Enhancing Disclosure Controls and Procedures Relating to Voluntary Environmental and Social Disclosures

Skadden, Arps, Slate, Meagher & Flom LLP and the Society for Corporate Governance

Marc S. Gerber Caroline S. Kim Jeongu Gim Randi Val Morrison, Yafit Cohn

I. Introduction

Companies are increasingly providing disclosure about their current efforts and future commitments on environmental and social (E&S) matters.1 The percentage of S&P 500 companies publishing sustainability or corporate social responsibility (CSR) reports that address E&S matters continues to grow, reaching 90% in 2019.2 Similarly, one study found that, in 2020, 98% of the top 100 companies by revenue in the United States reported on their sustainability efforts.3 Consistent with this trend, 78% of companies responding to a survey by the Society for Corporate Governance in January 2021 reported publicly disclosing E&S goals, metrics or information,4 up from 67% of respondents in a similar May 2019 survey.5

To date, these increased E&S disclosures have been largely voluntary, as companies have responded to requests for this information from investors, interest groups, employees, and other stakeholders. The scope of required E&S disclosures in Securities and Exchange Commission (SEC) filings remains primarily principles- and materiality-based. Recent statements and actions by the SEC and its Staff, however, indicate that the SEC is likely to mandate additional E&S disclosure requirements in the near future. As companies face growing demands for increased voluntary and mandatory E&S disclosures, companies also face increasing risks of litigation, as well as scrutiny from regulators, investors, and other third parties, over the accuracy and reliability of those E&S disclosures.

Pursuant to Exchange Act rules, public companies maintain disclosure controls and procedures (DCP) for disclosures required to be included in SEC filings, including both financial and non-financial disclosures.6 This article recommends that companies also develop and/or maintain robust DCP for voluntary E&S disclosures to help facilitate the accuracy and reliability of such disclosures. Section II describes why — even if they are not legally required to do so — companies should ensure that their DCP over voluntary E&S disclosures are sufficiently robust. Section III outlines practical considerations for companies as they develop new DCP, or adapt existing DCP, for voluntary E&S disclosures.

II. The Case for Building Robust DCP for Voluntary E&S Disclosures

As noted above, voluntary E&S disclosures are on the rise, largely driven by requests from investors, interest groups, employees, and other stakeholders. Some public companies also have been motivated to increase voluntary E&S disclosures as a result of the proliferation of ESG rating firms, with third-party ESG ratings or rankings often impacted by companies’ public disclosures. These third-party ESG ratings are used by some investors in their investment or proxy voting decision-making processes.7 Moreover, some companies may have determined to increase their voluntary E&S disclosures due to more financial institutions and other lenders incorporating ESG risk assessments into their lending decisions, impacting companies’ access to, and cost of, capital.8 In addition, an increasing number of companies are voluntarily incorporating E&S metrics into their executive compensation plans, with a corresponding increase in companies’ executive compensation disclosures about E&S topics in proxy statements and other SEC filings.9

While the demand for more E&S disclosures from investors and other stakeholders is expected to continue to increase, as noted above, new SEC disclosure requirements on E&S matters, including with respect to climate change, appear likely. For example, in February 2021, then-Acting SEC Chair Allison Herren Lee directed the Division of Corporation Finance to enhance its focus on climate-related disclosures in public company filings and to update the SEC’s 2010 climate change guidance.10 A few weeks later, in March 2021, she announced a request for public comment on climate disclosures to inform the SEC’s efforts on that front.11 Similarly, then-Acting Director of the SEC’s Division of Corporation Finance John Coates stated that the SEC should help lead the creation of an effective ESG disclosure system for companies.12 Also in March 2021, the SEC announced the creation of a Climate and ESG Task Force in the SEC’s Division of Enforcement.13 According to the announcement, the Task Force will “develop initiatives to proactively identify ESG-related misconduct,” and one of its initial areas of focus will be to review climate risk disclosures and identify any material gaps or misstatements under existing rules. Recent speeches by SEC Chair Gary Gensler confirm that the SEC Staff is currently working on recommendations for mandatory company disclosures on climate risk and on human capital.14

