The EU Commission has now published it proposal for the regulation of ESG rating providers and whilst overall its terms are not a surprise, the obligations on non-EU ESG rating providers, and the currently projected timetable, will prove challenging for those having to grapple with the new regulatory framework, while potentially experiencing direct EU regulation and supervision for the first time.
At its core is the requirement to be authorised to provide ESG ratings in the EU. The obligation will exist whether the provider itself is in or out of the EU. Unless a non-EU ‘rater’ is in a country which has been deemed “equivalent” by the EU’s securities regulator ESMA in respect of its regulation of ESG ratings providers – which, given the EU will be first to legislate in this space, is not a realistic prospect for the foreseeable future – providers making their ratings available to EU users will need to determine which of the access routes are available to them. Whichever approach they take will still result in ongoing EU supervision, which may be a new experience.
For non-EU ESG rating providers, the proposal presents two options: authorisation or recognition. The volume of EU ESG rating activity determines whether authorisation is required or whether recognition (which does not require an EU presence) will suffice.
Obtaining recognised status involves an application to ESMA to determine that the non-EU rater meets the same standards as are expected under EU regulation. Meaning that ESMA “recognises” the non-EU rater as being like an EU rater (and subject to the same rules), and the need to establish a presence in the EU is avoided. Firms whose annual turnover exceeds €12m on their ESG ratings activities for three consecutive years will not be able to avail of this. Given this surprisingly low threshold, many of the smaller raters in the market will still be subject to the full authorisation requirement, as well as some start-ups.
Raters above the €12m threshold will require an authorised presence in the EU. Authorisation can take two forms. Either an EU affiliate will need to go through the ESMA authorisation process to assign its own ratings; or become authorised as an “endorser” (also requiring the establishment of an EU authorised entity but including a permission for the EU entity to sign-off on its affiliate’s ratings and effectively take responsibility for them). Whilst the endorsement model sounds like a practical approach to meshing the need for supervision in the EU with business models typical in the ratings space, there are many unanswered questions regarding how that endorser firm will need to be organised and managed from a regulatory perspective.
What the proposal does make clear on governance is that, whichever route is taken, the ESG rating provider will not be permitted to offer other services such as consulting services, credit ratings, benchmarks and investment activities from the same legal entity, and will be expected to manage conflicts of interest carefully. ESMA will be able to impose fines if conflicts or other governance failings persist, up to 10% of total annual net turnover.
The timings to be ready for this are very tight especially given the EU’s recent track record of keeping to their deadlines. Large ESG ratings providers in the EU will have 12 months to get authorised once the rules are in force whilst those outside the EU taking the endorsement or recognition route have less time. Provided no delays, the regulation is likely to be in force by mid-2024.
These proposals are part of a global move to regulate ESG rating providers. Japan already has a framework in place, in the form of a voluntary code, and regulation is expected in many other Asian jurisdictions including Singapore, Hong Kong and India, although nothing published yet. In the UK, HMT has consulted on its proposals, and we await publication of the (additional) FCA voluntary code for ESG data and rating providers. Coming ahead of the UK’s legislative regime, this will be a stepping stone to more formal regulation and encompasses a slightly wider scope, capturing data as well as rating providers. While all of these will be based on the same principles, the chance of a common global approach is unlikely and ESG raters will have to integrate the myriad different approaches into their global frameworks.