The roadmap for the EU Commission’s milestone Corporate Sustainability Reporting Directive is taking shape and now is the time to start preparing for a brave new era in non-financial reporting, writes Conor Holland With the Corporate Sustainability Reporting Directive (CSRD) now approved by the European Council, entities in the EU must begin to invest significant time and resources in preparing for the advent of a new era in non-financial reporting, which places the public disclosure of environmental, social affairs and governance matters (ESG) matters on a par with financial information. Under the CSRD, entities will have to disclose much more sustainability-related information about their business models, strategy and supply chains than they have to date. They will also need to report ESG information in a standardised format that can be assured by an independent third party. For those charged with governance, the CSRD will bring further augmented requirements. Audit committees will need to oversee new reporting processes and monitor the effectiveness of systems and controls setup. They will also have enhanced responsibilities. Along with monitoring an entity’s ESG reporting process, and evaluating the integrity of the sustainability information reported by that entity, audit committees will need to: Monitor the effectiveness of the entity’s internal quality control and risk management systems and internal audit functions; Monitor the assurance of annual and consolidated sustainability reporting; Inform the entity’s administrative or supervisory body of the outcome of the assurance of sustainability reporting; and Review and monitor the independence of the assurance provider. The CSRD stipulates the requirement for limited assurance over the reported information. However, it also includes the option for assurance requirements to evolve to reasonable assurance at a later stage. The EU estimates that 49,000 companies across the EU will fall under the requirements of the new CSRD Directive, compared to the 11,600 companies that currently have reporting obligations. The EU has confirmed that the implementation of the CSRD will take place in three stages: 1 January 2024 for companies already subject to the non-financial reporting directive (reporting in 2025 for the financial year 2024); 1 January 2025 for large companies that are not presently subject to the non-financial reporting directive (reporting in 2026 for the financial year 2025); 1 January 2026 for listed SMEs, small and non-complex credit institutions, and captive insurance undertakings (reporting in 2027 for the financial year 2026). A large undertaking is defined as an entity that exceeds at least two of the following criteria: A net turnover of €40 million A balance sheet total of €20 million 250 employees on average over the financial year The final text of the CSRD has also set timelines for when the Commission should adopt further delegated acts on reporting standards, with 30 June 2023 set as the date by which the Commission should adopt delegated acts specifying the information that undertakings will be required to report. European Financial Reporting Advisory Group In tandem, the European Financial Reporting Advisory Group (EFRAG) is working on a first set of draft sustainability reporting standards (ESRS). These draft standards will be ready for consideration by the Commission once the Parliament and Council have agreed a legislative text. The current draft standards provide an outline as to the depth and breadth of what entities will be required to report. Significantly, the ESRS should be considered as analogous to accountancy standards—with detailed disclosure requirements (qualitative and quantitative), a conceptual framework and associated application guidance. Readers should take note—the ESRS are much more than a handful of metrics supplementary to the financial statements. They represent a step change in what corporate reporting entails, moving non-financial information toward an equilibrium with financial information. Moreover, the reporting boundaries would be based on financial statements but expanded significantly for the upstream and downstream value chain, meaning an entity would need to capture material sustainability matters that are connected to the entity by its direct or indirect business relationships, regardless of its level of control over them. While the standards and associated requirements are now largely finalised, in early November 2022, EFRAG published a revised iteration to the draft ESRS, introducing certain changes to the original draft standards. While the broad requirements and content remain largely the same, some notable changes include: Structure of the reporting areas has been aligned with TCFD (Task Force on Climate-Related Financial Disclosures) and ISSB (International Sustainability Standards Board) standards – specifically, the ESRS will be tailored around “governance”, “strategy”, “management of impacts, risks and opportunities”, and “metrics and targets”. Definition of financial materiality is now more closely aligned to ISSB standards. Impact materiality is more commensurate with the GRI (Global Reporting Initiative) definition of