ESG regulations and your company

Actions you can take now to transform your ESG reporting strategy

Europe’s CSRD is one of the latest global disclosure regulations revolutionizing ESG reporting.

The Corporate Sustainability Reporting Directive is aimed at driving change in the business behavior of an estimated 50,000 companies that operate in the EU, which includes US companies with EU subsidiaries that meet certain criteria. CSRD reporting requires companies to analyze a range of sustainability issues and relate them to financial opportunities and risks as well as an organization’s impacts on society and the environment.

The CSRD joins California’s climate disclosure rules, which were enacted in 2023 and could impact more than 10,000 publicly traded and private companies. The rules outline extensive reporting on greenhouse gas emissions, climate-related financial risks and claims around achieved emissions reductions.

Companies also need to stay on top of developments surrounding the SEC’s recently adopted climate disclosure rules that require them to publish information that describes the climate-related risks that are reasonably likely to have a material impact on a company’s business or consolidated financial statements.

As companies assess how these disclosure rules and regulations impact their broader ESG reporting strategy, there are several fundamental actions they can take to progress along their journey as compliance deadlines near. Regardless of where you are on that journey we're here to help.  Let’s get started.

Looking for more detail on ESG regulations? We have you covered - 3 items

Listen to our podcast

SEC climate-related disclosure rules: what you need to know

CSRD

What US companies need to know about this EU regulation

California

The state’s climate bills: scope, timing and disclosure requirements

Three things your company can be doing now to comply with ESG regulations

Global ESG disclosure regulations vary in scope, detail and timelines for compliance. Many also outline requirements to obtain attestation performed by an independent attest provider. Companies will need to develop an effective controls environment and accelerate their ability to collect, manage and measure ESG data. While the CSRD may be top of mind, these steps may also help you with other global regulations.

Determine scope: While there is some overlap between ESG regulations, the sustainability disclosures, the companies in scope and the timelines for compliance can be different depending on which set of rules your company is assessing. As your company evaluates these regulations, it will need to consider applicability at multiple levels of the organization to determine if all reporting obligations have been identified.

Assess sustainability risks across the business: While the topics addressed by ESG regulations vary, many include a focus on greenhouse gas emissions and other climate-related matters. But understand that many ESG regulations require reporting beyond climate topics, such as biodiversity, pollution, and certain workforce metrics. Most frameworks also require a description of how risks are identified and managed and board oversight of identified risks. The identification of the applicable risks is fundamental and is an area in which it’s particularly important to break down silos and bring a cross-functional approach.

Get stakeholders aligned and educated: The organizational shifts companies will face to comply with global regulations will entail a lot of change. This may include employees taking on new roles, responsibilities moving between functions, new systems and processes and, not least of all, higher stakes and increased expectations around how companies tell their climate stories. Some employees may need upskilling. Others may simply need clear communication about what’s different and why. No matter what, effective communications and change management rooted in trust are critical.

Start now: The four steps companies should consider as you prepare for climate regulations

Determine your climate reporting strategy
Collect the data
Address risk, controls and information governance
Tech-enable and automate

Determine your climate reporting strategy

What do regulations require you to report? How does that relate to your company’s narrative? How will you resource reporting functions?

Understand what the global ESG regulations require so that your company can build a sustainable path to cleaner ESG data.
Begin preparing your climate reporting strategy. Assess potential risks from climate change, including physical climate risks and risks related to transitioning to a lower carbon economy.
When gathering data for scope 1 and scope 2 emissions, consider collecting and measuring scope 3 emissions data. While the SEC rules don’t require scope 3 emissions, other US and global regulations do.
Understand what process and organizational changes can be made that will help increase the speed, quality and reliability of climate reporting in order to include emissions data and other metrics within the prescribed timeframes.
Consider the resources needed to execute on your strategy.
Develop an operating model to sustain executive engagement and create accountability.
Assess ongoing progress and solicit investor and stakeholder feedback.

Collect the data

How will you collect the data? How will you improve processes?

Start gathering data on what is in applicable reporting requirements.
Consider enhancing the underlying data and process infrastructure for your climate data.
Refine data collection templates, instructions and analysis.
Collect data with robust controls and confirm that it’s complete, accurate and timely.
Implement or use an existing process to enhance trust in the data.

Address risk, controls and information governance

How will you handle risk assessments, controls and data quality? What information governance will you put in place?

Consider the overall control environment, including the design and implementation of appropriate controls to support timely and reliable reporting.
Identify key controls for data quality and disclosure.
Create and document program-level information governance standards.
Set formal policies and procedures to enable consistency.

Tech-enable and automate

How will you tech-enable reporting to streamline and get insights faster? How will you use a digital platform?

Understand that accelerated ESG reporting timelines may require automation to improve process efficiency.
Select tools and technology for nonfinancial data with the same rigor as applied for your financial reporting.
Consider how to collect and report data using a trusted, controlled technology platform.
Engage finance and finance technology in ESG reporting planning.

