Sustainability regulation: ESG disclosures and demand for accountability set the tone for the future

Executive Summary

In recent years, increasing pressures from a variety of stakeholders have combined to drive companies toward more sustainable practices in their business operations and greater transparency. The real game-changer, however, has been the proliferation of recent global environmental, social and governance (ESG) reporting regulations, which require a level of reporting far above the voluntary disclosures many companies have been issuing to their stakeholder groups.

The major regulations in play are the Corporate Sustainability Reporting Directive (CSRD) by the European Union adopted on 5 January, 2023, and the highly anticipated climate rules by the Securities and Exchange Commission (SEC) in the United States, expected in the first half of 2023 — but there are others, as well. This white paper provides an overview of the current global ESG regulatory dynamic and outlines steps companies should take today to prepare to do business in the new regulatory paradigm.


Nearly 20 years after the acronym ESG (environmental, social and governance) was introduced on the global stage in an investment context, the concept today has become equated with sustainability and corporate responsibility. There has been a growing acknowledgement that companies and investors alike have become too focused on short-term investment horizons and profits at the expense of the long-term sustainability of those profits. Often, short-term profitability can have negative impact on the environment, workforce and society at large.

In response, many organisations shifted their strategy to appeal to emerging demands for environmentally and socially conscious products and services. Too often, however, these positioning efforts amounted to “greenwashing,” a term coined to describe irrelevant or misleading statements that did more for marketing campaigns than they did to actually reduce emissions and positively impact the planet. Investors and consumers began to demand more concrete ESG accountability and higher disclosure standards, and a number of frameworks emerged to facilitate reporting and comparing of information across companies to help stakeholders make informed decisions.

Concurrently, the annual Conference of the Parties (COP) of the United Nations and the resulting Kyoto Protocol (ratified in 2005) and 2015 Paris Agreement have formally acknowledged the growing threat of climate change and the need for governments and corporations to do something about it. Faced with climate events of extreme severity happening at an alarming frequency, and the related societal and political fallout, the C-suite began to recognise that climate change could indeed pose a threat to a company’s resources, supply chains, financial performance, and, ultimately, life on earth.

In particular, the Paris Agreement states that “international cooperation and coordinated solutions at all levels” are needed in order to limit global warming to 1.5 degrees Celsius. To achieve this goal, countries must limit their GHG emissions drastically, achieving net zero emissions by 2050. Many countries have already adopted or are in the process of adopting regulations to support this goal, requiring companies within their jurisdictions to report on their ESG performance and progress toward achieving the net-zero target.

Pressures and Drivers

Until January of this year, when the Corporate Sustainability Reporting Directive was adopted by the European Union, most ESG disclosures were voluntary, driven by the following stakeholder groups:


Arguably the most influential ESG voice in the investment community has been BlackRock, the private equity behemoth with nearly US $8 trillion in assets under management (AUM). In a “line in the sand” letter to CEOs, BlackRock CEO Larry Fink in 2021 stated: “Given how central the energy transition will be to every company’s growth prospects, we are asking companies to disclose a plan for how their business model will be compatible with a net zero economy — that is, one where global warming is limited to well below 2ºC, consistent with a global aspiration of net zero greenhouse gas emissions by 2050. We are asking you to disclose how this plan is incorporated into your long-term strategy and reviewed by your board of directors.” Fink’s position generated both positive and negative reaction at the time, but the backlash has not altered his opinion that decarbonisation is inevitable.[1] Meanwhile, the number of signatories to Principles for Responsible Investment — a United Nations affiliate made up of investment managers that formally introduced and continues to herald ESG — has grown from 63 signatories with $6.5 trillion in AUM in 2006 to more than 5,300 signatories with $121 trillion AUM at the end of 2022.


Several studies and surveys indicate that customers want the brands with which they do business to support social, environmental, socioeconomic, and even political causes that are important to them.

Meanwhile, organisations are facing growing demands from customers for more transparency into their sustainability practices and those of their supply chain partners and other vendors. Often, these customers need clarity as to how vendor procurement policies will affect their own ESG targets.


