In 2023, the European Union adopted the Corporate Sustainability Reporting Directive (CSRD), and the European Sustainability Reporting Standards (ESRS) outlined the disclosure requirements that will become effective starting from year-end 2024 for large-listed organisations, with over 500 employees. There will then be a gradual roll out to large private organisations (balance sheet >EUR 25 million, turnover >EUR 50 million, 250 employees) for year-end 2025 and subsequently listed small and medium-sized enterprises (SMEs).
This article, in collaboration with our global member firm, Crowe Spain, explores the lessons learned from working with ClimateWise and clients on CSRD implementation.
Over the last six months, we have been working with international insurance groups with operations within the European Union, to best understand how to implement CSRD, in a pragmatic and proportionate manner. At the same time, we have been supporting ClimateWise with the review of their principles, with a view to integrating climate and biodiversity-related CSRD requirements into their expanded principles. We have also been helping to address social requirements which are complicated in their implementation due to the overlap with national legislation and other EU Directives.
What are the expectations set by CSRD for insurers?
The first and obvious observation is that the CSRD is a sector-agnostic initiative applicable across the EU. It extends beyond insurers, encompassing any insurance organisation with more than 250 employees, a turnover exceeding EUR 50 million, and/or a balance sheet totalling EUR 25 million. Compliance is expected by year-end 2025, and potentially earlier.
Implications for insurers
We have identified six interesting implications from our work to date supporting clients with their CSRD implementations.
- Robust materiality assessment
Given that CSRD is supported by 12 specific ESRS standards covering individual environmental, social and governance (ESG) requirements, as well as overarching disclosure requirements, the completion of a robust materiality assessment is key to defining the scope of disclosures. Reporting entities are required to provide disclosures against each ESRS topic which is considered material and so the materiality assessment itself will be subject to significant scrutiny, as a result of the requirement for independent external limited assurance review of these final disclosures. .
In our view, it is imperative that the materiality assessment is not only completed in a thorough and complete manner but also that the process itself is appropriately documented and can be demonstrated that effective internal controls were maintained over the analysis itself; to ensure that an adequate audit trail is maintained over stakeholder engagement and management judgements. It is equally important to ensure that the procedure captures interactions with stakeholders, particularly those who are directly affected, not just the users of the information.
- Management system approach
An interesting observation from performing gap analyses across all 12 ESRS standards for insurers, is that many are based on the same over-arching management system structure aligned to ISO14001, or the EU Eco-Management and Audit Scheme (EMAS) standards. Each section sets an expectation for a structured approach::
- policy commitment – defining objectives and purpose
- planning - defining procedures, processes, accountabilities, and resources
- implementation - execution plans and programmes
- evaluation - measurement of progress against previous plans and targets
- review - objective review, revised plans and setting new targets.
The key takeaway is where the organisation wishes to address these requirements holistically, it can construct a common management system to address multiple requirements, particularly for the less material aspects. For example, an efficient solution could be a common system applying to all environmental impacts including climate, pollution, water use, resource use and biodiversity..
-
Focus on the extended supply chain
It is worth being aware of the inter-connectedness of the various ESRS standards. It is not only through the ESRS S2 standard that relates to workers in the value chain, that suppliers are drawn into these disclosure requirements. Many of the standards require an organisation to address how they are meeting the requirements before going on to describe their supplier due diligence. It is likely that organisations will need to blend these requirements into their approaches to responsible procurement and hence into supplier codes of conduct and contract stipulations including the ‘contractual cascading’ of requirements down multiple layers of their supply chain.
We expect this contractual cascading to become the norm across the EU, particularly with the Corporate Sustainability Due Diligence Directive (CSDDD) coming into effect. We strongly advise planning for the CSRD and CSDDD directives in tandem to avoid the need for frequent policy revisions.
