FCA consults on regulatory regime for ESG ratings providers

In late October, the UK Government published draft legislation to bring Environmental, Social and Governance (ESG) ratings providers into the remit of regulation (please see our previous blog post). Current proposals make the provision of ESG ratings a regulated activity under the Financial Services and Markets Act (FSMA), such that ESG rating providers will require FCA authorisation by 29 June 2028 (unless they fall within one of the defined exclusions or benefit from certain savings and transitional provisions). 

With the aim of making ESG ratings more transparent, reliable and understandable, the FCA published its expected consultation paper (CP25/34) on the proposed regulatory regime for ESG ratings providers on 1 December, inviting comments by 31 March 2026. 

In this blog post, we set out a summary of the FCA’s proposals.

Overview of the scope of regulation

As anticipated, the FCA proposes to extend many of its existing rules that apply to other FCA regulated firms to ESG rating providers as a baseline, but also to introduce tailored rules where it considers that existing rules are not appropriate or proportionate. The industry will be keen to see a regime that provides much needed transparency and accountability in this sector, whilst not stifling growth and innovation in sustainable investments. In this context, the FCA has made clear that it is seeking to apply a flexible and proportionate regime that will also encourage access to the UK market for overseas providers. 

In line with this approach, the FCA confirms that a number of standards contained in the FCA Handbook (including in the Systems and Controls (SYSC) and the Senior Managers & Certification Regime (SM&CR) sections) will apply to ESG ratings providers. Importantly, the anti-greenwashing rule forms part of the rules that will be applicable to ESG rating providers. In some cases, the FCA proposes to relax or strengthen existing requirements. For example, the FCA does not propose to apply the Consumer Duty to ESG ratings activity, on the basis that it is typically a wholesale activity and there is limited direct use of ESG ratings by retail consumers. This is consistent with the regulator’s broader commitment to address concerns about the application of the Duty to the wholesale sector (which we considered here and here). In contrast, in respect of the outsourcing requirements (in SYSC 8.1.1R), the FCA is proposing that this should apply to ESG rating providers as a rule, rather than guidance, because they often rely heavily on outsourcing.  The FCA is not consulting on scope (which is provided in the legislation), but it is proposing new perimeter guidance to help firms understand the scope of the new regulated activity.

New tailored rules

Alongside consideration of existing rules, the FCA has identified several areas where it proposes to add tailored rules for ESG ratings providers in its ESG Sourcebook, building on IOSCO recommendations. 

1. Transparency

In response to concerns from users and rated entities that it is difficult to get the information they need about ESG ratings, the FCA is seeking to improve transparency through its regulatory framework. 

Disclosures

Under the proposals, ESG ratings providers will be required to disclose various information to allow users, rated entities and other market participants to access clear and appropriately tailored information in a timely manner. Two required buckets of disclosures are proposed:

• Minimum public disclosures: these are aimed at setting a baseline of information for all interested stakeholders to understand how ESG ratings work, covering topics such as methodologies (including data sources), objectives, conflicts of interest and risks.
• Specific disclosures to direct users and rated entities: these additional disclosures are intended to reflect the different information needs of direct users and rated entities. They include more detailed product-level and individual rating-level information to help these two groups understand why an individual rating is what is it, what factors influence it and how the overall rating process and product are governed. More generally, providers should disclose any other information that would be reasonably expected to help users or rated entities’ understanding. 

General expectations 

Alongside disclosures, the FCA has outlined a set of general expectations, which include the following:

• Disclosures must be easily accessible, prominent and free of charge to relevant stakeholders. They must be accurate, fair, not misleading and updated as soon as practicable.
• When making each disclosure, ratings providers should consider what information could be reasonably expected to help recipients’ understanding.
• Where trade secrets are exempted from disclosure, ratings providers must explain what they cannot disclose and why.

2. Governance and systems and controls

The FCA makes various proposals aimed at ensuring ESG ratings providers have robust governance arrangements and strong systems and controls in place to ensure ratings remain credible, reliable and independent. Alongside baseline rules on governance and systems and controls, the FCA is suggesting bespoke rules to cover risks of harm specific to ESG rating providers.

Governance

The FCA is seeking to apply existing outsourcing requirements from SYSC, but also the following specific requirements: 

• The provider (as the FCA-authorised firm) must be the entity with operational responsibility for overseeing, reviewing and making any necessary changes to any part of the rating process.
• The provider must maintain sufficient presence and accountability in the UK.
• The provider must not outsource its responsibility (except to a member of its group) for certain activities, including governance arrangements and systems and controls required to ensure the integrity, independence and reliability of the ESG ratings and the process for ensuring the rating methodology meets UK regulatory requirements.
• Any outsourcing (including intra-group) must be evidenced by an agreement setting out each party’s responsibilities.

