Disclosure Requirements Analysis

I've compressed the 133-page SBTi 2.0 framework into the 9 critical changes that will determine which companies survive the transition. Most sustainability leaders won't make it through the entire document. But mastering these shifts now will position you ahead while others scramble: 1️⃣ Scope separation is mandatory. Version 2.0 eliminates combined Scope 1, 2, and 3 targets, forcing you to address each separately. No more hiding poor performance in one area behind strong results in another. Your CFO will need to sign off on each distinct reduction pathway. 2️⃣ Third-party assurance requirements are stratified. Category A companies (large, developed markets) now need formal verification of base year emissions from accredited bodies. This means sustainability data must meet the same scrutiny as financial reporting. 3️⃣ Net-zero commitments must align with UN HLEG recommendations. Generic pledges are no longer acceptable. Your board now needs to approve specific language on value chain emissions, limited use of offsets, and phasing out fossil fuels. 4️⃣ Two-tier company categorization creates regional fairness. Different requirements for Category A (developed economies) versus Category B (emerging markets) companies recognize varying starting points. But all roads lead to the same verification standards. 5️⃣ Progress assessment has specific mathematical formulas. SBTi will calculate your progress using defined equations, not narrative reports. Your actual reductions will be compared to expected linear progress from base year to target year. 6️⃣ Implementation disclosure is no longer optional. Version 2.0 demands explicit transition plans showing how you'll achieve targets, including capital allocation plans, technology deployment timelines, and policy engagement strategies. 7️⃣ IPCC AR6 pathways replace AR5. The updated pathways reflect more stringent reduction requirements based on latest climate science, meaning your previously approved targets may become obsolete. 8️⃣ Boundary requirements shift from percentage coverage to material sources. Instead of covering arbitrary percentages of emissions, you must address your most relevant sources with detailed requirements for using both absolute and intensity metrics. 9️⃣ Renewal validation introduces rolling targets. When your current target period ends, you must undergo renewal validation and set new targets. There's no resting on past achievements. Most companies have been operating in a world of sustainability theater - setting targets without the systems to verify, track, and prove progress. SBTi 2.0 transforms climate action from vague commitments into a rigorous compliance function with mathematical validation requirements. The companies that will thrive are those already treating carbon like currency - carefully counted, verified, and managed.

Compliance Wednesday The FDA has recently expanded the publication of regulatory actions, offering greater transparency into its decision-making. One such disclosure: Complete Response Letters (CRLs)—formal communications informing sponsors that their application cannot be approved in its current form. Important distinction: A CRL is not a rejection. Instead, it identifies what must be addressed for potential approval. The recently published CRL for NDA 214759 highlights critical lessons in trial execution, data integrity, and regulatory rigor: ⸻ 1. Incomplete Verification of Primary Endpoint • Primary Endpoint: Event-Free Survival (EFS) in Study MC-FLudT-14/L (Trial II). • The FDA could not independently confirm EFS because complete CBC and marrow results through the full EFS assessment period were not submitted. • Impact: Insufficient evidence to establish efficacy for AML and MDS indications. Regulatory Insight: Full, auditable datasets for endpoint verification are non-negotiable in NDA review. ⸻ 2. OS Analysis Considered Exploratory • Overall Survival (OS) could not serve as the pivotal basis for approval because: • The SAP lacked Type I error control for OS. • No prespecified alpha allocation or interim stopping boundaries. • Result: OS findings were deemed nominal and exploratory. Regulatory Insight: Even favorable OS cannot support approval without predefined multiplicity adjustments and statistical hierarchy. ⸻ 3. FDA’s Additional Comments • Each indication requires substantial evidence of effectiveness—data cannot be pooled across indications. • Subgroup analyses of EFS and OS must be robust and include data to support noninferiority claims. • Analyses should always be performed on the intent-to-treat (ITT) population, the most conservative approach. • Submissions must provide sufficient study population context to confirm relevance to the U.S. population. ⸻ Takeaway: Regulatory rigor demands precision, planning, and complete transparency. #RegulatoryAffairs #FDA #ClinicalTrials #Biostatistics #DrugDevelopment #GCP #Submission

Required Consumer Information in Higher Education: A Full Transparency Checklist Institutions participating in Title IV programs are required by law to disclose specific consumer information to students and the public. But how often are we ensuring this information is not just posted, but accessible, understandable, and updated? Here’s a breakdown of what must be disclosed under 34 CFR Subpart D (§668.41–668.49) and the Higher Education Act: General Institutional Information • Cost of attendance • Net price calculator • Accreditation and approvals • Academic programs • Transfer of credit policies • Withdrawal procedures and refunds • Facilities and services for students with disabilities • Textbook information • Constitution Day policy • Copyright infringement policies and sanctions • Written arrangements with other institutions Financial Aid Information • Types of aid available • How to apply for aid • Eligibility requirements • Disbursement methods and timing • Rights and responsibilities of aid recipients • Terms of federal loans • Satisfactory Academic Progress (SAP) policy • Return of Title IV Funds (R2T4) policy • Study abroad and financial aid eligibility • Financial literacy resources Student Outcomes • Retention and graduation rates (including rates disaggregated by gender, race/ethnicity, and Pell recipient status) • Placement in employment (if required by accreditor or state) • Types of graduate/professional education students pursue (if applicable) Health & Safety • Annual Security Report (Clery Act) • Fire safety reports (for institutions with on-campus housing) • Drug and alcohol abuse prevention information • Vaccination policies • Emergency response and evacuation procedures • Missing student notification policy Equity & Access • Title IX policies and contact information • Non-discrimination statement • Services for students with disabilities • Student diversity information • Voter registration For Students with Military Benefits • Readmission policies for service members • Tuition assistance and return policies • Principles of Excellence disclosures Where To Share The Information? Most institutions maintain a Consumer Information or Student Right to Know webpage. But location isn’t enough. Ask yourself: ✅ Is the page up to date? ✅ Can students find it easily? ✅ Is it understandable without a legal degree? Compliance matters, but clarity and student centered design matter just as much. Let’s make consumer information what it was always meant to be: a tool for transparency, and trust in language that is easily understood by all.

