Regulations + Standards

IOSCO endorses the ISSB’s Sustainability-related Financial Disclosures Standards

Unsurprisingly yet nevertheless very encouragingly, the International Organization of Securities Commissions (IOSCO) has officially endorsed the IFRS Sustainability Disclosure Standards IFRS S1 (on general sustainability-related disclosures) and IFRS S2 (on climate-related disclosures). IOSCO is now calling on its 130 members, which regulate more than 95% of the world's financial markets, to consider ways in which to adopt and implement these standards in their own jurisdictions. The IFRS Foundation simultaneously released its Jurisdictional journey to implementing IFRS S1 and IFRS S2—Adoption Guide overview , which is an outline to a future Adoption Guide to support jurisdictions in their adoption of IFRS S1 and IFRS S2.

These are important developments in the process of making the IFRS Sustainability Disclosure Standards mandatory, which are necessary to making sustainability-related information widely available, comparable, and reliable. It’s always important to keep in mind that standards by themselves are not mandatory, however they are necessary to having comparable and externally assured disclosures. This is exactly what we’re seeing emerge in the European Union with the CSRD/ESRS.

Proposed IFRS Sustainability Disclosure Taxonomy

Equally unsurprisingly yet very encouragingly, the IFRS Foundation also released its Proposed IFRS Sustainability Disclosure Taxonomy for IFRS S1 and S2, which is open for public consultation until 26 September 2023. This is an(other) important development in the process of having comparable and widely accessible sustainability-related information. The elements of the taxonomy will enable companies to tag information to make it machine-readable, enabling users of corporate reports to extract, compare, and analyse it more easily. Having an XBRL taxonomy also facilitates the interoperability of the IFRS Sustainability Disclosure Standards with those of other jurisdictions, most notably the European Sustainability Reporting Standards (ESRS) for which an XBRL taxonomy is also underway. Importantly, interoperability between taxonomies relies on the interoperability of the underlying standards! It’s important to know that XBRL taxonomies exist for myriad of standards, including those of the IFRS and FASB financial accounting standards. It’s also important to note that the application of XBRL taxonomies requires the production of a digitized reporting document (in other words, not just a PDF). Indeed, regulators are prescribing reports that are easily readable by both humans and machines.

SEC’s Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure Rule

In equally very welcome news, the US Securities and Exchange Commission (SEC) has adopted the final version of its Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure rule, to enhance and standardize disclosures on this important [ESG] topic. More specifically, publicly listed US companies (and foreign private issuers) will have to:

• disclose any cybersecurity incident they determine to be material and to describe the material aspects of the incident's nature, scope, and timing, as well as its material impact or reasonably likely material impact on them, generally within four days of the incident occurring;
• describe their processes, if any, for assessing, identifying, and managing material risks from cybersecurity threats, as well as the material effects or reasonably likely material effects of risks from cybersecurity threats and previous cybersecurity incidents, on an annual basis;
• describe the board of directors’ oversight of risks from cybersecurity threats and management’s role and expertise in assessing and managing material risks from cybersecurity threats, on an annual basis;
• tag the new disclosures in Inline XBRL, including by block text tagging narrative disclosures and detail tagging quantitative amounts.

This new rule will become effective for fiscal years ending on or after 15 December 2023, while XBRL tagged disclosures will take effect one year after initial compliance.

With general attention hyper focused on the SEC’s climate disclosure rule, this one has remained largely under the proverbial radar, despite having been initially proposed around the same time as the climate rule. The structure of the requirements along the lines of the TCFD Recommendations (i.e., governance, strategy, management, performance metrics) and the requirement for digital XBRL tagging are particularly noteworthy; however, the SEC has for now stopped short or requiring external assurance of these disclosures. In any event, the SEC’s topic-centric approach may well contribute, over time, to the convergence of mandatory, comparable, and reliable sustainability-related disclosures around the world!