The Securities and Exchange Commission (SEC) recently issued a proposal titled “The Enhancement and Standardization of Climate-Related Disclosures for Investors” that calls for U.S.-listed companies to provide significantly more extensive disclosures on climate change risks within their regulatory filings. If and when formally adopted, the new rules will have a widespread impact on many public companies. Like their counterparts in corporate financial departments, risk management professionals may need to stretch into new directions as they help their organizations comply with the new rules.
Assuming finalization as written, the SEC proposal would require public registrants to disclose their climate-related risks, targets and goals (if applicable); greenhouse gas emissions; and plans for how the board of directors and senior management oversee climate-related risks. The proposal would also require registrants to quantify the effects of certain climate-related events and transition activities in their audited financial statements.
As a result, risk professionals will need to learn new taxonomies and procedures to help safeguard their organizations against disclosures that could potentially present legal, financial and reputational risk. While risk professionals do not need to become subject-matter experts on climate change issues, they may need to expand their purview to include identifying and addressing climate-related risks to their organization.
In response to the SEC requirements, risk professionals should work with other team members in their organization’s ESG governance structure. Here are three steps risk professionals can take to strengthen the ESG reporting process:
1. Bolster governance and internal controls. A survey Ernst & Young conducted with the Financial Education & Research Foundation (FERF) found that responsibility for ESG reporting is often spread among multiple functions across an organization. Risk management should not necessarily be expected to take a lead role in this effort, but enterprise risk functions will need to work together with members of the C-suite, including the chief sustainability officer, chief financial officer, controllership and others, to help the organization manage climate-related risk.
A critical first step is to engage with other corporate functions as they review the climate-related disclosures that will be included in the financial statements. Risk functions should conduct internal and external benchmarking to understand governance practices within and outside the company and gauge the effectiveness of these processes to meet future reporting needs. They should also design an ESG audit program for emissions reporting and perform testing to monitor and improve internal controls.
In addition, risk professionals should leverage existing risk management methodologies for climate risk assessments and risk governance procedures. For example, risk professionals can incorporate ESG regulatory risk monitoring into enterprise risk management (ERM) programs as a way of determining if risks reach a certain threshold.
2. Assess existing ESG data in the public sphere. Many organizations have been reporting non-financial data for several years now in response to increasing demands from investors and stakeholders. Risk professionals will need to collaborate with the sustainability and financial teams to perform a readiness assessment of the ESG metrics already in the public domain, review those metrics for completeness and accuracy, and determine whether they may need to be adjusted based on the SEC proposal.
Risk professionals will also need to assess whether the selected ESG metrics are relevant to the organization’s sustainability narrative and sector issues. A company that manufactures car batteries, for example, would likely have different metrics than a big-box retailer that is more concerned about emissions throughout its supply chain.
This readiness assessment could also serve as a dry run for collecting the necessary data. Many companies have been gathering ESG data on an ad-hoc basis through spreadsheets and other manual processes. While this may have been adequate in the past, this may no longer be feasible once the organization needs to include those metrics in quarterly filings.
3. Become trusted advisors to the C-suite. Risk professionals should also be prepared to join their counterparts from finance and sustainability to advise the C-suite and other key executives on the governance structures and processes required to provide sufficient oversight and accountability for ESG strategy and execution.
Given the proposed SEC rules as well as the increasing focus on ESG issues in the press and among investors, more corporate boards have been asking for information on these matters. In the FERF survey, 75% of respondents said that their audit committee or another board committee has asked about policies and procedures for ESG reporting. The survey also revealed a major disconnect here, with only 8% of respondents saying they believed their organization had robust procedures in place.
Considering the relative infancy of ESG reporting, this is not surprising. However, it means that many companies still face a heavy lift as they prepare to provide information for ongoing reports. To that end, risk professionals and others with ESG-related responsibilities in the organization should advocate for the development of new technology tools and processes to aid in ESG data collection, control and reporting.
Looking ahead, organizations will also need to introduce new controls or revamp existing controls focused on emissions and climate change disclosures, as well as other emerging ESG issues such as human capital. Teams experienced in implementing internal controls over financial reporting for Sarbanes-Oxley compliance are well-equipped to help mature their organization’s internal controls for ESG reporting.
On a broader note, risk management professionals should also advocate and participate in training for employees who will be involved in ESG reporting, especially those on the finance and sustainability teams. Professionals in finance and risk management roles need to know how to interpret environmental data, while sustainability team members will need to understand how regulators might review emissions data.
For long-term success, risk professionals and all functions involved in tracking ESG metrics should encourage their leadership to set the “tone at the top” and link ESG strategy to overall corporate goals. Forward-looking enterprise risk management teams should view this as an opportunity to help their organization unlock the strategic value of ESG by delivering proactive insights that help manage compliance risks and ultimately achieve ESG goals and targets.