On 20 December 2023, the Council of the EU reached an agreement on its negotiating mandate on a proposal for a regulation on ESG ratings  (the “Proposed EU Regulation“). This builds on the European Commission’s proposal, which was published on 13 June 2023.

The EU’s desire to regulate ESG rating agencies is a response to increasing concerns from a variety of stakeholders about the reliability, comparability and transparency of ESG ratings and the data behind these ratings.

What are ESG ratings?

An ESG rating is an objective measurement of the ESG performance and exposure of entities, financial instruments and/or financial products. It is intended to provide information to market participants about the relationship between the entity, instrument and/or product and ESG-related issues, which are becoming an increasingly important consideration for investors and other stakeholders.

ESG ratings are provided by a number of rating agencies, including MSCI and Sustainalytics. However, such rating agencies have no regulatory framework to follow when developing and applying ESG ratings and are not regulated entities themselves. This lack of regulation makes it difficult to compare and contrast ESG ratings, since the relevant rating agencies have adopted their own frameworks and methodologies, which are often not misaligned. It also makes it difficult to rely on information disclosed by these rating agencies, since their disclosures are equally unregulated. The ESG ratings attributed by rating agencies to various entities, instruments and products have, therefore, come under increased scrutiny from investors and other stakeholders alike. The EU are attempting to mitigate these concerns through the Proposed EU Regulation.

The Proposed EU Regulation

The key provisions of the Proposed EU Regulation are summarised in the below table:

ScopeEU entities that provide ratings in the EU are covered.

Non-EU entities that provide ratings in the EU are also covered, unless:

(1) the European Commission adopts an equivalence decision in respect of the relevant third country jurisdiction; or

(2) if the European Commission does not adopt an equivalence decision, the ESG ratings agency successfully seeks endorsement of its ratings from an EU-authorised ESG ratings provider and this endorsement is approved by the European Securities and Markets Authority (“ESMA”); or

(3) if the European Commission does not adopt an equivalence decision and the ESG ratings agency fails to obtain an endorsement, the ESG ratings agency has an annual turnover on their ESG rating activities below EUR 12 million for three consecutive years and has a legal representative in the EU that can be accountable for its obligations under the Proposed EU Regulation.
AuthorisationESG ratings providers need to be authorised and supervised by ESMA. To become authorised by ESMA, ESG ratings providers must apply to ESMA, disclosing the information required by Annex I of the Proposed EU Regulation.

ESMA will also maintain a register of authorised providers. From 1 January 2028, ESG ratings providers will also be required to submit any public information to the European Single Access Point.
FeesESG ratings providers have to pay supervisory fees to ESMA in proportion to their annual net turnover.
IndependenceOnce authorised, ESG ratings providers are not able to offer a number of other services, including credit ratings, benchmarks, consulting, audit, investment activities, insurance or banking.

Analysts providing ESG opinions would also be subject to independence requirements, such as being prohibited from having key management positions at an entity for which they have provided an opinion within the last six months.
OrganisationESG ratings providers must comply with the record-keeping and outsourcing requirements outlined in Annex II of the Proposed EU Regulation, which require providers to keep records of (among other things) the:

(1) identity of the persons responsible for the development of the rule-based methodology, and the identity of the persons who have approved the rating methodology;

(2) records documenting the established procedures and rating methodologies used by the ESG rating provider to determine ESG ratings; and

(3) methodology used for the determination of an ESG rating.
DisclosureESG ratings providers must comply with the disclosure requirements outlined in Annex III of the Proposed EU Regulation, which require providers to disclose (among other things):

(1) high level overview of the rating methodologies used;

(2) information on whether and how the methodologies are based on scientific evidence; and

(3) within the E, S or G factors, specification of the topics covered by the ESG rating/score, and whether they correspond to the topics required to be disclosed under the sustainability reporting standards of Article 29b of the EU Accounting Directive.
Conflicts of interestESMA may require ESG ratings providers to take measures to mitigate the risk of conflicts of interest, including (for example) by establishing an independent oversight function representing stakeholders. If the provider cannot sufficiently mitigate the risk, then ESMA may require it to cease the activities that create the conflict of interest.
EnforcementESMA will be able to issue fines of up to 10% of total annual net turnover of the ESG ratings provider for intentionally or negligently infringing the Proposed EU Regulation.

However, the Proposed EU Regulation does not attempt to regulate the methodologies used by ESG ratings providers; it instead attempts to promote transparency in relation to the information disclosed by the ESG ratings providers. Therefore, ESG rating providers will continue to have full discretion as to how they devise their ESG ratings methodologies, which has been criticised by a variety of stakeholders.

The UK Consultation

Following a three-month consultation that concluded in June 2023, the UK government has also confirmed it will press ahead with the creation of a new ESG regulatory regime for rating agencies (the “UK Consultation“).

Similarly to the Proposed EU Regulation, the UK Consultation proposes regulating the direct provision of ESG ratings to users in the UK – by both UK and overseas rating providers – where the rating is used in relation to a “specified investment”, as defined under the Financial Services and Markets Act 2000 (Regulated Activities) Order 2001 (the “RAO“). The UK Consultation proposes adding new regulated activities to the RAO and requiring ratings providers to become FCA authorised firms.

Although the specific detail as to how the UK Consultation would regulate ESG ratings providers is unclear at this stage, the UK government has indicated that it expects the regulatory approach to be aligned with the UK Financial Conduct Authority’s proposed voluntary code of conduct for ESG data and ratings providers.

The consultation paper relating to the proposed voluntary code of conduct, which was published in July 2023, proposed the adoption of a similar approach to the Proposed EU Regulation, in that it focuses primarily on the regulation of issues surrounding conflicts of interest and transparency, rather than the methodologies of the ESG ratings providers themselves. It will be interesting to see if, once published, the details of the UK Consultation are in fact aligned with the Proposed EU Regulation.

Next steps

The European Parliament, the Council of the EU and the European Commission must now agree on the text of the Proposed EU Regulation.  At the same time, ESMA is developing regulatory technical standards to specify further information needed to become an authorised ESG ratings provider. Once the text of the Proposed EU Regulation is agreed, it will be published in the Official Journal of the EU and enter into force 20 days later. The regulation would then take effect six months after entering into force.

Although the UK government has not yet published its official response to the UK Consultation, it has stated that it will do so “in due course”. According to the Financial Times, this is likely to occur early next year.