On 23 November 2021, IOSCO published a set of recommendations in respect of ESG ratings and data products including recommendations for users of such ratings and products.
While IOSCO notes that "almost all large asset managers are using or currently developing their own ESG ratings to supplement, or form part of their investment processes", small and medium-sized managers are more reliant on ESG ratings and data product providers due to the cost-effective nature of outsourcing ESG data requirements. Furthermore, "large asset managers tend to have contracts with several ESG ratings or data products providers to gather different perspectives of entities' ESG profiles for their internal processes, however, small or medium sized firms are unable to do so largely due to budget constraints."
Given the prevalent use of ESG ratings and data products, which IOSCO notes does not often provide for user verification of the ratings and/or data, IOSCO considers there is scope for guidance "to address the conduct of due diligence, or information gathering and review, and governance to help ensure mechanistic reliance on ESG ratings and data products is avoided where at all possible."
IOSCO recommendation for users of ESG ratings and data products
IOSCO recommends that users of ESG ratings and data products conduct due diligence to understand "what is being rated or assessed by the product, how it is being rated or assessed and, limitations and the purposes for which the product is being used." Users could consider evaluating the published methodologies of ESG ratings or data products including:
- the sources of information used in the product, the timeliness of this information, whether any gaps in information are filled using estimates, and if so, the methods used for arriving at these estimates;
- the criteria used in the ESG assessment process, including if they are science-based, quantitative, verifiable, and aligned with existing standards and taxonomies, the relative weighting of these criteria in the process, the extent of qualitative judgement and whether the covered entity was involved in the assessment process; and
- a determination as to the user's internal processes for which the product is suitable.
IOSCO also recommends that ESG ratings and data product providers increase transparency and prioritise adequate levels of public disclosure to enable users comply with the above-mentioned recommendations.
Next Steps
In January 2021, ESMA wrote to the Commission highlighting the need to match the demand for ESG ratings and data products with appropriate regulatory requirements to ensure their quality and reliability and avoid increased risks of greenwashing and mis-selling. Such regulatory requirements should be incorporated into existing supervisory and regulatory regimes (e.g. the CRA Regulation), to accommodate both large multi-national providers as well as smaller entities and provide for a common legal definition of an ESG rating, registration and supervision of providers of such ESG ratings, in addition to core requirements for their issuance.
While a response to ESMA's January recommendations is awaited, users of ESG ratings and data products should be cognisant of IOSCO's recommendations, compliance with which would be in line with regulatory expectations for the use of robust ESG ratings and data in order to prevent greenwashing.
