Imtiaz Hussain, Managing Director and Deputy Chief Auditor, BNY Mellon

Below is an insight into what can be expected from Imtiaz’s session at Risk EMEA 2023.

The views and opinions expressed in this article are those of he thought leader as an individual, and are not attributed to CeFPro or any particular organization.

How can financial institutions (FI) manage mismatches in external data?

Investment Management firms are required to rely on different data sources at different stages (from investment research processes, production of Corporate Sustainability Reports, preparation of regulatory requirements – e.g., Principal Adverse Indictor statements). In the absence of better-quality external data, firms must have a clearly articulated and ‘fair’ approach to their use and quality of external data. This in turn serves to minimize the potential for clients to be unclear about the data being used to drive decisions or report towards emission and reporting targets.  Financial Institutions can manage mismatches in external data through regular data quality reviews of external data procured from third-party data providers. Most of the compiled third party data are sourced from public reports by the firms and from the internet sources for any ESG controversy that the firm might get involved in. Analysts may conduct a quality review on the raw data provided by the data providers to overcome external data mismatch.

In what ways can financial institutions look to reduce disparities across global benchmarks?

While different regulators consult with the market on the various transparency, reporting and disclosure standards, I believe it is the responsibility of affected financial institutions to provide feedback on the challenges they face. Feedback is important both from the perspective of preparing data for their own disclosures, as well as obtaining consistent data from underlying issuers and asset owners.  Active participation in these consultations may avoid final regulations which perpetuate the disparities across ESG ratings.

In the meantime, firms must exercise appropriate due diligence when deciding on data vendors or other avenues for acquiring and processing data. Ensuring that the data provider offers consistent and accurate data across most asset classes required and implement controls to comparisons (data scrubbing) across multiple data providers.

Currently, all the global ESG benchmark providers use their own criteria and methodology to develop ESG benchmarks. Although there are talks on developing a standard methodology for ESG benchmarks by various regulators, it is still at the nascent stage. At present, the only feasibility of reducing disparities across global benchmarks is to align the criteria and methodologies of FIs with that of global ESG benchmarks.

How can risk be managed with limited regulation and data?

While the regulatory environment is still catching up with the pace of evolution of the ESG environment and the uneven regulations landscape across jurisdictions. Key areas of focus for each of the regulators is the continued focus on transparency and prevention of greenwashing and client protection. As such, firms cannot afford to wait on finalized regulations and disclosure requirements which will enhance the quality of data available but need to place their clients’ interest at the heart of their operations and implement controls to ensure clarity and consistency in their communications with existing and potential investors/clients and ensure that their investment processes are aligned with these communications.

Risk can be managed through implementation of effective development of ESG investment policy framework, integration of ESG regulatory requirements into the existing frameworks, control and monitoring mechanism from top-down/bottom-up on ESG, training on ESG topics, and by ensuring compliance of ESG objectives at the grass root level (Ensuring if we are doing what we are saying).

Why should financial institutions look to embed ESG into existing control frameworks?

In my opinion, ESG Risk like Culture and Conduct Risk transverses the entire firms and as such cannot be considered separately from the existing control framework.  In the absence of regulatory harmonisation on taxonomy and expectations, firms will need to define the ESG strategy framework they have undertaken and demonstrate the effectiveness and quality of their control frameworks to identify, monitor and manage these risks across the business model. Boards must take the lead in terms of the governance required to deliver on ESG, consideration at any other level may be insufficient to deliver the required breadth of ESG challenges. In addition, the significant potential negative implications resulting from poor ESG strategy and noncompliance with ESG regulations (reputation damage, poor investor relations, legal consequences and financial losses) are expected to be managed by the existing control framework and governance structure.

Regulatory requirements around the ESG aspects have been increasing in the past few years. International agreements such as the Paris agreement on climate change has had a cascading effect on FI to adopts responsible investment measures. The emergence of the recently released SFDR regulations and upcoming ESG regulations such as CSRD, SDR, SEC’s climate disclosures etc are shaping the ESG regulatory landscape for the FIs. Apart from regulatory requirements, client requirements on ethical investing, responsible and impact investing have been increasing. These factors becomes crucial for FIs to comply with the emerging ESG requirements from a regulatory respective and to meet client demands in staying abreast with the competitors service offerings.  Hence, embedding ESG into the existing control framework will ensure compliance and meeting client demands.

How can financial institutions ensure they capture good data on climate and emissions?

To comply with the growing data requirements associated with ESG, firms need to accept that data is a vital strategic asset and build an effective data governance framework addressing data aggregation, management, storage, security, retrieval, and destruction.  With Non-Financial reporting becoming as important as Financial Reporting, controls over all related data elements are growing in importance. There is debate in the market on the use of data management software over excel based solutions for data mining and analytics and many believe that both have their advantages – software solutions when the data elements needed are well known but excel based solutions when firms are still determining what data elements are needed.

Data providers provide emission and climate data sourced from public reports (TCFD/ESG report/Sustainability report/CDP/GHG emission report). When data is not available for a particular firm, these data providers model emissions data based on standard assumptions which might not reflect the actual emissions performance of a firm. More than 18,700+ companies have disclosed on climate related disclosures on CDP during 2022 which is more than 42% from the year 2022 which is a good progress. However, more than half of the firms which have disclosed in CDP have not completely disclosed on scope 3 emissions. Hence, there is a major gap in the reliability of climate data.  In order to ensure good data is captured, FI must conduct their own research on the firm’s emission and climate disclosure. For this, knowledge on GHG accounting and industrial process knowledge to identify materiality of emissions sources is critical. In absence of a firm’s disclosure on climate data, the FI may involve in continuous engagement to ensure transparent climate disclosures are published by the firm.