Europe’s Regulatory Playbook for ESG Rating Providers

As individual and institutional investors move toward investing according to environmental, social, and governance (“ESG”) criteria, ESG ratings – scores given to companies or financial instruments on the basis of meeting these criteria – are becoming critically important in guiding investment portfolios.  While substantial work has been put into designing clear ESG standards that would function similarly to accounting standards, comparatively little has been considered with respect to how market participants that rate investment products for ESG qualities – so-called ESG rating providers – can or should be regulated.  This question is critically important for the ESG marketplace, as the scores given by ESG rating providers often give investors the trust needed to make an ESG investment.    

Europe’s recent experiences with credit rating agency (“CRA”) and benchmark reform, as well as recent concerns with the quality and comparability of ESG ratings, provide options for regulating ESG rating providers.  This post will outline current issues in the ESG ratings marketplace and Europe’s response, as evidenced by a recent letter from the European Securities and Markets Authority (“ESMA”) that seeks to counter the risks of “greenwashing, capital misallocation and products mis-selling.”  This post will also examine related problems with ESG benchmarks, which are usually used to track equity or debt instruments in a given portfolio, and explain how ESG rating issues could spill over into that marketplace. 

Ratings, Benchmarks, and Their Discontents

Many investors have been confused and frustrated by the number of ESG ratings currently available in the market, as ESG rating providers develop their scores according to different data sources, use varying methodologies, and often have unique procedures for company participation and feedback on a proposed rating.  The following table from Sustainserv, a global management consulting firm, highlights some of the major ESG rating providers and their significant differences:

Sustainserv further highlights the complexity of this market by finding that there are over “40 ESG ratings, 150 ESG rankings, and 450 ESG indices, not including the large number of investment banks, governmental organizations, and research institutions, who conduct their own ESG-related research that can be used to produce ratings.”

In addition to this complexity, commentators and regulators have identified significant issues regarding conflicts of interest and governance with certain ESG rating providers.  A recent letter from Dutch and French regulators highlighted that ESG rating providers (specifically, Sustainalytics, MSCI, and ISS) can assume different roles, such as a consultant, data provider, or rating provider.  This potentially puts ESG rating providers in a conflicted position when representing the interests of companies and investors.  Similarly, a recent paper entitled The Determinants of ESG Ratings: Rater Ownership Matters found that “firms connected to [ESG rating provider] through institutional ownership, i.e., ‘sister firms,’ receive higher ESG ratings,” and that a rating could be inflated by the degree of institutional ownership of an ESG rating provider. 

There have also been documented problems with ESG benchmarks and investor confusion.  Benchmarks differ from ratings in that they do not provide a “score” for an investor, but typically serve as the investment strategy for a passive investment, such as an exchange-traded fund, by using an “index.”  iShares describes an ESG index as defining “universes that meet specific ESG criteria for use by asset managers, and standards for ESG characteristics to compare with the underlying market.”  The EU distinguishes between indexes and benchmarks by defining the former as a public figure that is regularly determined by formula or calculation and on the basis of the value of one or more underlying assets or prices. By contrast, a benchmark is an “index by reference to which the amount payable under a financial instrument or financial contract…is determined, or an index that is used to measure the performance of an investment fund.” (Benchmark Regulation, Article 3(1) and (3))

Despite these aims and definitions, there have been some documented instances where benchmarks contained companies (often referred to as underlyings or constituents) that either contradict the stated goal of the ESG benchmark or are being questionably included in an ESG benchmark.  For example, in 2017, Forbes highlighted BlackRock’s MSCI KLD 400 Social ETF, which at the time held McDonald’s, ConocoPhillips, and Occidental Petroleum as three of its constituents, which angered certain investors that were unaware of the benchmark’s underlyings.  Four years later, the MSCI KLD 400 Social ETF seeks exposure to a range of large, mid-, and small-capitalization U.S. stocks and now avoids investment in controversial weapons, nuclear energy, civilian firearms, tobacco, thermal coal, and oil sands.  However, it still invests heavily in Microsoft, Facebook, and Google, which may not accord with some investors’ views on social good.  MSCI gives the MSCI KLD 400 Social ETF an MSCI ESG Fund Rating of “A.”

