New environmental, social and governance (ESG) reporting requirements in the European Union and the US are set to fundamentally change the nonfinancial reporting landscape. The new EU rules will require ESG reporting on a level never seen before, and will capture a whole host of companies that previously did not need to do mandatory nonfinancial reporting, including public and private non-EU companies that meet the thresholds. For US issuers, the new EU rules will result in mandatory reporting on a broader set of ESG topics than those required under current and proposed Securities and Exchange Commission (SEC) rules.
Even if your business is not covered by the new reporting requirements, we anticipate that you will feel the impact of these requirements if your business is part of the value chain of an entity that is required to report. We expect to see companies sending and receiving ESG questionnaires to gather the data necessary for their ESG reports.
In addition to the proposed US climate change reporting rules, preparation for reporting under the new EU rules will be an important topic for fall board meetings and nominating and corporate governance committees.
If you have any questions or would like training for your teams, please contact a member of Cooley’s international ESG team.
What are the new reporting requirements?
In the EU, political agreement has been reached on the new Corporate Sustainability Reporting Directive (CSRD), meaning that the draft will soon enter into law. The CSRD hugely expands the scope and content of current EU nonfinancial reporting obligations to capture a much wider range of entities and require reporting on a broader range of ESG topics in much more detail than before. The information is to be included in a separate section of the management report, subject to mandatory audit, and will feed into a publicly accessible EU website.
Notably, the CSRD applies to EU companies and public and private non-EU companies that meet the thresholds described below. As a result, US and other non-EU companies with EU business may be required to produce ESG reports in compliance with EU rules, even if such companies are not listed on a European exchange.
In the US, there is a parallel, but more limited, move toward an expansion of mandatory ESG reporting obligations. The SEC has adopted a more piecemeal approach than the CSRD, focusing its rulemaking on specific ESG topics, rather than mandating the publication of broad ESG reports. In particular, the SEC has proposed climate change and cybersecurity reporting rules, and is expected to propose human capital and board diversity disclosure rules over the next year.
The CSRD empowers the European Commission to recognize sustainability reporting standards applied by non-EU countries as equivalent. As the SEC has not and is not currently expected to propose equally broad sustainability reporting rules, it is unlikely that the SEC rules will be recognized as equivalent to all CSRD reporting standards (although some, such as climate change, may be recognized as equivalent). As a result, for US issuers that fall within the scope of the new EU rules, compliance with the CSRD is likely to require the publication of a dedicated report. In addition, the CSRD’s scope extends beyond that of most voluntary reporting standards currently applied by companies in the US and elsewhere, such as the Task Force on Climate-Related Financial Disclosures (TCFD) framework or the 77 industry-specific standards of the Sustainability Accounting Standards Board.
How can businesses prepare?
We’ve provided our take on the practical implications and what you can do to best prepare your business for the new rules.
Staying up to date
Anticipated this fall/winter, the final approval of the CSRD is the start of the process. Boards and legal departments also will want to be attentive to developments related to European Financial Reporting Advisory Group (EFRAG) reporting standards (i.e., the EU standards companies will need to report to in order to comply with the CSRD), national implementation of the CSRD and any relevant third-country rules. This is especially the case for non-EU companies that may be unaware of the CSRD and do not expect to have to comply with reporting regulations outside the countries in which they are domiciled or have registered securities. The application of the CSRD to non-EU private companies may come as a shock to many companies. Non-EU companies should continue to communicate with outside advisers and work on tracking EU revenue and future plans to work out whether they will be captured by the upcoming requirements.
Focusing on board oversight
Board oversight of ESG is a hot topic for companies around the globe, particularly for US issuers due to the proposed SEC climate change reporting rules. While many US public companies have created nominating and corporate governance committee oversight of ESG matters in recent years, the growth of highly technical ESG reporting (and SEC disclosure) has raised questions as to whether oversight should be, at least partially, shifted to audit committees, which historically are more experienced in oversight of public disclosure and financial reporting. Such questions are now even more relevant, considering the amount of data required for reporting under the CSRD and the accompanying audit requirements. Given the number of topics covered by the EU reporting standards, the CSRD also puts into question whether existing board committees will have the competence and bandwidth to oversee ESG reporting matters. As a result, in addition to building out more robust management-level ESG teams, companies covered by the CSRD may want to consider establishing dedicated board committees or integrating ESG-reporting experience into their director recruiting plans.
