Ir Professor Raymond Wong, Head of Collaboration and Quality Assurance & Compliance, and Angus Chan, Manager (Environmental), both of CMA Testing and Certification Laboratories, and Ir Stephen Yu, Operations, Compliance & Risk Director, of BSI Hong Kong, discuss new Hong Kong proposals for environmental, social and governance (ESG) compliance, and suggest practical ways for companies to improve ESG analysis and reporting.

A tidal wave of global sustainable investing is driving a burgeoning interest in environmental, social and governance (ESG) disclosure, comprising how a company impacts the environment; how it manages its relationships, including with customers and the communities in which it operates; and how it deals with the whole range of governance and compliance issues. Stakeholders are urging a far greater disclosure of sustainability and ethical issues, and are demanding far more relevant detail. The way a company manages its ESG risk now has a profound effect on its financial and operational performance, while the regulatory and social requirements for measuring and disclosing ESG performance are evolving rapidly in tandem with its growing importance.

The Hong Kong position

In May 2019, The Stock Exchange of Hong Kong Ltd (the Exchange) issued a new consultation paper, entitled ‘Review of the Environmental, Social and Governance Reporting Guide and Related Listing Rules’ (ESG Review), in which it invited comments on a number of proposed changes to its first ‘Environmental, Social and Governance Reporting Guide’, introduced in 2013 as a recommended practice, and later updated with new listing rules in 2016.

In its review of the current ESG framework, the Exchange took into account other recent developments in Hong Kong, including the ‘Strategic Framework for Green Finance’, published by the Securities and Futures Commission in September 2018, and a paper entitled ‘Environmental, Social and Governance Strategy for Hong Kong’ published by the Financial Services Development Council in November 2018. On the international front, the Exchange also aligned its recommendations with those of the Task Force on Climate-related Financial Disclosures (TCFD), which more specifically emphasises climate-change issues.

The Exchange’s ESG Review proposes several amendments to support and improve governance and disclosure of ESG matters. These include requirements relating to an explanation of the application of the prescribed reporting principles, target setting for environmental key performance indicators (KPIs), upgrading all social KPIs to ‘comply or explain’ and guidelines on independent assurance. Proposals also cover the introduction of one new Aspect A4 on climate change, as well as four new KPIs, including a new anti-corruption KPI. Particular feasible actions are elaborated on to provide guidance when preparing for some of the potential new disclosure requirements.

The most significant proposed amendment in the Exchange’s ESG Review is the introduction of a number of mandatory disclosure requirements, which will impact ESG reporting and which incorporate disclosure of the board’s oversight of ESG issues; the process used to identify, evaluate and manage materiality; and the means by which progress towards ESG-related targets are measured and assessed.

Climate-change scenario analysis

Due to the escalating demands from investors and other stakeholders for decision-useful climate-related financial information, TCFD structured its recommendations around four thematic areas: governance, strategy, risk management, and metrics and targets. Scenario analysis is introduced for assessing climate-related issues, identifying risks and opportunities, and evaluating the potential financial implications.

In order to apply scenario analysis to the management of climate-related risks and opportunities, the authors advise that the following six major steps should be undertaken:

1. defining the assessment boundaries
2. assessing the materiality of climate-related risks, including market, reputational, policy and physical risks
3. defining the scenarios
4. conducting background and desktop research
5. evaluating impacts and opportunities, and
6. devising response plans.

Challenges related to climate scenario analysis

The challenge of climate scenario analysis is that the cumulative, second-order and projected impacts elicited by climate change are not obvious or direct, and thus a massive amount of desktop and background research covering a wide range of scientific literature is required to identify the direct and indirect linkages between a business and climate change. In order to better manage the risks involved, different climate scenario information is required to be interpreted in specific business contexts.

For example, take a company that is a pharmaceutical producer with a manufacturing site in Asia. When assessing the risks, failure to adopt new production technology like zero water withdrawal technology could constitute a technology risk. In terms of physical risk, there might be transportation disturbances due to flooding. There might be concerns over the type of packaging used, due to surging consumer awareness of sustainability issues, which in turn could constitute market and reputational risks.

In addition, changing perceptions about nutritional deficiency could gradually create a shift in market demand. The ‘Global Assessment Report on Biodiversity and Ecosystem Services’, published by the Intergovernmental Science-Policy Platform on Biodiversity and Ecosystem Services (IPBES) in 2019, found that nature, biodiversity and the agroecosystems are being eroded at rates unprecedented in human history. Climate change has exerted an adverse impact on nutrition through decreased food quantity and access, decreased dietary diversity, and decreased food nutritional content. Climate change affects the food supply chain – and subsequently, the nutritional supply. This demonstrates a second-order impact of climate change that constitutes a market risk. More importantly, significant second-order impacts are not rare.

Constructive mechanisms for fulfilling the quantitative reporting principle requirements

The Exchange’s ESG Review proposes that ESG reporting should include the disclosure of information on the standards, methodologies, assumptions and sources of the conversion factors used, to illustrate how the quantitative principle is being applied. For the sake of consistency, comparison and traceability, it is recommended that a data management system is established and that it is continuously enhanced.