impact materiality. Time horizons are now just a recommendation; entities may deviate and would disclose their entity-specific time horizons used. Incorporation of one governance standard into the cross-cutting standard requirements on the reporting area of governance. Slight reduction in the number of data points required within the disclosure requirements. ESRS and international standards By adopting double materiality principles, the proposed ESRS consider a wider range of stakeholders than IFRS® Sustainability Disclosure Standards or the US Securities and Exchange Commission (SEC) published proposal. Instead, they aim to meet public policy objectives as well as meeting the needs of capital markets. It is the ISSB’s aim to create a global baseline for sustainability reporting standards that allows local standard setters to add additional requirements (building blocks), rather than face a coexistence of multiple separate frameworks. The CSRD requires EFRAG to take account of global standard-setting initiatives to the greatest extent possible. In this regard, EFRAG has published a comparison with the ISSB’s proposals and committed to joining an ISSB working group to drive global alignment. However, in the short term, entities and investors may potentially have to deal with three sets of sustainability reporting standards in setting up their reporting processes, controls, and governance. Key differences The proposed ESRS list detailed disclosure requirements for all ESG topics. The proposed IFRS Sustainability Disclosure Standards would also require disclosure in relation to all relevant ESG topics, but the ISSB has to date only prepared a detailed exposure draft on climate, asking preparers to consider general requirements and other sources of information to report on other sustainability topics. The SEC focused on climate in its recent proposal. The proposed ESRS are more prescriptive, and the number of disclosure requirements significantly exceeds those in the proposed IFRS Sustainability Disclosure Standards. Whereas the proposed IFRS Sustainability Disclosure Standards are intended to focus on the information needs of capital markets, ESRS also aim to address the policy objectives of the EU by addressing wider stakeholder needs. Given the significance of the directive—and the remaining time to get ready for it—entities should now start preparing for its implementation. It is important that entities develop plans to understand the full extent of the CSRD requirements, and the implications for their reporting infrastructure. As such, they should take some immediate steps to prepare, and consider: Performing a gap analysis—i.e. what the entity reports today, contrasted with what will be required under the CSRD. This is a useful exercise to inform entities on where resources should be directed, including how management identify sustainability-related information, and what KPIs they will be required to report on. Undertaking a ‘double materiality’ analysis to identify what topics would be considered material from an impact and financial perspective—as required under the CSRD. Get ‘assurance ready’—entities will need to be comfortable that processes and controls exist to support ESG information, and that the information can ultimately be assured. The Corporate Sustainability Reporting Directive represents a fundamental change in the nature of corporate reporting—the time to act is now and the first deadline is closing in.

Companies preparing for the commencement of the Protected Disclosures (Amendment) Act 2022 in the New Year will need to overhaul whistleblowing policies and processes, but the effort will bring clear benefits, writes Gráinne Madden Encouraging people in an organisation to speak up about their concerns should be a no-brainer. Why would an organisation not want to know about a potential risk? Why would an organisation want an employee to feel the need to go to an external body, such as a regulator or the media, to highlight internal problems? International research repeatedly reinforces that there are two main reasons why people fail to speak up about their suspicions of wrongdoing. First, there is the fear of retaliation. Current Irish and UK law is seeking to address this by offering protection. The second reason people fail to speak up about their suspicions of wrongdoing in an organisation is fear of futility. This is the fear that nothing will be done, even if they do speak up—and this is why having clear policies and processes in place is so important.  The absence of a whistleblowing policy and process in an organisation will certainly send the message that the organisation does not really want to hear about any problematic issues that may exist or arise.  As it stands, in Ireland and the UK, workers are entitled to legal protection against dismissal, or other reprisal from their employer or colleagues, when disclosing concerns about certain issues. Until now, however—except in certain sector-specific areas—most organisations have not been required to put a whistleblowing policy or procedures in place, or to follow up on such disclosures.  