It should be emphasized, that ESG ratings have become increasingly important in the proper functioning of financial markets, as they are a critical source of information for investors and financial institutions. However, at the same time, various stakeholders express their concerns with respect to the transparency of ESG rating activities and regarding the potential risks of greenwashing. The necessity for regulation in this domain was also underlined in the European Securities and Markets Authority (ESMA) progress report on greenwashing (the ESMA Progress Report on Greenwashing) published on 31 May 2023, which identified ESG credentials, such as ESG labels, ratings or certification as high-risk areas for investment fund managers (the IFMs), being a major channel of transmission for misleading sustainability related claims.

To accurately grasp this risk, the ESMA Progress Report on Greenwashing also provided for a common high-level understanding of the notion of greenwashing across different financial sectors, referring to “a practice where sustainability-related statements, declarations, actions, or communications do not clearly and fairly reflect the underlying sustainability profile of an entity, a financial product, or financial services. This practice may be misleading to consumers, investors, or other market participant.”

The implementation of clear and harmonized rules at the European Union (EU) level would help to mitigate greenwashing risks in the financial field and increase comparability and reliability of ESG ratings. The provisions of the Proposal, whose main points are summarized below, aim to achieve the following.

Scope and key concepts

The goal of the Proposal is to introduce a common regulatory approach to enhance the integrity, transparency, responsibility, good governance, and independence of ESG rating activities, contributing to the transparency and quality of ESG ratings.

The scope of the Proposal is quite broad and applies to ESG ratings issued by ESG rating providers operating in the EU that are disclosed publicly or that are distributed to regulated financial undertakings in the EU or EU Member States’ public authorities. A list of cases are out of scope of the Proposal and include, in broad terms, private ESG ratings which are not publicly disclosed, the provision of raw ESG data, ESG ratings produced for internal purposes or ESG ratings proposed by EU or EU Member States’ public authorities.

To ensure a common understanding of this field, the Proposal defines ESG rating as “an opinion, a score or a combination of both, regarding an entity, a financial instrument, a financial product, or an undertaking’s ESG profile or characteristics or exposure to ESG risks or the impact on people, society and the environment, that are based on an established methodology and defined ranking system of rating categories and that are provided to third parties, irrespective of whether such ESG rating is explicitly labelled as ‘rating’ or ‘ESG score”.

An opinion means “an assessment that based on a rules-based methodology and defined ranking system of rating categories, involving directly a rating analyst in the rating process or systems process” while a score means “a measure derived from data, using a rule-based methodology, and based only on a pre-established statistical or algorithmic system or model, without any additional substantial analytical input from an analyst”.

The term ESG rating providers, refers to a legal person whose occupation includes the offering and distribution of ESG rating or scores on a professional basis. The criterion relating to the professional basis could imply that only remunerated ESG rating providers would be in scope of the Regulation and that, for instance, non-profit organizations (NPOs) providing labels should not be regulated and not be in scope of the Regulation.

Prerequisites for the performance of ESG rating activities in the EU

According to the Proposal, any legal person who intends to provide ESG rating activities in the EU must be authorized to do so. Legal persons that are established in the EU are required to apply for authorization to ESMA. ESMA grants such authorization where it concludes that the applicant complies with the requirements set forth in the Proposal.

It is interesting to note that in addition to credit rating agencies oversight, ESMA is granted with another supervisory power with respect to ESG rating providers. It is worth noting that similarities exist in both oversight functions, which should facilitate the future supervision by ESMA, once the Proposal is adopted.

A third country ESG rating provider willing to perform rating activities in the EU can only do so if (i) it is subject to supervision by the competent authority of the third country, (ii) it has notified the ESMA of its intention to perform ESG rating activities in the EU  and provided the name of the competent authority that is responsible for the supervision of such entity, (iii) an equivalence decision has been taken by the European Commission for the relevant third country and (iv) a cooperation arrangement has been concluded with the competent authorities of the third country. Where no equivalence decision was taken by the European Commission or where an equivalence decision was repealed, the Proposal provides that ESMA may grant recognition to third country ESG rating providers on a case-by-case basis.

The proposed Regulation provides that third country ESG rating providers may also perform their activities in the EU where they have been endorsed by an ESG rating provider that is already established and authorized in the EU and which belongs to the same group.

Information on the identity of the ESG rating providers which were granted authorization, endorsement, or recognition or which comply with the requirements of the proposed Regulation in accordance with the equivalence regime will be available on the European Single Access Point (the ESAP).

Integrity and reliability of ESG rating activities

To ensure integrity and reliability of ESG rating activities, the ESG rating providers must comply with organizational measures set forth in the Proposal.

To prevent conflicts of interests, the Proposal provides for a separation of business and activities. Accordingly, ESG rating providers are not allowed to provide a list of activities, including consulting activities to investors or undertakings, the issuance and sale of credit ratings, the development of benchmarks, investment activities, audit activities and banking, insurance, or reinsurance activities.

In addition, the Proposal contains provisions with regards to the competence and independence of rating analysts. ESG rating providers must, for example, ensure that they have the knowledge and experience that is necessary for the performance of duties and tasks assigned.

The Proposal also requires ESG rating providers to record their ESG rating activities for a period of at least five years, to implement complaints-handling mechanisms and to refrain from outsourcing where it would risk to materially impair the quality of the ESG rating provider’s internal control policies and procedures or ESMA’s ability to ensure the ESG rating provider’s compliance with the requirements of the proposed Regulation.

To support smaller ESG rating providers, some exemptions are foreseen for small and medium-sized undertakings.

In addition to the foregoing organizational requirements, ESG rating providers are subject to disclosures requirements to ensure transparency towards third parties. They are, for example, required to publish on their website certain information pertaining to the methodologies, models and key rating assumptions used. They should also disclose a minimum amount of information to subscribers and rated entities. The transparency provisions will be subject to further developments by way of delegated acts to be adopted by the European Commission.

Supervision and fines

ESMA would be in charge of supervising ESG rating providers’ compliance with the Proposal. It is vested with large investigative powers, pursuant to which it can require ESG rating providers, persons involved in ESG rating activities, rated entities or third parties to whom operational functions or activities were outsourced, to provide information that are necessary for the accomplishment of its supervisory duties. ESMA may even proceed to general investigation and on-site inspections. Where necessary, it can delegate supervisory tasks to the competent authority of the relevant Member State.

In case ESMA concludes that an infringement was committed by the ESG rating providers, ESMA may take one or more supervisory measures, which include inter alia withdrawal of the authorization of the relevant ESG rating provider, a temporary suspension or prohibition of the ESG rating activities or the issuance of public notices. The foregoing supervisory measures must be proportionate to the seriousness of the infringement and dissuasive.

In addition, ESMA may impose fines which can go up to 10% of the total annual net turnover of the ESG rating provider. In case the ESG rating provider directly or indirectly benefited from the infringement, the sanction may equal the amount of such benefit.

Next steps for ESG rating providers

If adopted, the Proposal would confer new supervisory powers to the ESMA, which will be able to draw on the experience it has acquired regulating credit rating agencies since the entry into force of Regulation No 1060/2009 of the European Parliament and of the Council of 16 September 2009 on credit rating agencies, which pursued similar objectives, with a common approach, with respect to credit rating activities.

The ESG rating providers should consider the proposed definitions and how they may be applied to existing ESG data or rating products, as well as perform an impact assessment of the proposed requirements, with a particular focus on governance, oversight and managing potential conflicts of interest.

Third country ESG rating providers should consider options for structuring their ESG ratings business in the EU.