Many companies have obtained ISO 14001 certification for their environmental management systems, covering aspects such as leadership, planning, operation, training, performance evaluation, management review, improvement and compliance. As the majority of companies tend not to take ESG requirements into consideration when implementing ISO 14001, management of the environmental data in relation to particular Environmental KPIs, such as KPI A1.1 Emissions and KPI A1.2 Greenhouse Gas (GHG) Emissions, has been relegated or even omitted.

Quality control activities involving consistent checks, as well as identification of errors and omissions, are not sufficient. It is recommended that the quality control activities also cover the activity data and emissions factors. In particular, because emissions factors change from time to time, a review of the quality of the emissions factors constitutes a vital necessity. A number of quality indicators, including the time horizon, as well as geographic and data sources, could be applied. Concerning the time horizon, the emissions factors should be published within five years. Regarding geographic considerations, data should be representative of the specific market in which the products are placed. For data sources, whether the emissions factors are published by a government organisation, an academic institute or an industry association does matter, in terms of credibility and reliability. Ideally, a scoring system should be developed for the betterment of the review.

Relationship between ESG and ISO management systems

Over 2,000 standards or guidelines published by the International Organization for Standardisation (ISO) are related to the Sustainable Development Goals, as set by the United Nations General Assembly in 2015. Particular ISO information management systems can enhance and enrich the disclosures under the ESG Reporting Guide, and further build credibility via certification. For example, the ISO 14001 standard for environmental management systems and the ISO 50001 standard for energy management systems could be used to systematically collate environmental policies and could function as tools for the general disclosures proposed under the Exchange’s ESG Review, under ‘comply or explain’ provisions, for Aspect A1 Emissions and A2 Use of Resources. Furthermore, these two systems could facilitate a review of any regulatory requirements newly promulgated and raise environmental awareness among employees.

1. ISO 45001. The ISO 45001 standard, which relates to a management system for occupational health and safety, and which focuses on risk prevention, innovation and continual improvement, can be utilised to demonstrate a company’s commitment to a sustainable working environment by providing a safe and healthy workplace, pertinent to Aspect B2 Health and Safety.

2. ISO/IEC 27001. The ISO/IEC 27001 standard provides requirements for an information security management system and is a systematic approach to addressing the issues of prevalent and sophisticated cyber-attacks, as well as the processes for managing important information. This ISO/IEC standard relates closely to KPI B6.5, under Aspect B6 Product Responsibility, and requires a description of consumer data protection and privacy policies, as well as its implementation and monitoring process.

3. ISO 37001. ISO 37001, which addresses the establishment or enhancement of an anti-bribery management system (ABMS), is an effective tool to satisfy compliance requirements of relevant legislation, manage risks throughout the supply chain, and ascertain which suppliers and subcontractors are committed to anti-bribery best practices. The ABMS is pertinent to Aspect B7 Anti-Corruption and, as such, could be adopted to prepare for the proposed new addition of KPI B7.3, which calls for a description of anti-corruption training provided to directors and staff.

Strategic application of the ISO management systems can foster business continuity and resilience. Externally, attaining certification in the ISO standards will build business credibility, since audits are conducted by a qualified certification body.

ISO 37001 anti-bribery management system

Because the framework for ISO 37001 ABMS was published only relatively recently, in October 2016, the amount of reference information is limited. Several procedures are required before a company can introduce an ABMS, including building a risk calculator to categorise the severity and likelihood of bribery, identifying interested parties, conducting an anti-bribery activity assessment and nurturing a workplace culture that incorporates anti-bribery. Regarding the anti-bribery activity assessment, assessment needs to be conducted for different lines of service and for different departments involving several aspects, consisting of the effectiveness of existing controls, risk treatment, review period, and identified opportunities and actions. If the company has operations across different regions, the audit activities would need to be influenced by the Corruption Perception Index (CPI) of the corresponding region. The CPI, which currently ranks 180 countries and territories by their perceived levels of public sector corruption, is published annually by Transparency International.

Even though the ABMS is a relatively new ISO framework, obstacles to its implementation can be surmounted with sufficient engagement across various internal departments.

The outlook for ESG

With the escalating demand – both locally and internationally – for better ESG performance and greater disclosure of ESG practices, along with inevitably tougher compliance regulations, companies are coming under increased pressure.

There is no doubt that a company can create value by enriching its ESG information and presenting that information in the expected format. Readily available tools, such as the ISO families of standards, can be utilised to assist and enhance ESG reporting, while information on materiality and methodologies can be accessed from several sources.

Challenges notwithstanding, compliance with ESG rules and regulations is only going to become more crucial as we move forward into the future.

Ir Professor Raymond Wong, Head of Collaboration and Quality Assurance & Compliance CMA Testing and Certification Laboratories

Ir Stephen Yu, Operations, Compliance & Risk Director BSI Hong Kong

Mr Angus Chan, Manager (Environmental) CMA Testing and Certification Laboratories