September 2023
On 13 June 2023, the European Commission (EC) published the Proposal for a Regulation on the transparency and integrity of Environmental, Social and Governance (ESG) rating activities (hereinafter the Regulation).
ESG ratings offer an opinion, a score or a combination of these regarding the ESG elements of an entity, undertaking, financial instrument or financial product. The elements rated may be the ESG profile or characteristics, the exposure to ESG risks or the impact of those rated on people, society and the environment.
This information is relevant for investors and other users1 to reach informed decisions with regard to ESG-related risks, impacts and opportunities in their investment decisions or to learn the level of responsibility regarding ESG applicable to companies. From the point of view of those rated, the ESG rating can influence on their access to financing, while help improve their performance, for which reason it is essential to understand how they are being assessed.
It has been noticed that the operation of ESG ratings is hindered by a) the lack of transparency regarding their characteristics (their meaning and objectives), their methodologies and their data sources and estimates; and b) the lack of clarity on how ESG rating providers operate.
The proposal seeks to increase the integrity, transparency, responsibility, good governance and independence of the ESG rating activities, contributing to the transparency and quality of ESG ratings. However, it does not intend to harmonise the methodologies for the calculation of the ESG ratings.
The Regulation will come into force twenty days after its publication in the Official Journal of the EU and will be applicable six months later, without prejudice to establishing transitional periods both for small and medium-sized and for new ESG rating providers.
Requirements to provide ESG ratings in the Union and register
Providers of ESG ratings in the EU will require ESMA authorisation. Three possibilities for access are established in the case of third countries ESG rating providers wishing to provide their services in the EU: equivalence, endorsement or recognition. In any case, the effective exercise of the supervisory tasks by ESMA regarding third country providers will be guaranteed.
Authorisation for EU providers
The Regulation establishes the requirements for the authorisation and the content of the application for authorisation, although this will be specified in further detail by ESMA via regulatory technical standards. The application will include the contact data of the applicant, information on its ownership structure, its managers, together with information on the organisational requirements.
The Regulation establishes the periods for ESMA to review the fulfilment of the application and adopt a reasoned decision to grant or to refuse authorisation. The decision will be effective throughout EU territory. The Regulation also establishes the cases for withdrawal or suspension of the authorisation.
Third country ESG rating providers
It should be highlighted that compliance of third country ESG rating providers with the recommendations of the International Organization of Securities Commissions (IOSCO) regarding ESG ratings will be considered within the framework of the different authorisation processes.
Equivalence. This requires legal persons authorised or registered as ESG rating providers and subject to the supervision of a third country, which notify ESMA about their intention to provide ESG ratings in the EU and inform the competent authority (CA) responsible for its supervision in its home country; that the EC adopts an equivalence decision and that there are cooperation agreements operating between ESMA and the CA of the applicant to exchange the necessary information and immediate notification to ESMA of infringements by the supervised provider.
Endorsement. In this case, an ESG rating provider authorised in the EU may endorse ESG ratings provided by a third country provider belonging to the same group. The Regulation establishes the conditions to be complied with for ESMA to authorise the endorsements and, when the third country ESG rating provider is subject to supervision by a CA, there will be an appropriate cooperation provision between ESMA and said CA. The Regulation also establishes the requirements and periods for the authorisation of the endorsement by ESMA, which may also require its withdrawal whenever it has well-founded reasons to consider that the conditions for its authorisation are no longer fulfilled.
Recognition. Until the EC has adopted an equivalence decision or in the event this is repealed, third country ESG rating providers with an annual net turnover on their ESG rating activities below EUR 12 million for three consecutive years may provide ESG ratings to regulated financial undertakings in the EU, provided that ESMA has recognised that provider. The Regulation establishes the requirements for the recognition to occur, including the obligation to have a legal representative that is a legal person located in the EU and expressly appointed by that third country ESG rating provider to act on its behalf with regard to the obligations under the Regulation. If the third country ESG rating provider is subject to supervision by a CA, ESMA shall seek to put in place an appropriate cooperation arrangement to ensure an efficient exchange of information. The Regulation also establishes periods for the granting of the recognition by ESMA, which may also impose fines, suspend or withdraw the recognition if it has well-founded reasons, based on documented evidence, for this.