The EU Whistleblowing Directive will, however, bring major changes to which organisations operating in EU jurisdictions must now respond. In Ireland, the Protected Disclosures (Amendment) Act 2022 will commence on 1 January 2023, giving effect to the EU Directive. New requirements for organisations There are several key additional requirements that will apply to organisations under the new Act, which are considered below. Employee thresholds For workplaces with more than 50 employees, there will be a requirement to have formal channels and procedures for receiving and, crucially, following up on disclosures. Workplaces with between 50 and 249 employees have until December 2023 to comply, and 250-plus employee workplaces must comply at commencement.  However, all organisations operating in certain sectors will be required to comply at commencement, even those employing fewer than 50 people. This includes:  public bodies; companies subject to EU laws in the areas of financial services, prevention of money-laundering and terrorist financing; transport safety; and protection of the environment (offshore oil and gas installations and operations only). The 2022 Act states that the Minister for Public Expenditure and Reform may, by order, reduce the threshold of 50 employees for specified classes of employers, subject to a risk assessment and public consultation.  Change of definitions and burden of proof Under the new Act, the scope of protected persons will be extended to include non-executive members, shareholders, volunteers, and ‘pre-contractual’ employees, such as candidates applying for a job during the recruitment process before the work-based relationship even begins. Further, retaliation will be more broadly defined. In respect of alleged detriment (be it an act or omission) caused to a person because of the making of a protected disclosure, the employer will have to prove that the detriment complained of was not in retaliation for, or because of, the person having made a protected disclosure.  Administration and staff Confidentiality regarding whistleblowing must be respected by all reporting systems and access to data by non-authorised staff prevented. For staff who are authorised, appropriate training must be given in respect of the handling of reports. Finally, records must be kept of all reports, as well as ensuring follow-up and feedback regarding these reports within certain timeframes.  Blending culture with policy The required process management will mean that many organisations will need to implement issue management systems. Simply having a policy and process in place isn’t, however, going to be an encouragement for nervous employees. Creating a culture in which people feel safe in speaking up—and feel that their concerns are welcomed—is far more important.  So, in addition to having a sound policy and process in place, what other steps should employers consider? Here are seven recommendations: Train managers and team leads to recognise when an issue could be a protected disclosure and, most importantly, to receive reports of potential issues in a calm and welcoming way. Word can spread very quickly about managers not being open to bad news. Think about how whistleblowing is discussed in the organisation and consider whether it is healthy or whether the narrative needs to be changed. Any pejorative language in connection with whistleblowing or speaking up needs to be identified and stamped out. The focus must be on recognising that people who bring risks to our attention are doing the organisation a great favour. It is worth highlighting that research demonstrates that the people who blow the whistle tend to be the most loyal employees who care greatly about the organisation. Ensure that the confidentiality regime is well- communicated and respected so that employees can be confident their identity will not become known if they disclose an issue. Do not become complacent if the whistleblowing policy is not used—rather than indicating a spotless organisation, it could be signalling a poor work culture where people either fear speaking up or just don’t care enough to bother. Remove any ‘good faith’ requirement from policies. The focus should be on the issue reported, not the motivation of the person reporting. Furthermore, there is no ‘good faith’ obligation under Irish or UK law or the directive. Make sure that penalisation is not tolerated. State this clearly in the whistleblowing and speaking-up policy, making sure there are clearly defined processes for reporting claims of penalisation and for following up on claims of penalisation. Provide feedback to a discloser on any action taken in response to their disclosure. The ability to do this will depend on the nature of the issue and the rights to confidentiality of other parties. At the very least, a discloser should be reassured that their concerns have been dealt with appropriately. It is likely that most organisations will need to overhaul their whistleblowing policies and processes in response to the Protected Disclosures (Amendment) Act 2022. The requirements may seem daunting, but help and advice on good practice is available. The benefits are clear, not just in terms of risk management and protection of brand and reputation, but also for the common good.

