Navigating the Impacts of the EU's ESG Reporting Requirements on US-Based Companies

Peter MacDonald: Thank you very much, Charles. I'm Peter MacDonald. I'm a partner at EisnerAmper in Ireland. I've spent most of my career as a financial services audit partner, but concentrating now on ESG and sustainability topics. I'm going to be taking you through the European Corporate Sustainability Reporting Directive and some of the background to that and covering why US parent companies should be paying attention and paying attention now.

Just some of the history behind it, the Corporate Sustainability Reporting Directive is part of a much larger package of sustainability-focused directives and regulations issued by the European Commission, broadly under the banner of the EU Green Deal, which, as it says, has the aim to make Europe the first climate-neutral continent by 2050, boost the economy, improve people's health, and quality of life, caring for nature and leaving no one behind, quite bold goals. And how the EU is proposing to meet these objectives is through a number of directives that European union’s then are required to adopt into local law. They cover a wide variety of sustainability matters, and what we are dealing with today is mostly those that impact reporting, corporate reporting in particular.

And some of the history to that goes back to the Non-Financial Reporting Directive, which came into force in 2018, focused on large-listed and public interest entities that had employees of more than 500. That directive required those companies to disclose a certain amount of sustainability information, and subsequent directives have grown from there, including, effective from 2021, the Sustainable Finance Disclosure Requirements Directive, which was focused on investment managers and investment advisors, so providing sustainability information on investment portfolios up to the investors in those portfolios. That directive in particular identified a number of what are called principal adverse impacts that the funds needed to report on, and in a way, attempted to categorize funds between what are colloquially called gray, light green, and dark green funds, or article 6, article 8, or article 9 funds.

This is followed, in 2022, by the Taxonomy Directive, which is a system of classification of economic activity. The directive sets out a long list of economic activities and indicates whether those activities are regarded as having an environmentally sustainable impact or not, and requiring companies to disclose the percentage or proportion of their turnover that is derived from one of these so-called sustainable activities and the proportion of their capital that is invested in one of these sustainable activities. This Taxonomy Directive assists a number of the other directives in the sustainability suite to identify the sustainable activities of companies, so it's referred to by many of the others.

And then the biggest topic of today being the Corporate Sustainability Reporting Directive, published a little while ago, but coming into effect for reporting periods from 2023 onwards. This directive has extensive disclosure requirements for European companies, but also has some implications for non-European parents, and we'll cover a bit more of that later on. Coming down the tracks, important to bear in mind somewhere, 2026 or later, is what's a mouthful called The Corporate Sustainability Due Diligence Directive. This directive is focused on going a little further than the CSRD up and down the value chain of organizations, requiring those organizations to perform a very detailed due diligence on the source of products, the labor activities of companies in its value chain, et cetera, but that is just for information coming down the line.

Coming back to Corporate Sustainability Reporting Directive, which companies are in scope for this? Well, it's a phased approach starting with financial years 2024. Large-listed companies or public interest entities with greater than 500 employees will be required to publish a very extensive sustainability report. These are the same companies that would've been in scope for the Non-Financial Reporting Directive way back from 2018, so they're not new to this, but the scope of disclosures is significantly expanded. And then from financial years 2025, so-called large companies come into scope, and those are companies that meet any two of the size criteria, being net turnover greater than 40 million euros, total assets greater than 20 million, or employees greater than 250, on average, through the year, those companies having to report on their 2025 financial year for the first time.

And then, in 2026, listed SMEs come into scope, as do certain credit institutions and insurance entities, where these entities have an opt-out up to 2028, 2028 being the key year for non-EU companies, so-called third-country undertakings with significant operations in the EU coming to scope. For a non-EU parent company that either has securities listed in the EU and has employees greater than 500, or a non-EU parent that has a qualifying branch or a subsidiary in the EU and generates aggregate EU turnover of greater than 150 million euros for two consecutive years, those groupings would come into scope from 2028. A qualifying branch is a branch that generates more than 40 million turnover in a year, and a qualifying subsidiary is any company that meets the large company definition that you see above, so any two of those three criteria. A US parent that meets these requirements will come into scope for European-level sustainability reporting in the 2028 financial year.