Register
ESMA will maintain a register, publicly accessible on its website, with all ESG rating providers in the EU it has authorised, together with third country ESG rating providers providing ESG ratings in the EU in accordance with any of the three aforementioned options. Where applicable, it will also include third country CAs responsible for supervising said ESG rating providers and the identity of the ESG rating providers in the EU responsible for endorsements.
European Single Access Point (ESAP)
To ensure adequate information to investors and other users of ESG ratings, information on ESG ratings and ESG rating providers should be made available on the ESAP. The information that is to be made public within the framework of this Regulation, both on behalf of providers and ESMA, will be disclosed at the same time to the collection body (in this case ESMA) for its accessibility on ESAP from 1 January 2028.
Organisational requirements, processes and documents concerning governance
The Regulation establishes the general principles to be followed by ESG rating providers, in particular, the need to use appropriate systems, resources and procedures, which will be updated regularly, and to ensure the independence of activities. Among others, reference is made to procedures to comply with the obligations of the Regulation on due diligence and internal control.
There is also a list of a series of activities that ESG rating providers will not provide (consulting activities to investors or undertakings; issuance and sale of credit ratings; development of benchmarks; audit or banking, insurance, reinsurance or investment activities).
Furthermore, important operational functions will not be outsourced where this significantly reduces internal control quality or the supervisory capacity of ESMA. Outsourcing functions, services or activities relating to the issuance of an ESG rating will not exempt them from the responsibility to comply with their obligations under the Regulation.
With regard to rating analysts, employees and other persons involved in the provision of ESG ratings, apart from having the knowledge and experience necessary, will be subject to a series of measures to ensure their independence and mechanisms will be established to guarantee they disclose no confidential information while securely informing on any illegal conduct performed by these persons, revising their work of the past year when they terminate his or her employment with the ESG rating provider and join a rated entity in whose rating they have been involved, and they shall not take up a key management position within a rated entity which they have been involved in rating for six months after the provision of such rating.
ESG rating providers shall publish on the website the procedures for receiving, investigating and retaining records concerning complaints made.
The Regulation establishes exemptions relating to the governance requirements ESMA may award to ESG rating providers that fulfil certain criteria, in particular to small or medium-sized companies if they prove said requirements are disproportionate.
Transparency requirements on methodologies, models, and key rating assumptions used in ESG rating activities
ESG rating providers shall disclose on their website the methodologies, models and key rating assumptions they use in their ESG rating activities. ESMA shall develop draft regulatory technical standards to specify the details of such disclosures.
Disclosures will include issues such as the objective of the ratings (whether it assesses risks, impacts or other dimensions), whether the rating combines the E, S and G factors (in which case the weighting of each factor should be indicated and the method explained) or a rating comprising individual factors or specific issues (e.g., transition risks), specifying the subjects included or information on whether the rating is stated in absolute or relative values.
Moreover, ESG rating providers will provide additional information to its subscribers and to rated entities, which will include a more detailed summary of the rating methods used, a more detailed general view of the data processes and other relevant information. ESMA shall develop draft regulatory technical standards to specify the details of such disclosures.
Obligations regarding independence and conflicts of interest
The proposal requires ESG rating providers to have robust governance arrangements, including a clear organisational structure with well-defined, transparent, and consistent roles and responsibilities for all persons involved in the provision of an ESG rating. ESG rating providers shall take all necessary steps to avoid conflicts of interest and, when there is the risk of conflicts of interest, ESMA may require measures are taken to mitigate that risk, such as the establishment of an independent oversight function. Where a conflict of interest cannot be managed appropriately, ESMA may require the provider to cease the activities or relationships that create the conflict of interest, or for it to cease providing ESG ratings. The policies, procedures and organisational arrangements related to conflicts of interest will be reviewed regularly. ESG rating providers shall review their operations to identify potential conflicts of interest at least each year.
