In March 2022, the Securities and Exchange Commission proposed an environmental disclosure rule that is expected to be finalized this month. The proposed rule requires public companies to add certain climate-related disclosures in their public filings and to insert climate-related financial statement metrics in a note to their audited financial statements.
Now, let’s see what happens when we combine this "somewhat" complex proposed rule with the potential for criminal penalties for financial misstatements under the Sarbanes-Oxley Act.
What do you get?
Strong motivation to comply.
Here are six ways that public companies can use information governance best practices to comply (and demonstrate compliance) with the proposed SEC rule and potentially avoid the serious penalties that come with misstating their financials:
1. Implementing data quality standards and data validation processes that allow management to show regulators that they have used their best efforts to accurately collect environmental strategy, impact, and outlook data
2. Ensuring that their data governance framework accurately and usefully defines the roles, responsibilities, and procedures for collecting, managing, and reporting greenhouse gas data (and periodically auditing that framework)
3. Using data categorization and junk-data removal technologies to trace the source and lifecycle of environmental disclosure data so that staff can both find it and are using the right versions;
4. Regularly reviewing data collection and risk management processes from both compliance, risk, finance, and IT/Infosec perspective;
5. Making sure that employee information management training programs include information about environmental disclosures that is easily understood, relevant, and reflective of current legal standards; and
6. Involving IT staff early and often and making sure that employees and contractors use the right mix of strong data security measures and data privacy controls that are necessary to prevent data breaches that could compromise the accuracy of disclosed environmental information
The upshot is:
Regulators want to see a serious compliance effort, and companies need to show it (and that requires preparation and inclusion).