Benchmark administrators responded to issues like these by committing themselves to transparency, detailing the rules-based methodologies that apply to a given benchmark, and reexamining their benchmarks’ constituent portfolios.  Indeed, it is now very easy to view the constituents and ESG screens applied in a given benchmark or financial product on the websites of leading benchmark administrators (see the Invesco Solar ETF as an example).  However, as interest in ESG benchmarks continued to grow, more and more questions have begun to arise about the interplay of ESG benchmarks and ESG ratings and whether additional work needed to be done to ensure the transparency and comparability of companies with ESG ratings. 

ESG ratings that are divergent for poorly understood reasons pose significant legal issues for asset managers subject to fiduciary obligations to their clients, particularly when promoting funds that purport to further ESG purposes.  Moreover, as global policymakers discuss the possibility of requiring banks and other financial institutions to invest in “green assets” to spur sustainable finance, there will be increased scrutiny on the portfolio investments and loans made by those institutions, making the underlying quality and regulation of ESG ratings firms even more pressing.  Finally, to the extent that benchmark administrators create their ESG benchmarks based on ESG ratings, there is a significant need to ensure the credibility of those ratings given the ever-growing size and interest in ESG benchmarks.  Underscoring this point, a recent analysis from Morningstar states that there were “534 sustainable index mutual funds and exchange-traded funds globally, with collective assets under management of $250 billion” as of June 30, 2020, while another report indicates that this may grow to $53 trillion by 2022.

ESMA’s Call to Action

International and European regulators have made significant strides in ensuring the transparency and regulation of CRAs and financial benchmarks, as detailed later in this post.  However, directly regulating ESG rating providers remains a novel frontier and appears to be in the crosshairs of ESMA.

In his letter to the European Commission (“EC”), ESMA Commissioner Steven Maijoor is fairly blunt in characterizing the current state of the ESG market, stating that a key challenge that could thwart Europe’s sustainable finance goals is the “unregulated and unsupervised nature of the market for ‘ESG’ ratings and ESG assessment tools and the need to match the growth in demand for these products with appropriate regulatory requirements to ensure their quality and reliability.”  The ESMA letter comes in the wake of growing concern from several groups:  Dutch and French regulators called for ESMA to regulate ESG rating providers in December 2020; the International Organization of Securities Commissions recommended  addressing “transparency issues among ESG data providers and disclosure of methods and governance among…ESG rating agencies”; and similar exhortations came from industry-led groups, such as the European Fund and Asset Management Association.

Commissioner Maijoor highlighted the following major issues in his letter and recommended that legislation be passed by the EC to address them:

  1. Lack of a Legally Binding Definition.  ESMA is concerned that the ESG profile of a particular security or issuer would differ substantially depending on the choice of an ESG rating provider, since each ESG rating provider is currently free to define “ESG” as it sees fit.  ESMA recommends a broad definition that relies on a “defined ranking system of rating categories” and is aligned according to an “entity, issuer, or debt security’s impact on or exposure to ESG factors, alignment with international climatic agreements or sustainability characteristics.”

  2. Lack of Governance and Supervision.  ESMA suggests that all ESG rating providers be registered and supervised by a public authority, especially as providers that are currently not regulated as CRAs fall outside the scope of ESMA’s supervision.  ESMA suggests that all such public authorities should require each ESG rating provider to have a core set of organizational, conflict of interest, and transparency requirements. 

  3. Lack of Legal Requirements to Ensure Transparency in Methodologies Underlying Ratings.  ESMA’s letter calls for ratings and assessments that are “based on up to date, reliable and transparent data sources, and developed according to robust methodologies that are transparent and open to challenge by investors.”

In a recent speech, Commissioner Maijoor further underpinned the importance of this body of work by noting the overall reputational and systemic concerns of not acting to regulate ESG rating providers:

“Ultimately when greenwashing practices surface and the misstatements become public, it is often too late: such practices may have long-lasting, harmful effects on the credibility of the whole sustainable transition which, as a result, may be delayed, thus posing risks not only to investor protection, but also to financial stability.”

Given this significant pressure to regulate ESG rating providers and ensure the integrity of the ESG investing marketplace, it would not be surprising to see new regulatory standards for ESG rating providers soon.  But just what might those be?

The Past is Prologue – Credit Rating Agency and Benchmark Reform

The EU will likely draw from their previous work on CRA reform and benchmark reform in proposing standards to regulate ESG rating providers. Drawing from Europe’s reforms on credit rating agencies – the CRA Regulation – may be obvious, as many ESG rating providers are also credit rating agencies, and the business models of both pose many of the same challenges.  Many of those regulations are also similar to the ones passed in the United States as part of Title IX of the Dodd-Frank Wall Street Reform and Consumer Protection Act, which established many new internal control requirements, disclosures, and rules relating to credit rating procedures and processes. 

