Regulations are rapidly emerging concerning environmental, social and governance (ESG) reporting. And for many global financial institutions, current and pending ESG reporting rules prompt far more questions than answers.

Financial institutions—especially those with a home office in one region and locations scattered throughout different regions—struggle to identify which regulations they need to follow. They also seek guidance on how to remain consistent in their interpretation of data, risk and controls based on those regulations.

Similar to the implementation of Sarbanes-Oxley (SOX) two decades ago, regulators will expect financial institutions to be compliant with ESG regulations and their various implementation dates. Accordingly, financial institutions must act now to fully develop their ESG risk framework, risk and control matrices, reporting systems and structure so they are prepared for the coming changes.

Exploring current and future ESG reporting regulations

The European Union (EU) has led the way in upgrading corporate ESG reporting requirements with the adoption of the Corporate Sustainability Reporting Directive (CSRD) earlier this year. The CSRD, developed by the European Commission, expands on the former Non-Financial Reporting Directive (NFRD) by requiring a larger number of businesses, including financial institutions, to disclose their ESG impacts to investors and consumers in their annual reports.

In the U.S., the Securities and Exchange Commission (SEC) and various banking regulators have proposed rule changes requiring companies to include certain climate-related disclosures in their annual reports. While those rules have not yet gone into effect, California recently passed two laws that affect companies that do business in the state.

  • SB-253 will affect both public and private companies operating in California with global annual revenues exceeding $1 billion.
  • SB-261 will affect both public and private companies operating in California with global annual revenues exceeding $500 million. Companies subject to California Department of Insurance regulation or those conducting insurance business in other states are exempt.

To meet evolving global regulations, companies in Asia and other regions are following the Task Force on Climate-Related Financial Disclosures (TCFD) framework. Developed by the Financial Stability Board, the TCFD framework covers ESG governance, strategy, risk management and metrics.

Why financial institutions should lead the way with ESG reporting

Right now, even with expanded definitions, many of the existing and future ESG regulations focus on the “E” (i.e., climate reporting related to carbon emissions). But there’s more for financial institutions to consider than reducing the environmental impact of moving money around. They must also measure ESG-related risks and outcomes reported by the corporations within their investment portfolios. Additionally, they must report on ESG impacts created by their products and those generated throughout their entire supply chain.

By putting the framework in place now to ensure accurate and timely ESG reporting, financial institutions of all sizes can ensure compliance. These four steps can help organizations create a future-focused ESG reporting strategy:

1. Improve ESG data collection and reporting capabilities.

Many institutions have proven systems in place for collecting financial data. But gathering and reporting on climate-related data requires new capabilities and, potentially, new systems. Financial institutions must consider which data they need to collect and know where to store and control that data to ensure completeness and accuracy.

One of the most complex considerations financial institutions face is understanding their organizational and operational boundaries. Consider, for example, a global bank with a home office in Japan. Does it follow Japanese regulations based on its home office location? What about its subsidiaries operating in different regions? Does a Paris subsidiary, for example, need to report using the Central Securities Depositories Regulation (CSDR)? The challenge for global institutions is consolidating all these various areas under one streamlined ESG data reporting structure.

Additionally, financial institutions must find ways to capture ESG data across Scopes 1, 2 and 3 emissions based on the Greenhouse Gas Protocol. This can include capturing accurate data about operational disruptions in countries like Indonesia or states like Florida that are prone to extreme weather events. Financial institutions must also accurately calculate carbon impacts throughout their entire supply chain. These can include gathering and reporting on emissions generated by leased armored vehicles or calculating the energy consumed by leased or off-site data centers.

2. Identify the necessary risks and controls.

Once financial institutions collect the right ESG data, they need to put in place adequate controls over the information they’re reporting. Right now, many institutions ask personnel who may not have the necessary technical knowledge to do this kind of work as an adjunct to their primary responsibilities. But in an increasingly regulated future, banks will need dedicated personnel with technical knowledge to complete this work efficiently and effectively.

To this end, we’ve seen some banks create dedicated ESG teams that carry responsibility for control functions. Another emerging trend is employing an ESG controller, and these specialists are already highly sought-after by many financial institutions.

The trickiest part of hiring for a role like ESG controller is finding a candidate with adequate expertise. Professionals with a solid ESG background may not have the necessary risk and audit knowledge needed to develop adequate controls. Conversely, a professional skilled in risk and audit may lack foundational ESG understanding and capabilities.

The other consideration with hiring an ESG controller—or building an ESG team—is knowing where this department should live within an institution’s organizational hierarchy. The right answer will vary for different organizations. Right now, we’ve most often seen financial institutions align their ESG control function with their finance or human resource functions.

3. Gather the right insights and resources to coordinate these efforts.

Financial institutions should consider how their ESG approach fits into their firm’s strategic objectives, risk management framework and risk appetite. Then, they should consider which areas of the organization will be responsible for specific tasks and determine which human and technological resources the organization will need to move forward. Taking this type of thoughtful approach can help institutions develop ESG reporting strategies built for the future.

Creating a cross-functional ESG team and carving out roles for ESG data scientists and ESG controllers are also positive steps forward for financial institutions. But the broadening requirements of new and emerging regulations could become overwhelming for even the most qualified professionals.

4. Stress test ESG reporting to ensure compliance.

Stress testing for ESG compliance is a two-step process. Both an independent, third-party strategy group and an internal audit team should perform testing, verify that the right risks have been identified and confirm that controls are working as expected.

Part of this essential work will include a materiality assessment to ensure data is being collected from all sources and is being reported in accordance with the proper regulations. Internal audit should also provide continuous monitoring and oversight to ensure accurate and compliant reporting.

Moving beyond ESG compliance

While regulations are mandating ESG reporting, financial institutions should view this not as an obligation, but as an opportunity. As investors demand more transparency into a company’s sustainability initiatives, institutions that prove they are good stewards of ESG principles through trusted data and controls will gain a competitive advantage.

Listen to Episode 4 of our podcast to hear more about the convergence of internal audit with ESG and sustainability.

This article was written by RSM US LLP and originally appeared on 2024-02-02.
2022 RSM US LLP. All rights reserved.

RSM US Alliance provides its members with access to resources of RSM US LLP. RSM US Alliance member firms are separate and independent businesses and legal entities that are responsible for their own acts and omissions, and each are separate and independent from RSM US LLP. RSM US LLP is the U.S. member firm of RSM International, a global network of independent audit, tax, and consulting firms. Members of RSM US Alliance have access to RSM International resources through RSM US LLP but are not member firms of RSM International. Visit for more information regarding RSM US LLP and RSM International. The RSM(tm) brandmark is used under license by RSM US LLP. RSM US Alliance products and services are proprietary to RSM US LLP.

At Keegan Linscott & Associates, our people are our greatest asset. We embody a commitment to our people in our culture of openness, cooperation, teamwork and community service. Keegan Linscott provides exceptional training, coaching, a positive work/life balance and opportunities for personal and professional development. Keegan Linscott’s dedicated team of multi-faceted professionals stand ready to provide the highest quality of audit, tax and consulting services to our valued clients and community. We are leaders in our practice areas and are uniquely qualified to provide innovative and practical solutions.

As a group of practitioners working together, the professionals at Keegan Linscott are able to specialize in specific areas of accounting, audit, taxation, and consulting – a key advantage which allows us to offer a higher standard of service quality.

For more information on how Keegan Linscott & Associates, PC can assist you, please call (520) 884-0176.