Here’s how ESG regulations may impact executives across the organization

The finance function’s traditional experience in overseeing accounting and controls will be required to help prepare the organization for ESG reporting. Working closely with the sustainability group, finance should work to confirm that ESG data is robust, complete and auditable. Companies should consider a controllership-led approach that works closely with the sustainability, legal and risk functions, as well as integrating many other facets of your organization. Giving the reins to those in charge of financial reporting will help your company be ready for global ESG reporting requirements.

Global disclosure regulations require organizations to clearly articulate their strategic approach and process to identify risks and opportunities. The sustainability function likely has the most historical knowledge of how your company has collected, measured and managed climate data and the progress it has made towards any goals. Now, the chief sustainability officer (CSO) should drive collaboration throughout the company and work closely with various stakeholders to create sustainable advantages and value. The CSO should also lead efforts to address any knowledge gaps through upskilling or hiring to make sure your company has the right team in place.

The complexity of collecting and analyzing ESG data will present new challenges for the risk function. It will be tasked with leading efforts to determine and quantify the physical risks of climate change-related weather events, both acute (floods, storms, wildfires) and chronic (drought and extreme heat), and the potential for physical damage to assets that could lead to business interruptions. The risk function will likely also need to assess transition risks inherent in the large-scale transformation required to shift to a low-carbon economy. Companies should establish effective frameworks and operating models to track and act on diverse data sources both for better risk management as well as a potential competitive advantage.

Your internal auditors will be tasked with assessing the effectiveness of your company’s internal controls and risk management systems around climate change and other ESG issues. With mandatory assurance requirements being phased in over time for many ESG regulatory reporting frameworks, it will be important to thoroughly test existing controls and processes while helping the organization prepare for third-party independent assurance.

Boards need to determine how to provide effective oversight of their company’s ESG strategy and reporting. Some of these responsibilities may fall to the nominating/governance committee, a stand-alone ESG committee or the full board. Other responsibilities such as overseeing the policies, processes and controls related to disclosures may rest with the audit committee. Boards should have regular access to company leaders responsible for executing the ESG strategy and an understanding of the internal controls in place for both qualitative information and quantitative ESG metrics if they’re to oversee the accountability mechanisms management has in place for the consistency and completeness of what the company is reporting.

Industries will be impacted by the SEC climate disclosures and other ESG regulations in different ways: Now is the time to evolve your operating model to meet the moment

As financial services firms assess global disclosure regulations, they may need to transition to investor-grade ESG reporting and upgrade current processes and controls that fall short.

Particularly thorny is the question of how to measure financed emissions. While Scope 3 emissions aren’t covered by the SEC rules, other global regulations require reporting on this topic.

Financial firms should expect to have little comparable reporting data from their counter-parties about climate risks and emissions. While California’s climate disclosure requirements include private companies that meet certain criteria, some private market organizations will not be subject to reporting requirements presenting an additional data collection challenge. This is an evolving area and standardization will take time.

Medium-size banks that may have not focused intently on climate reporting may now find themselves in the same regulatory bucket as GSIBs. They face a daunting challenge of ramping up the collection, verification and reporting of climate data — plus any methodology used in their simulations — within a limited window of time.

Consumer markets companies function within a value chain ecosystem that may include thousands of suppliers. That supply chain adds complexity to reporting on Scope 3 emissions, and companies subject to ESG disclosure regulations will need to use a combination of estimation approaches and actual data collection. This could be especially challenging because many private sector companies in the supply chain won’t be subject to ESG disclosure rules and may not be as prepared to respond to customer requests. While the SEC rules don’t cover Scope 3 emissions, other global regulations do.

Energy companies and utilities continually invest in infrastructure to improve asset resilience and operational reliability. The regulations differ when it comes to the delineation between routine costs associated with reliably supplying energy to customers or recovering from typical weather events versus the climate-related disclosures required under many global disclosure rules.

The need for accurate and reliable data may provide unique challenges for companies with assets like pipelines, transmission lines, drilling rigs or offshore wind turbines. The expanded global disclosure rules beyond the industry’s already extensive reporting requirements, as well as an accelerated timeline for sustainability reporting, will likely require increased investments and enhancements of existing processes and systems.

While the SEC rules don’t cover Scope 3 emissions, other global regulations typically require companies to disclose emissions from upstream and downstream activities indirectly connected to their assets. Scope 3 will likely be material for energy and utilities regardless of decarbonization commitments in industry-specific, high-emitting GHG emissions categories such as “fuel and energy-related activities” and “use of sold products.” Other Scope 3 categories could also be material for these companies.

Recent studies indicate that the US healthcare system is responsible for about a quarter of all global healthcare greenhouse gas emissions. Global disclosure requirements will increase pressure on both public and private healthcare organizations to address the effects of climate change. Executives will need to consider where they’re focusing. For example, has their organization adjusted its clinical service line, growth and population health strategies to incorporate the specific climate health effects on the communities it serves? Once an organization has reprioritized its healthcare services accordingly, how does that impact capital plans, clinician recruitment plans and the research portfolio?