Similarly, robust ESG programs are proving essential to talent recruitment and retention in a fiercely competitive hiring environment, with more than 70 percent of respondents to a Robert Half survey saying they would leave an employer whose values don’t align with their own. Companies like Patagonia, which proactively promotes fair labor practices, have long enjoyed deep customer and employee loyalty. Meanwhile, employees are leveraging ESG to make changes within their companies, in some cases pointing out discrepancies between an organisation’s rhetoric about the rights of workers and its actions. Among other notable events attributed to ESG awareness, in 2022, Starbucks announced that it would halt its stock buyback program and invest more of its profits in people after workers voted to unionise.

As a result of demands by the aforementioned stakeholders, companies have gone to great lengths to showcase their efforts to build businesses guided by sustainable, social and environmental stewardship across a variety of mediums, from annual reports and other investor communications to customer-facing websites. In 2021, 96 percent of the top 250 global companies (based on the Fortune 500 Global 500) made sustainability disclosures, up from 64 percent in 2005. But the extent to which these voluntary disclosures have met the demands for transparency, completeness, comparability and, most importantly, progress, remained uncertain.

A Game-Changer for ESG

Governments and governmental bodies around the world have stepped up to demand new — in some cases, mandatory, standardised and verifiable — ESG performance reporting. Some of the reporting regulations issued or in the process of being finalised have requirements for materiality, double materiality, and attestation, and affect both public and private companies, as well as non-profit and other entities. Noteworthy current or planned regulations to date include the following:


  • CSRD — The European Union’s Corporate Sustainability Reporting Directive, which came into effect in early January 2023, requires EU companies that meet certain criteria and certain non-EU companies with EU operations to disclose their sustainability governance, strategy, impacts,risks, opportunities, targets and metrics. This is the strictest of sustainability directives, and it requires companies to apply a double materiality standard to the reporting of sustainability matters.It requires external audit (limited assurance)for the sustainability information included in the management report.[2] The European Union Sustainability Reporting Standards (ESRS), will specify exactly what needs to be reported under the CSRD, as well as key performance indicators (KPIs).The first set of sector-agnostic ESRS is expected at the end of June 2023, to be followed by sector-specific ESRS later in the same year.
  • Switzerland and the United Kingdom also have issued ESG-related regulations. The UK enacted two mandatory ESG disclosure laws in April 2022: The Companies (Strategic Report) (Climate-related Financial Disclosure) Regulations 2022 and The Limited Liability Partnerships (Climate-related Financial Disclosure) Regulations 2022. These regulations affect certain companies with more than 500 employees and require climate-related financial disclosures in the strategic report.

United States

Only 26% of public companies and 31% of private companies in the U.S. have assessed their readiness for potential new mandatory ESG disclosures


In the Asia-Pacific region, several countries have taken steps to regulate or encourage ESG reporting:

  • The Japan Financial Services Agency has introduced new disclosure requirements for climate change and human capital management for listed companies. These requirements came into effect for fiscal years beginning on or after April 1, 2022. The disclosure requirements for climate change are based on the recommendations by the Task Force on Climate-Related Financial Disclosures (TCFD).
  • In China, the China Securities Regulatory Commission (CSRC) established the basic disclosure framework of ESG when it issued the revised Standards on Governance of Listed Companies in 2018. In 2021, CSRC added a new chapter on environmental and social responsibility in Guidelines on the Content and Format of Information Disclosure by Companies Issuing Public Securities No. 2, requesting mandatory disclosure of the receipt of administrative penalties for environmental issues during the reporting period. In 2022, both Shanghai Stock Exchange (SSE) and Shenzhen Stock Exchange (SZSE) issued self-regulatory guidelines for listed companies explicitly requiring the disclosure of ESG information.
  • In 2020, the Hong Kong Stock Exchange revised its ESG reporting guide, first introduced in 2013, to enhance the ESG practices and performance disclosure requirements of listed companies.
  • In Singapore, the Monetary Authority of Singapore introduced guidelines for banks in 2019 to incorporate ESG-related factors into lending and investment decisions, and similar guidelines were issued for insurance companies and asset managers. In addition, Singapore Exchange renewed its 2016 ESG reporting framework in 2021, outlining a phased approach to mandatory reporting for listed companies.
  • In January 2023, the Australian government released a consultation paper on the development of a climate risk disclosure framework for companies and financial institutions, with plans to introduce mandatory sustainability and ESG reporting requirements for large Australian entities in the next few years. The paper describes implementing these new rules using a phased approach, beginning as soon as 2024. The ACCC (Australian Competition & Consumer Commission) has also recently released draft rules on Sustainability Claims to fight greenwashing by Companies.

