Parmjit: Welcome to a special podcast on data reliability and the legal implications of ESG disclosures. My name is Parmjit Sandhu and I’m a principal from KPMG’s Global Rewards Services Practice. I’m joined today by Tracee Davis, a partner and Candace Quinn, a senior counsel at the law firm of Seyfarth Shaw to discuss a recent article published by Bloomberg Law on the importance of obtaining reliable data and adopting internal controls around that data and to connect the dots at the macro level across legal and accounting considerations, in mitigating both legal and accounting risks.
We came together from previous great working sessions between KPMG and Seyfarth Shaw around ESG. In discussing our experiences on what we’ve seen in the market, we determined that data was a major factor driving greater economic importance on ESG. In considering how best to advice our clients in meeting these new demands, we both came to the conclusion that accurate data is the key driver and attention to developing best practices and acquiring, monitoring, analyzing and testing that data is critical to successfully managing the legal and accounting risks that we can see on the horizon in the ESG landscape. Tracee, how does data play an important role? What legal risks are you seeing with clients who are either developing a new ESG program or reimagining an existing corporate social responsibility initiative now facing?
Tracee: Thank you so much Parmjit for having us. In essence, ESG should be viewed as a way of measuring a company’s ability to increase value or reduce operational losses as they relate to those ESG factors that might materially impact corporate profits. Various methods to measure performance exists, but not all data or frameworks for conducting the analysis are equal. For instance, independent rating and ranking agencies may each rely on different variables in accessing, for example, energy consumption. This can often result in the credit-like rating scores that a company receives from one rater being inconsistent with that of another. To control the narrative, voluntary ESG reports that we all often see are issued, or more formal certified disclosures are required. However, with greater disclosures, voluntary or otherwise, comes the heightened risk of litigation. Lawsuits, fines, penalties or other regulatory actions arise when day-to-day operations are not consistent with the company’s stated policies or public disclosures. And it’s not simply regulators who might sue.
Most stakeholders have an avenue to bring a lawsuit. A consumer can claim the statements mislead them into buying the company’s product. Investors might claim fraud or fraudulent inducement caused them to invest in a company’s stock, or business adventure. And shareholders always have the ability to bring a claim for breach of fiduciary duty against the company’s board or management or a whistleblower employee might bring an action when the company fails to try and live up to its ESG commitments.
Parmjit: That’s really interesting, Tracee. So how can companies manage these risks?
Tracee: So, needless to say, ESG statements must be carefully vetted and internal controls must be implemented in order to be able to demonstrate when defending any claim that the company made reasonable efforts to meet its ESG goals. To also bring more uniformity to the market, we’re now seeing regulators proposing rules to mandate that companies disclose certain information. Candace, what are some of the more recent regulatory rules that are being proposed?
Candace: Thank you, Tracee. Well, the SEC has undertaken a number of actions and proposals to address ESG, all of which are very data intensive. And these have included historic rules to enhance and standardized climate related data disclosure, which provide an affirmation of client concerns. Now the climate risk disclosure rules for which the comment period has expired require public companies to disclose climate data in their financial statements subject to review by an independent auditor. And also the rules require climate data to be disclosed in non-financial statements and would need to include a third-party attestation report from experts in greenhouse gas emissions.
Now the SEC also requires human capital resource data to be disclosed to the extent it is material to understanding the company’s business. And the SEC also approved NASDAQ’s board diversity disclosure rule, requiring companies listed on the NASDAQ Exchange to have a diverse board or provide an explanation.
Now, the SEC also opened a comment period for paper performance proxy disclosure as incentive pay is increasingly linked to ESG outcomes. Now the SEC is looking for more transparency in what data is included in determination for investors to evaluate the company’s compensation practices. Also, the SEC proposed rules mandated disclosure of material cyber security breaches in corporate risk management strategy, and there are many more.
The importance of data accuracy and reliability cannot be stressed enough. As Tracee pointed out, whether the disclosure is voluntary or mandatory, the legal risks are no less important. The SEC Enforcement Division has undertaken active ESG regulatory review and pursued legal action including junctions and significant fines for companies making false and misleading statements, known as greenwashing. The SEC is not the only agency addressing ESG. Other federal agencies, including the Department of Labor are increasing ESG concerns and state legislators are also. Now, for example, the DOL has issued guidance to fiduciaries regarding investment company sponsored pension plans, identifying when they may consider climate change and other ESG factors. However, due to recent court decisions, regulatory authority to various agency is under scrutiny.
To address disclosing ESG, there are several frameworks, such as SASB, Now, Value Reporting Foundation. And there’s GRI and there’s TCFD. As companies review these standards, we advise clients to seek legal counsel to perform materiality assessments, identify risks and ESG factors relevant to long term profit. So how do companies practically approach complying with these complex regulatory requirements in practice? Well, Parmjit and her team at KPMG are focusing on the types of controls needed around ESG data to achieve data reliability. Parmjit, could you please share some of those insights with us?
Parmjit: Yes, absolutely, thanks, Candace. So the SEC’s focus, as disclosed by Commissioner Crenshaw, tells us that a significant aspect of the solution here is to establish internal controls around the collection and the robustness of ESG data, which will ultimately drive the quality of the company’s disclosures. So in practice, this means in the first instance, that companies must assess their internal systems infrastructure to determine how to utilize them for ESG purposes. And then test them for reliability. And this is even before any external audit begins, because some work needs to be done to prepare for that.
Candace: And Parmjit, what about the external data?
Parmjit: Yes, that’s a great question Candace. Many companies rely on external vendor data, but they will need to now access that vendor’s internal controls around that data. So companies can’t practically do this for scores of vendors. And so over time, we expect vendors will need to start offering more end-to-end services to minimize the number of vendors a company needs to use. So the most practical and relevant experience companies have on internal controls is from sox compliance. And that knowledge must be leveraged here to deliver on the data needs for legal ESG disclosures. But know that getting this right is critical, given this data is what investors, shareholders and employees will ultimately rely on to determine the extent to which a company has met their ESG strategy. And that in turn could have huge implications for the company’s future.
So as an example of how ESG data has economic importance, several PE firms have recently laser focused on ESG integration as a way to enhance profitability in the businesses that they are investing in. In fact, there have been recent success stories where a business was worth several multiples of the original investment as a result of that ESG integration.
So that brings us to the end of the podcast. ESG is here to stay and continues to involve. So stay tuned to developments in this space.
Tracee: Thank you, Parmjit, for having us. We appreciate having this opportunity to talk about the legal developments in this space.
Candace: And thank you, Parmjit, we look forward to working with you and KPMG’s team.
Parmjit: Likewise, Tracee and Candace, once again, thank you for being with us today. Please feel free to read the Bloomberg Law article linked on this page for a more detailed dive into this topic. Thanks again for listening.
KPMG LLP does not provide legal services.