EDCI 2024: What to Expect and How to Prepare for the 2024 EDCI Reporting Cycle
Webinar Transcript
Welcome and introductions
Welcome to today's session on CSRD and ESRS for North American companies. This session is brought to you by Pulsora and CDP. We are a proud partner of CDP and excited to have this session today.
CSRD may be a European regulation, but with far-reaching consequences for North American companies as well. We are going to talk today about strategies for seamless compliance. On today's session we have Guilherme Casaro, Senior Corporate and Policy Officer at CDP Europe, Maddie Foote, our Sustainability Regulation Lead at Pulsora, and myself, Nicole Peerless, Head of Business Engagement at Pulsora.
Quick housekeeping: this video is being recorded. We would like to make it interactive, so please include your questions in the chat. We will be answering them throughout the session and we will also have a Q&A at the end, should we have time.
We are going to start with a little bit of CSRD 101 and then talk about the implications throughout the value chain and what this means for North American companies. We will also talk about some recommendations. With that, I'll pass it over to my colleague Maddie to get started.
CSRD 101: what the regulation is
Thanks so much, Nicole, and thank you everyone for your time today. I'm going to spend the next few minutes running through the fundamentals of CSRD.
CSRD, the Corporate Sustainability Reporting Directive, was adopted in the European Union in January of this year. It creates common standards for companies to report sustainability information to stakeholders.
The objective of the European Union here was to create transparency with respect to sustainability information for citizens, consumers, and investors. It's also intended to improve readability, comparability, and simplicity in the sustainability information provided by companies. This addresses the problem of fragmented and non-comparable ESG information currently being reported.
The ramifications of this legislation are fairly massive. It's estimated that approximately 50,000 companies worldwide will be impacted by CSRD. A recent Refinitiv analysis suggests that includes over 3,000 companies in the United States and roughly 1,300 in Canada.
NFRD predecessor and the Green Deal push
CSRD builds on and will ultimately replace a piece of existing legislation in the EU known as the Non-Financial Reporting Directive, the NFRD. The NFRD was introduced in 2014. It requires large listed corporate entities to include in their financial reporting a statement about their non-financial impacts. That information includes environmental and social matters, treatment of employees, human rights, anti-corruption and bribery. Companies have to disclose high-level information related to those sustainability matters with an emphasis on how their business model interacts, any policies, risk management, or any KPIs associated with those matters.
As part of the European Green Deal, the European Commission sought to review the provisions of non-financial reporting and determined that if companies carried out better sustainability reporting, the ultimate beneficiaries would be firstly investors, and secondly civil society actors who would be better informed about these sustainability risks and opportunities. As a result, the European Commission drafted and then later enacted the CSRD.
Key CSRD requirements
A few key requirements here that we'll go into greater detail on later. For companies subject to CSRD, you will have to disclose against what's known as the European Sustainability Reporting Standards, or the ESRS. You'll have to complete a double materiality assessment and also obtain assurance of reported information. These are three key requirements that very few companies right now are doing, and that's why the ramifications of CSRD are quite significant and why companies should be paying attention to this piece of legislation.
Who is in scope and the reporting timeline
CSRD applies to certain groups of companies on a phased-in, rolling basis. The first group are those companies already subject to NFRD, and they'll be reporting in 2025 based on 2024 data.
The second set of companies are large European companies, both listed and not listed, that meet at least two of the criteria set out on this slide. Either they have net assets of over 25 million euros, net turnover of over 50 million euros, or an average number of employees of around 250. That group will be reporting for the first time under CSRD in 2026 based on 2025 data.
Next come listed small and medium enterprises, not including micro undertakings. They'll be reporting in 2027. However, they do have the option to defer by two years, in which case they will be reporting at the same time as the final group, which is reporting in 2029 based on 2028 data. This final group is large companies that are not based in the European Union but do have significant EU operations. That means your company is a foreign company not listed in the European Union but has at least 150 million euros in annual turnover in the European Union, and that applies to the previous two preceding financial years. In addition, you have either an EU subsidiary with net revenue greater than 40 million euros or an EU subsidiary that otherwise meets one of the other requirements in CSRD. That is also subject to CSRD.
Maddie, we have a quick question from one of the attendees. They're talking about the status of ESRS. The question is, isn't it impossible to report against ESRS since they aren't at a draft status yet?