Other disclosures related to sustainability include a host of modern slavery acts related to supply chain risks across numerous countries. Germany enacted one of the most recent reporting requirements on human rights and environmental due diligence.

Meanwhile, organisations like the Global Reporting Initiative (GRI), Task Force on Climate-Related Financial Disclosures (TCFD), and the International Sustainability Standards Board (ISSB) (which consolidates the Sustainability Accounting Standards Board [SASB], the Value Reporting Foundation and the Climate Disclosure Standards Board [CDSB])[4] are providing companies with ESG reporting guidance and standards. Some of the protocols promoted by these organisations are being incorporated into government regulations.

98% of executives in APAC and 96% in Europe have expectations for mandatory reporting, according to a Protiviti-Oxford survey
While we see geographic differences in the level of focus on ESG across the globe, it is important to note that for global companies, what affects one region affects the entire company. Leaders of organisations would do well to keep an eye on sustainability decisions from anywhere, as very few companies or supply chains are subject to only one jurisdiction.
Chris Wright

How Are Companies Affected?

Each time a new regulation is issued, it changes the executive mindset. What is different about the emerging ESG regulations is that they set an expectation for companies not only to provide transparency (i.e., disclose numbers), but, in some cases, also to report progress toward ESG targets using common standards and KPIs. 

Organisations that make sustainability claims for marketing purposes but lack the evidence to substantiate the statements, either because of an ungoverned ESG program or carelessness, could run afoul of “greenwashing” laws as governments around the world increasingly crack down on the practice. Beyond the regulatory requirements and potential penalties, boards and C-suite executives should consider the benefits of executing a verifiable sustainability strategy by measuring it against the costs and implications of doing business as usual. The good news is that, in many ways, creating value by concentrating on earnings durability and downside risk already incorporates many concepts associated with ESG. In other words, executing on ESG goals and ensuring long-term business value are not mutually exclusive, but supportive of each other.

Some companies may be reluctant to report detailed material information because the level of implementation is still low. Nevertheless, it is essential for business leaders to align internal ESG programs with external reporting requirements to avoid greenwashing risks or claims of misleading communications.
Ellen Holder

How to Approach ESG Reporting

While holistic sustainability programs are the engine that drives progress, ESG reporting and disclosures provide the necessary information and accountability in accordance with regulatory requirements and stakeholder needs. The following considerations can help executives determine the best way to achieve their reporting objectives.

Determine materiality and what ESG means for your company

What ESG means to a company will be determined by its industry, geographical footprint, and a number of other factors material to the business or its stakeholders. Some of the reporting scope may be determined by mandatory universal and industry-specific standards, while some may be based on an organisation’s customer orientation and values — but ultimately, it should focus on meeting the jurisdiction’s requirements and the path of the highest positive impact. Companies must use materiality criteria to determine not only the scope of ESG reporting but also the metrics and the required data.

Determine responsibility for ESG reporting

Who owns ESG reporting will likewise depend on a company’s unique characteristics. Chief financial officers, chief risk officers and chief operating officers are often assigned ownership, but the responsibility may also fall on chief data officers or a committee. At many companies, chief sustainability officers are increasingly fulfilling the ownership role. The number of CSOs holding an executive-level position increased to 28 percent in 2021, three times the percentage five years earlier.

In the case of CSRD, which positions ESG reporting in the management report of companies, the board and top management are ultimately responsible, though they may not be involved with the day-to-day aspects of data gathering. Companies must therefore determine who is responsible for providing and ensuring the quality of the required data.

Whoever ends up owning ESG reporting must have the ability to lead, communicate and collaborate across business functions because ESG permeates all of them.

