ESG ratings: at last regulated, at risk of growing competition with raw data

“Raters are essential, but do not have stakeholders' full confidence. [...] Knives are out " concluded an ERM study in 2023[2], quoting growing discontent and confusion about ESG ratings, and a risk of eroding credibility and role in the sustainable finance ecosystem "if ESG raters neglect the complaints of their core constituencies". Regulating the raters has indeed rapidly emerged as a necessity for the EU Commission, which ordered a "Study on Sustainability Related Ratings, Data and Research" no later than 2018. The EU executive arm included a pledge to take action on the topic in its 2021 new Sustainable Finance Strategy, from which the Regulation finally adopted in June 2024 was directly derived.

While issuers and asset managers often devote six-figure budgets to ESG ratings, ESG analyses and ESG data (between 220,000 and $480,000 annually for publicly traded companies, between $175,000 and $360,000 for investors according to a survey by the Sustainability Institute), ESG ratings have been increasingly criticized over the years due to structural discrepancies. The Regulation points out “deficiencies”, “investors and rated entities’ needs [to take informed decisions] not being met and confidence in ratings being undermined”. This is due to a “lack of transparency on the characteristics of ESG ratings, their methodologies and data sources”, and “[a] lack of clarity on how ESG rating providers operate”[3]. These generic observations cover varied symptoms of the problem often observed by the Natixis GSH teams and their clients, such as:  too frequent changes in methodologies and teams, patchy understanding of issuers’ business models, no adaptation of sectors classification based on business mix and ESG materiality, relative assessments losing sight of absolute performance and of what is / should be assessed. The lack of exchanges with rated entities contributes to reinforce these discrepancies.   

The Regulation, that should enter into application after its publication in the EU Official Journal (approximately first part of 2026 at the earliest), includes an ESMA accreditation system, which is the keystone of the text: it will become a condition for ESG rating providers to continue operating on the European market. To obtain an accreditation – and maintain it over time – a number of conditions must be met, that aim at demonstrating quality, transparency, integrity and avoidance of conflicts of interest.

These provisions notably concern the ESG rating provider’s internal governance and organization through the independence of rating activities (including from any political or economic influence, via internal due diligence procedures), internal control mechanisms and human resources-related provisions. Rating quality must be ensured by implementing procedures for monitoring information sources, and by using rating methodologies that are rigorous, justified, transparent and regularly reviewed. Methodologies, models and key rating assumptions are to be disclosed to the public on the ESG rating provider website. A list of "minimum disclosures to the public" requires for example rating methodologies, time horizons or data sources to be made available (incl. use of estimation and industry average).

The risk of conflict of interest is particularly present in the preventive measures, with the prohibition of certain activities for people involved in ratings (consulting activities, shareholdings in other suppliers, credit rating, benchmark development, investment services, sustainability reporting, insurance and reinsurance, etc.), with some exceptions[4].

The text also reorganizes the accountability of ESG rating agencies to stakeholders, whether regulators, rated issuers or investors / financiers,  clients. For instance, rated entities will be informed 48 (working!) hours before the release of their rating, to give them the right to respond and correct any factual errors[5]. A complaint-handling mechanism is also to be set up and made publicly available to issuers and users of ESG ratings, with an obligation to process requests timely and independently. ESMA may also issue public notices in the event that an ESG rating activity poses a serious threat to the market integrity or to investor protection in the Union: a provision that could potentially prevent fanciful valuations from being made to the detriment of certain corporates and/or investors. Other supervisory measures in case of infringement are for instance the withdrawal or suspension of the authorization or recognition of the ESG rating provider, prohibition for the provider to publish or distribute its ESG ratings and fines. Record Keeping information will contribute to such integrity, with a string of requirements (the identity of the rating analysts, of the persons responsible for the development of the rule-based methodology, and the identity of the persons who have approved the rating methodology and the account records relating to fees received).

