A closer look at what the proposed SEC ESG disclosure rules could mean for public companies, boards and investors
Ernst & Young LLP recently hosted a webcast to take a closer look at what the Securities and Exchange Commission (SEC) proposal on climate change disclosures could mean for public companies, boards and investors. Now that the comment period has closed, the SEC will review the thousands of comment letters and work toward a final rule.
What we’ve heard about the SEC proposal
The comment period on the SEC’s climate change disclosure proposal ended on June 17. Since the proposal was issued in March, we’ve had the opportunity to speak with many industry associations, standard setters, preparers, investors and others on their views.
Some of the major reactions we’ve heard in our conversations, and through comment letters, are related to these key areas of the proposal:
Financial statement footnote requirement
- While investors are interested in the link between climate change and financial impacts, preparers have said the data required will be operationally challenging and potentially costly to acquire, particularly on an accelerated timeline.
- Some preparers suggested that determining whether a transaction is climate-related would also be challenging, as current controlled systems are not built to capture this level of detail and would require certain judgments, adding to the complexity, especially given the short phase-in period and bright-line 1% threshold.
- Financial statement footnotes are subject to full audit and the Sarbanes-Oxley internal control over financial reporting (ICFR), increasing the perceived costs of this proposal to preparers.
Greenhouse gas emissions (GHG)
- We have heard some mixed feedback about the ability to estimate emissions so they can be included the 10-K, particularly around Scope 3 emissions.
- Some preparers raised concerns around estimating emissions based on specific elements of the proposal, such as the reporting boundary and approaches to Scope 2 emissions calculations. While some already procure voluntary assurance over emissions, others are concerned about the assurance provisions, particularly around the proposed migration to a reasonable level of assurance.
- Many companies are calling for alignment among the various regulatory initiatives through established standard setters and other globally recognized climate reporting frameworks or at least want the option to satisfy global reporting requirements using the regulation of their home jurisdiction.
The investor perspective
- Investors have continued to support increased transparency around ESG information — see our publication and webcast dedicated to investor perspectives.
SEC proposal: where should companies start?
Some companies may risk waiting to take action until the SEC’s proposal is finalized, but there are opportunities for those looking to get ahead now.
Starting now is an opportunity to educate cross-functionally, especially between finance and sustainability teams.
Controllers need to get up to speed on the different reporting mechanisms, learn what reasonable assurance over ESG metrics could look like and determine where the data is coming from. This can be equated to creating an implementation approach that leverages a similar plan for a new accounting standard, as many of the same principles apply.
For companies with dedicated sustainability professionals, let the finance team learn from them, since they are most familiar with the current voluntary reporting mechanisms, setting sustainability goals and tracking GHG emissions. At the same time, sustainability teams need to learn from controllers about what the SEC’s process is and what their expectations are in terms of processes, controls and reporting standards.
Enhancing ESG data reliability
If companies start with a scoping exercise, or an inventory of their current ESG data, they can determine the data sources through that process. Controllership often leads on how to put the process documentation together and how to enhance it, but sustainability teams need to be involved, since they know data sources and the GHG protocols.
Since ESG data has historically not been audited or subject to controls, one of the challenges is that much of the data may be derived from manual sources, as opposed to established systems. For example, in determining a company’s Scope 2 emissions, electricity bills historically could have been manually reviewed and inputted into a spreadsheet to track. If this data now needs to go through robust internal controls and reasonable assurance, the finance team will need to enhance this process.
While this inventory and process flow analysis takes time and may require an initial investment, investing in ESG reporting can reveal unforeseen value as companies understand their businesses better. Undergoing this type of process can provide a more holistic business view, which can inform budgetary decisions and lead to cost savings.
What’s top of mind for boards and audit committees
Over the last 18 months, there has been a huge shift that put ESG top of mind for most boards and audit committees. Most audit committees began their journey by asking questions and finding out what other companies were doing, while simultaneously determining their role in ESG reporting and what part they play in overseeing management.
As audit committees have learned more, conversations have evolved into what processes and controls are needed to meet the proposed rules, and we’ve been seeing most companies move very quickly. In some cases, the board of directors has been paying close attention to physical climate risk and climate transition risk for a long time.
Boards and audit committees have also been asking questions about assurance over nonfinancial information.
When obtaining external assurance on GHG emissions, or any other metric, you first need suitable criteria. Many of our clients are undergoing readiness assessments for assurance in preparation for the finalized SEC rules. For example, a company’s GHG accounting policy may not be as well documented as a financial accounting policy, and a readiness assessment can help document the criteria needed. It also helps companies determine whether they are ready to start disclosing Scope 1 and Scope 2 emissions; determine whether they have the right scope, boundaries or emissions factors; and confirm they are comfortable with the assumptions.
When companies disclose their Scope 1 and Scope 2 emissions, they usually use the Greenhouse Gas Protocol, which is referenced (but not mandated) in the SEC’s proposal as an option for calculating emissions. The Greenhouse Gas Protocol offers two options for companies to disclose their GHG emissions: operational boundaries and organizational boundaries. Right now, many companies are using operational boundaries to disclose their GHG emissions, but the proposal would require companies to report emissions using the same organizational boundaries for financial reporting. As operational boundaries may be very different from organizational and financial boundaries, this may require some registrants that already voluntarily report under the Greenhouse Gas Protocol to change their boundaries, which could also impact climate goals and targets.
Right now, many companies are focusing on building out a robust control environment for nonfinancial information. The SEC proposal would subject all disclosures to disclosure controls and procedures (DCPs) and disclosures inside the audited financial statements to ICFR, requiring robust internal controls for reporting purposes. Historically, most companies may have only performed ad hoc reviews of emissions data or other sustainability information before including it in a stand-alone report or elsewhere.
The more controllers and finance teams are involved, the more structured the control environment becomes, which leads to more reliable data. In finance, there is a “three lines of defense” model that highlights the collaboration of management, risk reviewers and internal audit to ensure identification and monitoring of risks so that they can be appropriately mitigated. This should be the first step for finance teams, at least initially, since it’s difficult to create controls without knowing what to test and what the risks are.