Just to try and make that a little bit more practical, a lot of numbers and details there. So, if we take a illustrative example of a US parent company with three subs, bearing in mind that any analysis on your particular circumstances needs to be done, facts and circumstances can differ. Nevertheless, I think it's useful to go through an illustration. This US parent company may have an Irish operating company that has more than 250 employees and, let's say, revenue of 40 million euros. As such, it comes into scope from its financial year 2025, as it meets the definition of a large company, and will be required to produce a sustainability report in its own right from that year on. US parent company may have a German debt-issuing company with the sole purpose of issuing securities on the Frankfurt Exchange, and as such, it's likely to come into scope from 2026 as a listed SME and will be required to, again, to prepare a sustainability report in its own right.

US parent company may have a French trading company, maybe an online trading company, that generates large revenues, 130 million plus, but has handful of employees and very, very small assets. In its own right, it would not be in scope for CSRD reporting. However, as part of the US parent grouping in Europe, it would need to provide sustainability information through to its parent for the consolidated reporting purposes. Even though it's not in scope itself, it is still required to track, record, and submit information for the reporting. The US parent, in this case, is earning revenues of 130 million from its French sub, let's say, 40 million from its Irish operating company, so breaches the 150 million threshold, is in scope for European-level reporting from 2028.

Bearing in mind, although it is at the EU parent obligation, the qualifying subsidiary must prepare the sustainability report on its behalf on a best-efforts basis. In this case, probably the Irish operating company would be the one responsible for preparing the sustainability report, and this report must be accompanied by an assurance opinion, must have an auditor's opinion on it, and the disclosures are slightly different to those that would apply to an EU company on its own. They focus primarily on environmental and social impacts, slightly less emphasis given on the governance aspects, being that governance is performed outside of the EU. And, technically, there is an exemption possible if the non-EU parent, so the US parent company in this case, reports sustainability information consolidated and in accordance with sustainability reporting standards that are at least equivalent to the EU standards. Now, at the moment, this is unlikely since the EU requirements are much more extensive than any of the other frameworks or standards internationally recognized at this stage.

Just going into what are those, the corporate sustainability reporting requirements, in the EU, the coverage is very wide and very deep. There are 12 separate standards that are currently in draft, expected to be finalized very soon, this year. There are 10 of them, five under the heading of environment, four under social, and one under governance. As you see, climate change is a topic that many companies might have already addressed, but some of the other topics, probably less so, and some would be the first time they're thinking about these things, pollution, water and marine resources, biodiversity and ecosystems, resource use and circular economy, a very, very deep topic also for companies to get into and get under the social banner. Own workforce, again, many companies would've already needed to disclose items such as gender pay gap and diversity, but the standards go a lot deeper, and also, importantly, require companies to obtain information in the value chain. There's separate standard and disclosures on workers in the value chain.

Further, under the social banner, affected communities and consumers and end users are covered under separate standards. And there is one overarching business conduct standard, a very wired and deep coverage of sustainability topic under the European standards. A very important concept that is introduced in these standards is that of double materiality, and most organizations would already have, in their risk management process, the identification of environmental, social, and possibly governance issues that have an impact on the organization, either financially, operationally, strategically, reputationally.

What they probably don't have and what the European Corporate Sustainability Reporting Directive introduces, is the concept of double materiality, i.e. the impact that the organization has on people and the environment. And this impact needs to be assessed whether or not it has a direct or indirect financial consequence on the organization. This concept of double materiality is a whole topic on its own, we could have a long discussion on that, but it is an important topic for companies to get their head around when they are addressing these requirements.

Just comparing these European requirements to developments in the US under SEC guidance, climate-related risks already under some disclosure requirements, and there are plans to introduce human capital requirements as well, bearing in mind that the SEC disclosure requirements apply to 10-K filers only, somewhere around 7,000 filers, while the EU directive is estimated to impact somewhere around 55,000 corporates across the European Union. It really is important that US parents pay attention to the policy choices, the targets, the actions, the metrics, that the European subsidiaries are making decisions around in the next couple of years, 2024 and 2025, as these may have an impact not only on the European-level sustainability reporting, but could well impact broader group reporting requirements.

I'll mention, just very briefly, we are in the very early stages of developing a governance-based workflow tool to assist companies with their sustainability reporting requirements, and we hope to bring you more about that in time to come. Charles, that's about it that I wanted to cover.

Charles Waring: Great. Thank you, Peter. And this is certainly a very large undertaking for those companies in the EU. I think that it's compelling when you see that the SEC will only reach about 7,000, whereas the EU requirement will hit upwards to 55,000 entities here. It's something that is very far-reaching and very compelling.

