On 13 June 2023, the European Commission (the Commission) published a legislative a proposal for a Regulation on the transparency and integrity of Environmental, Social and Governance (ESG) rating activities (the Regulation) which forms part of the package of further steps to boost sustainable finance investment that the Commission published that day. This follows a call for evidence on the functioning of the ESG ratings market and sustainability risks in credit ratings in April 2022 from the Commission (which closed on 6 June 2022) and a call for evidence from the European Securities Markets Association (ESMA) in February 2022. The Regulation is intended to harmonise regulation across the EU given that there are currently no laws governing ESG rating providers in any of the individual EU Member States. However, in order to ensure that there remains a variety of approaches in the EU ESG ratings market, the Commission is not intending to require harmonisation of the methodologies used by ESG ratings providers.
What is wrong with the status quo?
ESG ratings have become increasingly important for all market participants as a tool to inform their decisions on ESG investment strategies and risk management, as well as better understand the sustainability risks and opportunities of their own activities or those of their peers for comparison. In addition, they are a source of information for disclosure obligations such as the EU Corporate Sustainability Reporting Directive and the EU Sustainable Finance Disclosure Regulation.
However, as it stands, the ESG ratings market fails to meet the needs of these ESG ratings users. In the Explanatory Memorandum to the Regulation, the EC states that “the current ESG rating market suffers from deficiencies and is not functioning properly, with investors and rated entities’ needs regarding ESG ratings...not being met and confidence in ratings being undermined”. The Commission notes that this is due to:
- lack of transparency on the characteristics of ESG ratings, their methodologies and data sources; and
- lack of clarity on how ESG rating agencies operate (including as regards conflicts of interest and governance).
This means that ESG ratings users are not able to make informed decisions in respect of ESG-related investments, risks, impacts and opportunities.
What is defined as an ESG rating?
An ESG rating is defined in Article 3 of the Regulation as “an opinion, a score or a combination or both, regarding an entity, a financial instrument, a financial product, or an undertaking’s ESG profile or characteristics or exposure to ESG risks or the impact on people, society and the environment, that are based on an established methodology and defined ranking system of rating categories and that are provided to third parties, irrespective of whether such ESG rating is explicitly labelled as ‘rating’ or ‘ESG score’”.
What types of ratings will be in scope of the Regulation?
ESG ratings issued by ESG rating providers operating in the EU that are disclosed publicly or that are distributed to regulated financial undertakings in the EU, undertakings within the EU Accounting Directive or EU or Member State public authorities will be caught by the Regulation.
The Regulation will not apply to private ESG ratings that are not intended for public disclosure, including ESG ratings produced by EU regulated financial undertakings for internal purposes or for providing in-house financial services and products, or any raw ESG data or products or services that incorporate an element of an ESG rating. In addition, credit ratings or second party opinions on sustainability bonds are out of scope. There are also exemptions for ESG ratings produced by EU or Member States’ public authorities and central banks (subject to some conditions including that they are not disclosed publicly). ESG ratings from an authorised ESG rating provider that are made available to users by a third party are also not caught.
An ESG rating provider is defined as “a legal person whose occupation includes the offering and distribution of ESG ratings or scores on a professional basis”. Therefore, this would capture both EU and non-EU market participants who are specialised entities that provide in-scope ESG ratings or scores to the public or to subscribers. The Regulation would not prevent financial institutions or other market participants from developing ESG ratings for their own purposes, as long as they are not providing them commercially to other market participants.
The new Regulation – highlights
- Let’s start with what the Commission is not aiming to do…
The Commission is not seeking to harmonise the methodologies of ESG rating providers. Instead, the Regulation is aimed at fostering transparency. ESG rating providers will remain in full control of their own methodologies in order to maintain a variety of approaches in the market and the Regulation expressly stipulates that ESMA, the Commission and other EU Member States may not interfere with the content or methodologies of ESG ratings.
Under the Regulation, ESG rating providers would need to be authorised and supervised by ESMA. EU entities would need to apply to ESMA for authorisation, disclosing all the information required by Annex I. ESMA is tasked with preparing draft regulatory technical standards specifying the further information needed for the authorisation of ESG rating providers.
Non-EU entities who wish to provide ESG ratings in the EU must be included in the ESMA register of ESG ratings providers. In order for this to occur the Commission must have adopted an equivalence decision in respect of that third country jurisdiction (it will take into account whether the legal framework and supervisory practice of the relevant third country is IOSCO recommendation compliant). Where there is no equivalence decision, authorised EU ESG ratings providers will be able to endorse ratings of third country ESG ratings providers, subject to certain conditions. In addition, a third country ESG rating provider with an annual net turnover on their ESG rating activities below EUR 12 million for 3 consecutive years may provide ratings to regulated financial undertakings in the EU provided it has been “recognised” by ESMA in accordance with the Regulation.