Patients, communities, regulators and other stakeholders expect healthcare organizations to not only help individuals recover from the health effects of climate change but to help solve the problem and not add to it. While addressing regulatory requirements is important, the ability to differentiate as a healthcare organization through decarbonization strategies to transform health facilities, supporting operations and the healthcare supply chain can engender trust among all stakeholders and create a sustainable competitive advantage.

Industrial products companies will need to consider physical risks posed by climate change to their infrastructure, especially those at risk for flooding, wildfires and hurricanes, and to confirm these are managed with the same rigor as other enterprise risks.

Industrial products companies should begin (or accelerate) efforts to track direct GHG emissions for their operations (Scope 1 and 2). While Scope 3 emissions aren’t covered by the SEC rules, other global disclosure regulations do require reporting on this topic. That means industrial products companies will likely need to collect data and report on such things as the upstream raw materials and intermediary finished goods they source, as well as the downstream impact from their products.

Insurers, as with all sectors, may need to enhance climate reporting to investor-grade climate reporting. That means upgrades to current processes and controls.

Of specific relevance to insurers is how to measure Scope 3 financed greenhouse gas emissions. Further challenges include differing approaches to measuring financed emissions and the fact that existing standards, such as the Partnership for Carbon Accounting Financials (PCAF) don’t cover all asset classes.

Global reporting requirements likely mean that any insurer that has set a climate-related target or goal which includes its underwriting portfolio will need to report insurance-associated Scope 3 emissions.

Given the prevalence of climate-related commitments in the pharmaceutical and life sciences sector, many companies will need to publish information about their climate-related targets or goals that have materially affected or are reasonably likely to materially affect the business, results of operations or financial condition.

The SEC rules require companies to report on their Scope 1 and 2 emissions, but not Scope 3 emissions that occur largely throughout supply chains, although other global regulations do require this reporting. Scope 3 emissions may prove to be the most challenging task for pharma companies that source from complex, international networks of suppliers. That will likely mean rethinking suppliers based on the size of their carbon footprints.

Providers also need to consider the physical risks posed by climate change to their infrastructure as well as their operations (for example, pharmaceutical production is a water-intensive process, greatly contributing to a company’s carbon footprint).

The first step for portcos and funds is to determine the applicability of guidance (filing requirements, exit plans and strategies in the public market, etc.) and focus on those where applicable.

Many portcos that are (or may be) subject to the global disclosure requirements are likely in the process of collecting data that would satisfy Scope 1 and 2 requirements. Fewer, though, are working on assessing their Scope 3 emissions requirements. They may find their banks and larger investors (who would be subject to the global requirements) requesting this data from them.

For many funds, Scope 3 is a relatively new concept as few have tried to calculate indirect, downstream emissions. Leaders in this space are coordinating their efforts across their portfolio companies by baselining Scope 1 and 2. We would expect disclosure rules to accelerate this process.

We encourage both funds and portcos to determine what data they can consistently receive and from there conduct a diagnostic to target priority issues.

Given the prevalence of climate action commitments in the technology, media and telecommunications sector, many companies will be subject to ESG regulations. The requirements mean companies will need to produce disclosures on the supporting plans and progress for meeting those commitments, including for Scope 3 emissions when applicable.

Telecommunications providers will need to consider physical risks posed by climate change to their infrastructure, especially those at risk for flooding, wildfires and hurricanes, and confirm these are managed with the same rigor as other enterprise risks.

Many technology companies are leading the way in the transition to a low carbon future. From smart buildings to smart grids, the path to decarbonization is digital. However, the growing demand for GenAI, cloud computing and cloud services also places a burden on tech companies to manage their data centers’ energy efficiency and power their operations with renewable energy.

Tech providers have a critical role to play in the climate transition, from carbon accounting solutions to enabling smarter supply chains, factories, cities and energy grids. The global requirements represent an opportunity for providers to double-down on developing these technologies to support ESG reporting requirements.

SEC climate disclosures, ISSB, CSRD, or California. How to enhance your reporting strategy

ESG reporting services Sustainability and climate change services

Sustainable technology and digital Sustainability assurance

Contact us

Kevin O’Connell

Sustainability Reporting and Assurance Leader, PwC US

Ron Kinghorn

Sustainability Strategy and Operations Leader, PwC US

Brigham McNaughton

Sustainability Partner, PwC US

Heather Horn

Partner, National Office Thought Leader, PwC US

Required fields are marked with an asterisk(*)

First Name*

Last Name*

Company Name*

Job Title*

Job Function*

Email address*

Location*

Reason for my inquiry*

By submitting your email address, you acknowledge that you have read the Privacy Statement and that you consent to our processing data in accordance with the Privacy Statement (including international transfers). If you change your mind at any time about wishing to receive the information from us, you can send us an email message using the Contact Us page.

Hide

Audit and Assurance services Consulting Tax services Newsroom Alumni US offices Contact us

© 2017 - 2024 PwC. All rights reserved. PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see www.pwc.com/structure for further details.