ESG Ratings Regulation Agreed – Broad Impacts on Financial Services Firms and Scoping Ambiguity

Marking another important milestone in the international supervision and regulation of ESG ratings providers, on 5 February 2024 the EU co-legislators reached political agreement on the ESG Ratings Regulation (“ERR”). A consolidated version was subsequently published here. The agreement was reached relatively quickly, with the trilogue process concluding just 9 months after the Commission’s proposal was published (see our note on the proposal here).

Whilst primarily of interest to ESG rating providers servicing EU customers, the broad scope of the concept of ESG ratings, ambiguous exemptions and extra-territorial reach mean the ERR will be of interest to financial services firms generally. 

Overview of ERR

The ERR intends to regulate the provision and distribution of “ESG ratings” due to their impact on capital markets and sustainable products, the aim being to strengthen the reliability and comparability of ESG ratings “by improving the transparency and integrity of the operations of ESG ratings providers and preventing potential conflicts of interests”.

Under the ERR, ESG ratings providers will need to be authorised and supervised by the European Securities and Markets Authority (“ESMA”) and comply with certain transparency and organisation requirements. Importantly, whilst other regulated financial services firms benefit from certain exemptions from authorisation, they still have to comply with new transparency requirements when producing ESG ratings in the context of existing products. This is imposed partly through the ERR (and forthcoming regulatory technical standards) and partly through amendments to the Sustainable Finance Disclosure Regulation (“SFDR”).  

Persons operating as an ESG ratings provider in scope of the ERR (without an exemption) need to either: 

• be authorised by ESMA – this is essentially the route for large EU based ESG ratings providers;
• benefit from an equivalence decision – this would cover non-EU ESG ratings providers in a jurisdiction benefitting from such a decision, although of course there is uncertainty as to whether any equivalence decisions will be made;
• benefit from endorsement – this would allow certain authorised EU ESG rating providers to “endorse” the ratings of non-EU affiliates;
• benefit from recognition – this would allow certain small non-EU ESG ratings providers to apply to ESMA and use a relatively light touch recognition regime.

This is similar to the existing regime under the Benchmarks Regulation. Given the uncertainty around equivalence, and the limitation of recognition to small non-EU ESG ratings providers, it seems that non-EU ESG ratings providers will generally have to establish an authorised EU entity under the ERR to continue undertaking business in the EU, as the only remaining route for non-EU entities (endorsement) relies on having an EU authorised affiliate.

Small ESG ratings providers established in the EU are separately able to benefit from a lighter touch compliance and registration regime. 

Core scoping and extra-territorial reach

The core scoping of the ERR depends on the scope of “ESG ratings”. An “ESG rating” is defined as “an opinion, a score or a combination of both, regarding a rated item’s profile or characteristics with regard to environmental, social and human rights, or governance factors or exposure to risks or the impact on environmental, social and human rights, or governance factors, that are based on both an established methodology and a defined ranking system of rating categories, irrespective of whether such ESG rating is explicitly labelled as ‘ESG rating’, ‘ESG opinion’ or ‘ESG score’;”

This definition appears to draw on the definition of credit ratings from the Credit Rating Agencies Regulation, and it is important to note that whilst it is broad in the sense that is covers both opinions and scores regardless of how they are labelled, it does only apply if there is “an established methodology and defined ranking system of rating categories”. Hence, straightforward opinions on ESG matters (e.g., a simply statement that X is or is not sustainable) would not be caught. 

Another key concept is “operating in the Union”, as the ERR only applies to ESG ratings providers when they operate in the Union. This concept is defined as:

• for EU incorporated ESG rating providers, when they publish ESG ratings, or when they distribute them to regulated EU firms, entities that are in-scope of the Accounting Directive or the Transparency Directive, and/or (in summary) EU or member state public bodies.
• for non-EU incorporated ESG rating providers, only when they distribute to regulated EU firms, entities that are in-scope of the Accounting Directive or the Transparency Directive, and/or (in summary) EU or member state public bodies through a subscription / contractual arrangement.

The key distinction is that for non-EU entities the mere publication of ESG ratings does not bring them in-scope of the ERR, which is a helpful clarification. 

However, a key nuance to note is it seems there is a risk that distributing ESG ratings to some non-EU entities could (counterintuitively) still involve “operating in the Union”. This is because non-EU entities that happen to have an EU listing or which have a subsidiary/branch in the EU and are scoped into sustainability reporting can be in-scope of the Transparency Directive or Accounting Directive. This fact is explicitly acknowledged by a recital of the ERR, and therefore seems to be deliberate rather than a drafting mistake or oversight. This may have significant implications as a non-EU ESG ratings provider distributing to a non-EU entity with no EU presence may inadvertently be required to seek authorisation under the ERR.

Exemptions – ambiguity for financial services firms

The ERR does include numerous exemptions from its scope (given the broad scope of both “ESG ratings” and “operating in the Union”). Some of these are fairly straightforward and helpful. For instance, there are exemptions for:

• private ESG ratings which are not intended for public disclosure or distribution;
• ESG ratings issued by regulated EU financial services firms for intra-entity or group purposes;
• publication or distribution of ESG data;
• credit ratings where ESG-related scores or assessments form part of the assessment;
• external reviews of EU Green Bonds;
• ESG ratings produced by certain public bodies or non-profits which are not published or distributed for commercial purposes;
• ESG ratings for certification or accreditation processes that don’t target investment decision making; and
• ESG labelling activities that do not involve the disclosure of an ESG rating.