As the volume and scope of E&S disclosures increase (whether voluntary or mandatory), so does the specter of litigation and regulatory scrutiny.15 In addition, companies that incorporate E&S metrics into their executive compensation plans may expect more questions regarding how they measure E&S performance and whether their reported E&S metrics are accurate and reliable. Given the expected increase in risk and scrutiny related to E&S disclosures, companies should consider reviewing and/or enhancing their disclosure processes to promote the accuracy and reliability of their E&S disclosures.

As a starting point, under the federal securities laws, all public company disclosures must be accurate and complete in all material respects and not materially misleading.16 In addition, public companies are required to maintain DCP to help ensure the accuracy and reliability of information required to be disclosed in reports filed with the SEC. If the SEC makes certain E&S disclosures mandatory, those required disclosures would become subject to a company’s DCP.

For voluntary E&S disclosures that are not required to be included in SEC filings, however, no such DCP requirement exists. In the relatively less mature area of E&S reporting, E&S disclosures may be prepared outside the company’s financial reporting process or by functional groups that do not traditionally participate in the SEC disclosure process, and thus may lack a comparable degree of controls, processes, and other safeguards in place for SEC disclosures. Absent a control structure around the collection of E&S data, it could be difficult for management to track, monitor, aggregate, and ensure complete and accurate reporting of E&S data or ensure the comparability of data from year to year.

The motivation for enhancing E&S DCP is not limited to risk mitigation. As companies factor E&S matters into their strategic decision-making and business operations, there may be business and operational benefits to ensuring robust DCP with respect to voluntary E&S disclosures that support the reliable collection and tracking of data. These benefits may include, for example:

  • Enhancing the accuracy and reliability of the data used by management and the board of directors in their decision-making and oversight, respectively.
  • Promoting, among employees across the enterprise, a greater understanding of, and engagement in, the company’s E&S efforts and objectives.
  • Facilitating consistency of E&S disclosures across multiple mediums, such as the corporate website, sustainability report, and employee communications.
  • Improving tracking and benchmarking of progress with respect to E&S initiatives and commitments over time.
  • Uncovering risks and opportunities by better identifying areas that would otherwise be overlooked absent reliable data.
  • Increasing access to capital or lowering the cost of capital.

In addition, developing and/or maintaining robust E&S DCP will likely facilitate a smoother transition in the event that the SEC adopts new or additional E&S disclosure requirements.

III. Considerations for Implementing More Robust E&S DCP

DCP can take many forms and varies by company depending on, among other things, the complexity and size of the company’s business. Examples of DCP include the following:

  • A disclosure committee — composed of business unit or business function heads, personnel from the company’s legal, investor relations, and financial reporting/accounting departments, and representatives of other specialist groups, as appropriate — that organizes and oversees the disclosure process.
  • A disclosure committee charter that outlines specific authority and responsibilities for the committee.
  • Documented methods of identifying, collecting, measuring, and updating information, metrics and related data.
  • A formal reporting process to engage the appropriate individuals at the company and to aggregate and communicate the required information upward to management (including, for example, a chart of reporting hierarchy and responsibilities).
  • A tracking system for routine disclosures, such as a disclosure calendar outlining key deadlines, milestones, and responsible parties.
  • A sub-certification process for company personnel to certify disclosures pertaining to their respective areas of responsibility.

As with DCP required for SEC reporting, there is no one-size-fits-all approach to E&S DCP. Instead, each company should develop and tailor a process that is consistent with its business, management, and supervisory practices. Some companies may find it appropriate to integrate E&S DCP into their existing DCP for SEC reporting, while others may want to develop E&S DCP as a separate structure, with separate processes, depending on the company’s specific circumstances. Ideally, voluntary E&S disclosures should be vetted through a controls process as robust as DCP for disclosures included in SEC filings.

