CSRD: Our answers to the big questions

The EU’s Corporate Sustainability Reporting Directive (CSRD) requires up to 50,000 companies with a European presence to report on their strategies, policies and performance on up to 1,100 ESG metrics. The CSRD requires detailed metrics for topics deemed significant to your business, meaning multiple business functions need to be engaged in the process.

From our conversations with sustainability leaders, we’re hearing about the challenges facing businesses as they attempt to prepare for this complex regulation. We’ve summarised answers to the five biggest questions so far.

The big questions and our answers

1. How complex is this really? How worried should we be and why?

The headlines can seem complicated; up to 1,100 metrics across climate change, pollution, water use, biodiversity, circularity, customers, people in your workforce and supply chain – but the complexity and effort level depend on two things.

1. Materiality: Performing a ‘double materiality assessment’ is part of the CSRD requirements. This intends to take the longlist of potential topics and identify which of these present considerable risks or opportunities to your business. In many cases, this will reduce the number of metrics required for reporting from the headline number. For example, you may not need to report on the use of microplastics and the risk of resulting pollution if this not relevant to your business.
2. Data availability: We’ve heard that sourcing data points for the CSRD is a major obstacle. Many ESG data points are not normally held in ERP systems within your company or by your suppliers. Emissions reporting has had more focus in the last few years, but other topics such as biodiversity and social require businesses to create data from scratch to create a baseline. Given this data challenge, we recommend performing a rapid data gap and quality analysis early on to understand where to focus efforts. Creating and collating this data will take months and can be complex, and new systems and processes will be required to manage the data.

2. When should we start?

There are four phases depending on the size and location of businesses – those covered already by the NRFD, large EU companies, listed SMEs and non-EU companies meeting revenue thresholds – but crucially, all businesses except “micro-undertakings” will need to report over the next four years.

Like homework, even if it’s not due for a while, it’s good to look at the question and make a plan to complete it, rather than panicking at the last minute.

Here’s our recommendations on no-regret activities you can do now.

• Align stakeholders on the effort. Responding to the CSRD has parallels to GDPR. It requires leaders across the business to take action to be ready. There is a long build up, but it’s crucial to get key stakeholders aligned on the facts, including:
  • what are we required to do?
  • what happens if we don’t do anything, by when?
  • what resources are required?
  • do we need to implement new technology?
  • how much budget do we need to protect for this?
  • who will manage the project?
• Perform double materiality assessment. Doing this early will inform the topics that need to be reported and indicate the complexity of data collection and management. It’s worth doing this early so you know where you stand.
• Assess data and system gaps. Perform a rapid gap analysis of data and identify any new system requirements. Following this, draw out the worst-case scenario timeline for sourcing the data and establishing new data management systems and processes. This is likely to take many months, so it’s important to explore early.
• Engage your auditor. Limited assurance is a key component of the CSRD. Speaking to your auditor early to understand what they will look for when assessing your disclosure will help to prioritise the data and activities required to develop your report.

3. Who should deliver this CSRD project?

It’s the sustainability team’s job isn’t it? Or the risk team?

Given the scope of metrics and strategies, delivering CSRD will require input across many different functions, including operations, people and HR, data and technology, finance and supply chain.

The project can be managed by a sustainability leader or team, but often these teams are very small – just a couple of people – or the role of sustainability leader is on the side of another business role. There can often be a capacity gap when it comes to getting into the detail of the requirements, performing materiality and data assessments and sourcing information.

We recommend three parts to the operating model.

1. Multi-functional accountabilities. Rather than relying on a couple of people from the sustainability team (if there is one), make relevant leaders of BAU functions accountable where possible. For example, task your people leader with preparing information on the workforce, or your operations leader with understanding the water pollution risk. This helps to spread the load and embed sustainability into the core business processes and culture, which is how sustainability should be in our view.
2. Central project management. There will need to be at least one person who has capacity to coordinate the project and stakeholders, manage progress reporting, track and escalate risks.
3. Flexible analyst resources: There will be times when external support is needed to provide capacity and expertise, for example, performing the double materiality assessment, analysing data and system gaps, and setting up new data management capabilities.

4. Do we need a technology platform?

Given the breadth of data points required, your existing systems may not be set up to handle the collation of quantitative and qualitative information required for the CSRD. Some companies already have systems for emissions tracking and reporting, but other metrics for biodiversity, pollution and workforce topics could require one or more new systems.

Fundamentally this is a data management challenge, requiring more than just new systems. In our view, there are four key considerations to effective data management for CSRD.

1. Data quality management. For a particular metric – for example, rates of recyclable content in packaging – do you have data for all relevant products, or countries? Is the way this is calculated consistent across products or sites or suppliers? Do you have the same baseline? If not, how can you align this for reporting purposes? Managing these data quality challenges requires an agreed approach up front. We suggest taking a sample of metrics and testing for these types of issues.
2. Data lineage. It may not be possible or desirable to integrate qualitative metrics and policy data across multiple systems. However, it’s important to map the data lineage – where the data is sourced from, how it is transformed using calculations and where it presents in different systems. In addition, having a reporting system, even if underlying systems are not integrated, will help to create “one version of the truth”.
3. AI potential. We know preparing ESG data for reporting is typically very manual, but there are potential applications of AI to scan multiple sources, such as policy documents, water or energy meter data or invoices, to help streamline data collection. We suggest exploring ways of automating time-consuming tasks and trialling one or two of these early on to understand the potential benefit.
4. People and roles. CSRD is not a one-off project but will require updated reports and tracking over time. Who will manage sourcing and assessing data year-on-year? It’s important to make CSRD reporting part of existing roles, so that there is an enduring solution after the initial report is published.

5. What should be done at Group vs European entity level?

For companies with multiple businesses, CSRD typically applies to the European entity, but there are opportunities for efficiency and to join up multiple sustainability activities by performing some elements at Group level, where the Group comprises non-European entities as well. For example:

1. Double materiality assessment (DMA). Where a European entity is similar and reflective of a wider group in terms of products, services and operations, then it makes sense to perform a DMA at Group level, but with a local entity component. For example, material topics are likely to be the same for the Group as a European entity. Avoid having to repeat the process and do this once for the Group, but include some specific local interviews and ensure the financial impact assessment includes analysis on the specific European entity. This provides a DMA that can be used at both Group and local level.
2. Data consolidation and technology. Some companies are preparing a sustainability data lake, pooling multiple non-financial data points across environmental and social metrics. There may be efficiencies in doing this at a Group level, but there is potential to pilot it in the relevant European entity. Whilst data requirements need to be tailored for each country, having a common central architecture – consistent data management processes and systems – will create a more robust, efficient solution than fragmented designs across countries.

STARTING EARLY FOR SUCCESS

The CSRD can seem quite daunting, but we believe starting early to assess the scale of the challenge and mobilising stakeholders across the business will help to alleviate concerns and give you a credible plan to tackle this comprehensive piece of regulation.