The Corporate Sustainability Reporting Directive (CSRD) took effect on 5 January 2023. This directive amends the Non-Financial Reporting Directive of 2014 (NFRD) and introduces more detailed requirements for non-financial reporting in the area of ESG.
Companies subject to the CSRD will be required to report in accordance with the European Sustainability Reporting Standards (ESRS). The first set of these draft standards has been produced by EFRAG (formerly known as the European Advisory Group) as an independent body acting as a technical advisor to the European Commission. In November 2022, the drafts were submitted to the European Commission, which is expected to accept a final version in the first half of 2023.
Although the ESRS regulate all three main ESG areas (Environmental, Social, and Governance), this article will mostly focus on the governance standards.
The governance standards are often rather on the sidelines of the imaginary spectrum of interests in ESG. Their interpretation and application raise a number of practical issues that many companies will need to address in the near future.
Non-compliance with governance standards is often the cause (or one of the causes) of many recent economic scandals, including but not limited to the FTX cryptocurrency exchange crash. The CSRD and related non-financial reporting standards should be one of the tools helping to prevent similar situations.
Therefore, we believe that governance is absolutely crucial for the CSRD and ESG, overarching these issues.
What do the ESRS bring in the area of governance?
The draft governance non-financial reporting standards were part of the above-mentioned package submitted to the European Commission by EFRAG. The core of the regulation is the ESRS G1 Business Conduct standard (and its related annexes). This standard distinguishes six main categories specific to governance within which it lays down the specific requirements for non-financial reporting:
G1-1: Corporate Culture and Principles of Business Conduct
Companies will be required to report on how their executive, management, and supervisory bodies participate in creating, monitoring, promoting, and evaluating corporate culture. The information to be disclosed includes information on the strategy of developing corporate culture, how the strategy is implemented, and how outcomes are evaluated.
The companies concerned will mainly be required to describe procedures for identifying, detecting, and investigating concerns with respect to unlawful conduct or conduct in conflict with the company’s ethical code or other similar internal regulations, including information on whether the company allows for the submission of reports by internal and/or external stakeholders.
In addition, information disclosed will regard:
- Anti-corruption and anti-bribery policies;
- Mechanisms for the protection of company employees who blow the whistle on risky or problematic behavior (whether they are whistleblowers (including whistleblower protection), or employees who refuse to act unethically even at the cost of losing a contract/contracts);
- Animal welfare policies (if relevant to the respective company, given the specifics of the company's business); and
- Training strategies within the company in these areas.
G1-2: Supplier Relationship Management
Companies will also report information concerning supplier relationship management and its impact on their supply chain, including:
Information on the company's supplier relationship management strategy in the context of supply chain risks (both generally and specifically in terms of sustainability);
Information on whether / to what extent the company considers social and environmental criteria when selecting its suppliers; and
A description of the procedures the company has put in place to support so-called vulnerable suppliers.
Companies will also disclose a list of their policies/procedures aimed at preventing late payments to their SME suppliers.
The objective of these requirements is to facilitate a better understanding of how the company manages the selection of suppliers, including fair dealing with them.
G1-3: Prevention and Detection of Corruption and Bribery
Companies will also be required to disclose information concerning their system for the prevention, detection, investigation, and response to allegations or incidents related to corruption and/or bribery.
This information will include, without limitation:
- An overview of the procedures in place to prevent, detect, and resolve allegations or suspicions;
- Information on whether the investigating persons (or the investigating committee) are functionally separate/independent from the persons in management associated with the issue under investigation;
- The procedure for reporting the results of internal investigations to the executive, management, and supervisory bodies of the company;
- Information about anti-corruption and anti-bribery training.
G1-4: Confirmed Cases of Bribery and Corruption
Companies will provide information on confirmed cases of corruption and/or bribery. The number of such cases will be accessible to the public. However, information about the identity of the individuals involved in the individual proceedings probably does not have to be disclosed.
In particular, companies will be required to disclose:
- The number and character of the confirmed bribery and/or corruption cases;
- The number of people convicted of these delicts;
- Information on public lawsuits brought against the company as a whole or against its employees and the results of these lawsuits, if any. It will be also necessary to disclose the results of previously instigated litigation concluded in the current reporting period with the respective results;
- The number of cases where employees were dismissed or disciplined or where contracts with business partners were terminated or not renewed due to violation of anti-bribery or anti-corruption regulations.
G1-5: Political Involvement and Lobbying
In this area, companies will be mainly required to disclose information about activities and engagements concerning their political involvement and influence, including their significant lobbying activities.
The following information will chiefly be disclosed:
- About the persons in the executive, management, and supervisory bodies of the company responsible for overseeing these activities;
- About the financial and material contributions to politically active entities;
- The main areas/topics covered by the company's lobbying activities and the company's main positions on these issues.
- Information on whether the company is registered in the EU Transparency Register or another equivalent transparency register in a member state must also be disclosed.
Last but not least, companies will be required to report whether members of their executive, management, or supervisory bodies held similar positions in public administration (including regulatory bodies) in the past (in the two years before having been appointed to the respective position).
G1-6: Payment Procedures
Here, companies will be required to report information about their payment procedures, focusing on any late payments to their SME business partners.
This information will mainly include the following:
- The average period of time (in days) it takes the company to pay an invoice from the date when the statutory or contractual maturity period commences;
- A description of standard payment periods in days (broken down according to the main categories of suppliers and the proportion of payments made within the respective periods);
- The number of legal proceedings (currently pending) concerning late payments during the reporting period;
- Any additional information required to provide sufficient context.
In conclusion, it is important to note that all the governance standards must be interpreted in the context of the remaining ESRS and other legislation, not just in the area of ESG. Issues addressed by these standards often have a broader scope and overlap into other related areas.
It is also important to remember that companies will generally be required to only report information that is essential in terms of sustainability. An open question for the moment is which particular information must (or cannot) be considered relevant in this context and how to interpret the requirements of the ESRS correctly in specific situations in the context of other legislation (such as in the area of protection of personal data of company employees, etc.).
In the article above, we rely on the versions of the (draft) standards submitted by EFRAG to the European Commission in November 2022. The final versions and wording of these standards may still be subject to changes and modifications in the approval process. We will closely monitor any further developments.
By Marek Prochazka, Partner and Milan Sivy, Attorney, PRK Parnters