Outlined below are certain practices that companies may consider when implementing or enhancing E&S DCP.

Start by Revisiting Existing DCP and Current E&S Processes. A natural starting point is to assess whether the company’s current DCP encompass voluntary E&S disclosures and, if not, whether it would be better to adapt the company’s current DCP for SEC filings or to build a separate DCP structure tailored for E&S disclosures. Initial steps in this analysis may include conducting an inventory of the company’s current E&S efforts; assessing data collection, process owners, and oversight practices; comparing the company’s current E&S disclosure processes to its DCP for SEC reporting; determining what measures would be required to make the company’s E&S DCP more robust; and identifying the personnel who are best situated to execute those functions.17 Even where differences in the type of information collected and processed or in personnel may indicate that a separate E&S DCP structure is warranted, there may be processes and personnel involved in the company’s DCP for SEC filings that can be leveraged for E&S DCP or serve as a roadmap for a parallel structure.

Identify Participating Functional Groups. The design of E&S DCP should be informed, in part, by answers to the following questions:

  • What functional areas and which individuals should be involved in the different steps of the process — such as collecting data, aggregating data, drafting disclosures, and reviewing disclosures — and who is best suited to make those determinations?
  • Who should manage the E&S DCP process?

When assigning responsibility for each aspect of preparing E&S disclosures, companies should consider which internal functions and/or members of senior management would be appropriate participants in each step of the process. Potential candidates include senior officers in charge of overseeing certain functional areas, such as a chief sustainability officer, chief human resources officer, chief supply chain officer, chief information security officer, chief risk officer, or similar positions, as well as the legal department, general counsel’s office, and/or corporate secretary’s office. To the extent that any of the E&S topics may have associated financial statement impacts, members of the accounting/financial reporting team should also have a role in E&S DCP. In addition, the internal audit function may be a resource as companies implement or enhance E&S DCP.

Identify a Desired Disclosure Committee Structure for E&S Disclosures. Answers to some of the considerations outlined above will help determine whether there is a helpful role to be played by any existing disclosure committee in connection with voluntary E&S DCP. In the event that a company opts for a separate E&S disclosure committee, the company will need to determine what functional areas and/or individuals overlap between the two committees and, if so, to what extent. Consideration should be given to establishing formal lines of communication between the two disclosure committees or to having some overlapping members whose role would include coordination between the two bodies. Another alternative is to expand the existing disclosure committee for SEC reporting purposes to include the appropriate E&S functional leaders, with the expanded committee overseeing both E&S DCP and DCP for SEC reporting, or delegating its oversight responsibility for E&S DCP to a subcommittee or working group.

Establish a Calendar of Activities. Unlike SEC reporting, which is subject to a well-defined calendar and cadence due to filing deadlines, the timing for E&S disclosures can vary widely. In addition to the annual sustainability or CSR reports many companies publish, E&S disclosures may include additional or updated information on the corporate website or in other materials. As companies’ E&S reporting continues to develop, companies should consider preparing an E&S disclosure calendar that identifies key disclosure dates and milestones, similar to disclosure compliance calendars used for periodic and other filings with the SEC. Companies can then work back from the expected publication dates to build out a schedule that assigns responsibility for each aspect of tracking, collecting, and aggregating E&S data and metrics, preparing E&S disclosures, reviewing draft disclosures, and overseeing the disclosure process as a whole. At the same time, companies should consider how the calendar for voluntary E&S disclosures relates to E&S disclosures desired or required to be included in the company’s proxy statement, Form 10-K, or other SEC filings. The E&S disclosure calendar and related milestones should be shared with the members of the company’s disclosure committee(s) to help coordinate E&S disclosures in voluntary reports and those included in SEC filings.