I'll turn it over to Lourenco. Lourenco, please introduce yourself and you'll go into how this addresses or how this affects our US-based companies.

Lourenco Miranda: Thank you very much, Charles. Thank you, Peter. My name is Lourenco Miranda. I am the managing director of ESG practice here at EisnerAmper in US. I am now going to, as a segue of what Peter mentioned, Peter mentioned all the US companies that have a position in Europe. They have to comply or not, they have to pay attention to all the EU directives, and they'll be directly impacted by them. Now I'm going to talk about companies in the US, US-based companies that have a business partner or have some business relationship with a European company. And you may think, "Well, I'm not in Europe, I don't have a presence in Europe. I may be off the hook," but you have to think again because if you are a, I give an example here, US manufacturer that is selling goods to a large EU distributor, you might need to provide information for that large EU distributor.

Let's put ourselves in the shoes of the large EU distributor. According to Peter, this company will have to report according to CSRD and have to follow all the CSRD guidelines and requirements. Because there is a US manufacturer that is providing goods for this large EU distributor, this company will require information from the US manufacturer. Think about very basic thing like Scope 1 and 2. Greenhouse gas emissions, GHG emissions, Scopes 1 and 2, for a US manufacturer, will be the EU distributor Scope 3 GHG emissions. In order to report Scope 3 GHG emissions as part of their CSRD reporting standards, this large EU distributor will require, to the US manufacturer, information related to their Scopes 1 and 2. The US manufacturer has to start coming up with a program to identify data, has to come up with a program to start collecting this data, and submitting to this European business counterpart in the format that the European counterpart needs in order for them to report accordingly.

Not only that, if you remember what Peter mentioned, Peter also mentioned labor conditions and workers in the supply chain. The large EU distributor will also require and request the US manufacturer information related to labor conditions down the supply chain. The US manufacturer must produce information not only for their worker environmental or their employment practices, but also from their suppliers of raw materials down the supply chain. The US manufacturer has to start thinking about, "What information should I provide to my counterpart in Europe, my business partner in Europe, related to worker conditions down my supply chain? Because, if I want to still become a partner or a provider or supplier for this large European distributor, I must follow the rule. I must follow, indirectly, the rule." You may think, "Well, I might be off the hook." Yes, you may be off the hook directly, but you won't be off the hook indirectly.

In the end of the day, the ability to provide this information on a timely manner to your European counterparts will become a competitive advantage for companies in US. That's why it's so important for these companies to start thinking about this, "Well, wait a minute, I am not off the hook, so I have to comply indirectly with this." That doesn't only stop there, of course. I have another example that suppose that you have a US service provider. I give an example of a manufacturer that produces goods, physical goods. Now I am a US service provider, a tech company, for instance, and I provide a service for a large EU company, again, exactly the same thing. The large EU company will report, must report, according to CSID, and this large EU company could be from any industry sector.

We have examples of a large EU company that is in the retail industry or in the fast-moving goods industry or in any other kind of industry. If you have a US service provider that provides a service to a large EU company, you'll be not off the hook. You may think, "Well, again, I'm not a large company, I'm not a public company and I don't have to provide information for the SEC, so I may be off the hook for the SEC," but you won't be off the hook for European regulations indirectly. Again, becomes a competitive advantage for US service providers that wants to have this presence in Europe, to have this business partners in Europe, to provide this information. Now think about this US service provider is renting an office space in US, and of course, the landlord must provide information about utility bills or electricity consumption for this US service provider because the US service provider has to provide this information to the large EU counterpart.

That's where the complexity of the indirect compliance with European regulation becomes an important topic for us to consider. So the landlord, now it's a message for all landlords that it's a company in US, you have multiple buildings, it can be a REITs, it can be a family's office that's investing in properties in US, and you want to have tenants that are US service providers of a European company. Then you may think, "Well, I'll be off the hook of any regulations on ESG. ESG has nothing to do with me." Think again. Your US service provider will start asking you for utility bills because these utility bills will be used for the US service provider to estimate their Scope 2 GHG emissions so that they can submit this information to the large EU company.

The European Union companies will start looking at service providers and real estate investors, real estate owners, that can provide this information to them. If they cannot have this information, they'll probably procure some other providers. They will look for a different provider. And then, if you want to become part of this global market, you have to start getting your act together and thinking about, "Okay, what is my Scope 1 and Scope 2 emissions, my labor conditions for the supply chain?" Remember, same thing. You have to understand your employment practices because your larger European counterpart will start asking for that.