However, inspiration from financial benchmark reform may add new layers of transparency, and perhaps standardization, to the ESG rating marketplace, and it may prove instructive to American audiences as a framework within which to regulate ESG rating providers in America.  The United States did not pursue new financial benchmark regulation after the London Interbank Offering Rate (“LIBOR”) scandal came to light in 2012; policymakers preferred to focus on LIBOR reform instead of demanding holistic reform to financial benchmarks (notwithstanding recommendations from some, such as Duke Law Professor Gina-Gail Fletcher, to address market manipulation in financial benchmarks through a self-regulatory organization rather than through the current enforcement regime).  As a result, there are several elements of financial benchmark reform that are unknown or unfamiliar in the United States, which may resurface in ESG rating regulation.

Below are some key elements from the EU’s CRA Regulation and Financial Benchmarks Regulation that are responsive to concerns raised in the ESMA letter described above.

(1) Governance, Oversight, and Conflicts of Interest.

The CRA Regulation requires that a CRA “ensure that it issues credit ratings that are independent, objective and of adequate quality.” (Preamble, Paragraph 28)  Annex I, Section A of the CRA Regulation elaborates on this point by requiring that a CRA have an administrative or supervisory board composed of senior management, tasked with ensuring the independence of credit rating activities and identification, management, and disclosure of conflicts of interest.  Moreover, in addition to character requirements, one third of the members of this administrative body must be “independent members who are not involved in credit rating activities.”  Restrictions are placed on linking member compensation to business performance of the CRA, and independent members must monitor credit rating policy and methodology, effectiveness of internal quality controls, conflict of interest controls, and develop an oversight function for periodically “reviewing its methodologies, models and key rating assumptions, such as mathematical or correlation assumptions, and any significant changes or modifications thereto.” (Annex I, Section A, (9))

Article 6 of the CRA Regulation covers the independence and conflict of interest requirements of CRAs, requiring them to generally ensure that credit ratings are not impacted by conflicts of interest or business relationships involving the CRA, its managers, employees, or those directly or indirectly under the control of a CRA. (Article 6(1)) Annex I of the CRA Regulation further details requirements to mitigate conflicts of interest, including the governance requirements listed above.  In addition, Section B of Annex I of the CRA Regulation allows CRAs to perform ancillary services that are “not part of credit rating activities,” which include “market forecasts, estimates of economic trends, pricing analysis and other general data analysis as well as related distribution services,” so long as those ancillary services do not present conflicts of interest with credit rating activities.  (Annex I, Section B, (4))

Similarly, the Benchmark Regulation requires benchmark administrators to have in place “robust governance arrangements which include a clear organizational structure with well-defined, transparent and consistent roles and responsibilities for all persons involved in the provision of a benchmark.” (Article 4(1)) Benchmark administration must be “operationally separated from any part of an administrator’s business that may create an actual or potential conflict of interest.” (Article 4(2))  Administrators must establish an oversight function that operates with “integrity” that is responsible for reviewing a benchmark definition and methodology at least annually, overseeing changes to methodology, reviewing an administrator’s control framework (particularly where a benchmark is based on input data from third-party contributors), overseeing any third party involved in the provision of the benchmark, and taking measures to review breaches of the “code of conduct” from input contributors, which is elaborated on below. (Article 5, (1) and (3)) Administrators must also have accountability frameworks to cover recordkeeping, auditing, reviews, and a complaints process that evidences compliance with the Benchmark Regulation. (Articles 7-9)

The Benchmark Regulation also requires a benchmark administrator to establish an independent oversight function when a conflict of interest arising from an administrator’s “ownership structure, controlling interests or other activities” that cannot be adequately mitigated. (Article 4(3))

(2) Contributors and Data Sources.