ESMA is expected to set up the ESG ratings providers register and, from 1 January 2028, the ESG ratings providers are required to submit any public information to the European Single Access Point (ESAP).
- Organisation and Disclosure Requirements
Under the Regulation, ESG ratings providers would need to comply with certain organisational, record-keeping and disclosure requirements, including in respect of conflicts of interest. Further details are set out in Annex II and Annex III.
Article 25 of the Regulation also provides that ESG ratings providers would also need to take steps that are adequate to ensure that fees charged to clients are fair, reasonable, transparent, non-discriminatory and are based on costs.
- Conflicts of interest and independence
Article 23 of the Regulation stipulates that ESG ratings providers would need to take “all necessary steps to ensure that any ESG rating provided is not affected by any existing or potential conflict of interest, or by any business relationship, either from the ESG rating provider itself or from their shareholders, managers, rating analysts, employees or any other natural person whose services are placed at the disposal or under the control of the ESG rating providers or any person directly or indirectly linked to them by control.”
Consequently, in the event of a risk of a conflict of interest, ESMA may require the ESG ratings provider to take measures to mitigate that risk. If the risk cannot be adequately mitigated, ESMA may require the ESG ratings provider to cease the activities or relationships creating the conflicts or to cease providing the ESG ratings.
Under the Regulation, ESMA would be granted certain powers including the authority to request information, carry out on-site inspections, withdraw or suspend the use of the ESG ratings, impose fines and penalty payments and issue public notices. Fines may be issued of up to 10% of the total annual net turnover of the ESG rating provider for intentionally or negligently infringing the Regulation.
Next steps and Timing
The European Parliament and Council of the European Union will now need to consider the Regulation.
Once agreed, the Regulation will enter into force 20 days after it is published in the Official Journal of the EU.
It is currently stated to apply 6 months after it enters into force.
Any ESG ratings providers providing services at the date of entry into force of the Regulation must notify ESMA within 3 months if they wish to continue offering their services and apply for authorisation within 6 months after the date of application of the Regulation.
ESG ratings providers categorised as small and medium-sized undertakings have 24 months from the date of application of the Regulation to apply for authorisation and 12 months to notify ESMA.
What is happening in other jurisdictions?
ESG rating activities are currently unregulated in most jurisdictions.
In the recitals, the Regulation notes the report of the International Organization of Securities Commission (IOSCO) published in November 2021 on ESG ratings and data products providers which set out recommendations (the IOSCO Recommendations) for authorities in relation to ESG ratings and data providers, many of which have appear to have been picked up in the Regulation. This alignment with the IOSCO Recommendations is helpful and gives some hope that there could be some degree of harmonisation globally, although some requirements may be difficult to reconcile across jurisdictions.
In addition to the EU, the UK and a handful of other jurisdictions are now contemplating regulations or voluntary rules.
In the UK, there are plans afoot to develop a voluntary Code of Conduct. The HM Treasury consultation on the Future regulatory regime for Environmental, Social and Governance (ESG) ratings providers helpfully states that the Financial Conduct Authority (FCA) intends to make the IOSCO recommendations a starting point for the voluntary Code of Conduct. We will need to watch this space as to how this develops when HM Treasury publishes the responses to the consultation which closes on 30 June 2023.
Undoubtedly, compliance will be complicated by other jurisdictions introducing ESG rating activities regulations. Although the Regulation does provide for an equivalence regime, it may take some time for the Commission to adopt any equivalence decisions under the Regulation given that currently there is no equivalent framework in place in any other jurisdiction.
These new rules aim to bring transparency to the currently unregulated ESG ratings market in Europe. It will be interesting to see how far that aim is realised in terms of providing investors and rated entities with greater transparency around the data being used to formulate ratings and the methodologies of ESG rating providers. Such transparency should help investors more easily conduct their own analysis to determine whether particular products align with their own ESG values. Ultimately, it may reduce costs for users as they may have more trust in the integrity of the input data and the ESG rating they are using.
It is worth keeping a watching brief on how this Regulation and market practice develop given that the EU is a first mover in the regulation of ESG ratings and that these rules will be mandatory for those who want to do business in the European market.
Our Sustainable Finance & Investment practice brings together a multidisciplinary global team to support our clients in this mission-critical area.
This note is for guidance only and should not be relied on as legal advice in relation to a particular transaction or situation. Please contact your normal contact at Hogan Lovells if you require assistance or advice in connection with any of the above.
Authored by Emily Julier, Isobel Wright and Jennifer O’Connell.