And it's not only that, it's any other business partners or supplier. If you're buying goods from a third party, this is also going to be a part of your ESG strategy or performance that the larger European company will be interested to know. Now ESG is becoming a competitive advantage. In the past, if you talk about 10 years ago, it was a nice to have thing for US companies. Now, it becomes an extremely important, and extremely important in this globalized market, with all the supply chains as complex as we know, that the US companies, regardless if you are manufacturer, service provider, regardless of the industry, if you want to still become competitive, you have to understand the European regulations a little bit more.

And I have a third scenario that just occurred to me. Suppose that there is a large European company that has an office in the US or has a presence in the US. This company is renting an office, is renting a facility, in the US. Again, not necessarily a US service provider, there is no US service provider in the middle, but the landlord will have to provide to this large European company information regarding their utility bills, because now the larger European company Scopes 1 and 2, Scope 2, actually, will come from the landlord from the utility bills provided by the landlord.

Again, if you think that you're off the hook, please, think again because you might be in the supply chain of a large European company and you may get the phone call from them at some point, or an email saying, "Please provide that information as fast as possible, as soon as possible," because they're already on the hook for the CSRD. But that's the message that I wanted to convey. The message here is very clear. US companies, regardless if you're public or not, if you're public and you're large and you are in the scope of the SEC, when the SEC regulations comes alive, we'll be reporting that, but you have to think about that the European regulations are way wider, the scope is way bigger than any regulations that exists today in the world, as Peter mentioned during his talk.

Charles, that was the message that I wanted to convey. I will pass it on to you.

Charles Waring: That's great.

Peter MacDonald: Lourenco, if I may, just to come in there on something you mentioned, the supply chain issues is an issue that is very important for US-based companies, but actually globally and for the EU as well. Even from next year, when large companies, public interest entities, and listed companies come into scope, we expect that, even from now, those companies are going to start asking questions of their suppliers, of their supplier's suppliers, and going upwards in the value chain also into their B2B-type organizations, into the businesses that they supply goods to, to try to understand the impacts that they have in the value chain. Remember that we're looking at impacts not just directly to customers, but all the way to end users. The analysis can be quite extensive trying to identify where those impacts can be.

I think it's a really good time for all companies all around the world to start thinking about what activities are conducted in their value chains and to perform a form of materiality assessment on that to identify where they might have exposures.

Lourenco Miranda:Yeah, that's a very good point, Peter. I think the call for action here is that every company in the world should start mapping their stakeholders and mapping their suppliers downstream and upstream, first thing that they should do. It's a very excellent point.

Charles Waring: And, Lourenco, I know that we've got a question that has come in that relates to that. If a US company is a manufacturer in China, which then passes goods through to an EU distributor, is the US company required to provide related CSRD information to the EU distributor?

Lourenco Miranda: The factory is in China, the US ... yes. The US company will have to pass on to European company for ... first thing that I have in mind is labor conditions, so the workers' conditions down the supply chain. They'll have to provide all the information that Peter mentioned of the labor conditions of their manufacturers in China. And, of course, because the Chinese manufacturer is buying electricity from a Chinese provider, they have a Scope 2 that might be consolidated into the Scope 2 of your US manufacturer, and then the large European union company will also have interest in that because that is their Scope 3. Yes. The answer is yes. Labor conditions, it will be probably the most challenging part to getting information from.

Charles Waring: Great. Thank you, Lourenco.

Peter MacDonald: Charles, just to add to that, something that's often overlooked is the standard on resource use and circular economy. In this exact example, it's sourcing goods from anywhere in the world, whether China or elsewhere. The reporting company in the EU would have to consider the sources of materials and how those materials are extracted and what impact they have on the environment and what is the life cycle and end use of those materials. You need to pay attention to those aspects as well.

Charles Waring: Great. And I think the one thing I just want to further emphasize here is that it's important for US companies to take a really strong look, Lourenco, you were mentioning the materiality assessment, but to how and when they would be impacted. And, if they're unsure, that they need to be having those conversations and clarify with whether it's their EU operations, their EU customers, or even an EU investor perspective, if there's a financial tie here, because understanding how they are impacted directly impacts when they're impacted.

