Q1 2024 compliance overview: Navigating climate risk, supply chain regulations and AI challenges
The first three months of 2024 were dominated by ESG developments, with the Securities and Exchange Commission (SEC) finalizing its climate reporting rule on March 6 and the EU Council ratifying the Corporate Sustainability Due Diligence Directive (CSDDD) less than two weeks later on March 15. Globally, efforts to eradicate slave labor from supply chains remain a regulatory priority.
Meanwhile, sanctions, FCPA and export control enforcement continue to be hot topics.
Climate reporting
While many companies have long been collecting and reporting climate-related data, sustainability officers will need to pay close attention to the slate of new rules coming out.
“2024 presents a turning point in the ESG regulatory landscape, with various laws, including reporting requirements, coming into effect,” noted law firm Latham & Watkins in a client memo, which also predicted more private litigation against reporting companies above and beyond government enforcement.
Among the rules entering the data-collection phase before reporting requirements kick in is the EU’s Corporate Sustainability Reporting Directive (CSRD). Not to be confused with the CSDDD, the CSRD includes climate reporting requirements tougher even than the SEC rule and applies to companies with a modest amount of revenue generated within the EU.
While the SEC’s rule was hotly anticipated, preparing for it was made more difficult by speculation as to what might be dropped from the proposed rule, as well as planned lawsuits from groups opposed to its main objectives.
In fact, Scope 3 emissions, which derive from a company’s value chain including customers of its product, were excluded from the final requirements as some investors raised concerns that methodologies for calculating them were inconsistent.
Companies may not avoid Scope 3 for long, however. California law SB 253 and the CSRD require disclosure of the data and most investors continue to request it from some sectors. Indeed, the global recommendation of the International Sustainability Standards Board (ISSB) is to report Scope 3.
For companies looking to understand the implications of the SEC rule, The Diligent Institute’s Corporate Director Podcast featured a deep dive on the subject, while Diligent has also produced a guide to compliance.
Following the adoption of the rule, a dozen long-prepared lawsuits were filed challenging the SEC’s authority. Most argue that the SEC exceeded its authority and cannot require companies to make non-financial disclosures, although at least one argues the SEC did not go far enough.
The SEC has stayed the rule temporarily as a practical matter, allowing the challenges to be consolidated. But it intends to fight vigorously to keep the rule intact. According to law firm Perkins Coie, “The SEC believes that the final rule is a lawful exercise of its regulatory authority, but a voluntary stay will allow the consolidated cases to focus on the merits of the appeal and avoid regulatory uncertainty in the meantime.”
Due diligence
Supply chain and third-party due diligence continues to be of critical importance to both public and private companies, driven by a focus on forced labor and sanctions enforcement.
The first quarter of 2024 saw a 4% increase in the number of sanction records globally, according to Diligent data. Those increases were driven by a focus on individuals in Moldova and connected to Hamas, in response to the wars in Ukraine and the Middle East, respectively.
According to the FCPA Clearinghouse, a joint project between Stanford Law School and Sullivan & Cromwell, the typically slow start to the year in FCPA enforcement activity was in line with 2023. However, its first quarter overview cited a focus on international commodity trading companies that allegedly paid bribes in Latin America and Africa, plus a new whistleblower reward program from the Department of Justice designed to bring the agency into line with the SEC and other bodies.
Separately, the DOJ reported on the first year of its Disruptive Technology Strike Force Efforts, citing cases related to exports to Russia, China and Iran, and partnerships with international governments and private sector parties. Export controls, along with sanctions, are expected to be a focus for enforcement actions in the near term.
Ratification of the CSDDD is on track with the EU Council agreeing a scaled back proposal in March. Amnesty International Policy Advisor Hannah Storey said that despite the new rule affecting around 30% of the companies covered by the initial scope of the rule, “this legislation remains a vital step toward establishing the principle in EU law that businesses must address human rights risks in their operations and value chains.” The rule now goes to the EU Parliament for approval.
For more on the CSDDD, see Diligent’s guide to how the rule affects your supply chain operations. And for an overview of other supply chain rules, including the California Transparency in Supply Chains Act, the U.S. Uyghur Forced Labor Prevention Act, Canada's Fighting Against Forced and Child Labour in Supply Chains Act, and Australia’s Modern Slavery Act, see here.
Compliance week
Diligent was out in force at Compliance Week in Washington D.C. at the beginning of April, where Principal of Solution Design Russell Dover noted that two big topics were artificial intelligence (AI) and climate reporting.
“While there’s a lot of excitement about potential new applications for AI that can help compliance teams, there’s also an understanding of the need to fully vet any AI solutions and compatibilities with other software so as not to introduce additional risk,” he said. “Using AI in a trusted and vetted platform is a common approach.”
Dover moderated a panel discussion on a Proactive Approach to ESG and said, “Companies that are already advanced in their ESG reporting journey are at the stage of navigating pain points to stay in compliance with increased regulation. These include the reliability of future projections, differing materiality standards between U.S. and EU rules, and practical issues such as increased volumes of customer surveys.”
Diana Kelley, the chief information security officer at Protect AI, presented to the conference on the importance of applying compliance to the rollout of artificial intelligence tools such as machine learning (ML), including risk assessments, policies and procedures, and monitoring.
“Awareness of the AI and ML visibility problem is increasing, I know companies want to do the right thing,” Kelley told Diligent after the event. “I’m very happy to see that compliance teams – both internal and external audit – are looking at AI and ML security. And excited to know that this was of enough importance for Compliance Week to invite me to come and speak about the need for auditability of AI and ML and that people wanted to have the conversation.”
Learn more about improving your compliance program with Diligent One
The Diligent One Platform streamlines your risk management, ESG reporting and compliance programs by delivering best-in-class solutions and centralizing all of your GRC activities in one place. Find out more about how software from Diligent can enhance your approach and ensure you comply with your due diligence obligations, stay on top of climate reporting requirements and get AI-ready with a demo.