Tell a credible story

“Credible” is the critical word here, and to meet that standard, all of the required data must be disclosed — cherry picking information is no longer acceptable. The EU’s CSRD stresses the importance of reliable, comparable and relevant information on sustainability risks, opportunities and impacts. With this data, investors and business partners can assess how the ESG efforts affect value chains, while non-governmental social impact and environmental organisations can monitor societal and climate trends, among other impacts.

  • ESG disclosures must be auditable and attested. The CSRD is requiring wide-ranging, attested reporting on 12 standards — two general, one governance, five environmental and four social matters. Additionally, the CSRD is obligating companies to secure third-party assurance for their disclosures — initially “limited” assurance, and by 2028, reasonable assurance if reasonable for auditors and companies. In the U.S., the SEC’s upcoming regulations will require ESG reporting attestation, but only on climate-related disclosures.
  • Reporting must be comprehensive. At a minimum, the information disclosed must satisfy regulatory requirements of the relevant jurisdiction. Companies must understand and define their reporting boundaries — which often extend beyond the walls of the enterprise. For example, Scope 3 emissions are “indirect” emissions that present a significant challenge when reporting greenhouse gas (GHG) emissions, but they are coming under increasing scrutiny by regulators. When measuring total GHG emissions, a company will need to assess emissions produced by assets that it does not own or control but that nevertheless are part of its value chain. Examples of the 15 categories of Scope 3 include business travel, employee commuting, waste disposal, distribution, and purchased goods and services.

Demonstrate progress

Companies must meet predetermined KPIs and demonstrate progress toward them. The materiality assessment, which each company should perform,[5] will clarify which KPIs will be material and therefore need to be reported. For example, organisations in scope for CSRD reporting need to show how their climate change mitigation plans are fulfilling the 1.5o C target. Organisations are emerging to help companies, investors, countries, cities, states and regions determine and measure their KPIs.

Where are companies in their ESG journey?

Building Your ESG Reporting Engine

Creating an ESG reporting program can feel overwhelming, especially for organisations that are newly affected and at the very beginning of their journey. The following recommendations can help make the effort a little less difficult:

Get it together in the proper order

Organisations may be eager to focus on the reporting as the most visible part of ESG before they have fully defined their strategy or scope — but this would be counterproductive. Companies must first assess their current state, decide what they want to accomplish and chart a road map to achieve those outcomes before making ESG disclosures. The reporting is the most visible part of ESG, but to be credible it needs to be rooted in operational changes tied to the activities of most impact — even if those operational changes are still evolving or ongoing.

Assemble the engine piece by piece

It may be tempting to report the information that is easiest to collect, but companies should focus on material matters first. These are the activities that have the biggest internal (on it) or external (from it) business impacts. In fact, the materiality of issues is a key requirement under CSRD. Focusing on material issues will not only facilitate reporting that complies with the regulatory standard, but will also place attention on operational aspects that can effect the biggest positive change or move the needle the most.

Leverage existing skills and architecture

It is not surprising that building an ESG reporting engine can leverage many of the skill sets and infrastructure expressed in key company processes: financial reporting, operational excellence programs, and data gathering and analysis. Data architecture that companies already have in place — enterprise resource planning, customer relationship management, financial reporting, and human resource systems — can be tailored to capture ESG information. Operational efficiency systems — metres, monitors and controllers — can also provide reportable information. Companies can use their existing data on energy and water usage, as well as waste and recycling rates, as a baseline from which to measure progress. Importantly, they can leverage internal control frameworks as the rigour expected for sustainability reporting is on par with financial reporting (in the case of CSRD, for example).

What do organisations need to be prepared for the new ESG disclosure requirements?

Establish internal controls

Companies should prepare themselves for the likelihood that most, if not all, of their ESG disclosures will be subject to some level of audit, depending on the regulatory jurisdiction in which they fall. And jurisdictions that do not require audits today could very well see them in the near future as global regulations continue to evolve. Therefore, strong internal controls over the ESG data gathering and reporting process are necessary to ensure information is accurate, complete and timely, and thus, audit-ready. To this end, the Committee of Sponsoring Organisations of the Treadway Commission (COSO) issued an updated guidance on how to effectively apply the 2013 Internal Control— Integrated Framework (ICIF) — currently applied to financial reporting — to sustainability reporting.

