Skip to content
Compliance & Risk

Will ESG regulation surpass SOX and Dodd-Frank in total cost for companies?

Natalie Runyon  Director / ESG content & Advisory Services / Thomson Reuters Institute

· 6 minute read

Natalie Runyon  Director / ESG content & Advisory Services / Thomson Reuters Institute

· 6 minute read

How does the cost to corporations and financial services firms to accommodate needed Environmental, Social & Governance (ESG) initiatives compare to past legislative reform?

Some experts believe that Environmental, Social, & Governance (ESG) agendas are going to dwarf the two major corporate compliance and financial industry overhauls of recent decades — the Sarbanes Oxley (SOX) Act and the Dodd-Frank Act — in terms of cost and investment by companies.

Twenty years after its passage into law, SOX — created to address massive failures in corporate auditing and compliance functions — costs the average large company about $1.4 million in annual related compliance costs and the average smaller company about $890,000, according to Protiviti Consulting. Dodd-Frank — passed in 2010 in response to the global financial crisis — was the most massive financial industry reform in US history and was estimated to add about $50 billion annually to financial industry compliance costs.

Unlike rules being passed down by Congress and then implemented by regulatory agencies like the Securities and Exchange Commission (SEC), the ESG agenda is being driven largely by the investment community, and only now have regulators been compelled by this pressure to consider new rule-making. In March, the SEC proposed rules requiring public companies to disclose extensive climate-related information in their SEC filings; and in late-May, the SEC proposed rules seeking to standardize disclosures related to ESG factors made by investment funds, including scrutiny of funds that including “ESG” in their names.

Despite this, investors, advocacy groups, and other stakeholders don’t seem willing to wait around for regulators to impose new measures. Indeed, investors and private plaintiffs are increasingly looking to the courts as one means to pursue their goals as reflected by a spike in allegations and complaints regarding ESG topics, according to Sarah Fortt and Collen Smith, co-chair and vice chair of the ESG practice and the securities litigation practices, respectively, at Latham & Watkins.

Indeed, until regulations around the lack of consistency in the specificity of how to define issues and what data to disclose are specified, multi-national companies will continue to be forced to make it up as they go as they try desperately to appease stakeholders.

“Our clients feel like a boulder has been tossed into the pond by world regulators, sending out ripples of potential regulation in all directions,” says Timothy A. Wilkins, Freshfields’ global partner for client sustainability. “Before the waters calm down with any legal certainty, we’re advising them to focus on those ESG disclosures which best reflect core strategies and ambitions.”

Most say it is just a matter of the time until ESG methodologies and benchmarks will have to be identified and disclosed, similar to other corporate assets and liabilities. In fact, both Fortt and Smith say they tell clients every day to treat ESG the same as any corporate reporting and compliance requirement.

Guidance for companies during the “in-between” time

In the meantime, corporations can prepare and make progress on key ESG challenges while they are awaiting clarity on regulatory requirements. Some areas to which companies should devote their effort include:

Identify areas of risk exposure — Companies need to audit their public information and internal data to identify inconsistencies in ESG data because this opens them up to exposure and litigation risk. In conducting an ESG risk assessment, organizations analyze their documentation and governance processes with their public-facing commitments to mitigate the risk of investigations by regulators or law enforcement or other kinds of investigation, litigation, or reputational risk.

Address multifaceted gaps in data — The multilayered challenge around data in terms of accuracy and who is creating, owning, and verifying the data is one of the biggest headaches at the moment. For example, many companies are making “net zero” commitments on environmental issues, but there is no common methodology used to determine a “net zero” calculation. Therefore, some are making SEC’s rulemaking on ESG a parallel to the formation of generally accepted accounting principles in the accounting industry.

Carve out budget for data verification by third parties — Corporate investment in efforts to ensure that the accuracy and verification of ESG statements by third parties is another key area where companies and their compliance teams need to evolve. Corporations will have to make room in their budgets for lawyers and auditors to substantiate corporations’ ESG commitments, especially as new rules come down.

Clarify internal governance processes, especially with the board of directors — The lack of understanding across organizations of the in-house governance processes on ESG topics is another major problem for corporations.

Historically, companies’ general counsels (GCs) and chief legal officers (CLOs) responded to requests to identify risk exposure via internal document reviews. In the last 24 months, however, GCs are essentially becoming the chief ESG officers for most companies on the key reputational risk assessment involving ESG issues. In particular, gaps in governance are an issue at the company board level, especially now with boards of directors being named as defendants in litigation regarding allegations of a company’s public misinformation or misstatements.

For example, ESG issues have popped up in several different places within companies’ corporate governance structure. Some of these key issues need to be addressed by boards’ nominating governance committees, some should go to the audit committee, and others are handled by the compensation and benefits committee. Good governance and oversight by the board require some kind of strategy in how the board engages with ESG issues; otherwise, decisions can be made by some with unforeseen repercussions for others.

Define ownership of ESG-related governance processes — In a similar vein, it is important to outline functional roles and responsibilities in regard to ESG governance issues, including what functions need to collaborate and the timing of the engagement. ESG is a corporate “lane-breaker,” meaning it requires cross functional collaboration to mitigation reputation issues, especially litigation risk. As a result, clarity around what corporate function owns specific governance processes is critical, along with specification of functional roles, responsibilities, and ultimate accountability.

Whether or not ESG surpasses the scope of SOX and Dodd-Frank remains to be seen. What we do know is that attention and concern for ESG issues is not going away, especially because public companies’ financial performance and stock price can move based on what information they disclose or obscure about ESG issues — and this is a relatively new development. Companies taking proactive action now to identify their exposure and tighten up controls and processes around ESG goals and measurements are likely to be better positioned to minimize financial impact.

More insights