The scope of this new EU Regulation, however, disappointed those who had hoped to bring some general order to the issue of ESG or sustainability data quality. From the outset, the text displayed a clear but limited ambition, integrating only ESG "ratings", defined as "an opinion, a score, or a combination of both". Not including raw data, which nevertheless represents a non-negligible proportion of the ESG content purchased by investors, the number and variety of which is increasing with sustainable finance regulations[6] and the development of bespoke methodologies. Regulators’ rationale here echoes that of credit rating governance: it aims to bring order to the compilation of information in the form of evaluation and performance measurement. The ESG Ratings Regulation does therefore not cover the quality of sustainability data (on criteria such as reliability, accuracy…), as the Credit Rating Agencies Regulation does not cover the quality of financial information. Hence the large number of provisions excluded from the scope, such as for instance "The publication or distribution of data on environmental, social, human rights and governance factors".

This choice has been the subject of much discussion with the financial industry, which has taken a number of positions in favor of integrating ESG data into the Regulation. It remains to be seen whether the subject will be addressed elsewhere by the new Commission. Indeed, in a context where the recent choice made by Moody’s not to provide standalone ESG ratings anymore illustrates the growing importance of data to the detriment of ratings. In this regard, the current construction of the European Single Access Point (ESAP), that will centralize public financial and sustainability corporate disclosures and the public information related to ESG raters requested by this Regulation, could partially contribute to change the game. It will indeed enable assets / investments managers to have a direct and centralized access on what is usually collected and provided to them by rating agencies. However, the challenge is and will remain high for assets / investment managers to make a direct use and interpretation of ESG / sustainability data, which quality may not prove better than current ESG ratings, and which interpretation requires intensive and qualified human resources. Shedding light on the need for ESG data to also be subject to minimum quality requirements (such as for instance the principles disclosed in Appendix B of ESRS 1: relevance, faithful presentation, comparability, verifiability, understandability).

The relationship between ESG ratings and credit ratings is also a question mark. The text stipulates that credit ratings provision is incompatible with ESG ratings provision, with a view to preventing conflicts of interest. The integrated analysis of a security will therefore have to be based on two hermetically separated ESG and financial analysis. These provisions are all the more surprising that in parallel, the European Securities Market Authority (ESMA) recently hold a public consultation (closed on June 21) to better integrate ESG factors into credit ratings, within the framework of the Credit Rating Regulation -  without making any reference to the newly adopted ESG rating Regulation. The EU doctrine on the usability of ESG ratings and their articulation with credit ratings remains in this regard to the least unclear and potentially undefined. It questions whether the EU would favor the integration of ESG data (factors) into credit ratings rather than separate and standalone ESG ratings as such. A question that is not exclusive to the European regulator, as demonstrated by the ambiguous decision made by S&P in August 2023 to drop ESG scores from credit ratings against a backdrop of raising anti-ESG sentiment. The credit rating agency had been providing ESG credit indicator scores for publicly rated entities in some sectors and assets classes since 2021 (independent scores for the credit impact of E, S and G factors on a five-point range)[7]. While the removal of the scores does not prevent the integration of ESG factors when deemed material by S&P, the issue of transparency regarding the integration of ESG factors, their analysis and their influence on the final credit rating result remains unresolved, in a context where EU regulators and supervisors have demonstrated some expectations in this regard towards financial institutions.

Will the new EU Regulation therefore contribute to support the development of strong European ESG rating providers and reinforce the functioning of the EU sustainable finance market?

The text arrives in a context of slowing demand after years of increase, where the business model of ESG data and rating providers remains questioned. If some ESG-sophisticated investors develop bespoke in-house evaluation methodologies to better control their interpretation of ESG data,this remains in general limited to a portion of their investment universe. Meanwhile, the majority of investors keep buying ESG ratings off the shelf – without always being sufficiently informed or equipped to fully understand what is being assessed.