Aside from audit, internal controls ensure good governance and encourage accuracy, consistency, reliability and confidence in the results of the program.

Audit plan ESG strategies

Establish accountability for results 

Organisations should set goals and create accountability for them. Guided by materiality, they should rank those goals by their level of importance as they relate to the narrative the company is delivering to its stakeholders and the public. Additionally, companies should be prepared to recalibrate the ESG reporting process as needed during regularly scheduled follow-ups while also keeping an eye toward delivering expected financial results.

Build partnerships

When setting up an ESG reporting function, companies are likely to discover that they need to partner with service providers, data vendors, research groups and other organisations to meet their goals. When they start gathering information, in all probability they will find that they lack certain pieces of data, such as GHG emissions or human rights due diligence data. Consequently, they will need to identify vendors that provide data and calculation services that can fill those information gaps. Academic research institutions and other marketplace service organisations are gathering and exchanging information with various industries and making it broadly available, as well.

Partnerships with the broader ecosystem of clients and suppliers are critical, too. These relationships can create value for both parties in the form of collaborative positive impact, reduced risk, greater process efficiency, sustainable use of materials, improved product or service quality, and innovative advances. Additionally, firms with multifunctional expertise can help companies with virtually all aspects of building a sustainability program and reporting engine, including defining a story, mapping an ESG data ecosystem, developing a strategy and designing a road map to increase positive impacts and decrease negative impacts.


[1] In his 2023 letter, Fink states: “Government policy, technological innovation, and consumer preferences will ultimately determine the pace and scale of decarbonisation. Our job is to think through and model different scenarios to understand implications for our clients’ portfolios,” and “Our approach to investing in the transition is the same as our approach across our platform: we provide choice to our clients; we seek the best risk-adjusted returns within the mandate they give us; and we underpin our work with research, data, and analytics.”

[2] Learn more at
[3] Learn more at


[5] The materiality assessment is a requirement under CSRD, and a core component of certain standards and frameworks. For most companies, a materiality assessment is a reasonable starting point to determine the ESG areas of most impact.

In 75% of organisations, the finance team has taken on ESG risk and issues as part of its role

The ESG reporting landscape is shifting as the ability to measure environmental and social impacts continues to improve and as regulatory regimes evolve. No doubt, the ESG disclosure process is presenting many companies with a challenging learning curve. That curve is expected to flatten over time as reporting becomes standardised and widespread, and as companies learn from and exchange data with each other and their partners, vendors and suppliers, through public reports and disclosures.

More importantly, pursuing sustainable investments and practices can help organisations more accurately assess and mitigate long-term risks, understand how external factors may impact operational efficiencies, and strengthen relationships with customers, employees, shareholders, the community and other stakeholders. Robust ESG programs can also boost brand reputation, attract sustainability-minded investors, and enhance talent recruitment and retention.

Organisations that have stalled on their ESG journey, those that have only recently embarked on it, and those that continue to contemplate its importance, still have an opportunity to get up to speed. Now is the time to act. This will ensure that they can respond appropriately when stakeholders and regulators ask for information on how their business models influence the climate and society and how ESG topics influence their financial performance.

Sustainability is a complex, multi-dimensional topic, with varying levels of understanding across industries and companies. Protiviti offers a holistic and integrated approach to position organisations for continued, long-term success. We work closely with our clients to effectively evaluate what ESG means for their organisation, helping build, implement, execute, monitor and report on ESG objectives that will evolve and grow with the organisation. We want clients to understand the bigger picture, and to clearly identify where they can have the greatest impact on society and the environment, while maximising performance. By focusing and implementing sustainability into an organisation’s strategy, values, structures, processes, services and products, we help clients realise the value that doing good brings.


Ann Chi Koh
Ann Chi is a managing director who leads the internal audit and financial advisory services solution. She has a proven track record managing and leading multi-location and multi-year consultancy projects at top tiered global MNCs, particularly in the Asia-Pacific region ...
Gregor Neveling
Gregor is a director with more than 20 years of experience in the financial services industry, both in Europe and Asia. He has extensive experience in corporate, retail and investment banking, wealth and asset management, compliance, AML/CFT, KYC, and risk. He started ...