I'll go into this in a second, but they're currently not at a draft status. There are a few different sets of ESRSs. The one most people have seen right now is what I would call the sector-agnostic ESRSs. I'll talk about this in a second, but they are finalised. There are other sets of standards that will apply, for example, to SMEs or to companies outside of the EU that haven't yet been drafted. Perhaps that is what the question asker is talking about, but that question will be answered in a second.
One thing I would point out here is that, with respect to the second group of companies listed, this also applies to parent companies. The figures listed, the balance sheet, net turnover, would all be consolidated at a group level. If you have a group company, the parent may not meet that criteria, but if its subsidiaries consolidated do, then it falls within that category as well. Another point: if you have a foreign company that is cross-listed, has a debt or equity listing in the European Union, you would fall into this second category as well and be reporting in 2026.
ESRS structure: 2 cross-cutting and 10 topical
On to the ESRSs themselves. CSRD requires in-scope companies to report against these ESRSs. There are two standards that are cross-cutting and ten that are topical. The ten topical standards cover environmental, social, and governance matters.
The cross-cutting ones I'll dwell on. ESRS 1 describes the architecture of the ESRS standards. It sets out general requirements but doesn't have any specific disclosure requirements. You'd find things in ESRS 1 like drafting conventions, fundamental concepts, and general requirements for preparing and presenting sustainability-related information.
ESRS 2 sets out some mandatory disclosure requirements on the information the company has to provide at a high level across all material sustainability matters. Then we have five environmental, four social, and one governance topical standards.
Something to note up front, which we'll discuss a little later, is that not all companies need to report against all of these standards. It's all subject to a materiality assessment. Companies will need to run through this assessment to determine which of these standards are material to them and then disclose against those material standards.
ESRS development and the TCFD framework
A bit more on the development of the ESRSs. These were prepared by EFRAG, the European Financial Reporting Advisory Group, on a mandate from the European Commission. EFRAG put together the disclosure drafts released last year. The European Commission then reviewed the exposure drafts, finalised them, and adopted them in July of this year.
Those drafts were then subject to a period of scrutiny by both the European Parliament and Council. There was no successful objection to the drafts. There was an attempt last month that was not successful. This essentially means that these sector-agnostic ESRSs are finalised.
Another note: they're based on the TCFD four-pillar framework: governance, strategy, risk management (or under the ESRSs, impacts, risks, and opportunities), and metrics and targets. As you're reading through the ESRSs, you'll see they ask for information like a company's governance processes, controls, and procedures, how the company's strategy and business model interact with risks and impacts, any information on metrics and targets, and how the company is performing against those.
Additional ESRS sets coming: SME, sector-specific, non-EU
In response to the earlier question, there are other additional reporting standards that the European Commission is going to adopt. These are all associated with those groups of companies we ran through.
Right now we have the sector-agnostic ESRSs. These will be reported by the main group of European companies, both listed and not listed. Those are already adopted and finalised.
We'll then have a set of SME-specific standards that will be streamlined. They're expected in 2024. Following that, in 2026, we're expecting the Commission to put together some sector-specific standards. I've heard there will be up to 40 different sectors included in these standards. Finally, non-European companies will be reporting against streamlined standards that are also expected in 2026.
One thing to note, a slight update that happened last month: the sector-specific standards and the non-EU standards were pushed back by two years. We were originally expecting them next year, but the European Commission, recognising that it's already going to be a fair amount of work for companies to get their head around the sector-agnostic ESRSs, said we'll give companies a little bit more time to get used to these ESRSs, and then we'll bring in the sector-specific standards and additional reporting requirements.
ESRS and other reporting standards (SASB, ISSB)
Maddie, before you move on, we've got some great questions following up on your comments regarding standard alignment. The first question is: is there any alignment between ESRS and SASB standards? The second is: would an ISSB alignment report meet the requirements for the CSRD ESRS?
Those are both great questions, and I think I can answer them at the same time. SASB and ISSB standards both fall under the ISSB group at the moment. That's the International Sustainability Standards Board. That organisation is working with EFRAG on alignment with the ESRSs.
On the first question, in a way the SASB standards are looking to be pushed into more of a legacy role, I would say. I don't think the ISSB is specifically working on alignment with SASB, but they are working on alignment with ISSB standards. That's the IFRS S1 and S2 standards just released. There's an expectation that ultimately these ISSB standards will be expanded and then replace the SASB standards.
On that point, right now we only have ISSB standards that cover general disclosures and climate change, so there's not a huge amount of alignment possible there yet, just because CSRD is so much more expansive and covers many more sustainability matters than general and climate change. But yes, that is an ongoing conversation between both EFRAG and ISSB.
