ESMA exposes the shortcomings of Europe’s non-financial reporting regulation

It appears that merely acknowledging concrete risks is enough to clear NFRD requirements, argues Filip Gregor

This article is Free, but to access more of our content, you can sign up for a no strings attached 28-day free trial here.

The European Securities and Market Authority (ESMA) has published its report “Enforcement and regulatory activities of European enforcers in 2019”, which includes the results of its assessment and actions taken to ensure the correct implementation of the reporting requirements introduced by the EU Non-Financial Reporting Directive. The report’s findings relate to a sample of 145 European issuers.

The report frequently mentioned shortcomings such as the lack of quantitative disclosure, objective targets and accompanying assessment of whether the issuer was meeting those targets. Similarly, they referred to insufficient or missing descriptions of due diligence processes – particularly in relation to human rights and social matters – and mentioned insufficient description of risks and disclosures on environmental and climate change-related matters. This is in line with every major qualitative assessment of corporate sustainability reporting, including the research on 1000 EU companies non-financial statements carried out by the Alliance for Corporate Transparency. These studies consistently point to the fact that only a minority of companies provide meaningful (decision-useful) information on their impacts, risks and strategies.

However, ESMA’s report provided some numbers that could appear fairly optimistic concerning compliance of examined companies with the Directive. So, where is the catch?  

This is explained by the limits of enforcement of the law, as the requirements included in the Directive are vague and do not specify what concrete sustainability information should be disclosed, whether in terms of specification of reporting of risks in different thematic areas, or KPIs. In other words, there is a significant difference between meeting the basic requirements and providing good disclosure. This is confirmed by the ESMA report, which states in general conclusion to the sample reviewed that there is significant room for improvement in the disclosures examined by enforcers. 

Relevance of disclosures 

The analysis that ESMA offers in its report on the assessment of double materiality (i.e the Directive requires that companies should disclose information necessary for understanding their impacts on society and environment, as well as the financial risks posed by sustainability matters to the company) is limited to the statement that “a little more than half of the non-financial statements in the sample” addressed both perspectives. 

Existing research on the information disclosed by companies covered under the Directive shows much lower levels of material disclosures. For instance, the research carried out by the Alliance for Corporate Transparency on 1000 European companies examined the presentation of sustainability-related strategic risks in connection to business models and of the impacts of the business model on key sustainability matters. The results for many of the areas show values that range from 7% to 30% at most (see graphic 1). Similarly, the report published by the European Financial Reporting Advisory Group’s (EFRAG) project task force on climate-related reporting concluded that “only a few companies quite clearly disclose the impact of their business activity on the environment and the resilience of their business model, while most lag behind when it comes to measuring the impact and presenting this impact in a transparent way”.

In light of these results, it is reasonable to assume that at many of the companies considered by enforcers as having followed a double materiality perspective still did not report on material issues or provide relevant information. 

Graphic 1. Alliance for Corporate Transparency results “Strategic perspective: business disclosures”Review of policies and due diligence disclosures

The vagueness of the EU Non-Financial Reporting Directive around what conditions must be met for policy-related disclosures to be considered as “sufficient” has led European enforcers to consider almost any policy disclosures to pass this bar, as suggested by the discrepancy between ESMA’s findings below and the existing research into quality and materiality of such disclosures. 

ESMA’s report states that “almost all issuers provided sufficient description of their policy for addressing environmental matters”. It additionally highlights that “as regards the outcome of issuers’ environmental policies, 79% of issuers in the sample disclosed this”. Unfortunately, the report does not specify what enforcers considered as “sufficient”. According to the research previously mentioned on 1000 companies, only a minority of companies provided information specific enough to understand company policies concerning climate change and other environmental issues, employee and workforce matters or human rights (see graphic 3 below). This minority was slightly stronger with regard to climate change and employee matter disclosures (34.5% and 43.1%) than in Human Rights (21.9%). EFRAG’s task force also concluded that “only a few sectors and companies have implemented the TCFD recommendations and NFRD climate-related reporting elements in their corporate reporting”. 

Graphic 2.  Alliance for Corporate Transparency results “How well is the policy described?”

The NFR Directive requires that companies disclose details of their due diligence processes alongside their policies. Due diligence in social and environmental context is relatively well defined for human rights matters, but not for environmental matters. Therefore, further details on what constitutes sufficient information in this regard would provide better understanding of ESMA’s finding that “around three quarters of issuers in the sample provided sufficient disclosure on their due diligence processes for environmental matters.”

The application of due diligence in Environmental, Social and Governance (ESG) reporting comes from the concept of human rights due diligence (UNGPs), suggested as an operational means for business enterprises to respect human rights. The OECD Guidelines further expanded its application to environmental matters. Although the concept has been so far specified in further guidances (almost exclusively for human rights impacts), in practice, both human rights and environmental impacts are often inseparable. 

