ESG Regulations: Global Update September 2023
As ESG regulations rapidly develop, FTI Consulting is providing a quick summary of need to know updates across the globe.
![](https://fticommunications.com/wp-content/uploads/2023/09/Untitled-design-1-1024x1024.png)
![](https://fticommunications.com/wp-content/uploads/2023/09/Untitled-design-3-1024x1024.png)
![](https://fticommunications.com/wp-content/uploads/2023/07/Alignment_.png)
![](https://fticommunications.com/wp-content/uploads/2023/07/ESG-disclosures.png)
![](https://fticommunications.com/wp-content/uploads/2023/09/Untitled-design-4-1024x1024.png)
Cybersecurity Governance
Carbon Leakage
Sustainable Finance Disclosure
Emissions Reporting
Climate-related Financial Risk Reporting
As ESG regulations rapidly develop, FTI Consulting is providing a quick summary of need-to-know updates from around the globe. This month we summarize updates from over the summer, covering new rules on Cybersecurity governance in the US, Australia’s efforts to address carbon leakage, the EU’s consultation on the Sustainable Finance Disclosures Regulation, and California’s Climate Accountability Package.
![ESG Regulations – the global view ESG Regulations - the global view](https://fticommunications.com/wp-content/uploads/elementor/thumbs/ESG-Regulations-the-global-view-1-qa0vat1komccath7yh3ydof8839kuleanh558vsakk.png)
1. SEC Rules on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure
![](https://fticommunications.com/wp-content/uploads/2023/06/us-flag_-1-150x150.png)
What do I need to know?
In order to make cybersecurity reporting more consistent and informative for investors, the U.S. Securites and Exchange Commission (SEC) introduced rules that require all registrants to disclose material cybersecurity incidents as they occur and to annually disclose material information on how they manage cybersecurity risk, strategy, and governance. Similar rules have been adopted by the SEC for foreign private issuers, requiring comparable disclosures.
What’s next:
- Disclosures on cybersecurity strategy and governance will be due beginning with annual reports for fiscal years ending on or after December 15, 2023.
- Material cybersecurity incident disclosures will be due beginning the later of 90 days after the date of publication in the Federal Register or December 18, 2023.
California Climate Corporate Data Accountability Act & Climate-Related Financial Risk Act
What do I need to know?
The California Legislature passed two landmark climate bills as part of a “Climate Accountability Package” and the governor has publicly signalled his intention to sign the bills into law. The first bill requires all large corporations (firmwide revenues greater than $1 billion) that do business in CA to report their Scope 1, 2, and 3 emissions on an annual basis starting in 2026. The second bill requires covered entities (<$500 million in revenue and doing business in CA) to prepare a climate-related financial risk report in accordance with the recommended framework of the Task Force on Climate-Related Financial Disclosures (TFCD). The bill is expected to affect over 5,500 public and private companies.
What’s next:
- Assuming the Governor does not veto either bill, the bills must be signed by October 14, 2023.
- Companies will need to report on their 2025 scope 1 and 2 emissions in accordance with the Greenhouse Gas Protocol and obtain limited 3rd party assurance on this data starting in 2026, transitioning to reasonable assurance by 2030.
- Companies will need to report on their 2026 scope 3 emissions by 2027 and obtain limited third-party assurance on Scope 3 data by 2030.
- Companies doing business in CA will need to prepare a climate-related financial risk report on or before January 1, 2026, and biennially thereafter.
3. Sustainable Finance Disclosure Regulation (SFDR
![](https://fticommunications.com/wp-content/uploads/2023/07/Aus-flag-150x150.jpg)
What do I need to know?
The Australian government is conducting an analysis to determine the feasibility of a carbon border adjustment mechanism to address carbon leakage. The Climate Change and Energy department will be examining whether the EU’s CBAM model could be adapted for an Australian context to maintain the competitiveness of domestic companies.
What’s next?
The analysis is due to for finalization by Q3 2024.
4. Sustainable Finance Disclosure Regulation (SFDR
![](https://fticommunications.com/wp-content/uploads/2023/05/eu-flag-150x150.png)
What do I need to know?
As of September 14, 2023, the EU began a targeted and public consultation on its Sustainable Finance Disclosure Regulation in order to better understand stakeholder’s current issues with and the future potential of the regulations, which were first implemented in 2021. This comes after the SDFR faced criticism of its vague definition of “sustainable investment,” its use by the market as a labelling system, misalignment within the sustainable finance framework, and potentially encouraging greenwashing, among other issues.
What’s next?
- The consultations will take place until December 15, 2023, with targeted workshops on the challenges and opportunities for SFDR beginning October 10, 2023.
- The Commission will use feedback from the consultation to inform its regulation of financial product labels, current requirements of the SFDR, interaction with other sustainable finance legislation, and potential changes to the disclosure requirements for financial market participants.
Contact us: For further information on how your business can better navigate emerging ESG regulations, please contact Ben Herskowitz, Senior Managing Director, U.S. at [email protected]
The views expressed in this article are those of the author(s) and not necessarily the views of FTI Consulting, its management, its subsidiaries, its affiliates, or its other professionals.
©2023 FTI Consulting, Inc. All rights reserved. www.fticonsulting.com