Chartered Accountant Eamonn Hughes is playing a leading role in Bank of Ireland’s Responsible and Sustainable Business Strategy. Hughes tells Accountancy Ireland about the four-year plan and his goals as Chief Sustainability and Investor Relations Officer  Before joining Bank of Ireland Group in February as Chief Sustainability and Investor Relations Officer, Chartered Accountant Eamonn Hughes had a longstanding career as a sell-side market analyst with more than 25 years’ experience in capital markets and domestic banking.  Having worked most recently with Goodbody, the stockbroking firm, as Irish Banks and Insurance Sector Analyst and, before that, Head of Research, Hughes also had a clear view of the swift rise in environmental, social and governance (ESG) to the top of the financial agenda worldwide. “I could see that ESG was becoming hugely important in capital markets and the financial sector. The climate crisis, in particular, is a critical threat, but also a significant opportunity,” said Hughes. “For our planet, there is no Plan B, but the discussion about sustainability is not just about climate change. It is also about creating a more sustainable business model. Our vision at Bank of Ireland is to be the national champion in Ireland, to use our balance sheet and resources to drive positive change for a better, fairer society and improve the environment. “This gives me a very strong framework to think about my role, because, if we can deliver on our ESG strategy, we can ultimately deliver a more sustainable business model for all stakeholders and positive returns for investors. “The ESG agenda also involves regulators, so disclosure and risk management are very important—and there are reporting frameworks in place, but they are evolving very quickly. This is one of the challenges we face and is also why transparency and the availability of clear data is so important.  “With my background in capital markets, I can clearly see the mobilisation in capital, and I think the banking sector has a very obvious supporting role to play in society’s sustainability transition.” Investing in tomorrow Bank of Ireland published its Responsible and Sustainable Business Strategy in March 2021, a year before Hughes joined the group.  Bank of Ireland’s four-year Investing in Tomorrow strategy set out its own goals to support the green transition, alongside two additional pillars: enabling colleagues to thrive; and enhancing customers’ financial wellbeing. The Investing in Tomorrow green transition pillar included the setting of science-based targets aligning the bank’s lending portfolios with the Paris Agreement. The international treaty on climate change, adopted in 2015 at COP 21, set out a goal to limit global warming to 1.5 degrees Celsius, compared to pre-industrial levels. “Data is key across all three pillars, because reporting is essentially an output of what we are doing in support of climate change, colleagues, customers and the organisation as a whole,” said Hughes. “We need to focus on how we interact with our stakeholders internally and externally and, in my role, investors are obviously a key priority. As investors now have to produce more disclosures themselves, they will need to engage more with us in terms of what we are doing on our own ESG journey.” Clear reporting strategy How Bank of Ireland communicates with, and reports to, stakeholders on the progress of its ESG strategy is a priority for Hughes in his role as Chief Sustainability and Investor Relations Officer. “Ultimately, we need to explain how we are meeting the targets set out in our strategy, and it is incumbent upon us to develop the capacity and skill sets we need to support reporting and strategy delivery,” he said. “My role is to support in delivering across all three pillars, which involves a lot of data-gathering internally, particularly from a regulatory and reporting perspective.” Detailed progress reports on ESG will now be a core part of Bank of Ireland’s annual reporting cycle. “We need to be able to demonstrate clearly that we are creating a sustainable business strategy, enabling colleagues to thrive in the organisation and enhancing financial well-being among customers, in addition to supporting the sustainable transition,” said Hughes. “Transparency is hugely important. There are a lot of differentials in this space, so we need to standardise our reporting; to be able to explain clearly and cohesively what we are doing and why.” Commercialisation is becoming increasingly important as Bank of Ireland continues to implement Investing in Tomorrow, Hughes said. “Like many banks, we are in the commercialisation phase of our ESG strategy with the creation of sustainable finance solutions for, and increasing engagement with, customers. We are supporting and incentivising customers through competitive rates to buy or build an energy efficient home or to retrofit their home or business to make it more energy efficient.” Sustainable finance fund Bank of Ireland recently announced a €3 billion increase in its Sustainable Finance Fund, which will bring it to €5 billion by 2024. The fund covers green propositions, including mortgages, home improvement loans and business  loans.  