In second place, requirements are established on the management of possible conflicts of interest relating to employees involved in the provision of ESG ratings. There will be internal control procedures to ensure the integrity and reliability of the employee or person determining the ESG rating.
Finally, another important element to avoid conflicts of interest is for the fees charged by ESG rating providers to be fair, reasonable, transparent, non-discriminatory and based on actual costs. ESMA may require documented evidence backing them, it may take supervisory measures or impose fines if it finds this is not fulfilled.
ESMA’s competences for the supervision of ESG rating providers
ESMAS’s powers and cooperation with the CAs of Member States
ESMA’s competences to perform the supervision of ESG rating providers include: 1) requests for information by simple request or by decision; 2) performing general investigations; and 3) performing on-site inspections.
ESMA will previously inform on the action intended to the CAs of the Member State where the persons affected are domiciled or established, and the CAs will provide ESMA with the necessary assistance whenever requested either by ESMA or the actual CAs. ESMA may also require the CAs to carry out tasks in such actions on ESMA’s behalf.
ESMA may request information from ESG rating providers, from rated entities and from the persons involved in any way. Persons requested information will have no obligation to provide it in the case of simple requests but they will have the obligation in the case of requests by decision.
To carry out general investigations, ESMA is empowered to review any documentation it considers necessary, while also having the power to request explanations or perform interviews.
In the case of on-site inspections, these may be performed without prior announcement whenever necessary. Apart from the powers common to general investigations, any business premises and books or records may be sealed for the period of, and to the extent necessary for, the inspection.
The Regulation establishes the principles on cooperation between ESMA and national competent authorities of Member States (NCAs), including the possibility of delegating specific supervisory tasks to one of these, such as the power to request information and conduct investigations and on-site inspections. Likewise, ESMA and the NCAs will supply each other the information necessary to perform their functions in accordance with the Regulation.
NCAs that discover infringements of the Regulation will inform ESMA and may suggest that ESMA considers whether to take action and, in the case that the infringement significantly affects investor protection or the stability of the financial system of the corresponding Member State, they may request in a reasoned manner for ESMA to suspend the issuance of ESG ratings by such provider.
Supervisory measures and penalties
The Regulation includes the measures that ESMA may adopt, the criteria for their adoption taking into account the nature and seriousness of the infringement, while also for its publication. ESMA may: 1) withdraw the authorisation of the ESG rating provider; 2) temporarily prohibit the ESG rating provider from providing ESG ratings; 3) suspend the use of the ESG ratings provided by the ESG rating provider; 4) require the ESG rating provider to bring the infringement to an end; 5) impose fines; and 6) issue public notices.
The Regulation makes a distinction between fines and periodic penalty payments. The second type may be used to compel an ESG rating provider to end an infringement while also to force the persons and entities supervised to supply complete and correct information requested by ESMA, to submit to an investigation and to produce complete records, data, procedures or any other material required, and to complete and correct other information provided in an investigation launched or submit to an on-site inspection.
ESMA shall publish every fine and periodic penalty payment that it imposes, unless this seriously jeopardises the financial markets of the EU or causes disproportionate damage to the parties involved. Such disclosure shall not contain personal data.
Fees
ESMA shall charge fees to the ESG rating providers to fully cover the expenses of their supervision. The amount of an individual fee shall be proportionate to the annual net turnover of the ESG rating provider concerned. This will be detailed by means of delegated acts.
Application
The Regulation establishes a period of 3 months for ESG rating providers that are providing their services on the date the Regulation comes into force, to request the authorisation. However, there will be a transition period of 24 months for small and medium-sized companies. Furthermore, new market participants that are small and medium-sized ESG rating providers will also enjoy a transition period which, in this case, will be of 12 months.
The EC will review the Regulation at the latest five years after it comes into force. ESMA will publish an annual report on the application of the Regulation, including the supervisory measures adopted and the penalties imposed, information on the development of the ESG ratings market and an assessment of the application of the regimes of third countries.
1 Such as the benchmark administrators who construct benchmarks based on ESG aspects, non-governmental organisations or trade unions, among others.