Businesses and investment firms worldwide are rushing to embrace the use of Environmental, Social, and Corporate Governance (ESG) factors to educate investors, customers, and vendors about their commitment to addressing climate change and other significant societal harms. But recent actions by regulators and other law enforcement authorities in the United States and Europe demonstrate that companies choosing to make such statements must act with the same rigor and care as with their financial disclosures, lest they find themselves the target of a “first of its kind” enforcement action.
One recent example of regulators’ views on ESG disclosure shows that authorities are using enforcement proceedings unrelated to ESG to set the stage for how companies should view the ESG metrics they report to investors and customers. Yet without clear ESG guidance from regulators across the globe, companies face uncertain requirements for these burgeoning disclosures.
Late last year, the Wall Street Journal reported that the U.S. Department of Justice (DOJ) notified Deutsche Bank of a potential breach of its Deferred Prosecution Agreement (DPA) with the government, which had been finalized only a few months earlier. The justification for invoking the breach provision had nothing to do with the crimes at issue in the DPA – international bribery and manipulation of commodities markets – but with the failure of Deutsche Bank to inform the DOJ of allegations of erroneous public ESG disclosures at its asset-management subsidiary, DWS Group.
According to the Wall Street Journal report, Deutsche Bank allegedly attempted to cover up claims by its former chief sustainability officer that DWS tried to prop up its ESG scores by misstating the value of its sustainable investments. DOJ is now probing whether Deutsche Bank should have notified DOJ of these allegations by a high-ranking officer, who now looks more like a “whistleblower” than a disgruntled former employee. If DOJ concludes that Deutsche Bank should have disclosed the concerns about its ESG reporting – regardless of the eventual outcome of those allegations – the bank could face criminal prosecution for the corruption and market manipulation offenses it had thought were settled. This threat stands alongside inquiries by securities regulators in the United States and Germany into the ESG claims themselves.
For companies that enter into settlement arrangements with government agencies, the Deutsche Bank matter should serve as a stark reminder that prior misconduct is not truly resolved if the company fails to fulfill the obligations contained in the agreements. The federal government – as well as regulators in the 50 states – resolve allegations of corporate misconduct using a variety of settlement mechanisms, many of which impose obligations on the company in areas far afield from the alleged misconduct.
Breaches of these agreements can trigger enforcement proceedings that afford companies only minimal legal process, because the burden of reopening a prior enforcement action is generally lower than bringing new charges for subsequent misconduct. While such agreements typically provide the company with an opportunity to respond to the allegations of a breach, they also provide the government with nearly absolute enforcement discretion. Moreover, as the Deutsche Bank matter highlights, these agreements usually impose a truncated enforcement process that gives the government much greater latitude to punish ESG misrepresentations.
What Does ESG Disclosure Even Mean?
News that U.S. and German regulators are scrutinizing Deutsche Bank’s ESG disclosures has rightly led investment firms and other companies to scrub their own public statements related to ESG. In contrast to the government’s expressed desire to punish companies for making misleading ESG claims, however, securities regulators have not acted with the same zeal in promoting clarity around ESG reporting. Thus, even though companies have a powerful incentive to accurately evaluate and report their ESG factors, there remains ambiguity and uncertainty regarding how exactly to do so.
Many companies in the U.S. are issuing ESG-related disclosures using a corporate sustainability report (CSR) and minimizing the use of reports regulated by the U.S. Securities and Exchange Commission (SEC), such as the annual Form 10-K and other reports that must comply with Regulations S-K and S-X (Reg. S-K). Avoiding SEC scrutiny may be a key motivation for taking this route, as many companies report only the bare minimum about their ESG efforts in their 10-Ks, but publish expansive CSRs that paint glowing pictures of their efforts across the spectrum of applicable ESG issues. However, a recent surge in ESG-related enforcement by SEC and other agencies, as well as increasing civil litigation by securities plaintiffs, suggests that companies may have used less stringent review processes for CSRs than for SEC filings.
Though SEC has a robust enforcement tool box for securities-related wrongdoing, these tools are not particularly well suited for regulating ESG disclosures. The agency appears to view the disclosure mandates of Reg. S-K as perhaps its most relevant ESG-related enforcement regulation, as reflected in its 2010 Guidance Regarding Disclosure Related to Climate Change – much of which is devoted to explaining how Reg. S-K requires climate-related disclosures that may be material to a company’s value.
For example, the guidance reminds companies that the S-K Item 303 (“Management's Discussion and Analysis of Financial Condition and Results of Operations,” or MD&A), requires assessment of whether “trends and uncertainties will have, or are reasonably likely to have, a material impact on the registrant's liquidity, capital resources or results of operations.”
One problem with Reg. S-K is that its requirements typically focus on a company’s financial information, and ESG-related concerns do not always translate neatly into numbers. While the SEC may believe a company should disclose information that shows how climate change will impact future revenues, if the impacts are difficult to predict or quantify – even if very real – they may not turn up in the company’s current financials. Companies face the same challenge for other hard-to-quantify ESG issues, such as insufficient diversity efforts and deficiencies in corporate governance.
Of course, even if Regulation S-K and other SEC regulations do not apply to companies’ CSRs, the SEC and DOJ can pursue securities fraud actions involving ESG-related misrepresentations that impact investors’ investment decisions, whether or not they result in shareholder losses. The government may also use administrative enforcement tools to rein in companies, executives, and auditors that stray too far from established disclosure rules.
But because most of these tools were crafted to address overtly fraudulent conduct, their utility for pursuing more nuanced ESG disclosure issues is necessarily limited. This is reflected to some degree in the largely precatory climate change guidance, which does little more than put companies on notice about how climate change may affect a company’s market value in the future and that SEC regulations (primarily Reg. S-K) may require disclosure of these impacts if they are material.
The SEC has recognized that its power to enforce ESG disclosure deficiencies is lacking, and has responded to the administration’s call for a “whole of government approach” to address these issues by vowing to shore up its enforcement authority. In April 2021, the agency announced its creation of a “Climate and ESG Task Force” in the Division of Enforcement, and has repeatedly vowed to issue climate change regulations that will enhance its enforcement powers in this space.
In what appears to be a warning about the future of the SEC’s regulatory efforts in this area, the agency’s Division of Corporation Finance issued a sample comment letter in September 2021, which it intends to issue to companies with Form 10-Ks that do not match the climate-related claims published in their CSRs. The letter explains how the SEC’s 2010 climate guidance should encourage companies to disclose how climate impacts may materially affect a company’s value, as required by Reg. S-K and other applicable SEC rules.
The lesson here is that the federal government is looking for ways to exercise its limited ESG enforcement authority, using creative approaches such as invoking breach provisions in a prior DPA or commenting on a company’s disparate discussion of ESG factors in different documents. Given this reality, companies already facing scrutiny should carefully evaluate proposed settlements, knowing that what might have seemed like a good deal to resolve prior misconduct could be used in the future to impose even greater obligations.