Richard Chambers is the CEO of Richard F. Chambers & Associates and is also Senior Internal Audit Advisor at Court of Auditors†
A new compliance risk is coming, and now is the time to think about the impact it could have on your organization. With so many companies touting their environmental credentials to appeal to the public and environmentally conscious investors alike, the U.S. Securities and Exchange Commission (SEC) has made a proposal entitled “The Enhancement and Standardization of Climate-Related Disclosures for Investors” which addresses reporting on climate initiatives. In this proposal, the SEC sets out a number of rules it would like to see regarding how public companies report on climate-related risks. The proposal is: open to public comment until June 17, 2022. The clock is ticking for businesses to comment – don’t miss this window.
The proposed rules would require publicly traded companies to disclose information about their response to “climate-related risks that would reasonably have a material impact on their operations, results of operations or financial condition.” In addition, companies would report on climate-related metrics such as greenhouse gas emissions and financial metrics that have yet to be determined. The SEC’s ultimate goal is for companies to provide consistent, reliable information to stakeholders when it comes to climate risk to help curb the practice of “greenwashing,” where companies inflate the truth of actual climate actions.
The proposed regulation is being compared with the reporting requirements for fraud risk in the financial statements in the Sarbanes-Oxley Act of 2002 (SOX). In fact, much of the proposal reads like a debate about the level of testing to be performed on climate reporting controls (such as SOX 404) and whether or not senior management should attest to the controls (such as SOX 302).
To prepare for this potential new rule, organizations can take advantage of a three-stage approach. The phases outlined below will drive and guide the C-suite from where we are today through a long-term view of compliance.
Phase one: input during the public comment period
As a first step, board members and the C-suite should familiarize themselves with the proposed rule and participate in the comment period. Due to the accelerated turnaround time of the SOX legislation in 2002, there was little opportunity for input from the business community. As a result, I think too few business leaders have added their perspectives to the conversation, which could have influenced the hastily written legislation. In the area of financial statistics, in particular, the SEC needs to hear the thoughts and concerns of business leaders before adopting proposed regulations, or we could all end up with complex requirements that will take us years to complete.
Phase Two: Readiness for Climate Disclosure
At some point, new rules will be passed by the SEC and implementation dates will be prescribed. The period between the close of the consultation period and the start of the implementation is phase two: the readiness phase. Climate risks affect your business regardless of the outcome of the SEC’s proposal, and business leaders must take action to ensure the business is ready for the inevitable reporting requirements. While the final rules are yet to be drafted, there are likely to be significant steps that the C-suite and the boards will oversee during phase two.
1. Ensure that climate-based initiatives and objectives are defined, especially those that your company could discuss on its website, in marketing materials, in sustainability reporting or in any other format related to stakeholders.
2. Then ensure that risk oversight is assigned within the company, probably with a risk management team. The risk of inaccurate climate reporting should be formally assessed and evaluated for proper control. Carefully consider which metrics (both emissions and financial) are useful to measure.
3. Then ensure controls are tested around accurate climate reporting for appropriate design and operational effectiveness. Ensure any statistics or claims related to climate initiatives are backed up with supporting evidence.
Many organizations turn to their enterprise risk management for risk assessment and internal audit teams for help designing, testing, and evaluating controls. Past experience also shows that large, complex companies may need to hire external third parties to help translate compliance requirements into compliance activities. Companies that have outsourced their audit function or those with an overstretched audit team may need to rely on co-sourced internal audit partners for the necessary expertise and support. Management needs to be assured that risks are being assessed, controls are designed and implemented, and that the organization is ready to begin recording and reporting accurate data on day one. Failure to prepare will expose the company to potential compliance fines, regulatory sanctions, reputational and capital market risks if disclosure reporting is inaccurate or not produced in a timely manner.
Phase Three: Sustainable Compliance
Finally, consider the long-term implications of this proposed rule and the ongoing compliance requirements that inevitably result. Long-term collaboration between audit, risk and compliance teams will be critical in managing the compliance-related risks facing the business. For now, part of the preparation should include bolstering your company’s compliance and risk management programs with technology to consolidate its climate reporting efforts, along with the risk assessment, control environment, testing procedures, and any management attestations that make up the backbone. of the programme.
Climate reporting could be just the beginning
The current language in the SEC’s proposal isolates the climate disclosures, but this is only part of the broader environmental, social and governance (ESG) movement that appears to be fueling SEC involvement. In recent years, ESG funds have emerged that allow investors to invest their money in companies that align with certain values. To earn their place in a fund, companies must demonstrate a commitment to ESG initiatives, but some companies validate their claims with more scrutiny than others.
Looking ahead, we can anticipate similar requirements for the social and governance claims proudly published by companies, and we may see this rule apply to all ESG reporting reporting. The SEC’s reporting rule on climate disclosure may be just the beginning, and time is running out to shape the proposed regulation during its public comment period.