CSRD timeline and member state transposition
Here's a timeline of all of the events I've just described. One thing I haven't touched on that's in this timeline is that EU member states will have until July of next year to transpose CSRD into their national law. There's not going to be a huge amount of difference between what we know in CSRD right now that's been prepared by the European Commission and what will be enacted by member states.
However, member states do have a certain degree of latitude when transposing the law and, for example, will be able to set their own enforcement actions and penalties for non-compliant companies, among a few other things. I would say the NFRD gave member states a lot more latitude than CSRD does. Based on that result, the CSRD and European Commission have tried to tighten a lot of the language. Not too much in terms of differences between how this will exist at member state level. Countries such as Ireland and the Netherlands are already in the process of running through a public consultation to decide how best to incorporate CSRD into their national law.
There is a risk that they could even expand the numbers of companies included within CSRD and also add additional disclosure requirements. They're not limited in that situation, but it remains to be seen how that will work and which countries will decide to do that.
Expected costs and enforcement
This is great, Maddie. Just with regards to that timeline, comes a really tricky question in the chat. The question is, what is the expected cost of CSRD regulatory compliance for large foreign companies?
It is a great question, and it's certainly something companies will have to come to grips with. As we run through some of the recommendations later, at each point a company will have to individually determine how great the burden will be in terms of resources and costs. That will be really case-specific depending on what standards are material to your company, what you already have in place, how far you have to move from your current supporting processes, your current reporting and sustainability processes, to what you will need for CSRD. It will be a big leap for most companies, but that's something they'll need to track individually.
Are there any ideas, or have you heard any buzz around penalties or enforcement with regards to the regulation?
No, I couldn't talk to that specifically. One analogue would be the GDPR, another piece of European legislation that has this sort of extraterritorial enforcement. There, for example, we're seeing significant fines being levied against companies like Google and other large tech companies with respect to non-compliance. We'll just have to wait to see what member states do come July of next year and what kinds of penalties are going to be expected.
Double materiality
Touching now on double materiality. The double materiality assessment is the starting point for sustainability reporting under the ESRSs. A company needs to only disclose a certain matter if that matter is found to be material.
Double materiality has two dimensions, impact materiality and financial materiality. A sustainability matter is material from an impact perspective when it pertains to the company's actual or potential impacts on people or the environment. In other words, it's the external impact of the company's operations or value chain. A sustainability matter is material from a financial perspective if it could trigger financial effects on the company. So it affects the company's cash flows or access to capital. This is essentially inward-looking materiality.
Under the ESRSs, a matter will be considered material if it meets the criteria for impact materiality, financial materiality, or both. Companies reporting under the ESRSs have to start by completing a double materiality assessment to determine which disclosure requirements are material in order to understand if they do or do not need to report against them.
The double materiality assessment in practice
There is some guidance in the ESRSs as to how to conduct this assessment. EFRAG is very aware that this is a completely new process for many companies and is releasing guidance pretty regularly. There is no specific sequence of steps set out in the ESRSs to be taken when performing the materiality assessment. EFRAG has recognised that this will also be pretty individual to certain companies and really depend on their facts or circumstances.
However, they have thrown us a bone and said that if a company is able to perform a materiality assessment, or has done so, under GRI, the Global Reporting Initiative, that would constitute a good basis for an ESRS materiality assessment. In addition, you should document all steps taken in the materiality assessment, which is important for assurance reasons.
While it should be clear that the ESRSs need to be reported annually, as they'll be included as part of your annual financial statements, and materiality has to be determined before reporting, EFRAG has said you could carry over your materiality assessment from a previous year into your current year, provided there are no material significant changes to your company's organisation or operations.
A final note here: if you find that E1, the climate change standard, is not material to your company after running through this materiality assessment, you do have to provide a detailed statement explaining why that is the conclusion. You also have to include a forward-looking analysis suggesting that in future the company may find that climate change is material to them. Last point: ESRS 2, the general disclosure requirements, will always be mandatory irrespective of the materiality assessment.
Reporting format: the sustainability statement and XBRL
With respect to reporting, CSRD requires European companies to report their sustainability information in a separate section of their annual financial report. This report will be called the sustainability statement. Organisations will need to prepare these reports using what's known as an XBRL taxonomy. This will allow them to tag information in the sustainability statement so that it is in machine-readable data and can be made available on the public European Single Access Point. This is how European companies report their financial information. EFRAG is currently developing this digital taxonomy, and public consultation on that process will open in early 2024.
