The Coming Wave of ESG Reporting Regulations: How Should Businesses Prepare?

The Coming Wave of ESG Reporting Regulations: How Should Businesses Prepare?

The goal is to showcase ESG data that can withstand the scrutiny of not just regulators, but all stakeholders who will use it to make comparisons among companies in the way they do with financial data today. The time to take action is now.

In 2023, the pressures on businesses to do a better job reporting on the environmental, social, and governance (ESG) risks they face will only get more severe. ESG builds upon existing disciplines such as environmental and labor concerns, regulatory compliance, business ethics, enterprise risk management, and corporate governance, and shines a spotlight on whether businesses are effectively incorporating them into their business strategies. 

The time to prepare for thoughtful planning to shoulder these new responsibilities is now, rather than waiting for the legal deadlines to hit.

The urgency to accurately report against these regulations is being felt across the globe. In Europe, the Corporate Sustainability Reporting Directive (CSRD), which will apply to the largest companies by 2024, requires businesses to make their non-financial reporting as robust and rigorous as their financial disclosures.

The EU’s Corporate Sustainability Due Diligence Directive (CSDDD), which has yet to be finalized, will extend reporting to a firm’s entire value chain, building upon similar requirements already in place in Germany, Norway, and the UK.

ESG Processes Support Accountability

In other words, businesses will need to monitor, not just what happens within their four walls, but the ESG practices of the companies with which they do business, whether it is the use of forced labor at a supplier’s facility, unlawful sourcing practices, or inappropriate dealings with government officials. 

As ESG continues to gain traction in the financial ecosystem, there is a heightened emphasis on environmental risks, with climate change at the forefront. Social risks, such as labor practices, human rights, diversity, equity and inclusion (DEI), and product safety, are also important and growing areas of concern.

What sometimes tends to fly under the radar is the “G” piece of ESG, which incorporates compliance and regulatory issues ranging from anti-bribery and anti-corruption to corporate governance, business ethics, accountability, and assurance.  

Privacy, data protection, and cybersecurity issues, which span the S and G pillars, are rapidly evolving with comprehensive privacy and data protection regulations already in place in more than 140 countries and territories and 6 U.S. states, and data breach notification laws in all 50 U.S. states

With the increase in novel technologies, such as generative artificial intelligence (AI), new data regulations are being proposed while new interpretation and further enforcement of existing privacy regulations are also proliferating. 

While privacy and data protection regulators and other compliance enforcers around the world expect to see accountable programs in place, the breadth of privacy and data protection issues affecting business resilience and sustainability has just begun to be reported by many businesses.  

A failure to comply with these responsibilities will expose companies to legal, financial, and reputational risks. The key here is for companies to be forward-thinking and understand that sustainability is synonymous with building value for investors and demonstrating trust to other stakeholders. 

In other words, it is not just the right thing to do, but the smart thing to do. Transparent ESG reporting helps foster goodwill with stakeholders including employees, investors, and customers.

Increasing Visibility to ESG Reporting 

Dun & Bradstreet has been empowering our customers to lean on solutions to mitigate risks and embrace data-fueled solutions.

There are a few tactical approaches firms can take to bring increased visibility to the reporting process: 

Break down the silos.

Because the breadth of ESG regulations is so vast, responsibility for handling them falls to many different departments within an organization. Environmental risks may be handled by one group. Cybersecurity and data risks may be the responsibility of another, and regulatory, compliance and other legal risks still others.

The key to effectively planning for the confluence of disciplines contributing to effective ESG reporting is to take a more holistic view, looking at everything through one lens, not a series of separate lenses. Leaders should think of it as a cross-functional approach. Making this approach work also requires tackling these regulatory issues early on, not treating them as an afterthought.

Set clear priorities.

Not all risks are created equal, and it is important to figure out which ones matter most, not just to the company but to the range of regulators who will evaluate your reporting. By handling the most material issues first, you will learn lessons that make it easier to tackle less pressing risks. You may also discover common threads that apply to businesses throughout the supply chain. 

Strengthen your record-keeping and reporting.

Create a set of disclosures that will tell a clear and cohesive story to both regulators and stakeholders. That means finding trustworthy providers of quality data, other reports and disclosures, and having information systems that can weave all the different pieces together. 

Meeting these new challenges requires strategic planning, rethinking, and reorganizing to align disparate activities, as well as considerations for the technology needs both for managing ESG obligations and reporting on them. But the work must be done, not just to comply with the regulations, but to build the kind of transparent reporting system that strong companies will want to have going forward.

The goal is to showcase ESG data that can withstand the scrutiny of not just regulators, but all stakeholders who will use it to make comparisons among companies in the way they do with financial data today. The time to take action is now.