The CRA Regulation requires that CRAs “prominently state when disclosing any credit rating whether it considers satisfactory the quality of information available on the rated entity and to what extent it has verified information provided to it by the rated entity or its related third part” (Annex I, Section D, (4)).  CRAs must disclose historical data is limited, and, in cases where there is a lack of reliable data or there are “serious questions as to whether a [CRA] can provide a credible credit rating,” the CRA must refrain from issuing a credit rating or withdraw an existing one. (Annex I)  Article 8 of the CRA Regulation also requires a CRA to adopt adequate measures to ensure that ratings are based on a “thorough analysis of all the information that is available to it and that is relevant to its analysis according to its rating methodologies.” (Article 8(2))

The Benchmark Regulation is more prescriptive than the CRA in determining the veracity of input data, dedicating Articles 11 and 15 to input data and a code of conduct for contributors of data.  Article 11(1) places the following limitations on input data:

  • Input data must “be sufficient to represent accurately and reliably the market or economic reality that the benchmark is intended to measure,” with a preference for transaction data, if available and appropriate;
  • Input data must be “verifiable”;
  • Administrators must “draw up and publish clear guidelines regarding the types of input data, the priority of use of the different types of input data and the exercise of expert judgement” to ensure that the data represents market or economic reality;
  • When input data is obtained from contributors, an administrator must obtain “the input data from a reliable and representative panel or sample of contributors” to ensure benchmark reliability; and
  • Administrators must not use input data from contributors that do not adhere to the required code of conduct.

Article 15 requires a code of conduct to specify contributor responsibilities, which must include:

  • A description of the input data to be provided;
  • Identification of person that may contribute input data to the administrator and procedures to verify the identity of a contributor;
  • Policies to ensure that a contributor provides “all relevant input data”; and
  • Systems and controls that a contributor is required to establish, including its procedures for collecting data (and whether it is transaction data); policies on discretionary use of data; requirements for validation of data record keeping policies; reporting requirements concerning suspicious data; and requirements concerning managing conflicts of interest.

Different rules apply to “supervised” contributors of data; other rules apply to special types of benchmarks, including critical benchmarks (which generally are used for investment funds with a value more than EUR 400 billion) or significant benchmarks (which generally are used for investment funds with a value more than EUR 50 billion).

(3) Transparency of Methodologies and Required Reports.

The CRA Regulation requires the publication of “methodologies, models and key rating assumptions it uses in its [CRA] activities.” (Article 8, (1)) Credit ratings must be monitored an ongoing basis, especially where “material changes occur that could have an impact on credit rating.” (Article 8, (5))  CRAs must also annually issue transparency reports, which contain information on their legal structure, internal controls, allocation of staff to “new credit ratings, credit rating reviews, methodology or model appraisal and senior management,” description of recordkeeping policies and outcomes of internal reviews, management and rating analyst rotation policies, financial information of revenue generated by a CRA from credit rating fees and non-credit rating fees, and a governance statement. (Annex I, Section E, III) CRAs must also list, every year, their 20 largest clients by revenue generated from them and any clients that have exceeded certain growth rate in generation of revenue. (Annex I, Section E, II)

Article 13 of the Benchmark Regulation requires transparent development and administration of a benchmark, including the “key elements of the methodology that the administrator uses for each benchmark provided,” details of the internal review and approval of a given methodology, and procedures for consulting on proposed material changes.   

Articles 27 and 28 of the Benchmark Regulation also cover transparency concerns for consumers, requiring administrators to publish a “benchmark statement” for each benchmark, which:

  • Defines the market or economic reality measured by a benchmark (and when that measurement would be unreliable);
  • Details the technical specifications for identifying the calculation of a benchmark “in relation to which discretion may be exercised,” including criteria used for discretion, who may exercise such discretion, and how that discretion may be evaluated;
  • Notice of factors beyond the control of the benchmark administrator that would necessitate changes or cessation of a benchmark; and
  • Warnings to consumers that changes or cessations to a benchmark may impact financial contracts.

Recent Development – EU ESG Benchmarks

As part of  the EU’s Action Plan for Financing Sustainable Growth, the EU has finalized regulations for two types of low carbon benchmarks and required ESG disclosure requirements for those benchmarks.  These benchmark set out minimum criteria to qualify as an EU Climate Transition Benchmark or EU Paris-Aligned Benchmark, such as sufficient exposure to sectors “relevant to the fight against climate change.”  As these benchmarks are relatively new, it remains to be seen whether the EU will be as prescriptive in its regulatory framework for ESG ratings (or if such prescriptions would be limited to ESG ratings labeled as “Climate Transition” or “Paris-Aligned”).