I think that a lot of people and US-based entities are seeing, oh, it's 2028, but if they have a connection, if they've got that key customer that is having to report for 2024, 2025, they can't just sit back and wait for 2028 or later to come. And that's what we're finding is that they're getting these one-off requests and they don't know what to necessarily do with it. They might be focused in on other aspects, they might be focused on just purely the US SEC piece, but understanding how they can be impacted, and to clarify that sooner rather than later here.

Peter MacDonald: Charles, one thing we're starting to see in Europe is companies, when they go out to negotiate new contracts with suppliers, and it could be suppliers of anything, are introducing sustainability information clauses into those supplier contracts, setting the stage for requiring the information that they need for their own sustainability reports directly in the supplier contract. And, if a supplier is not up for that, well, they're going to have a tough time negotiating that contract, and that's starting now already. Companies need to pay attention to these aspects immediately. Yeah.

Charles Waring: Absolutely. That's a great point and emerging consideration here. I'll chime in here on our last main piece here as far as from the auditor's perspective. And I think that, as Peter had mentioned in the overview, for the EU entities, they are required to have an independent assurance aspect over their reports of the sustainability information. For those auditors on the line, it's supposed to be initially a limited assurance and then there's anticipated reasonable assurances there. But, either way, this is going to be under the scrutiny of an auditor from a standpoint of the direct EU filing.

Now that brings up other components here. The aspect that's similar to the SEC piece, this is a new area of focus, and there there's an aspect around, when you go through any new area that that's being looked at with an auditor's lens, there's likely going to be bumps and likely bruises in that same process here. It's important that companies are recognizing that from the onset, and aspects that they're also going to be required to have formalized internal controls in place. Now the one thing, also, to talk about is, and Peter gave the overview of the nuances of what is going to be included in the standard and the requirement there, but it's more than what we are seeing in the US, that this is going to have aspects beyond just the emissions and climate change component here. This is going to have broader components within the environment aspect, as well as the social and governance component here.

If you're preparing just for the SEC rule, there needs an aspect of having those similar types of controls that would cover those other aspects, whether you've got the EU operations or if you're providing services to an EU customer of yours. Just like with anything, I'd be remiss, just from an auditor's perspective, to emphasize the nature and the need to have formal documentation, to support the execution of internal controls. We really need to ensure that there's documentation around the information, the data that's being used to report on, it needs to be captured, documented, and also maintained from an aspect of you need to be prepared to provide information that might be at least 12 months old, and so that needs to be an aspect of being maintained, retained, secure. Those are all aspects that need to be considered as you go through and develop your processes and formalized internal controls.

The other aspect is a lot of this information is likely maintained in systems, in the IT systems here, especially within the environmental side, but also on the other areas, that having the systems that support and ensure that what is being reported on, what is being gathered, is complete and accurate, is likely to be included in systems. And just like with any system that's under a well-controlled setup, there needs to be aspects of who has access to it, the inputs, the outputs, et cetera, so same type of lens that needs to be considered. And then an aspect of if you've got or if you're reporting on multiple different locations, properties, facilities, there's an aspect around how does that information get aggregated up and how is that being disseminated and reported upon? That's one thing that it's not just a final number that is being reported on, but all of that, the aggregation of occurrences, of locations, how does that get aggregated throughout your locations and throughout the period here?

And, no surprise, I think that you've probably been hearing some of the themes and challenges that this is bringing about for companies, but the one component is this is a lengthy process. Just it's another aspect that companies that are looking to, or are performing, having business in Europe, or operations in Europe or with European customers, it's just one other component here that is creating an aspect of requirements or compliance. And it's not something that an NTV can just stand up if they haven't had a process in place to date, and it goes back to my comment around the timeline here. A company cannot just assume that they're going to only be impacted in 2028, and that they can only start looking at this that year or immediately preceding that year. These are requirements that are going to require diligence on setting up your processes, your internal controls, identifying the aspects that are relevant and in scope for the reporting requirement and preparing.

And going back to that, once you start to identify and implement, there's aspects that you might find that is not putting you in the best light, and you want to address, remediate, improve, and you can only do that once you've started that process and going about it. This is something that there is some time, but it requires action from companies to assess how they're impacted, when they're impacted, and what do they need to do to prepare for that requirement.

 And, again, I think that it's an aspect of what are the resources that go along to support that, so whether it's an aspect around people, the systems, are those resources US-based, is it European-based, is it elsewhere, depending on what you're specifically performing and doing here. Having this all in place, again, is something that requires that time and attention and likely focus from executive leadership here.

