Sustainable finance

‎Luciane Moessa de Souza, Ph.D. - Expert in sustainable finance

Where do ESG ratings come from

and what financial regulators can do about it?

Some insights from IOSCO report on ESG ratings and data products providers

With the increasing trend of mainstreaming ESG finance (at least in developed financial markets), the demand of environmental, social and governance data from companies is of course growing accordingly. And many investors and banks are relying to a certain extent in ESG ratings and data providers in order to fill in the many existing gaps.  It’s necessary to say that these gaps are caused in first place by the fact that capital markets regulations do not require the disclosure of ESG data with sufficient comprehensiveness, clarity and granularity, so it’s not actually possible to compare the data disclosed by public companies themselves, once they are not standardised either in contents or in format.

The rising offer of these products (and also uncertainty on if it is really possible to rely on them to fill in the gaps) led IOSCO, the global association of capital markets regulators, to make a market assessment and public consultation, whose final report was published on November 26th 2021 and brought a clear picture on the limitations of these sources of information and somehow shed some lights on how they might undermine a reliable decision-making process that aims to integrate ESG factors in a sound manner.  However, the final recommendations of the report are very shy in addressing the many concerns outlined. I show why in the next paragraphs.

The summary of the report itself on which are the main critical points on the topic is a good departure point:

• there is little clarity and alignment on definitions, including on what ratings or data products intend to measure;
• there is a lack of transparency about the methodologies underpinning these ratings or data products;
• while there is wide divergence within the ESG ratings and data products industry, there is an uneven coverage of products offered, with certain industries or geographical areas benefitting from more coverage than others, thereby leading to gaps for investors seeking to follow certain investment strategies;
• there may be concerns about the management of conflicts of interest where the ESG ratings and data products provider or an entity closely associated with the provider performs consulting services for companies that are the subject of these ESG ratings or data products; and
• better communication with companies that are the subject of ESG ratings or data products was identified as an area meriting further attention given the importance of ensuring the ESG ratings or other data products are based on sound information.

On the first point, the most relevant difference is the one regarding the concept of materiality adopted – if it refers only to the financial risks incurred by the company that are linked to ESG issues or if it includes the ESG risks plus (both negative and positive) impacts that the company’s activities generate. Another potential issue is if only compliance with ESG regulations is verified or if best ESG practices (or ESG performance according to KPIs) is also considered – and to which extent. Also, it’s necessary to clarify what is meant by environmental, social and governance issues.

The second and fifth points – one of the most relevant (and the last is interconnected to it) – refer to the sources of information and methodologies to assess them: a) if only information reported publicly by companies is used; b) if further information is obtained from companies and which are the KPIs/datapoints and what is the solution if they are not available; c) if information provided by public bodies (and which ones), civil society organisations or by media is considered and further investigated. It’s interesting to observe that the report describes (p. 20): “a lack of reporting can either lead providers to use industry averages, thereby possibly creating an incentive for poor performers not to report their information, or lead the provider to negatively assess the company.” However, in no way it is acceptable to attribute industry average data in case of non-disclosure of information. Non-disclosure can only be caused by one of two reasons: 1) the company doesn’t even measure the indicator, which means a very poor governance; 2) the performance is poor (under average) and therefore it decides not to disclose (also because capital markets regulation do not define minimal/mandatory information). How can this lead to consider the average of the market players that disclose relevant information is a question without an answer. The obvious solution should be the negative assessment (a grade zero or any minimal grade) – this solution would be an incentive to disclose, while assigning market average is an incentive to poor performers not to disclose or to companies who don’t even measure KPIs continue to do so. It’s important to remember that it’s capital markets regulator’s role to protect investors’ interests and ensure transparency, hence they should never create a rule that disencourage transparency.

Also, as the same report points out, “(m)ethodologies may vary in the number of data points, indicators or KPIs used to measure an issue (which can amount to hundreds, or, in some cases, thousands) and, in the case of scorings and ratings, the weighting applied, between different pillars (environmental, social and governance) and different sub-categories and indicators” (p. 20). Using an ESG rating without being aware of its methodology of course implies a high risk of misalignment between the rating and the ESG investment/lending strategy of the bank or investor. Nevertheless, instead of recommending to regulators do their role in providing minimal guidelines with regards to consistency of these ratings and data, the report recommendations are, for example:

Where regulators have authority over ESG ratings and data products providers, they could consider:

• Whether the data and information sources that the provider relies on are publicly disclosed, including the use of industry averages, estimations or other methodologies when actual data is not available or not publicly disclosed.
• Whether the provider’s methodologies are publicly disclosed, including whether and how the methodologies are defining the individual components Environmental, Social, Governance of “ESG”, including the specific issues being assessed, the KPIs used and measurement methodologies underlying each KPI.