Setting the Stage for Regulating ESG Rating Providers

Given the comprehensive requirements that already apply to CRAs and benchmark administrators in the EU, developing new legislation for ESG rating providers may be effectively accomplished by “pulling” from those two reform regimes:

  • To address ESMA Commissioner Maijoor’s concerns regarding investor confusion and a lack of a legally binding definition for “ESG,” legislation that standardized the development of ESG credit ratings similar to the standardization of benchmarks development could be proposed.  In this instance, ESG rating providers could be strictly regulated on the basis of the type of data that could be using in developing an ESG rating, including data that is “verifiable.” Mandating such requirements would take significant discretion out of the hands of ESG rating providers and provide more consistency in ESG ratings, while also permitting a marketplace with a variety of methodologies measuring different ESG criteria.
  • Governance and supervision concerns could be addressed by requiring ESG providers to register under many of the same standards as CRAs and benchmark administrators.  ESG rating providers could, for example, establish independent boards that are tasked with ensuring the independence of ESG ratings, as per the CRA regulation.  Such independent boards could be required to monitor ESG rating policies and the effectiveness of their internal quality controls while also establishing periodic reviews of ESG rating methodologies. 
  • Methodology transparency of ESG rating providers and potential conflicts of interest could be ensured by requiring ESG rating providers to issue transparency reports, which detail rating methodology and the process for developing and reviewing each methodology.  “ESG rating statements” could also be published to define the “market” covered by an ESG rating and factors that could impact an ESG rating in the future.  Finally, to the extent an ESG rating provider is relying on an outside data contributor, a code of conduct could be required to develop and detail the policies that apply to a contributor, including the procedures for collecting data and verifying its authenticity.      

Many of these policies are already in place with leading ESG rating providers (see MSCI’s ESG Ratings portal as an example), but standardization across the marketplace would ensure that individual and institutional investors could rely on the same levels of data diligence and disclosure among the many ESG rating providers currently operating in the marketplace.

Where regulation may be more complicated, however, are the circumstances in which an ESG rating provider is already regulated as a CRA or benchmark administrator, particularly where conflicts of interest would arise between ESG ratings being provided and the credit rating or benchmark activities of the same entity.  This may require additional “firewalls” between the ESG rating activities and benchmark or credit rating activities of a given entity, but more thought should be given to this, especially as growing consolidation of the ESG rating and data marketplace takes root.

In the U.S., the Securities and Exchange Commission (“SEC”) regulates CRAs and routinely reviews their internal control structures, governance, transparency, and disclosures.  A recent speech by Jessica Kane, the SEC’s former Director of the Office of Credit Ratings, identified that “three review areas together account for nearly 75% of all findings” in annual exam reports: internal supervisory controls; adherence to policies and procedures; and conflict of interest management.  These areas are similar in scope to the areas of concern highlighted by ESMA Commissioner Maijoor in his letter to the EC, and there is little reason to think that U.S. regulatory authorities would not have similar concerns with respect to ESG rating providers.

In addition, as part of their work on the Climate-Related Market Risk Subcommittee at the Commodity Futures Trading Commission, over thirty private sector banks, investors, environmental justice groups, farmers, and ranchers highlighted the need for transparency in the financial products rated by CRAs for ESG considerations.  The Subcommittee’s final report, issued in late 2020 and containing over 50 recommendations, specifically recommended that “[CRAs]…should include a disclosure of applicable methodologies for those credit rating products that consider climate risk.” (Recommendation 4.14) Given consensus from the private sector on the need for more transparency on ESG rating methodologies, it would not be farfetched to assume that concerns similar to ESMA’s issues with conflicts of interest, governance, and comparability for ESG ratings providers would also arise in the U.S.    

Consequently, U.S. policymakers may want to consider whether existing securities laws cover the risks that ESG rating providers may pose, as highlighted by their colleagues across the Atlantic – namely, governance and supervision; transparency of methodologies and data; and mitigation of conflicts of interest.  While many of these reforms were envisioned by the Dodd-Frank, some reforms in the EU’s CRA Regulation and Benchmark Regulation, such as requiring a code of conduct for data contributors or establishing minimum requirements for data that could be used in ESG provider ratings, could provide significant investor confidence in the ESG rating marketplace, and help establish new minimum rules for a growing and important part of the investment community.  

Andrés Gil is a Colorado attorney in private practice.  He has advised on financial services legal and policy issues in the U.S. and EU.

Leave a Reply

Leave a Reply

Your email address will not be published. Required fields are marked *