Going into some key takeaways in the aspect of we want to make sure that everyone on the webcast here is getting some good summary points that they can take back and discuss within their own organization. I'll just quickly summarize these, and then Lourenco and Peter feel free to chime in and emphasize. But I think that what we've been talking about, from a timeline perspective is that there is likelihood to be impacted by as early as 2024, 2025, through the consolidated reporting. And it's important that there's an aspect of understanding when the timeline is for your particular instance there.

If you have those European operations and they are setting targets or they're developing policies, those are all aspects that need to be understood and included right now. And those conversations, depending on how centralized or decentralized you might have, it's important to have that aspect ironed out and in sync, so that there's an aspect that we know what's going on there.

I think that Lourenco did a great job of emphasizing that, even if you are a US company with no subs in the EU, this does not put you off the hook. You need to take a strong look at the rest of your interaction, your customer base, and what your connection was with the EU. And then there's an aspect of this can be a competitive advantage. Peter mentioned that this is starting to include in contracting processes. And, again, you don't want to have that renewal of a contract come up and then there's a new aspect that this is required, and you're not prepared.

Take the time to understand and use that as a competitive advantage. And, as always, there's aspects across an organization, including from the accounting, finance, operations, IT, and sustainability folks, there needs to be an understanding, and I would also probably put in HR, from a social side, so there's multiple stakeholders that can be impacted and it's important to have them involved in the discussion early on. And then understand what those requirements and expectations are from all your stakeholders. That's the key message here, that you need to understand ... that dives into what else are your requirements there.

I know that we've got a few more questions that have come in here. Let me just take a look. And, while we're doing that, this is, again, Lourenco, Peter, and my contact information. If you have any other questions that are not answered, feel free to reach out to us. One of the questions that had come in, how would a US service provider with a remote or hybrid workforce handle the landlord example shown earlier? I think that was part of your slide, Lourenco. Would each employee have to provide utility bills, et cetera?

Lourenco Miranda: Yes. The answer is yes. Yes. Yes, yes, yes. That's your Scope 2. That's your Scope 2 of your company. Yeah, they are remote. Their office is a home office. They have to provide the electricity bills and then the energy consumed as Scope 2, and then the answer is yes. The European Union company is Scope 3, and also labor conditions as well. And, if it's a service provider, yes, labor conditions as well down supply chain. If you have also suppliers for you, you have to demonstrate that as well.

I don't know if you have anything to add to this one. That's a very good question.

Charles Waring: Peter, another question that's come in, if a US parent is in scope for the EU-consolidated sustainability reporting for 2028, do its EU subs need to be prepared sustainability reports only from 2028 or a different date? Again, another question on the timeline here and how do we interpret it and apply it?

Peter MacDonald: Yeah, Charles, it's a good question. The timing is, as you've said yourself here, timing is crucial in this whole endeavor. The individual EU companies need to assess whether they are in scope or not on their own as individual entities under European law, regardless of the status of the non-EU parent undertaking. That means that each and every one of them need to go through the process of establishing whether they meet those science criteria, whether they have listed securities, whether they're an SME or non-SME, et cetera, and come up with a strategy to address their own sustainability reporting requirements, meeting all of the EU sustainability reporting topics under the E, the S, and the G. And that is completely apart from any consolidated reporting that the US parent or non-EU parent might need to fulfill.

And those reporting obligations start, as we set out earlier on, starting from the financial year '24 for public interest entities, and from '25, for other so-called large entities, and frankly, those size criteria are not that large. 40 million euro turnover, 20 million assets, 250 employees is a relatively low bar, so a lot of companies are going to get caught by that. And then, even if they're not, as we've said a number of times, yeah, they're going to be drawn into sustainability reporting of some form through the value chain and then, ultimately, as a component of the broader European operations that might be caught in the consolidated reporting from '28. But, yeah, the short answer is they will be caught up in their own right according to the phased in timeline.

Charles Waring: Great. Thank you. Lourenco, I think I'll tee this one up for you. What are the things that a US-based company should do when their European counterparts are requesting information about the sustainability practices of that US company?

