Skip to main content
|

Add a bookmark to get started

Bookmarks info
  • Home
  • Insights
  • European Parliament Adopts Regulation on ESG Ratings
Building
28 May 202415 minute read

European Parliament Adopts Regulation on ESG Ratings

Written by:Karen ButlerJasna Zwitter-TehovnikAnže MolanMartin NavaraCaroline HerkströterNicoletta AlfanoCaterina AnselmiMelvin Tjon AkonCorinna Beckers

On 24 April 2024, the European Parliament adopted the Regulation on the transparency and integrity of Environmental, Social and Governance (ESG) rating activities (ESGR). Ahead of the Council’s formal approval and the publication of the ESGR in the Official Journal of the European Union, this briefing explains the key requirements in the ESGR that providers, rated entities, and users of ESG ratings must know, including highlighting some important and significant changes to the ESGR as originally proposed by the European Commission.1

 
Key takeaways
  1. The definition of an ESG rating is broad, so ESG ratings will need to carefully consider which of their products fall within scope. In this regard, whilst there is a distinction between ESG data (unregulated) and ESG ratings (regulated), this may be less clear where subjective judgement is used;
  2. There are exemptions for private ESG ratings, certain investment research EU SFDR and Taxonomy disclosures, and where the ESG rating is used exclusively for internal purposes or for providing in-house or intra group financial services subject to compliance with certain criteria;
  3. In a welcomed development, the final ESGR softens the requirement to provide ESG ratings and certain other activities in different legal entities.
  4. The extra-territorial provisions means that ESG rating providers that market their ESG rating products to clients based in the EU may fall within scope.
 
1 Background

The ESGR was proposed by the European Commission (EC) in June 2023, to address shortcomings in the market for ESG ratings in the European Union (EU).

The ESGR introduces a common regulatory framework designed to enhance the integrity, transparency, and reliability on ESG ratings by introducing rules related to good governance, independence, transparency, organisational and conduct requirements, amongst other things.

 

2 Scope

The ESGR defines an ESG rating as an opinion, or score or combination of both, regarding a rated item’s profile or characteristics with regard to environmental, social, and human rights, or governance factors, or exposure to risks, or the impact on environmental, social, and human rights, or governance factors, that are based on both:

  • an established methodology; and
  • a defined ranking system of rating categories,
    irrespective of whether such ESG rating is explicitly labelled as an “ESG rating”, “ESG opinion,” or “ESG score”.

In addition, the following definitions apply:

  • an ESG opinion is an ESG assessment that is based on a rules-based methodology and defined ranking system of rating categories, involving directly a rating analyst in the rating process or systems process;
  • an ESG score is an ESG measure derived from data, using a rule-based methodology, and based only on a pre-established statistical or algorithmic system or model, without any additional substantial analytical input from an analyst.

It is important to note that ratings on a single E, S or G factor as well as sub-components of ESG rating such as indicators or input data are capable of being treated as ESG ratings due to the broad definition.

The ESGR applies to ESG ratings (ratings) issued by ESG rating providers (providers) operating in the EU. For these purposes, operating in the EU means:

  1. for providers established in the EU, when (a) they issue and publish their ESG ratings on their website or through other means; (b) they issue and distribute their ESG ratings by subscription or other contractual relationships to certain entities set out in the ESGR (e.g. regulated financial undertakings in the Union, entities subject to the Accounting Directive or the Transparency Directive),
  2. for providers established outside the EU, where they engage in the activities under 1(b) above.

The ESGR excludes certain ratings from its scope, including

  1. ratings issued by regulated financial undertakings exclusively for internal products of for providing in-house or intragroup services or products;
  2. private ESG ratings produced pursuant to an individual order, and provided exclusively to the person who placed the order, and which are not intended for public disclosure or distribution by subscription or any other means;
  3. credit ratings that are issued under the EU Credit Rating Agencies Regulation, including any ESG-related scores or assessments that are produced or published as part of the methodologies for the credit ratings or as an input or output for the creditworthiness assessment;
  4. certain types of EU SFDR and Taxonomy disclosures;
  5. ratings distributed by providers established outside the EU at the exclusive initiative of the user (if their market share in the EU is not substantial and there website in not in a local EU language other than one used to conduct international business), and there is no substitute for this rating offered by an EU authorised rating provider; and
  6. ESG ratings published or distributed by non-profit organisations for non-commercial purposes.