Due diligence in this sense is defined as a process to identify, prevent and mitigate adverse impacts, with a particular focus on risks of impacts in supply chains. There have been several large-scale surveys analysing if companies conduct and disclose their due diligence processes, including the Corporate Human Rights Benchmark (CHRB), a survey of the German Federal Government, and the above mentioned Alliance for Corporate Transparency research. All of them consistently point to the fact that only a minority of companies conduct due diligence. CHRB found that over 50% of companies don’t report on even a single element of the due diligence process, while the average score of companies was just 5.7 points out of 25, and the German survey conducted showed that 80% of companies are not implementing human rights due diligence. The Alliance for Corporate Transparency also found that only slightly over 20% out of 1000 companies reported on the main elements of the process. 

The ESMA report reflects on the European common enforcement priorities for 2018 which didn’t include human rights aspects of due diligence disclosures. Given the interconnectedness of ESG matters, however, the ESMA findings underscore the need to clarify the expectations and guidance on what constitutes sufficient reporting in this regard.

This is even more important, taking into account  Commission (DG Justice) is currently studying the options to present a proposal to regulate corporate due diligence obligations at EU level, which would ensure a level playing field in the EU. 

Reporting on risks

Description of risks identified by the company – both to the company and risks of adverse impacts – is the cornerstone of the NFR Directive. The assessment of risks provides a basis for a company's determination of materiality, which should in turn define the content of disclosures on business model, policies, outcomes and KPIs (the remaining mandatory elements required by the Directive).

European enforcers concluded that “60% of issuers in the sample provided sufficient disclosure on the principal risks related to both environmental matters and climate change”.  This finding is in stark contrast with any qualitative research on companies’ risks reporting. For example, recent research on the application of the TCFD Recommendations (which were integrated by the EU Commission in the Guidelines on Climate Related Reporting) shows that only around 25% of companies disclosed information aligned with more than five of the 11 recommended disclosures and only 4% of companies disclosed information aligned with at least 10 of the recommended disclosures. Moreover, the research by the Alliance for Corporate Transparency on EU companies found that while 53.8% of companies provide some kind of statement on climate-related risks, only 23.4% describe such risks in detail that is specific enough to allow understanding of these risks for the company’s development, position and performance. 

This disparity demonstrates again that the lack of detail of the requirements on the disclosure of risks set out by the EU Non-Financial Reporting Directive sets a very low bar. It appears that merely acknowledging concrete risks is enough to clear the requirements. Furthermore, ESMA’s numbers indicate that 40% of the issuers did not provide “sufficient disclosure”, yet enforcement action was taken only in 10% of the examined cases (mostly to require the issuer to make a correction in a future non-financial statement). This implies that the number of companies that clearly don’t comply with even such low standards might be much higher than the numbers of enforcement actions suggest, but that the vague nature of the law discourages enforcement authorities to take actions. 

Key Performance Indicators

With regards to the disclosure of specific key performance indicators (KPIs), ESMA noted that “the absence of detailed and uniform disclosure requirements to complement the Accounting Directive has led to disclosure of a wide variety of KPIs” and called on regulators to work on this – namely for companies to explain their selection of KPIs, how they relate to targets and the methodology behind them.

The lack of detail of the Directive, noted in the ESMA report, meant that the enforcers could not more critically assess if the disclosed KPIs were actually relevant to the particular business, as nominally required, or even conveying material information.     

In ESMA’s findings, it is stated that “83% of assessed companies provided KPIs related to environmental matters”. However, by way of comparison, the research of the Alliance for Corporate Transparency found that out of 1000 EU companies, a third did not report GHG emissions (see graphic 3). 49% reported KPIs related to use of water, but only 10.2% did so in context of risk to local water stress, suggesting that most of the disclosures in this area are either incomplete or immaterial. Similarly, 29% of companies considered biodiversity a material topic and disclosed a policy, but only 9% provided KPIs related to it.

Graphic 3. Alliance for Corporate Transparency results on GHG emissions disclosure

European enforcers also listed frequent KPIs for other sustainability areas, such as employee matters or social and human rights. There are however relevant observations to be made. In the case of social and human rights, for instance, indicators mentioned in the report cover CSR/philanthropy activities (e.g. donations to local communities) or management of suppliers, without covering important issues such as impacts on people (with risks of impacts likely to be highest in supply chains), which should be considered more relevant from the social materiality perspective.

Changes in EU regulation

Corporate sustainability disclosure is the first layer to build a sustainable and resilient financial system, without which it cannot function. It also plays a critical role both in fostering long-term focus and responsibility in corporate governance and facilitating corporate accountability for impacts on society.

Reporting on environmental, social and governance matters will need to be significantly improved if EU policy-makers wish to achieve the objectives set up in the sustainable finance agenda, in particular the redirection of capital flows to support sustainable activities. 

The EU legislation on non-financial (sustainability) reporting needs to provide much clearer requirements to clarify to companies what they are expected to disclose, and to enable the crucial work of enforcement authorities. The same reasons for why disclosure of financial information is regulated and mandated by law in the EU and worldwide, apply to sustainability reporting. 

European enforcers included in their report a strong call to the European Commission to provide more detailed disclosure requirements in EU law and work towards the promotion of a unified set of international standards on ESG issues. This conclusion is firmly supported by all available research in the relevance and materiality of corporate sustainability reporting.

Filip Gregor is Head of Responsible Companies at Frank Bold