Aligning reports
In light of recent SEC comment letters and proposed rules, many US public companies are highly focused on aligning voluntary ESG reporting with related disclosure in SEC filings. Similar considerations should apply for issuers subject to the CSRD. In addition to integrating CSRD compliance into any existing ESG reporting activities, US issuers will want to be attentive to the risk of contradictions between financial, risk, and strategy disclosure contained in SEC filings and reporting under the CSRD.
Establishing internal controls
In addition to preparing to track and report on the numerous ESG topics covered by the CSRD, boards and management will want to focus on establishing appropriate internal controls for CSRD reporting. With the SEC’s proposed rules, greenwashing controversies in the US, the EU and the UK, and the increasingly quantified and detailed nature of voluntary reporting, putting in place internal ESG controls is already a hot topic for boards. The broad scope of the CSRD (as well as potential penalties for noncompliance), which represents the first significant regulatory mandate for many of the topics covered, further emphasizes the importance of establishing appropriate internal controls processes. This may be especially challenging for private companies, which generally have much less developed internal controls for public reporting. Even for those companies highly experienced in ESG reporting, the CSRD will likely require additional work to establish reporting processes and controls throughout the value chain adapted to a reporting framework that will undoubtedly deviate from the various existing standards.
Expecting ESG questionnaires
Boards and management also should prepare to receive more ESG-related diligence questionnaires from the EU and other covered counterparties in connection with CSRD compliance. This is because reporting boundaries will need to be expanded to cover material sustainability matters that are connected to the company by its direct or indirect business relationships (upstream and downstream), regardless of the company’s level of control over them. This is much broader than traditional financial reporting based on control. For US issuers, as such questionnaires increase in frequency and detail – and play a more central rule in funds’ investment decision-making – it will be important to consider whether responses to such questionnaires raise selective disclosure issues under Regulation FD. Such questionnaires also could increase in the future when the EU’s corporate sustainability due diligence directive (CSDD), which is currently being negotiated, is agreed.
Educating and building out internal teams
Many companies, especially those engaged in voluntary ESG reporting, have built robust internal ESG reporting teams. The CSRD should provide further impetus for such efforts. For many companies, ESG reporting has been primarily “owned” by marketing, sustainability or social impact teams, though many companies have begun “legalizing” their ESG disclosures by involving legal, financial reporting and internal audit functions. The CSRD is likely to further encourage companies to establish robust ESG reporting teams, similar to those they may have for financial reporting.
Preparing for CSRD disclosure also will require educating reporting teams on the new EU reporting frameworks. For US teams, this will include not only the challenge of reporting on certain topics less emphasized in US ESG reporting, but also adapting to a “double materiality” approach that includes an “impact-materiality” standard that deviates significantly from the SEC’s investor focused-concept, which itself informs numerous prominent ESG reporting frameworks and ratings.
Comparison of reporting obligations under the CSRD and the SEC rule
The tables below provide a high-level comparison of the two regimes’ reporting standards, key features of each, and a timeline setting out to whom these reporting regimes will apply and when.
Comparing the content of the reporting standards
For the CSRD, this comparison is based on current draft reporting standards – 13 have been published that apply to entities in all sectors – but there are more to come, as the EFRAG plans to release 40 industry-specific standards and standards for small and medium enterprises (SMEs) in 2023. Reporting standards specifying the information that needs to be included in the sustainability reports of non-EU companies and SMEs will be adopted by June 30, 2024. Where the entity is reporting at a consolidated level and one or more of its subsidiaries is relying on the CSRD’s subsidiary exemption, the parent entity must comply with the European Sustainability Reporting Standards (ESRS) – and perform its assessment of material impacts, risks and opportunities for the entire consolidated group – regardless of its group legal structure pursuant to these standards.
The below comparison is based on the draft ESRS published by the EFRAG. Under the draft CSRD, an initial set of ESRS must be adopted by June 30, 2023. Public consultation on the standards ended on August 8, 2022, and the feedback received will inform the final draft standards to be put before the European Commission in November 2022. All dates included below are preliminary and subject to change as the EU and US rules are finalized. In particular, the dates for the SEC climate rule reflect the March 2022 rule proposal, though these dates are likely to be adjusted in light of the reopening of the comment period in October 2022.
Key features of the reporting requirements
Who needs to comply and from when?
[View source.]