FCA launches consultation on a Code of Conduct for ESG Ratings and Data Product Providers

The FCA’s ESG Data and Ratings Code of Conduct Working Group (DRWG), supported by the International Regulatory Strategy Group (IRSG) and the International Capital Market Association (ICMA), is seeking feedback on a draft voluntary Code of Conduct for ESG data and ratings providers. The consultation, which launched on 5 July 2023, is open for comments until 5 October 2023. The final Code is expected to be published at the end of 2023.

The Code aims to enhance consistency, transparency, and accountability in the financial services industry, by introducing clear standards for ESG ratings and data product providers and clarifying how such providers can interact with wider market participants.

The Code is in close alignment with the International Organisation of Securities Commission’s (IOSCO) recommendations published in November 2021, and has taken into account the developments by the regulators in the EU, India, Singapore and Japan, who have recently published ESG ratings and voluntary guidelines for their markets. It is hoped that the Code will be a significant step in the development of consistent global standards for ESG ratings and data product providers.

The Code is a voluntary standard that seeks to set a voluntary standard of best practice within the ESG data and ratings market – separately from the UK and EU proposals to regulate firms providing ESG ratings. See our previous client alerts on the UK (here) and EU’s proposals (here).

Scope

The intended scope of firms for the Code (noting that it is a voluntary standard) is:

• firms providing ESG ratings/scores or ESG data products (regardless of whether they are labelled as such). The definition of “ESG data product” in particular is very broad as it captures any product provided, or marketed as providing an ESG focus in relation to entities, financial instruments, products or companies’ ESG profile, characteristics, or exposure to ESG, climate-related or other environmental risks or impact on society and the environment;
• second party opinion providers; and
• entities that provide controversy alerts (controversy reports or norm-based research).

The scope section of the paper also clarifies that the intention is not to capture credit rating agencies, proxy adviser services, investment research, regulated financial benchmarks or entities producing ESG ratings/scores or ESG data products that will be used or consumed within the group only. However, such firms / providers can also choose to comply with the standards of the Code.

The principles of the Code do not distinguish between ESG ratings/scores providers or ESG data products providers in their application or the standards that are proposed – however, the paper suggests that providers can adapt their implementation across their products / business areas.  

Principles

Based on IOSCO’s recommendations, the Code sets out the following six principles which are underpinned by a series of actions which provide a practical guide to the application and interpretation of the Principle:

• Good Governance: ESG ratings and data products providers are expected to ensure appropriate governance arrangements are in place that enable them to promote and uphold the Principles and overall objectives of the Code. These should include a clear organisational structure with well-defined, transparent and consistent roles and responsibilities for personnel involved in the determination, publication, or oversight, as appropriate, of an ESG rating or of an ESG data product.
   
• Systems and Controls: ESG ratings and data products providers are expected to adopt and implement written policies and procedures designed to help ensure the issuance of high quality ESG ratings and data products. These policies and procedures should be drafted taking into account the nature, scale and complexity of the provider’s business, and should ensure that (among others) their ESG products are based on a thorough analysis of relevant information, ESG products and methodologies are monitored on an ongoing basis, internal records are kept to support their products and conclusions and that there are sufficient human and technological resources in place.
   
• Management of Conflicts of Interest: ESG ratings and data products providers are expected to identify, avoid or appropriately manage, mitigate and disclose actual or potential conflicts of interest that may compromise the independence and objectivity of their ESG ratings and data products. The proposed actions include ensuring there are personal account dealing restrictions and that employee reporting lines and remuneration are structured to eliminate or appropriately manage actual and potential conflicts of interest. 
   
• Transparency: ESG ratings and data products providers are expected to make adequate levels of public disclosure and transparency a priority for their ESG ratings and data products. This includes their methodologies and processes to enable users to understand the product and any associated potential conflicts of interest, while maintaining a balance with respect to proprietary or confidential information, data and methodologies.
   
• Confidentiality: ESG ratings and data product providers are expected to adopt and implement written policies and procedures designed to address and protect all non-public information received from or communicated to them related to their ESG ratings and data products.
   
• Engagement: ESG ratings and data product providers should regulatory consider whether their information gathering processes with entities covered by their products leads to efficient information procurement for both the providers and these entities. The proposed actions include protocols regarding getting ESG data from covered entities on a bilateral basis and having a clear and consistent contact point within the covered entities.

What are the implications of, and timing for, compliance with the Code?

We expect that the Code will become a standard of best practice within the ESG ratings and data market in due course. The Code allows signatory organisations to meet the expectations set out in the Principles in a proportionate manner, that is aligned to their own business model and structure. By signing up, ESG ratings and data providers agree to make available publicly, and to review at least annually, a statement explaining their approach to the implementation of the Code.

Once a signatory has signed up to the Code, this will be followed by an implementation period (six months for ESG rating providers and twelve months for ESG data products providers) after which the Principles should be embedded within the provider’s organisation.

There don’t appear to be any proposals for a body to review the implementation statement of signatories that voluntarily agree to comply with the Code – i.e., ESG data and ratings providers signing up to the Code will have to self-certify their compliance.   

How does the Code interact with the UK and EU proposals to regulate ESG ratings providers?

Please see our previous client alerts on the UK's (here) and EU’s (here) proposed regime for regulating ESG ratings providers. Unlike those proposals (which will create a mandatory licensing and conduct regime for in-scope ESG ratings providers) the Code is a voluntary standard. The Code also applies to a much broader segment of the ESG information market, as its intended scope also includes ESG data providers.

The FCA has published a statement welcoming the Code, stating that it will play an important role in raising standards. In the meantime, HM Treasury and FCA will continue to work together to consider whether the regulatory perimeter should be extended to include ESG rating providers, following the close of the Treasury’s consultation at the end of June.

NOTE ADDED JANUARY 2024 - On 14 December 2023, ICMA and IRSG launched their voluntary code of conduct for ESG ratings and data products providers.  The code is owned and maintained by the ICMA.  A copy of the voluntary code of conduct can be found here.  You can find a copy of the FCA press release here.  

ESG ratings and/or data product providers are encouraged to sign up to the voluntary code – following sign up, an implementation period applies (six months for ESG ratings providers, twelve months for ESG data products providers), at the end of which, the Code should be embedded within the provider’s organisation.