Regulators could support voluntary industry-led development of standardised definitions for the terminology used and referred to by ESG rating and data products providers.

Regulators could consider whether there are opportunities to encourage industry participants to develop and follow voluntary common industry standards or codes of conduct. IOSCO could also consider what role it can play in supporting the development of such voluntary standards or codes, regarding: (…) the integrity, transparency and independence of ESG ratings and data product methodologies. (p. 36).

It is clear, unfortunately, that the recommendations do not include that a minimal transparency with regards to the material coverage (ESG indicators), data sources and methodology (e.g., weight of each indicator) of each rating must be ensured. As a matter of fact, regulation on the topic should even include minimal KPIs for any ESG rating might be considered so.  Concerning data, as said, the use of industry averages should be clearly forbidden.

The third point (insufficient coverage) might only be solved if investors and banks are somehow mandated to use other sources of information when ESG ratings or data products are not available – a mandate that is beyond capital markets regulators, and falls instead under institutional investors’ mandate. Of course it’s not possible to obligate market players to offer a service, it’s only possible to require a minimum quality of services offered.

The fourth point – potential conflicts of interest – is the best addressed by the report’s recommendations (p. 36):

Where regulators have authority over ESG ratings and data products providers, they could consider:

• Requiring the provider to identify, disclose and, to the extent possible, mitigate potential conflicts of interest that may arise between ESG ratings and data product offerings and other relationships with the covered entities such as provision of third party opinions for green finance products and ESG consulting services.
• Whether the corporate governance organisational and operational structures of the provider are sufficient to identify, manage and mitigate any potential conflicts of interest.

Regulators, could consider whether there are opportunities to encourage industry participants to develop and follow voluntary common industry standards or codes of conduct. IOSCO could also consider what role it can play in supporting the development of such voluntary standards or codes, regarding:

• the identification, management and mitigation of potential conflicts of interest for ESG ratings and data products providers.

This is a complex topic, because any model brings risks of conflicts of interest, so it’s not possible to say that one is preferrable to the other, as illustrated in the report (p. 18):

(…) the fee model for ESG ratings and data products is largely, although not exclusively, based on a “subscriber pays” basis. While there are some examples of the “issuer pays” model from certain providers, these are mostly focused on ESG ratings. Where figures in terms of ratio of revenues from “subscriber pays” versus “issuer pays” were provided, these put the split at between 85% and 100% of revenues being derived from “subscriber pays.”

(…)

Depending on the remuneration model put in place, the potential risks of conflicts of interest will differ. If ESG ratings and data products are provided on a “subscriber pays” basis, smaller investors may be at a disadvantage, as their ability to subscribe to multiple product packages will likely be constrained by cost. Even if an investor were to have the ability to subscribe to a single product package, without the ability to understand the underlying data inputs and methodological approach, the investor may not be able to make an informed choice between product offerings.

It is useful to note that ESG ratings providers are increasingly providing their high level ESG scores on their websites for public access. On that basis, smaller investors would still have access to some ESG ratings as well as to the sustainability-related disclosures of listed companies.

Finally, the “subscriber pays” model potentially creates pressure for the provider to prioritise quantity of information over quality of information. Indeed, users of ESG ratings and data products will seek access to broad coverage across geographies and sectors, possibly putting pressure on the provider to deliver this coverage even where availability and robustness of underlying data are not sufficient or lead to declining overall quality of analysis.

Regarding the last paragraph, it’s worth to highlight that the pressure for broader coverage actually solves the problem of insufficient coverage, pointed out by the same report. And, to ensure minimal quality and robustness of the services, what capital markets regulators should do is to define minimal ESG datapoints to be included in ESG ratings and data provision services – so, a problem that is easy to solve.  The Indian capital markets regulator recently published a consultative paper on ESG ratings (deadline ending on March 10th) and chose the “subscriber pays” model, as a strategy to avoid conflict of interest.

Last but not least, it’s necessary to address the underlying issue of whether or not there are financial regulators with a mandate to regulate rating agencies and data service providers in each country. Actually, it might be the case that most of them don’t have it. However, financial regulators do have a mandate to define (in a substantially grounded way) which sources of information might be considered reliable by regulated/supervised entities. So, in case financial regulators can’t provide rules addressed to rating agencies and other data providers and enforce them correspondingly, they can at least define the limits of the usability of the information provided by regulated financial market players (banks and institutional investors) – which makes a lot of sense, because, for risk management, information is everything. Hence, this issue eventually is not as relevant as it seems, although it remains relevant for family offices and retail investors, in case these ones decide to rely on information provided by rating agencies and other data providers (which is not very likely for natural persons, except for free information). What is actually at stake is how far financial regulators are willing to go in order to create the enabling conditions for ESG integration into the financial system in a sufficient and sound manner – nothing else.