Bank of Ireland’s inaugural standalone Responsible and Sustainable Business Report, published in June, tracked the progress of its ESG strategy in 2021. More than €1.8 billion in mortgages, home improvement loans and business loans had been drawn down from the Sustainable Finance Fund by the end of the year, the report stated. Thirty-five percent of all mortgages provided by the bank in 2021 were green, rising to 48 percent in the first half of 2022.  Bank of Ireland was also the largest provider of wholesale finance for electric vehicles in 2021, providing finance to 13 of the 15 car manufacturer franchises. The publication of the Responsible and Sustainable Business Report marked a significant “step-change in the tracking and transparency” of the bank’s ESG reporting, Hughes noted.  “Our stakeholders—including customers, shareholders, and regulators—are demanding far greater transparency as to how we are meeting our ESG commitments,” he said. “This report provides insight into our strategic approach, appraisal of our progress to achieve our purpose, and information on the key focus areas we plan to progress in the years ahead. Being clear on ESG, and showing how you are delivering what you sign up to, is now a commercial imperative for all lenders, including Bank of Ireland.” Science-based targets Bank of Ireland has also committed to setting science-based targets across portfolios and operations to align lending practice with the low carbon ambitions set out in the Paris Agreement. “We completed two successful green bond issuances in 2021, raising €1.25 billion with the capital used to finance green buildings, renewable energy projects and clean transportation,” said Hughes. “Thirty-five per cent of the mortgages we provided in 2021 were green and we have also launched a green mortgage product in the UK.” Bank of Ireland is providing finance for the development of at least 750 megawatts of renewable wind capacity across the island of Ireland. The bank is also in the process of decarbonising its own operations—reducing absolute emissions by 88 percent between 2011 and 2021. Social and governance Although supporting the green agenda is a major part of Investing in Tomorrow, the strategy also sets goals for investing in colleagues and enhancing customers’ financial wellbeing. “We recognise the supporting role we can play in Ireland’s response to the climate crisis, but the ‘S’ and ‘G’ are equally important when we consider ESG,” Hughes said. “We have a strategy to improve the financial wellbeing of our customers and to foster a financially inclusive society.” Bank of Ireland was, Hughes said, supporting customers to become more financially confident, while also working to simplify processes, so that the “financially marginalised have easier access to banking services.” Financial health and inclusion  Bank of Ireland is one of 28 banks around the world that have signed the Commitment to Financial Health and Inclusion published in December 2021 under the United Nations Principles for Responsible Banking (PRB). A first-of-its-kind initiative aimed at promoting universal financial inclusion and health in the banking sector, its launch closely followed the publication of the UN’s PRB Collective Progress Report. The report identified financial inclusion as the third most pressing sustainability challenge facing signatory banks, behind climate mitigation and adaptation. “This UN initiative is particularly important in an environment in which we have a cost-of-living crisis and customers are facing major challenges in the medium- to long-term. The question for us is, ‘how can we deliver this particular skill set and support our customers at a time when they really need it?’” said Hughes. Bank of Ireland is also helping customers to “live more sustainably” with the recent announcement of the roll out of bio-sourced debit and credit cards. Launched in October, the initiative will over time replace all plastic debit and credit cards issued by the bank, to help support the reduction of single-use plastic. “If we are to live in a more sustainable way, we need to do things differently, including through our everyday banking. The introduction of bio-sourced cards is a very practical way we can help our customers to reduce their environmental footprint,” Hughes said. “As a bank, we are working very closely with our customers on the sustainability transition. As they deliver, we deliver. It is a symbiotic relationship and an exciting place to be.”