Assurance: limited to reasonable
Finally for this section, I wanted to talk a little more about assurance, another differentiating factor for CSRD. CSRD mandates that sustainability information must be assured by an auditor to the level of limited assurance initially. By 2028, the expectation is that this information will be assured to the level of reasonable assurance.
Limited assurance is essentially posited in a negative form. The assurance letter would effectively say that no matter has been identified by the auditor to conclude that the subject is materially misstated. It's a lower level, as you would expect, and reasonable assurance requires fewer tests.
Reasonable assurance, on the other hand, is made in the form of a positive expression. The opinion would be something to the effect that the auditor has determined that the sustainability information complies with the European Union's sustainability reporting requirements. It requires many more substantive tests by the auditor. This is also the level of assurance that auditors take when looking at audited financial statements.
One note: the European Commission has said they will look into whether reasonable assurance is actually feasible for sustainability-related information. There is a non-zero chance this requirement might go away by 2028, but that remains to be seen.
With that, I'll hand over to Guilherme to talk about value chain implications for ESRS.
CDP introduction
Thank you very much, Maddie. Very comprehensive overview. Just to add on assurance: it is also expected that the European Commission will issue, within the regulation, the steps that auditors need to take to provide limited and reasonable assurance.
Before we jump into ESRS and value chain, I wanted to quickly introduce CDP. Some of you may not have heard of us before. CDP started the environmental disclosure system 20 years ago. 20 years before the onset of the ESRS, CDP was already collecting information on climate impacts from companies. Nowadays we collect environmental impacts more broadly. This year we had over 23,000 disclosures to CDP.
The way it works is that these companies are requested by investors. We have over 740 investors that represent over US$130 trillion in assets. We also have companies that request their suppliers through the CDP platform. So those 23,000 disclosures are made of self-disclosures, companies requested by investors, and companies requested by customers. We also have a cities, states, and regions programme where cities can disclose their environmental impact, and we have over 1,100 disclosures on that.
CDP has been a provider of data to the whole ESG ecosystem since the onset of our platform. A lot of the investors that invest in your company work with CDP data. We have a big presence in North America, but also in Latin America, Europe, Asia, and so on. It's a pretty global platform.
ESRS and value chain implications
Now to ESRS and value chain compliance. Maddie touched on the important points that CSRD requires companies to provide a sustainability statement, due at the same time as your financial statement. In this sustainability statement, you need to provide information on your materiality assessments. The double materiality assessment means you need to consider your value chain when analysing the impacts, risks, and opportunities that your company has.
It's important to note there is a three-year phase-in period for companies to allow for SMEs to adapt. This is a very important moment in time because this is when European companies are setting up the processes upon which they will collect this information. They are preparing to do their double materiality assessments. They are assessing the tools. There are a lot of tools now available in the market, and they're assessing which ones they will use to gather information on their suppliers.
The important message: if you're a supplier of a European company, CSRD will likely apply to you. Even though you may not fall within the jurisdiction of the European Union, your customers do. They need to assess their impacts, risks, and opportunities across their value chains, and they will need the information that you have.
Value chain actors: upstream and downstream
Who are these actors within the value chain? Actors within the value chain are defined in CSRD as individuals or entities in the upstream and downstream value chain. In the downstream, we're talking about distributors and customers. In the upstream, we're basically talking about suppliers, which might be most of you.
Materiality in the value chain
On materiality, it is important that you also start to assess your material impacts, risks, and opportunities in the environment. As said, it's very likely that this information will also be required to an extent from you, from your customers here in Europe. This can be a direct relationship, you and your direct customer, but in theory, companies within the EU will have to assess their whole value chain. That's not limited to tier-one companies. It doesn't mean that you need to be a direct supplier. If you are within the value chain of a European company, they will need to gather information about you.
This materiality assessment, which Maddie talked about, is a new concept. Double materiality is a concept developed by the EU, so it needs some guidance. Companies need to understand how best to perform this assessment. EFRAG is developing implementation guidance. Currently, it's in its draft phase and should be released sometime by the end of the year or beginning of 2024. It's important that within this materiality assessment, companies provide information on, for example, geographies, activities, sectors, operations, and so on.
Note: this transcript is truncated at the 30-minute mark. The remainder of the webinar, covering value chain materiality detail and the closing recommendations, is available on the recording.
