Here’s how Public Companies can Prepare their Compliance Functions to Avoid Regulatory Crosshairs
If you have paid any attention to the financial regulatory priorities of the Biden-Harris Administration, you know that U.S. regulators are keenly focused on environmental, social and governance (ESG) disclosures in public company filings. Specifically, in May 2021, the Biden Administration issued an Executive Order on Climate-Related Financial Risk directing federal agencies to take wide-ranging actions regarding climate-related financial risks. Most pertinent for public companies, including in the banking industry, leaders at the U.S. Securities and Exchange Commission (SEC) have made numerous public statements in recent months that foreshadow mandatory disclosure rules related to climate risk, diversity, human capital, and political spending, including announcing the creation of a Climate and ESG Task Force in the SEC’s Division of Enforcement that utilizes data analytics to proactively identify potential gaps and/or misstatements in such disclosures.
This ramped-up focus on ESG disclosures has exposed the need for public companies to prioritize and implement changes in the way they manage their compliance function. This blog represents the first in a series that assesses how companies can prepare their compliance departments for impending ESG rules and government enforcement efforts in order to stay out of the crosshairs of U.S. and global regulators. Specifically, in this first piece, we define the term ESG and introduce the four areas that companies should consider in preparing for mandatory ESG disclosure requirements and enforcement.
First, as should be obvious from the name, ESG has three branches:
- The Environmental Branch: This encompasses issues such as climate change, greenhouse gas emissions, air and water pollution, energy consumption, water usage, waste and recycling, and environmental justice.
- The Social Branch: This relates to workplace and product safety, employee diversity, equity, and inclusion, fair pay and benefits, skills and development training, collective bargaining, human rights, charitable contributions, community programs, cybersecurity and data privacy, and supply chain management.
- The Governance Branch: This includes board diversity and independence, corporate culture and values, compliance, executive compensation, and political contributions and lobbying.
Beyond these definitions, however, nothing is obvious when it comes to ESG disclosure requirements. Indeed, it is not even yet evident which ESG metrics from the above branches the SEC would require be disclosed in public company’s annual reports on Forms 10-K or elsewhere. It goes without saying that, until standard ESG disclosure metrics are established by the SEC, not to mention other U.S. regulators including the Department of Labor (DOL), Environmental Protection Agency (EPA), and Federal Energy Regulatory Commission (FERC), the degree of uncertainty surrounding this topic could present significant hurdles to companies and especially their compliance functions.
That said, there are at least six compliance-related areas that companies should consider in preparing for the prospect of mandatory ESG disclosure requirements moving forward:
- Global Regulatory Change Management Programs: First, companies should have robust regulatory change management programs to track ESG developments globally, including in the EU where the Sustainable Finance Disclosure Regulation (SFDR) is arguably more aggressive than the US in defining ESG rules and metrics.
- Coordinated Technology: Second, companies should have unified and nimble technology systems to collect and collate ESG-related data from all business lines and jurisdictions in which they operate, including related to greenhouse gas (GHG) emissions, land protection, water use, diversity, wage gaps, and health and safety, among other metrics.
- Auditability: Third, in addition to having the technology systems in place to capture ESG data, companies should verify the traceability of this data for purposes of auditability. There is already market-related pressure on public companies to produce consistent finance-grade ESG data and, once regulators get involved, these pressures could increase exponentially.
- Highly Skilled Employees: Fourth, companies should have skilled and well-trained employees to manage their regulatory change management programs and technology systems and to, when necessary, know when to escalate potential ESG red flags up the chain of command.
- Policies, Procedures, and Controls: Fifth, companies should review their current ESG disclosures, if any, vis-à-vis their policies, procedures, and controls to validate that the necessary processes and systems are in-place to identify gaps and, where appropriate, to incorporate ESG disclosures into company filings, including proxy statements, consistent with industry leading practice. For example, it is critical that any disclosures accurately reflect a company’s ESG practices and are transparent about the company’s ESG goals (i.e., companies should avoid “greenwashing”).
- Executive Management/Board Support: Sixth, and perhaps most importantly, companies should confirm that their executives and boards promote principles of governance that include ESG as a priority, including an understanding of the key ESG metrics and the ability to effectively communicate these metrics within the company and, if necessary, to the regulators.
Simply put, ESG is a fast-moving area of U.S. and global regulatory focus, so public companies may need to be nimble in responding to impending disclosure rules. This would require globally integrated regulatory change management programs and technology systems, as well as a best-in-class compliance function and personnel to run these programs and to communicate effectively with management, boards, and the relevant lines of business.
In the next blog in this series, we will examine why companies should consider establishing ESG Centers of Excellence within their compliance functions – similar to CoEs for AML, KYC, and Privacy – in order to be leaders in their respective industries when confronting the inevitable challenges of mandatory public company ESG disclosures.