Ensure Consistency of E&S Disclosures Across Different Channels. E&S disclosures may be communicated across multiple channels, which increases the risk of discrepancies, depending on the context and medium.18 For example, a company may make certain required disclosures concerning human capital management in its Form 10-K, discuss the board’s oversight role relating to human capital management in its proxy statement, provide additional human capital management information in its sustainability or CSR report, and post its EEO-1 report on its corporate website. Although these are different disclosures and may speak to different audiences, they should convey a consistent (although possibly evolving) story. To help ensure consistent messaging across various documents or communication channels, there should be coordination among the teams or functions responsible for E&S disclosures in these various formats. Having robust E&S DCP should help ensure this consistency.

Require Legal Review. Subjecting voluntary E&S disclosures to legal review should help reduce the risk of litigation and regulatory scrutiny (including enforcement actions). As is already the case at many companies, E&S disclosures should be subject to the same legal review (by the in-house legal department and/or by outside counsel) as SEC disclosures.

Involve the Internal Audit Function. Whether added to DCP for SEC reporting or separately implemented, E&S DCP would benefit from guidance, as well as regular or periodic monitoring and review by the internal audit team or similar function. Conducting an internal audit could enhance the reliability of E&S disclosures by testing internal functions, management’s assertions, and data and disclosure processes. Involvement of the internal audit function also could help identify potential issues and gaps.

Consider a Sub-Certification Process. Companies commonly require multiple sub-certifications from employees to support the principal executive and financial officers’ certifications for periodic reporting required under Section 302 of the Sarbanes-Oxley Act. A similar process may be considered to support companies’ voluntary E&S disclosures. For example, the disclosure committee charged with voluntary E&S disclosures may consider the company’s current sub-certification process and determine whether a parallel sub-certification process on the E&S side would be useful or effective.

Consider Seeking Third-Party Assurance. Although not common, some companies obtain independent third-party assurance of certain portions of their sustainability or CSR reports. These companies typically (i) state within the report the name of the third-party assurance provider and that the provider has verified the company’s E&S disclosures included in the report and/or (ii) publish separate assurance statements from the third-party assurance provider(s). Companies should consider whether the benefits of seeking third-party assurance of E&S disclosures justify the costs of doing so, particularly in light of the robustness of their E&S DCP and internal audit functions.

IV. Conclusion

Investors, interest groups, employees, regulators, and other stakeholders are calling for more corporate disclosures on E&S matters, and the pressure is expected to intensify in the foreseeable future. E&S data and metrics also are becoming more important to companies, as business strategies, enterprise risks, executive compensation plans, and other aspects of operations are increasingly affected by E&S matters and performance.

Against this backdrop, companies will face increased risks — and opportunities — associated with E&S disclosures. Accordingly, building increased confidence regarding the accuracy and reliability of E&S metrics and disclosures will become more important. Having robust DCP with respect to E&S disclosures would not only serve as a sound risk mitigation strategy but also help companies successfully manage E&S matters and integrate them into business operations. To that end, companies should consider the particular facts and circumstances that specifically pertain to their businesses in light of the considerations outlined above and ensure that they have appropriate DCP for E&S disclosures.


1 This article focuses primarily on the “E” and “S” of “ESG” (environmental, social and governance) disclosures, except where the context relates more broadly to ESG. The SEC and stock exchange listing standards require numerous corporate governance disclosures to be included in covered companies’ proxy statements and other SEC filings that are subject to the disclosure controls and procedures requirements of Rule 13a-15(a) under the Securities Exchange Act of 1934, as amended (Exchange Act).

2 See Governance & Accountability Institute, 2020 S&P 500 Flash Report (July 16, 2020).

3 See KPMG, The Time has Come: The KMPG Survey of Sustainability Reporting 2020 (December 2020), https://assets.kpmg/content/dam/kpmg/xx/pdf/2020/11/the-time-has-come.pdf.

4 In January 2021, the Society for Corporate Governance conducted a survey on sustainability practices among its members. A total of 123 members across 28 industries responded, comprising about 50% large-cap or above (over $10 billion in market capitalization), 33% mid-cap (between $2 billion and $10 billion), 16% small-cap or below (below $2 billion), and 1% private.