-
Setting an appropriate policy management framework
In working with international insurance groups, the need for an effective approach to policy management becomes clear. An organisation needs to adopt a structured approach to managing CSRD-related policy and procedural documents, consistent with its existing policy management practices. In particular, where a European holding company is reporting against CSRD on a consolidated basis and one or more stand-alone entities are also within scope of the regulations, it would be expected that policies are for the holding company and all subsidiaries. How these are managed consistently over time and to allow for local regulatory interpretations needs careful thought. It may also be beneficial to adopt a management system approach as outlined above to consolidate several CSRD policy areas into combined documents, to simplify implementation, particularly for non-material aspects.
-
Unintended consequences of legal entity structures
One lesson from our work and conversations with clients is the effect that having to provide consolidated reporting against these ESRS standards will have on group legal entity structures. The implications of not only having to disclose sustainability information but have it subject to limited assurance review by external auditors is starting to dawn on finance functions across Europe.
In a post-Brexit environment, a number of (re)insurance groups have United Kingdom entities blended into EU legal entity structures, sometimes with a UK subsidiary under an EU holding company. These types of arrangements draw these UK insurers into wider group reporting processes and to meet higher levels of disclosure controls than would otherwise be needed. We have also noted that some international groups consolidate their Asian or Latin American entities through an EU holding company, and hence would also be caught. Sustainability practices in these markets are often at different stages of development, which is compounded by differing use of terminology. For instance, concepts such as collective bargaining, right to disconnect, appropriate salary, and parental leave may be different.
-
Beware of accusations of greenwashing from partial disclosures
In line with our views on materiality assessment, if an organisation reports on certain sustainability aspects through its bespoke sustainability report, but determines that the same factors are not considered material for CSRD purposes, this might lead to external challenge.
As an example, if an organisation determines ESRS E4 Biodiversity and Ecosystems to not be material, but still chooses to disclose its support for a number of nature-related community projects, stakeholders may perceive this to be nascent ‘greenwashing’; in terms of claiming to have made a significant impact on biodiversity, whilst side-stepping the structured and externally assured reporting structures provided by CSRD.
Caution may lead to less disclosure of non-material sustainability aspects in general sustainability reporting, particularly given the external assurance to which CSRD is subjected.
To effectively respond to this evolving landscape, organisations impacted are advised to:
Our strong steer is to use the time available ahead of new rules coming into effect to invest incrementally in developing the required capability and processes.
- Completing a dry run exercise
We strongly recommend firms complete a dry run exercise to assess their readiness to report in line with these new requirements. These new requirements will impact larger listed insurers, with over 500 employees, during 2025, for the year end 2024, and so the next 12 months offer an excellent opportunity to build capability in private. Smaller private insurers have an additional year to respond, but may have less resources available to them. This will also support you to improve incrementally toward assurance-ready reporting especially for international groups that are also responding to the implementation of ISSB in other jurisdictions.
- Strengthening controls and reporting processes
Establish internal controls and procedures capable of supporting the disclosure of information to a standard consistent with requirements. This may take some time for organisations to establish and mature. It is a challenge for many firms – there remains a significant gap between financial and non-financial reporting in terms of levels of testing and assurance in place to protect the organisation against the risks of misstatement.
A good place to start is with an evaluation of existing controls, and how they compare to those of more established financial reporting. This should include ‘hard controls’ in relation to the collation and analysis of sustainability-related data, as well as ‘soft controls’ around report structure and presentation, explanation, and transparency in respect of limitations and measurement uncertainty.
- Involve your procurement function early
Work closely with the procurement function to meet the scope of CSRD as it applies to the organisation’s value chain, given the high expectations being set for vendor due diligence and the need to capture information from suppliers on their sustainability performance and improvement plans.
Without a robust means of capturing and processing information from suppliers, it may be challenging to meet the expectations of external limited assurance reviews.
Determining how to respond to the increasingly challenging sustainability reporting environment is a growing issue for many organisations. At Crowe, we support our clients’ sustainability journey by:
- providing an overview of the existing frameworks and initiatives, as well as the current market and industry insights
- helping to determine how to embed climate risk and sustainability factors into their operations
- reviewing their draft disclosures and providing informal and/or formal feedback.
Please contact Alex Hindson, Luis Piacenza or your usual Crowe contact for more information.