The question is not trivial: what are ESG ratings really assessing? Are they supposed to evaluate the quality of the ESG disclosures and processes, regardless of the actual environmental, social and governance performance of the company? Are they supposed to assess the contribution of the company to sustainability through its business model? Are they limited to assessing the ESG risks for investors or to evaluate the impact of the company on sustainability as a whole, through a double materiality perspective? Orpea’s excellent ratings, due to the social nature of its services and good communication, compared with poor effective social performance, demonstrate that the answer is not clear.

Whether this Regulation will help end-users to clarify the meaning and their use cases of ESG ratings and make informed decisions is a key aspect to evaluate its real contribution to a better functioning of the ESG rating market. In this regard, it is important to recall that the text wisely does not impose any particular rating methodology, each agency remaining free to develop its own. However, it encourages the provision of separate ratings rather than aggregated ratings for E, S and G factors, and requires minimum disclosures to indicate whether ratings assess economic/financial risk, impact, or both (in line with the EU double materiality approach). This last provision, which has gone relatively unnoticed, is a step in the right direction. It is to be hoped that ESMA's complementary provisions (implementing technical standards) will enable this particular point of transparency to be developed further.

Last but not least, the text sets out a number of provisions designed to support small and medium-sized ESG rating players. These are supposedly indirectly supporting the European large variety of small sized providers, in front of a market characterized over the past years by a consolidation in ESG ratings and data service providers, resulting in a concentration of the market on a limited number of large (non-EU) groups[8]. The point is important. Not only does it aim to respond to some “strategic autonomy” considerations[9], but it may also in practice also influence the “what is assessed” that relates very much to the ongoing debate on single financial materiality (assess the influence of sustainability on financial results, promoted outside the EU) vs double materiality (also assess the impact of coporates on sustainability, mainly supported by the EU).  

The text sets out the same governance and accreditation requirements for non-European players operating in the EU, with a system of equivalence that still necessitates some cooperation arrangements to be negotiated by ESMA with the competent authorities of third countries[10]. European ESG rating agencies that are small companies will also benefit from some exemptions (temporary regime with lighter requirement for 3 years after having registered by ESMA, and some permanent exemptions[11]). These concern however only the small ESG rating companies[12], leaving instead the medium size pure European players with the same level of constraint as the biggest players - Ethifinance, among others, having been quite vocal on the competition asymmetry this creates. It quoted the example of the obligation to set up separate legal entities for ESG rating on the one hand and other activities on the other hand, increasing the fixed price of ESG rating production which, given its size and limited capacity to absorb them, can be particularly challenging.

While it remains too early to say if the ESG Rating Regulation will have any effect on competition and competitiveness for European ESG rating agencies – already mostly bought up by Anglo-Saxon players –, this first attempt to regulate this industry also sheds the light on the need to complement this governance-oriented text with a genuine sectoral policy. It is crucial to promote a sustainable European financial sector capable of supporting and operationalizing the European approach and its body of regulations (taxonomy, double materiality, CSRD and its vast perimeter of sustainability topics). A reflexion that could also encompass ESG data providers, so as to support the European champions (Carbon4, Iceberg Datalab, …) that could also be easy targets for buyout by global players. 

Beyond transparency and integrity, many questions remain unaddressed by this text. They shed the light on the outstanding challenges for the EU sustainable finance architecture. While the EU has consolidated its doctrine on double materiality, it still needs to go the extra mile to establish its vision about data use and meaning. Does the system produce relevant data and information to respond to the questions raised by the sustainability transition and consecutive investment needs? Do they really enable investors and financiers to identify the sustainability risks they are exposed to, or the sustainability  solutions providers that they could support, taking into account their full value chain? These stakes will be at the core of the mandate of the newly elected Commission. With the CSRD implementation, which full-scale test of upcoming reportings will enable to assess the relevance and usability of the ESRS for investors and rating agencies. Or through the upcoming revision of SFDR and Principal Adverse Indicators (PAI), which have raised some unsolved interpretation and utility challenges. From corporate disclosures to investment products disclosures, the EU shall ensure at every step of the sustainable finance value chain that its disclosure provide readable, meaningful and comprehensive information to support the transition to a sustainable economy.