5 Similarly, in May 2019, the Society for Corporate Governance conducted a survey on sustainability practices among its members. A total of 155 members across 31 industries responded, comprising about 49% large-cap or above (over $10 billion in market capitalization), 30% mid-cap (between $2 billion and $10 billion), 14% small-cap or below (below $2 billion), and 6% private. Both the January 2021 survey and the May 2019 survey were voluntary, resulting in discrete respondent groups that may or may not represent the overall membership composition of the Society for Corporate Governance.

6 SEC rules define DCP as controls and other procedures designed to ensure that information required to be disclosed in all SEC filings is (i) recorded, processed, summarized, and reported, within the time periods specified in the SEC’s rules and forms, and (ii) accumulated and communicated to the company’s management as appropriate to allow timely decisions regarding required disclosures. See Exchange Act Rules 13a-15(e) and 15d-15(e).

7 See, e.g., SustainAbility, Rate the Raters 2020: Investor Survey and Interview Results (March 2020), https://www.sustainability.com/globalassets/sustainability.com/thinking/pdfs/sustainability-ratetheraters2020-report.pdf.

8 See Seth E. Jacobson, Skadden, Arps, Slate, Meagher & Flom LLP, Sustainability-Linked Loans on the Rise Despite COVID-19 (September 30, 2020), https://www.skadden.com/insights/publications/2020/09/quarterly-insights/sustainability-linked-loans-rise-despite-covid19.

9 For example, a March 2021 survey found that 29% of the survey respondent companies indicated they have incorporated ESG metrics in their incentive plans, compared to 22% in 2020. See Pay Governance, Inclusion of ESG Metrics in Incentive Plans: Evolution or Revolution? (March 16, 2021), https://www.paygovernance.com/viewpoints/inclusion-of-esg-metrics-in-incentive-plans-evolution-or-revolution.

10 Acting Chair Allison Herren Lee, Statement on the Review of Climate-Related Disclosure (February 24, 2021), https://www.sec.gov/news/public-statement/lee-statement-review-climate-related-disclosure.

11 Acting Chair Allison Herren Lee, Public Input Welcomed on Climate Change Disclosures (March 15, 2021), https://www.sec.gov/news/public-statement/lee-climate-change-disclosures.

12 Acting Director John Coates, Division of Corporation Finance, ESG Disclosure – Keeping Pace with Developments Affecting Investors, Public Companies and the Capital Markets (March 11, 2021), https://www.sec.gov/news/public-statement/coates-esg-disclosure-keeping-pace-031121.

13 SEC Announces Enforcement Task Force Focused on Climate and ESG Issues (March 4, 2021), https://www.sec.gov/news/press-release/2021-42.

14 See, e.g., SEC Chair Gary Gensler, Prepared Remarks at London City Week (June 23, 2021), https://www.sec.gov/news/speech/gensler-speech-london-city-week-062321.

15 For an overview of potential liability under securities laws for E&S disclosures and practical tips to mitigate such legal risks, see Society for Corporate Governance and Gibson, Dunn & Crutcher LLP, ESG Legal Update: What Corporate Governance and ESG Professionals Need to Know (June 2020), https://scsgp.informz.net/SCSGP/data/images/ESG/SCG-ESG%20primerReport_V8b.pdf.

16 For example, the anti-fraud provisions of the federal securities laws apply to all publicly available company disclosures, including those not included in SEC filings such as information posted on corporate websites.

17 For more details on how to prepare and implement ESG disclosure generally, see Society for Corporate Governance, Curley Global IR, LLC and Carlow Consulting, LLC, ESG Implementation Guide: Getting Started (July 2020), https://scsgp.informz.net/SCSGP/data/images/ESG/SCG-How%20to%20Guide.pdf.

18 For additional considerations for different channels of communicating E&S information, see id. at 14.

This memorandum is provided by Skadden, Arps, Slate, Meagher & Flom LLP and its affiliates for educational and informational purposes only and is not intended and should not be construed as legal advice. This memorandum is considered advertising under applicable state laws.