The SEC’s climate disclosure rules — requiring companies to disclose a significant amount of data in a 10-K — means your company will need robust, auditable ESG data.
In March 2024, the Securities and Exchange Commission (SEC) finalized new rules for climate disclosures that focus on the oversight of climate-related risks, the financial impacts of severe weather events, and Scope 1 and Scope 2 greenhouse gas (GHG) emissions, if material. (The SEC rules do not cover Scope 3 emissions.) The rules also require registrants to obtain independent attestation of any required Scope 1 and Scope 2 emissions.
Companies will need to validate ESG data — from the sources to reporting. Certain aspects of the SEC rules will be phased in over multiple years. But it will be critical for companies to start thinking now about the process for ESG data collection (completeness), data quality (accuracy), data transformation and reporting strategy so they can provide investors, customers, suppliers, auditors and management with reliable ESG data that has been independently audited, using approved procedures.
The SEC’s rules aren’t the only regulations changing the way companies report their ESG information. Last year, the European Union enacted the Corporate Sustainability Reporting Directive (CSRD) and California passed its own set of climate disclosure requirements. There is also an increasing expectation from investors that companies publish the material risks climate change poses to their operations. PwC’s 2023 Global Investor Survey reflected those expectations.
Sources of the data, methodology, and estimation techniques, and the processes and controls that may be required for the new disclosures could be significant and originate in parts of the business that have not historically been subject to disclosure controls and procedures or audit procedures.
There are various systems and tools designed to automate and streamline reporting, but the software being used is only as effective as the data entered into the system. Without complete, accurate and reliable ESG data, the software alone will not be sufficient to satisfy SEC requirements or management’s reporting goals. Unreliable reporting can expose your company to financial, regulatory and reputational risks even in the absence of SEC reporting requirements.
Company leaders should consider the following steps as they evaluate the best approach for their organization:
Once companies have selected the metrics they plan to disclose, they need to assess whether their organizations have controls over the information. The best way to do so is to walk through the journey of that metric — starting at the source data and going through its entire life cycle, up to its inclusion in the report.
The challenge is to balance speed with quality. Many companies already produce sustainability reports annually, but they will have to accelerate their processes to meet 10-K reporting requirements.
It’s also critical to quickly establish rules for information governance. One model is a tiered approach for different categories of information. Define categories and align around requirements for each, so that there is clarity across the organization on how existing and new metrics will be incorporated into ESG reporting.
Externally reported information should be confirmed as accurate and complete by its owners and reviewed independently before release. Company management, most likely the chief financial officer, will be required to demonstrate to the independent auditor that they have sufficient evidence over the reliability of GHG data and other metrics so the independent auditor can form an opinion related to the new footnote disclosure in the financial statements as well as the GHG attestation report. A large global organization could have an ESG controller with additional team members:
As company leaders turn to building a methodology for collecting and reporting ESG data, they can take the following steps to help their companies transition to reporting as expected under the proposed SEC disclosure requirements. This will also allow companies to quickly react to changes in global reporting standards.
In addition to the anticipated guidance from the SEC specific to your company’s expected ESG disclosure, your company should also understand and select any incremental reporting frameworks and metrics that may be meaningful for your business needs, requirements, investor expectations and what existing regulations may require.
Your company’s ESG data reporting strategy should be dynamic and adapt when global reporting standards are updated. While the proposed SEC requirements today are focused on greenhouse gas protocols, they are subject to change as investor expectations and global regulations evolve. Over time, requirements may include capturing social and diversity dimensions, and more. As regulations change, data needs will also evolve to potentially include vendors, customers, business partners and other groups to effectively gather the data needed to satisfy the regulations and meet the demands of investors.
Having a foundation and process to capture data will help your company quickly comply with new regulatory requirements and build trust with stakeholders in global markets.
Ask these questions when contemplating existing data collection and assessment processes for ESG reporting: