Norton Rose Fulbright LLP

07/01/2022 | News release | Archived content

ESG – Key regulatory risks for financial services firms in the UK and US and how to manage them

Content

Introduction

Environmental, social and governance-related ("ESG") matters are high on the global agenda with a focus not only on climate change, but also on wider environmental issues, such as biodiversity, and social and governance issues, such as, diversity and inclusion and accountability.

In the regulatory sphere, in the UK, the Financial Conduct Authority ("FCA") is clear that the financial sector has an important role to play in helping the economy adapt to a more sustainable long-term future and that consumers need to be able to rely on regulated firms to take ESG seriously1. Last year the FCA welcomed its first Director of ESG with a mandate to embed ESG considerations across its functions and it is to have regard to the UK Government's commitment to a net zero economy by 2050 in all of its regulatory activities2. We are also seeing the FCA engaging with companies that it considers may not be complying with its rules in respect of their ESG disclosures.

In the United States, the Securities and Exchange Commission ("SEC") has been increasingly active in the ESG space given the importance of ESG performance to investors. To protect the investing public from material gaps or misstatements in issuers' disclosures, in 2021, the SEC announced the creation of a Climate and ESG Task Force3. As a result of the Task Force's efforts, the SEC has brought ESG-related disclosure actions against several high-profile public companies. Furthermore, in 2022, the SEC proposed new rules that would require domestic and foreign registrants to provide climate-related disclosures in their registration statements and annual reports4. It also proposed new rules to enhance the regulatory framework for disclosures concerning investment funds and investment advisers' ESG investing strategies5.

In terms of financial markets, investors are increasingly seeking sustainable financial products and ESG investing, traditional investing combined with sustainable or otherwise philanthropic aims, has seen huge growth in recent years6. Regulated firms are also seeking to improve their own ESG performance more generally to build stronger relationships with their stakeholders, including those who use their services. Whilst the growing emphasis on ESG presents opportunities for financial services providers, it also brings with it a number of risks, which need to be properly managed with a view to avoiding future regulatory investigations and enforcement. In this briefing, we look at some key areas of regulatory risk around ESG and suggest some practical steps that can be taken to manage these, with a focus on the UK and US regulatory regimes.

Key ESG regulatory risks

(i) Greenwashing

Greenwashing is the term given to a practice of making misleading statements about the environmental credentials of a business and/or product in order to attract investment or customers more broadly. Mitigating the risk of greenwashing is a particular focus for the FCA7. Last year it issued a letter to the Chairs of Authorised Fund Managers8, setting out guiding principles for the design, delivery and disclosure of responsible and sustainable investment funds. At the time the FCA said that it was concerned by the number of poor-quality fund applications it had seen and that it would continue to scrutinise and challenge regulated firms on their fund strategies and disclosures9. A key objective of the guiding principles is to ensure that the marketing of such funds is compliant with existing regulatory requirements.

The current UK regulatory framework includes the FCA's Principle 7 requirement that an authorised firm must pay due regard to the information needs of its clients and communicate information to them in a way which is clear, fair and not misleading and this requirement is also reflected in the financial promotion rules10. It also includes Principle 6, that an authorised firm must pay due regard to the interests of its customers and treat them fairly. The FCA can take a number of supervisory actions against regulated firms to prevent harm in this area such as requesting they make a voluntary application for the imposition of requirements or seeking to impose requirements which have the effect of forcing withdrawal of or changes to a promotion11. The FCA also has the power under s137S of FSMA to ban promotions that are unclear, unfair or misleading. Suspected breaches of requirements may also be investigated and enforcement action to impose sanctions such as financial penalties may be pursued.

Further, and with a view to building trust and integrity in ESG-labelled instruments, the FCA is also working with the UK Government to develop additional rules in this area, including Sustainability Disclosure Requirements12, with a Discussion Paper published in November last year in relation to new sustainability disclosure requirements for asset managers and FCA-regulated asset owners, as well as a new classification and labelling system for sustainable investment products13.

The SEC's recent proposed new rules that would require certain disclosures by registrants, investment funds and investment advisers also seek to help combat greenwashing. In addition, the SEC already has broad authority to issue rules requiring US publicly traded companies to disclose significant financial and other information so that investors can make informed investments decisions, including disclosure related to climate change. For example, as noted in the SEC's 2010 Guidance Regarding Disclosure Related to Climate Change, information related to greenhouse gas emissions and climate change is required in public companies' SEC filings related to a company's description of business, legal proceedings, risk factors and management's discussion and analysis of financial condition and results of operations14. Companies must also disclose "such further material information, if any, as may be necessary to make the required statements, in light of the circumstances under which they are made, not misleading"15.

Furthermore, as a result of the SEC ESG Task Force, which is charged with proactively identifying ESG-related misconduct, the SEC has begun to bring enforcement actions for greenwashing. For example, on May 23, 2022, the SEC charged BNY Mellon Investment Adviser, Inc. ("BNYMIA") for material misstatements and omissions about a sub-adviser's ESG quality reviews under both Acts. BNYMIA settled the matter (without admitting liability) by agreeing to pay a $1.5 million penalty16. Criminal authorities have also been investigating fraudulent advertising of ESG investments.

(ii) Corporate disclosures

In addition to considerations around product labelling, relevant financial services firms need to comply with rules on corporate disclosures relevant to ESG and risk regulatory scrutiny and potentially enforcement action if they do not do so.

In the UK, the FCA has introduced some specific obligations around ESG-related disclosures with which in scope issuers need to comply. For example, in December 2020 the FCA introduced a new rule for premium listed issuers to make disclosures in line with the recommendations of the Taskforce on Climate-related Financial Disclosures, or explain any non-compliance, which was later extended to standard listed issuers in December 2021. In addition, in relation to diversity and inclusion, in April this year the FCA introduced amongst other things new Listing Rules to require issuers to include a statement in their annual financial report setting out whether they have met specific board diversity targets17. Disclosure obligations also arise on an ongoing basis pursuant to, amongst other things, the Market Abuse Regulation. The FCA has made it clear that climate-related risks and opportunities are financially material to many issuers' assets18 and information about these may therefore amount to inside information and need to be disclosed.

In the United States, as discussed above, the SEC has made significant efforts to increase corporate ESG disclosures. Other ESG-related risks and opportunities are also likely to be financially material to many issuers and, as a result, firms should consider ESG matters carefully when determining what should be disclosed.

(iii) Governance

Relevant to both of the above types of ESG risk, there is also a broader governance risk for regulated firms in this area. Firms need to have adequate internal arrangements in place including procedures to identify different types of ESG risk relevant to their business and escalate these risks to senior management and the Board where appropriate.

In the UK, the FCA's Principle 3 requires regulated firms to take reasonable care to organise and control their affairs reasonably and effectively, with adequate risk management systems and there are also specific governance provisions within the Senior Management Arrangements, Systems and Controls part of the FCA Handbook which need to be complied with. Consequently, where firms do not have sufficient governance around ESG issues and there are serious or repeated failings, there is a risk of regulatory intervention and potential enforcement action.

Companies also need to ensure that they comply with relevant governance requirements in relation to disclosures, such as Listing Principle 1 which provides that a listed company must take reasonable steps to establish and maintain adequate procedures, systems and controls to enable it to comply with its obligations and Premium Listing Principle 1 which relates to the need for directors of premium listed companies to understand their responsibilities and obligations.

The FCA regards robust governance arrangements as being key to ensuring good corporate culture and conduct and has previously pursued enforcement action in relation to deficient systems and controls regardless of whether any harm has been caused to third parties.

The same risks exist in the United States. Under the pending proposed rules, the SEC would require registrants to, among other things, disclose detailed information about the handling of climate change issues, including climate-related governance, strategy, risk management and metrics and goals. This means that, if approved, registrants would need to ensure that they had detailed insight into the processes and methods by which their board of directors consider climate-related risks and any climate-related targets or goals set by the board and mechanisms for overseeing the company's progress against such targets and goals. The rules would also require, where applicable, disclosure of the management positions and committees responsible for assessing and managing ESG risk, any relevant expertise of those individuals, processes utilized by the relevant parties to monitor risks, and board reporting requirements.

(iv) Individuals

We have focused above on the risk of regulatory intervention against corporates in connection with ESG-failings but individuals are also at risk. In the UK, the FCA has in place the Senior Managers and Certification Regime which aims to reduce harm to consumers and strengthen market integrity by making individuals more accountable for their conduct and competence19. In addition, the PRA has stated its expectation that responsibility for identifying and managing financial risks from climate change should be allocated to the relevant Senior Management Function20 ("SMF").

The FCA has emphasised that generally, where there are grounds for investigating a matter, there will be a need to investigate the role of senior management in the conduct issues that arise21 and senior managers may be held personally accountable in certain circumstances such as where they have failed to exercise sufficient oversight in connection with ESG-related breaches. Even those who are not approved to perform a SMF may be at risk in the event of a breach of the Individual Conduct Rules. Certain individuals can also be held responsible for being knowingly concerned in a breach by their employer. Individuals can face significant financial penalties or even prohibitions from the financial services industry in connection with established breaches.

In the US, individuals are also at risk. Companies are under pressure to improve their ESG performance while maintaining profitability, and individuals at those companies will feel that pressure. The Department of Justice has renewed its focus on prosecuting individuals, and will likely be on the lookout for ESG-related fraud22.

(v) Reputational damage

Firms should be mindful of the reputational risks connected with managing ESG issues. Potential rule breaches and reputational risks may require notification to the regulator and failures to report may themselves attract regulatory attention and sanctions (in addition to any consequences flowing from the substantive failing which gave rise to the notification obligation). In both the UK and the United States, regulators publish enforcement decisions with consequent reputational impacts and more generally firms risk reputational damage if they are seen to be deviating from what are widely considered to be ethical practices. Even an investigation which concludes with no action being taken can be reputationally damaging. Given that ESG is a focus for companies and investors all over the world, the reputational risk of mismanaging ESG disclosures is substantial.

How can firms manage the regulatory risks?

There are a number of steps which firms and their senior management can take now to manage the regulatory risks around ESG. These include:

(i) Diligence: This is a fast moving area and sufficient internal resources need to be allocated by firms to remain adequately informed about developments in the ESG space, including regulatory and industry guidance. Firms need to understand what ESG means for them and part of this process is mapping incoming changes in the ESG landscape across to their own business and evaluating where the risks may arise. Engaging with others such as peers, regulators and industry bodies may give firms early notice of the introduction of ESG measures and may also afford firms the opportunity to share best practice examples with each other in this space.

(ii) Training: Firms need to ensure that adequate training is delivered internally, including in relation to regulatory expectations regarding ESG issues and the risks in this area. ESG is not an area that senior managers can safely leave to the specialists since it is wide-ranging and may affect a number of business areas and internal functions. Training should include the Board who will be expected to stay adequately informed and set the appropriate 'tone from the top'.

(iii) Appropriate risk management and internal governance: Firms may be able to take advantage of risk management and internal governance frameworks already in place to manage other types of risks, such as financial crime and bribery and corruption for the purpose of addressing ESG issues and risks, but these will of course need to be adapted and regularly updated to take into account ESG developments. Firms should consider in particular whether they have in place appropriate ESG risk assessments, policies, committee(s) involving all relevant stakeholders, with clear escalation channels and clear documentation around ESG-decision making, in particular with regard to ESG-related disclosures and representations.

(iv) Adequate whistleblowing arrangements: ESG is an area which evokes strong feelings and sentiment and this, combined with an increased regulatory focus on whistleblowing more generally, means that firms may well see an increase in whistleblowing relating to ESG. Whistleblowing can arise internally from employees, but it can also originate externally including from customers, shareholders or other interest groups. In the UK, the FCA has also been raising awareness through campaigns that whistleblowers can report directly to the FCA and this may in turn spark a regulatory enquiry or investigation.

In the US, the Climate and ESG Task Force is tasked with enhancing and coordinating efforts with various agencies, including the Office of the Whistleblower, to bolster its efforts. In August 2021, the SEC reportedly initiated an investigation into a financial institution's asset management unit following a whistleblower's allegations that it was misrepresenting its ESG credentials to clients and investors. It is therefore important to ensure that adequate whistleblowing arrangements are in place, including in relation to the appropriate investigation of concerns in accordance with a proper process.

(v) Effective response to complaints, concerns and issues: More broadly, ESG-related complaints and concerns should be taken seriously and investigated where appropriate. Where ESG-related issues are identified, swift action needs to be taken to understand the root cause of such issues and to prevent reoccurrence. There may also be an opportunity for lessons to be learned and for these learnings to become embedded in internal processes. Taking internal and/or external legal advice and obtaining the protection of legal privilege may be useful in seeking to understand any potential exposure and how best to mitigate this.

(vi) Individuals: The above should also inform the steps taken by senior managers who need to equip themselves with the knowledge to inform their decision-making and ensure they can evidence reasonable steps including adequate challenge and debate as part of the risk management process and appropriate internal governance arrangements.

Concluding remarks

While ESG presents opportunities for financial services providers, it also brings with it a number of regulatory risks that should be properly considered and managed. As outlined above, we recommend taking a number of steps to stay ahead of potential issues and to manage these risks effectively. Proper resourcing in relation to ESG and being agile in responding to changes as they come in is key. Where potential or actual regulatory breaches in relation to ESG issues are identified, companies should immediately stop the breach and investigate to confirm that there are no additional breaches and to determine whether there are any wider systems and controls issues around ESG compliance. Notification obligations need to be considered as well as record keeping, managing communications and data preservation.

Footnotes

6 For example, according to Chris Cummings, Chief Executive of the Investment Association, in 2020 and 2021, retail investor support for funds which have a specific social or environmental purpose grew significantly, with savers consistently putting around £1bn a month into these funds every month: https://www.theia.org/media/saving-matters/chris-cummings-opens-ia-sustainability-and-responsible-investment-conference
11 s55L FSMA