However, a key question around scope is how the ERR applies to financial products of financial services firms that happen to include ESG ratings. This could include sustainable investment products that disclose ESG ratings on investments, or investment research that includes an ESG rating. The ERR actually includes several exemptions relevant to this:

• One exemption covers ESG ratings issued by “regulated financial undertakings in the Union” (i.e., EU regulated financial services firms) that are incorporated into an already regulated product or service and disclosed to a third party. However, firms using this exemption are still required to comply with certain disclosures under ERR in their “marketing communications”.
• Separately, there are exemptions for mandatory disclosures under the Taxonomy Regulation and SFDR. However, similar to the above the ERR makes amendments to SFDR to require disclosures when including ESG ratings in “marketing communications”.
• There is also an exemption for “products or services that incorporate an element of an ESG rating, including investment research”.

It is currently not entirely clear how these exemptions interact. The first exemption only applies to regulated financial undertakings (i.e., EU regulated entities). So, non-EU entities would be caught out and have to be authorised as an ESG ratings provider under the ERR when dealing with EU (or certain non-EU) customers even if ratings are only an ancillary element of another financial service (e.g., overseas research providers). Hence, the third exemption may be important, but the reference to incorporating “an element of an ESG rating” is unclear. References in the trilogue materials seem to suggest it is referring to the use of ESG ratings as an input, but not disclosure or issuance of ESG ratings as part of another product. Impacted firms will therefore need to consider this in detail.

Finally, there is also a “reverse solicitation” exemption, for non-EU ESG rating providers where “there is no substitute for the ratings offered by any ESG rating provider authorized under this Regulation”. This exemption becomes unavailable if the rating providers EU market share “becomes substantial” or they have a website that is in at least one EU official language (which is not customary in the sphere of international finance). Finally, the reverse solicitation does not allow for “recurrent” distribution of ESG ratings to EU users. Hence, the reverse solicitation exemption is quite restrictive and difficult to use. 

Obligations for ESG ratings providers

ESG ratings providers are required to put in place systems and controls to comply with the ERR, and to support the robustness, independence and accuracy of their ratings. They are also subject to outsourcing obligations and required to put in place certain complaints handling mechanisms. 

Certain procedural obligations apply to the issuance of ESG ratings, such as clearly and explicitly stating that they are the opinion of the rating provider, and an obligation to inform rated items in advance of the issuance of the ratings (and provide information to them for free).

ESG rating providers are generally not allowed to conduct other activities such as “consulting activities to investors or undertakings”, issuance of credit ratings, provision of benchmarks, investment services, audit, bank or insurance services. There are exceptions for some of these activities where conflicts of interest are effectively managed and the ESG ratings business is segregated. In-scope providers of ESG ratings will therefore need to consider whether any of their broader activities could require 'separation'.

Staff involved in the provision of ESG ratings are required to meet knowledge and experience requirements, and ratings providers are required to ensure that they do not initiate or participate in negotiations regarding fees and payments with rated items. There are also restrictions on staff dealing in or being connected to rated items. 

However, on top of these organisational requirements a key focus is disclosure. ESG rating providers are required to disclose information on their methodologies, models and rating assumptions, and, significantly, either provide separate E, S and G ratings or disclose the weighting of E, S and G factors (when a combined rating is used). 

Finally, ESG rating providers are required to ensure their fees are fair, reasonable, transparent and non-discriminatory, which may have a significant impact on charging structures. ESMA has powers to request documented evidence of pricing policies to enforce this rule. 

Practical implications

Firms which intend to become authorised as ESG ratings providers should assess the compliance obligations in the ERR and prepare for authorisation. In particular they will need to consider which aspects of their business involve the issuance of ESG ratings, and whether structural separation from other business lines is required.

Firms intending to rely on exemptions to avoid specific authorisation under the ERR (for instance, banks issuing investment research or buyside firms offering products with ESG ratings) should firstly assess their products and services to determine if they constitute ESG ratings. Following this, the applicability of exemptions will need to be considered in detail, as well as compliance with the disclosure obligations that accompany certain exemptions.

Timing and next steps

The political agreement is still to complete legal linguistic review and translation, and then formal adoption. After being formally adopted, the ERR will be published in the Official Journal of the EU, and enter into force 20 days after publication. This will likely occur in late Q2 or early Q3 2024. The ERR is stated to apply 18 months after entry into force (which means the rules could apply as early as late 2025).

ESG ratings providers are required to notify ESMA within 19 months of entry into force of the ERR, and are required to apply for authorisation or recognition within 4 months of the ERR applying. After making the notification the ESG ratings provider is temporarily registered and able to continue operating in the EU. There is a longer transitional provision for small ESG ratings providers and a temporary regime available for them. 

Resources

Find the final texts of the provisional agreement here.

Find the Council press release here.

Find the EU Parliament press release here.