For these purposes, an EU "regulated financial undertaking" includes a credit institution, investment firm, alternative investment fund manager, crypto-asset service provider etc.

 

3 Provision of ESG ratings

A legal person seeking to operate as an ESG ratings provider in the EU, has the following options under the ESGR: (1) for EU established entities, this will require authorisation from ESMA (EU established entities), and (2) for non-EU established entities, this will be via the equivalence decision, endorsement, recognition route.

A temporary lighter touch regime will apply to small undertakings or small groups within the meaning of the Accounting Directive, for three years after registration with ESMA or when they no longer meet the relevant criteria.

3.1 Authorisation

The prospective ESG ratings provider can apply for authorisation from ESMA. Annex I of the ESGR sets out the types of information that should be provided including the name and registered office, the number of persons directly involved in ESG rating activities and the expected market coverage. The European Commission may adopt regulatory technical standards, prepared by ESMA, to further specify the information requirements.

Within 25 working days from receipt of the application, ESMA must assess whether the application is complete and notify the applicant of the result. Within 90 working days from that notification, ESMA must decide on the authorisation, but this period can be extended to 120 working days in certain cases, for example when the provider envisages outsourcing. As the adoption decision takes effect on the fifth working day following the adoption, the entire process can take up to 150 working days. The authorisation is valid for the entire territory of the European Union.

3.2 Equivalence

A provider established outside of the EU (a third country provider) can provide ESG rating to EU clients if the EC has adopted an equivalence decision, provided that:

  1. the cooperation arrangements with the competent authorities of the third countries whose legal framework and supervisory practices have been recognised as equivalent in accordance cooperation arrangements are operational,
  2. that provider is a legal person authorised as a provider in that third country and subject to supervision in that country,
  3. has notified ESMA of its intention to operate in the EU, has submitted the required documents and information, and ESMA confirmed the completeness of the information.
  4. it is registered in ESMA’s register (see below).

3.3 Endorsement

A third option is endorsement. A provider established in the EU and authorised under the ESGR, may endorse the ratings of a third country provider which belongs to the same group, if:

  1. the EU-established provider has applied to ESMA for the authorisation of the endorsement,
  2. the EU-established provider fulfils certain indicators of minimum substance,
  3. the endorsement does not impair the quality of the assessment of the rated entity or the arrangement of on-site reviews or inspections,
  4. the EU-established provider has verified and can demonstrate that the issuance and distribution of the endorsed ratings meets requirements which are at least as stringent as the ESGR’s requirements, and the third country provided must demonstrate compliance with the requirements,
  5. the EU-established provider has the necessary expertise to effectively monitor these ratings and to manage the risks,
  6. there is an objective reason for the endorsement of the ratings,
  7. the EU-established provider provides ESMA with all the information necessary to supervise compliance by the third country provider with the ESGR,
  8. if the third country provider is subject to supervision, an appropriate cooperation arrangement is in place between

ESMA and the relevant supervisor for information exchange purposes. ESMA has 45 working days from the receipt of a complete application for endorsement to adopt a decision.

3.4 Recognition

In the absence of an equivalence decision, a third country provider may also operate upon recognition by ESMA, provided that:

  1. the consolidated annual net turnover of all its activities for the last three consecutive years is less than the amount set out for small groups according to Article 3(5) of the Accounting Directive.
  2. it has expressly appointed a legal person as its legal representative located in the EU to act on its behalf, which can demonstrate to ESMA that the provider meets its obligations under the ESGR.

To this end, the provider must apply for recognition to ESMA and provide all the relevant information indicating that it is eligible for recognition, in addition to the information in Annex I. ESMA must decide on the application within 90 working days from receipt of the application. Note that if the provider is subject to supervision, ESMA must put in place a cooperation agreement with the relevant supervisory authority to exchange information and where effective exercise of ESMA’s supervisory powers is not possible, recognition will not be granted. ESMA is charged with drafting regulatory technical standards to specify the form and content of the application.

 

4 Register

ESMA must maintain a register, publicly accessible on its website, with information on the identities of the providers registered, authorised or otherwise able to operate under the ESGR via the abovementioned pathways. From 1 January 2028, providers must also submit its compliant-handling procedures and publicly available information on its ratings (see 5.2 below) to a collection body, such that they can be accessed via the European Single Access Point (ESAP). ESMA shall develop implementing technical standards for this purpose.