Systems and controls

The FCA expects a provider’s systems and controls to be appropriate to the nature and size of its business. Building on baseline SYSC requirements, the FCA proposes that ratings providers:

• Conduct quality assessments of their rating processes to ensure each rating is produced in compliance with its methodologies.
• Have systems in place to ensure ratings are based on accurate and up-to date information.
• Keep detailed records and documentation to support rating practices sufficient to be able to reproduce the rating.
• Implement policies and procedures to prevent relevant employees from entering into personal transactions that contravene the UK Market Abuse Regulation, that could create a conflict of interest damaging a rating’s credibility or that would involve improper use or disclosure of confidential information.

3. Conflicts of interest

Conflicts of interest present a key risk to the integrity and independence of an ESG rating. The FCA has chosen not to apply existing SYSC 10 conflicts rules to ESG ratings providers, as it considers a more tailored approach would better address the nature of conflicts of interest in this market. 

To address this risk, the FCA proposes a combination of tailored rules and guidance. Providers will need to take appropriate steps to identify actual or possible conflicts during the rating process, maintain effective systems and controls, keep records of conflicts, publish certain related information where a conflict has not been successfully addressed and have an appropriate conflicts policy for the nature, complexity and size of the provider’s business. 

4. Recognising the importance of stakeholder engagement 

The FCA’s proposals recognise the importance of providers engaging with stakeholders (covering users, rated entities and any other stakeholders accessing available ratings) throughout the rating process. The suggestions introduce bespoke requirements for rating providers, rather than the standard complaints and redress framework under FSMA and the FCA Handbook. There are various notable proposals, including: 

• Rating providers must have procedures for receiving and processing stakeholder feedback.
• Ratings providers must send advance notification to entities being rated for the first time and allow for correction of factual errors.
• Rated entities will be entitled to request the data used to produce their rating to check factual accuracy.
• Rating providers must maintain effective and transparent policies and processes for managing complaints. 

5. Senior managers and certification regime

The FCA believes clear accountability and high standards of personal conduct are essential to maintain the integrity and reliability of ESG ratings. Not unexpectedly, they have therefore decided to apply all existing elements and rules of SM&CR to ESG rating providers, whom the FCA expect to be classified as core firms under the rules (unless they are already categorised as an enhanced firm or opt up to that categorisation). This includes the Senior Managers Regime (dealing with requirements relating to roles held by the most senior people in the firm), the Certification Regime (which covers other functions that may have a material impact on risks to customers, markets or the firm’s risk profile) and the Conduct Rules (which set minimum standards for most employees). 

For overseas providers, it is worth noting that the Senior Managers Regime does not have a territorial limitation and will apply to anyone performing a relevant senior manager role, whether or not they are based in the UK. The Conduct Rules will also apply on an extraterritorial basis to certain senior individuals. However, the Certification Regime is limited to individuals performing a certification function whilst based in the UK or who have contact with UK clients

Looking forward

The FCA is asking for comments by 31 March 2026 and is planning to publish the final rules in Q4 2026.

Impacted entities should consider the proposed regulatory regime in full, as this will likely require significant changes to their management processes, systems and controls, as well as their processes for producing ESG ratings and dealing with users, rated entities and other stakeholders. 

When determining whether an entity falls within the scope of the new regime, ESG ratings providers should consider the FCA’s guidance on the scope of the regulated activity. With the authorisations gateway expected to open in June 2027, the FCA aims to determine all applications by the time the regime comes into force on 29 June 2028. It will provide further details on timelines and transitional arrangements in due course. 

Separately, the FCA will consider whether any improvements are required in relation to firms providing ESG ratings as part of an existing regulated activity, which excludes such firms from the scope of the tailored ESG ratings regime (such as asset managers producing ESG ratings for use in their fund marketing materials). This assessment will focus on changes needed to address any risks of harm. 

Users of ESG ratings should bear in mind that, whilst rating providers will come under FCA regulation, the FCA will still expect regulated firms that use ESG ratings to undertake due diligence of the relevance and suitability of any ratings they rely on. The FCA will monitor whether further guidance for firms may be useful.

As noted in our previous blog post, engaging with this consultation will be key to help businesses stay ahead of regulatory changes. It is hoped that the new regime will serve to increase transparency, trust and confidence in sustainable finance, thereby enhancing the UK’s reputation as a global sustainable finance hub and supporting innovation and growth. To achieve those aims, it is important that ESG ratings providers and other stakeholders consider the current proposals carefully and draw any concerns to the regulator’s attention as part of the consultation process.