Working Group

As different jurisdictions draft increasingly rigorous ESG standards, businesses must prepare for a variety of incoming laws

Throughout 2023 lawmakers across the globe enacted a raft of ESG regulation,  prompting businesses to invest significant resource into ensuring compliance. Indeed, regulatory compliance is the number one investment priority for CSOs in 2024, according to Sustainability Leaders’ Sustainability Planning Guide 2024.

There are multiple ways in which companies are using this resource. In most instances, multinationals cannot comply with new legal requirements without the support of technology, which means selecting the right tool to aid compliance is now an important decision for sustainability teams.

Businesses are also finding that they are not set up for these compliance activities, with governance and responsibility not currently embedded within their operations. As such, sustainability teams are working to weave compliance activities into normal workflows.

Sustainability Leaders’ Working Group on the new regulatory environment examined how companies are approaching these issues, as well as the actions they taking to ensure regulatory compliance does not detract from core sustainability work.

The regulations businesses are focused on

The regulations having the biggest impact on companies typically vary by region, with organisations that have operations in the EU generally needing to comply with more regulations than their counterparts in other parts of the world. For example, the threshold at which the Corporate Sustainability Due Diligence Directive (CS3D) – which requires businesses conduct environmental and social due diligence across their value chains – would apply to EU-based companies is lower than the threshold for non-EU businesses that operate in the region. As a result, more Europe-based sustainability professionals said they consider CS3D a priority regulation. 

Similarly, the threshold at which the new Securities and Exchange Commission ESG disclosure requirements would apply to US-based businesses is slightly lower than that for foreign companies. US-based companies therefore report the SEC regulations as one of their primary concerns.  

The EU’s Corporate Sustainability Reporting Directive (CSRD) is a priority for companies on both sides of the Atlantic. A requirement for all large European companies and those listed on EU-regulated markets, one of the primary reasons the CSRD is a concern for businesses is its introduction of a “double materiality” assessment. This requires that companies define their impact on the environment and society (impact materiality), as well as report on how sustainability affects the company’s financial health (financial materiality). Given most businesses have little experience of such assessments, conducting double materiality is a learning exercise for many businesses.

To carry out their double materiality assessments, several companies in the working group are creating separate questionnaires for internal and external stakeholders. These include questions on how the stakeholder perceives the company’s impact on a range of ESG areas and how they believe these will affect the company financially. These companies will use the survey data to create a two-dimensional matrix of the company’s impact and financial materiality.

Governance to support compliance

At most organisations that took part in our working group, responsibility for ESG regulatory compliance  rests with the central sustainability team. Given these teams are typically small – averaging 3–7 full-time employees – and the breadth of regulations continues to expand, sustainability teams are becoming increasingly stretched as they attempt to manage compliance.

To help lighten the burden, many sustainability teams are taking steps to spread responsibility across the wider organisation. The importance of this was highlighted by several participants, who suggested there was confusion over who in their companies is responsible for different aspects of ESG compliance. For example, the head of sustainability at an energy company said: “We see challenges in the national interpretation of EU regulations, in countries where we’re not headquartered but we have legal entities that are required to do reporting. We have a sustainability function, but I have four people. We are present in around 20 countries and I cannot ensure compliance in countries for which I do not speak the language. But who is responsible? Is it the directors for that legal entity? We currently don’t have the answer.”

Participants on the call discussed different ‘hard’ and ‘soft’ methods to overcome such issues. Hard methods include:

  • Embedding and incentivising responsibility into other functions or legal entities: for example, finance playing a leading role in nonfinancial reporting; procurement collecting relevant Scope 3 data for compliance purposes; or a legal entity in a region/country leading on compliance in their location.
  • Dual reporting lines, where an FTE might report both into the legal team and into the corporate sustainability team, for example, thereby increasing the resources available.

Soft methods include:

  • Setting up cross-functional steering committees, which may cascade responsibility to their teams where the need arises.
  • Creating compliance “champions” spread among multiple functions. These individuals support the sustainability team with compliance data and reporting as it pertains to their part of the business.

As discussed during the working group, companies may use these methods in conjunction with, or as substitutes for, one another.

Choosing the right tech provider

In addition to improving governance and resourcing, teams are deploying technology to alleviate the regulatory workload. In particular, working group participants noted that accurate data-collection systems and analytics tools can remove much of the manual work required for ESG regulatory compliance, freeing up resources. 

An abundance of solution providers operate in this market, with vendors typically falling into one of three categories: 

  • Pure-play ESG analytics companies
  • ERP providers that have developed ESG functionality
  • Professional services consultancies

Pricing will vary depending on the type of provider, as well as the type and depth of compliance support required.

Examples of providers that working group participants have worked with include:  

Pure-play ESG analytics:

ERP providers:

Professional services consultancies:

  • Typically the ‘Big Four’ accounting firms (Deloitte, EY, KPMG, and PWC)


Several companies in the working group said they are currently undertaking an RFP to select a technology provider. There are a number of criteria that these companies are using to assess these proposals, including transparency and traceability; the ability to integrate with existing systems; and the ability to support compliance with numerous regulations, rather than specializing in one.

While there are merits to each type of provider, several companies stated a preference for smaller, pure-play ESG analytics. As a sustainability manager at one FMCG company commented: “While choosing a smaller provider comes with a risk – because you don’t know how they will develop, if they’ll be acquired by a larger company, and so on – they tend to meet more of our criteria because they have been purposefully built to address ESG requirements. We have found that bigger providers, which have added an ESG component onto their existing services, are not set up in this way and do not meet all of our criteria.”

Upcoming activities

There are no scheduled meetings for this Working Group, please check the Calendar for upcoming networking opportunities