 

5 Key requirements

5.1. Methodology Principles

ESG rating providers will be required to comply with certain principles when implementing their rating methodologies to ensure the quality and reliability of the ESG ratings (in essence, they must be rigorous, systematic, independent, continuous, and capable of justification), while leaving it to the providers to how to design their methodologies that meet those principles.

5.2 Governance requirements

Providers must adhere to certain general organisational requirements, such as keeping the independence from political and economic influences or constraints, implementing internal due diligence policies and procedures, and maintaining an oversight function. Providers which are small undertakings or a small group in the meaning of the Accounting Directive and which meet certain other conditions, can request an exemption from some of these requirements from ESMA.

Providers must also separate the ratings business from certain other activities, which they are prohibited from providing (for example, consulting activities to investors or undertakings). Some activities are nevertheless allowed, provided specific measures are taken to manage conflicts of interest (activities of credit institutions, investment services or activities) and in some cases also upon authorisation of ESMA (developing benchmarks). Again, ESMA is tasked with developing regulatory technical standards to specify the measures and safeguards.

The ESGR sets out a number of requirements applicable to rating analysts, employees and other persons involved in the provision of ratings, including ensuring that they are appropriately trained and have the knowledge and expertise to perform their assigned duties. The ESGR also requires providers to implement certain policies relating to the ownership of financial instruments in rated entities and the handling of confidential information.

Other requirements relate to record-keeping, complaints-handling, procedures for receiving reasoned concerns by stakeholders, and outsourcing of important operational functions.

5.3 Transparency

Providers are also required to comply with certain disclosure requirements including:

  • Disclosing, as a minimum, details on methodologies, models and key rating assumptions used in their rating activities to the public. This captures an overview of the rating methodologies and limitations, references to the use of artificial intelligence, and general information on the criteria used to determine fees. An aggregated ESG rating can only be provided if the provider discloses the weighting of each (E, S and G) factor and the explanation of the weighting method. The provider must disclose the information at the latest when it starts issuing the ratings. The ESGR tasks ESMA with drafting implementing standards for the presentation of this information.
  • Providers must also disclose certain information to users of ratings and rated entities on an on-going basis. This includes information on the ratings methodologies, data processes and a prominent statement in case the provider issues an unsolicited rating. ESMA must develop RTS to further specify the elements and may also draft ITS for the presentation of this information.

5.4 Conflicts of interest

Providers must have the policies, procedures, and organisational arrangements in place to identify, disclose, prevent, manage, and mitigate these conflicts, and disclose them to ESMA. The ESGR also stipulates rules to manage potential conflicts of interests from employees.

A provider must put in place governance arrangements and take necessary steps to manage any existing or potential conflict of interest. ESMA is required to take action in case of a risk of a conflict of interest within a provider linked to specific issues (e.g., notably the ownership structure, controlling interests or activities), which may involve ceasing to conduct ESG ratings activities if the risk is not adequately managed. The ESGR prohibits shareholders or members with significant influence or control to have similar control over another ESG ratings provider.

5.5 Pricing policy

The ESGR includes rules that place restrictions on the providers’ ability to price their ESG ratings. Providers must take steps that are adequate to ensure that fees charged to clients are fair, reasonable, transparent, and non-discriminatory. ESMA may require providers to demonstrate compliance, by handing over evidence on their pricing policy. ESMA and may take supervisory measures, including fines, where it finds that a provider fails to comply with this rule.

 

6 Supervision by ESMA

ESMA will be responsible for authorisation and ongoing supervision of providers.

ESMA can issue information requests, carry out general investigations and on-site inspections. In addition, it can take supervisory action including withdrawing or suspending authorisations and recognitions, temporarily prohibiting the publication or distribution of the ESG rating, requiring a provider to end an infringement or issue a public notice.

ESMA will be able to impose fines up to a maximum of 10% of the annual net turnover of the provider, if the infringement of the ESGR is intentional or negligent. It can impose periodic penalty payments on a daily basis to (a) compel a provider to end the infringement, (b) supply information following a request, (c) submit to a general investigation, or (d) submit to an on-site inspection. Action taken by ESMA will be publicly disclosed, unless such disclosure would seriously jeopardise the EU financial markets or cause disproportionate damage to the parties involved. ESMA is also required to publish annually on its website a list of the registered providers and their market share, as well as a report on the application of the ESGR, detailing supervisory action taken.