Lourenco Miranda: Yes, that's a very good question, Charles. The first thing is to understand the requirements, understand the scope, and understand what is being asked from you. You have to understand more the European regulations so that you understand where the data that you need to provide to your European counterparts will be. You have to create a program to identify the information that you need to provide to the European counterpart, in what format, but it's not a one-off situation. It's going to be a perpetual ... until you have relationships with this European counterpart, you have to provide this information on a regular basis.

To your point, when you mentioned one of the challenges is data, so we have to create systems, internal controls processes, in order to create a repeatable and reliable and auditable system of process that will enable this company to provide the information that is needed, data of the company itself, and also this company, the US company, needs to map their supply chain, map their counterparts as well, the business counterparts, down the supply chain, as well, so that they understand what kind of information they will need from their suppliers to provide to their European counterparts. That's a good example of the complexity of these requirements.

The call for action is immediate. It's something that you have to start thinking about as a US company, that you're not off the hook even if you're not a public company. If you're a small company, but you're part of a supply chain of another company that has a client in Europe, you're on the hook. A good example is once a tire manufacturer in Arkansas approached me and asked, "Okay, Walmart is approaching me to become their supplier and they are requiring all this information for us to become eligible to be one of their suppliers, to be one of the points. That's already in the procurement requirements from these large companies that they start asking for ESG policies, ESG frameworks, procedures, where the data is, if they can estimate this data GHG emissions on a regular basis. This tire company said, "Okay, what do I do?" That's a question that most of these smaller businesses are asking themselves, and then you have to start thinking about this now if you want to become a partner of these larger companies. In this global market, as I said, it's a must.

Charles Waring: Great. Thank you, Lourenco. Peter, the next question, I'll go back to you on because it relates to the CSRD, and how many different elements or components are included on this? What's the total size that a company needs to be anticipating that they'll have to report on?

Peter MacDonald: Yeah, Charles, I think it's good to just take a step back. The 10 topical standards, each of them follows a principles-based approach. They all start off with requiring a company to disclose their policy. For example, the pollution standard would require a company to disclose their policy on emissions to air, water, soil, the use of plastics, and the use of dangerous chemicals, for example, that each of those is a disclosure requirement. And then it would go into what targets has the company set to minimize or eliminate those emissions, and then what actions they're taking to meet those targets and what metrics they're using to measure the success of those actions.

There's a four-tier step there that's policy, targets, actions, and metrics in each standard. If you count up the disclosure points, it's something like 84 different disclosure points, but the actual data points, once you get into the metrics, runs into hundreds. It's very extensive once you start counting things like Scope 1, 2, and 3 emissions, measuring your use of plastics, measuring your use of dangerous chemicals. There's a very, very large number. Some counts are somewhere around 1000 different data points that would need to be collected.

Charles Waring: Great. Certainly, not a small undertaking for a company. I'll take the next question here. How are companies preparing for this, including if they're impacted by the US SEC rule? One of the things that we're seeing and we've been working with companies on is that, whatever the scope of the compliance or reporting aspects that they're looking for, so whether they fall into just the US or also if they've got that connection with the EU, that then we're working with and going through with the clients as far as the specific requirements, what are those processes and internal controls that they're required to have to support the reporting based upon the framework that they're falling into? There's an aspect that there is overlap, but, as I think that both Peter and Lourenco have emphasized, that EU piece certainly has more information that's required beyond just what the SEC is working at for right now.

I think we've got time for one more question here, and maybe this goes back to Peter as well. Is there any indication on penalties for not reporting or reporting incomplete information?

Peter MacDonald: Charles, no. There would be sanctions potentially introduced by each member state as they bring the directive into national law, but these would fall into the same umbrella as corporate action, non-compliance corporate action. At this stage, we wouldn't see any direct sanction on a value chain actor. The sanction might be on the reporting company if they're not reporting complete information, but not directly on the value chain participant.

Charles Waring: Okay, great. And I'll quickly answer the last one that just came in, and then we'll wrap up. What are the challenges presented by the new requirements? I think that the main piece here is understanding what are the reporting requirements for the entity, and then based upon that, what type of information does the entity have? If they're required to report on the different aspects within the environmental piece, do they have that data? Is it readily available? Is it in a form that can be presented and articulated in a controlled manner that would, depending, again, if you're filing directly with the EU, that it would be able to have an independent attestation that goes along with that?

With that, I'll conclude our webcast here. Thank you, Lourenco and Peter, for joining me today, and everyone else on the line. Everyone who joined us will receive the link to the recording for future reference and have a great day.

Transcribed by Rev.com