand how the outputs were determined; and
    • labeling the ESG ratings and data products so the user can understand the intended purposes.
  4. Recommendations for maintaining confidentiality. IOSCO recommends that providers can consider adoption of written policies and procedures designated to address and protect confidential information that they receive from entities under NDAs.
  5. Recommendations on interaction with entities subject to assessment. IOSCO received feedback on certain shortcomings with respect to interactions with entities covered by their ratings providers. To address this shortcomings, IOSCO has made certain recommendations which can provide the entities with visibility on the assessment process, when data is likely to be requested, and how it will be treated by the provider. The recommendations include:
    • Advanced communication on schedule of information collection;
    • Providing a consistent contact point within the organization;
    • Informing entities of the principal ground of the ratings or data product before its publications and allowing the entity to draw attention to any factual error; and
    • Publishing terms of engagement on how the ratings provider will typically engage with the covered entities.

Generation Two – Legislations

Based on the Generation Zero and Generation One, we have seen the evolution to hard laws in the form of the legislations in Europe and India and an upcoming one from the UK.

The EU legislation, while moving to mandatory implementation, is still heavily built upon the base of the ICMA Code and the recommendations from IOSCO. There is an expectation that the UK legislation will not stray much either.

A major difference from the voluntary codes of conduct is jurisdictional presence that is required both under the EU and the Indian legislation This is understandable because enforcement of legislations require either the physical presence of an entity in the region of the regulator or a collaboration with another regulator in whose region the entity is registered.

In this article, I will not be covering the EU legislation applicable for the ESG Ratings and Data Providers. There are several really good sources available online so if you want to know more, you should definitely look those up.

When ESG KPIs Diverge – the Indian Legislation

While EU and UK both have a net zero 2050 target, India has a net zero 2070 target. The mandatory Indian regulation requires that all ratings firms operating in India must account for this localized ESG KPI difference, in addition to calculating regulatory directed ratings around audited company disclosure and the green transition plan specific to India. This will require a complete reworking of how many ratings products are calculated.

Multiple big international players have departed from India’s ESG ratings market over the past 12 months in response to the regulations. Currently, no global provider has been authorized by SEBI to operate in India.

We should not look at the Indian legislation as a stray case, because diverging ESG KPIs will not be limited to just these jurisdictions. It will be a phenomena worldwide and the question to ask is, what does it mean for ESG ratings overall?

Stay informed,

Samarpita

All opinions are personal

Leave a comment

Trending