7 Timing

The ESGR will apply 18 months after entering into force. Under the transitional period, providers that are operating in the EU at the entry into force of the ESGR must notify ESMA within 19 months following such entry in force, whether they wish to continue and apply for authorisation within 22 months (four months after the application). Providers classified as small undertakings or small groups under Article 3 of the Accounting Directive must notify ESMA within 22 months, or cease their activities, hence at the same time as the other providers.

Expand All

The Austrian Financial Market Authority (Finanzmarkaufsicht, "FMA") will be the competent national competent authority for Austria. The FMA will monitor the compliance in close coordination with the ESMA and carry out the delegated supervisory tasks (i.e., requests for information, investigations or on-site visits). The Members States are not empowered to adopt national implementing acts and their role is limited to supporting the supervision by ESMA and they should systematically have access to meetings of Commission expert groups dealing with the preparation of delegated acts.

To date, there are no specific Italian legal provisions strictly governing the matter at hand which might seem to be potentially directly impacted by the ESGR.

Notwithstanding the foregoing, for the sake of completeness it shall be noted that in 2022, the Bank of Italy – in line with the approach taken at the EU level and by other Member States – published its expectations on environmental and climate risks (the “Bank of Italy Expectations”), i.e. non-binding guidelines, addressed to intermediaries under its supervision, covering, and impacting on, governance, business model and strategies, organisational systems, operational processes, control and risk frameworks, and disclosure processes of such entities and including considerations on inter alia, data providers and methodologies for the measurement or environmental and climate risks.

Intermediaries were then required to submit an "action plan" to the Bank of Italy, outlining the steps they intended to take in the medium to long term in response to, and consistently with, the Bank of Italy Expectations.

In light of the above, the publication of the ESGR – also considering the nature of such legal act - might potentially, inter alia (i) cause the Bank of Italy to update the Bank of Italy Expectations, also considering that the Authority had reserved the possibility to revise the document in the future to take into account the best practice of the reference sector and the development of the legislative framework; and (ii) impact, or in any case request adjustments and integrations to, the action plans of intermediaries.

Due to the nature of the legal act as a directly applicable Regulation and the role of ESMA as the competent authority, there is hardly any discretion at national level.

In Germany, where market challenges have already been identified, the regulation of ESG ratings has been well received.

A recent study by the German supervisory authority BaFin shows that the companies surveyed are particularly dissatisfied with the comparability and transparency of ESG ratings, using capital management companies as an example. BaFin considers a reliable data basis to be essential for regulated entities in order to classify products in line with ESG criteria and to comply with mandatory reporting and transparency requirements.

The Sustainable Finance Advisory Committee of the Federal Government also welcomes the EU-wide regulation of ESG ratings and identifies challenges of the current market in its position paper, in particular recognizing a need for quality standards and transparency, a regular dialogues between ESG rating providers and companies or other stakeholders and conflict of interest management.

The ESGR will not be directly applicable to UK ESG rating providers established in the United Kingdom (UK) as a consequence of Brexit, although such providers could be caught by the extraterritorial provisions and may wish to consider whether they can access the EU market via one of the third country routes (equivalence, endorsement or recognition).

Quite separately, the UK government intends to bring ESG ratings providers within the scope of regulation. The UK rules are expected to cover the ratings methodology, governance, and oversight as well as the management of conflicts of interest.

In the meantime, UK industry bodies have developed a voluntary Code of Conduct for ESG ratings and data products providers, which may form a useful starting point for the development of the ESG ratings framework in the UK. In addition, the UK Financial Conduct Authority is considering producing guidance on the use by authorised firms of third-party ESG data and ratings guidance.

8 Next steps

ESG rating providers should take steps to: (a) identify if, and what products fall within the scope of the ESGR, (b) obtain the necessary authorisations, or EU market access rights through equivalence, endorsement, or recognition; (c) implement the organisational, and conduct requirements through updated governance frameworks and arrangements, policies, procedures, and controls.

For more information or assistance with ESG ratings, please contact our European Financial Services Regulatory Team.

1 For brevity, some of the rules have been paraphrased.

Print

Related capabilities

Financial ServicesFinancial Services RegulatoryFinance
Legal noticesPrivacy policyCookie policyModern slaveryFraud AlertSitemap

DLA Piper is a global law firm operating through various separate and distinct legal entities. For further information about these entities and DLA Piper's structure, please refer to the Legal Notices page of this website. All rights reserved. Attorney advertising.

© 2024 DLA Piper