Insightful article discusses the SEC new cybersecurity incident disclosure requirements, which significantly impact corporate governance and the roles of IT leaders, especially Chief Information Security Officers (CISOs). Key Points: SEC's Enhanced Cybersecurity Regulations: The SEC has introduced stringent regulations for corporate accountability regarding cybersecurity. Impact on IT Leaders: IT leaders must report significant cyber incidents within four business days and detail their cybersecurity risk management strategies in annual reports. SolarWinds Corporation: The SEC's action against SolarWinds and its CISO, Timothy G. Brown, highlights the importance of accurate cybersecurity disclosures. Increased Responsibilities for CISOs: CISOs now face greater pressure to ensure cyber transparency, manage advanced risks, and comply with the SEC's requirements. Strategic Implications for IT Leadership: IT leaders need to build teams with a mix of technical skills, regulatory knowledge, and risk management expertise. New Role of CISOs: CISOs and CIOs are now pivotal in corporate governance, acting as architects of digital trust. Their strategic decisions and proactive risk management define corporate resilience and integrity in the digital and regulatory landscape.

I took a few hours this weekend to read and analyze the new, simplified ESRS in detail. A few takeaways: 1️⃣ There are up to 313 individual disclosure items in simplified #ESRS if you reported across all ten sections + general (most won't). I use "items" because some DRs are tables or questions that reference for multiple data points in a DR. This is a 75% reduction from the original 1,257 items. On that point alone, new ESRS is much simpler 2️⃣ One theme I'm obviously interested in is #AI and CSRD reporting automation. I ran tests with our v1 and v2 AI reporting agents and found: ✅ 16% of disclosure items are easy to automate (directly maps data point to DR output with v1 agent) ✅ 33% of disclosure items can be automated and answered with our improved v2 agent (aside: nice, we can automate half of a #CSRD report) ✍ another 37% can be automated if you're willing to accept a more open-ended LLM generated response. the question here is how much of your business, data, and token context can this LLM access? we have a particularly broad data foundation, but this also comes down to preferences like client/company risk tolerance and data architecture 🚨 only 13% of disclosure items and data points are difficult to auto-answer accurately with the models and context we have today. often the accuracy issue is how the disclosure itself is worded (i.e., complex data table, multiple data points concatenated in the same DR, underlying data usually isn't tracked or recorded anywhere, etc.) 3️⃣ The more standardization and consistency, the better market clarity, comparability, and automation potential. EFRAG is moving in the right direction, although there's opportunity to refine and improve further. I like, for example, how S2, S3, and S4 all follow the same streamlined structure. I'm still somewhat surprised, given the stated simplification objectives, that 70% of DRs remain narrative, open-ended, or subject to some degree of discloser flexibility and interpretation instead of a standard, prescribed, and quantitative KPI — inevitably that leads to more variance around how and what companies report All that said, the AI and automation opportunities around CSRD (and sustainability, legal, and compliance disclosures in general) are quite compelling. It's something organization's should look to take advantage of, while of course maintaining proper controls, guard-rails, checks, and reviews 🔐

👀 What will banks have to disclose? In October 2023, the Basel Committee on Banking Supervision (BCBS) issued a public consultation on banks' disclosure of cryptoasset exposures, in which it proposed minimum disclosure requirements.  These are now finalised. 🤔 Why have a common disclosure table and templates? These should support market discipline and reduce information asymmetry. 📕 Structure of the standard (DIS55) The standardised disclosure templates are set out in a new chapter of the Basel Framework: DIS55 Cryptoasset exposures. 📖 Table CAEA: Qualitative disclosure on a bank’s activities related to cryptoassets and the approach used in assessing the classification conditions 📖 Template CAE1: Cryptoasset exposures and capital requirements 📖 Template CAE2: Accounting classification of exposures to cryptoassets and cryptoliabilities 📖 Template CAE3: Liquidity requirements for exposures to cryptoassets and cryptoliabilities DIS55 will replace paragraphs SCO60.128 to SCO60.130 of the Basel Framework. 📗 Changes relative to the consultation proposals 🔶 Materiality The Committee had previously proposed disclosure requirements for banks’ “material” cryptoasset exposures.  But what does this mean? A two-stage definition is now proposed. The materiality threshold would apply to Group 2 cryptoassets reported under Template CAE1 as follows: ➡ Stage 1️⃣ would ascertain whether a bank’s cryptoasset exposures are material at an ✳ aggregate ✳ level. This stage would be met when a bank’s Group 2 exposure limit calculated in accordance with SCO60.116 to SCO60.119 is equal to or greater than 0.3%. ➡ Stage 2️⃣ would be met when a bank’s exposure to an ✳ individual ✳ Group 2 cryptoasset is greater than 5% of total Group 2 cryptoasset exposures. 🔶 Disclosure based on average daily values The Committee is proceeding with disclosure using average daily values. Minimum prudential requirements need to be met at all times and not only at the end of the reporting period. To ensure that users of Pillar 3 data have a complete picture of banks’ exposures to cryptoassets, the use of average daily values will be required for the disclosure of Group 2a and Group 2b cryptoassets under template CAE1. 🔶 Treatment of Group 1a cryptoassets The Committee had previously proposed that banks report credit and market risks arising from Group 1a exposures (i.e. tokenised assets) under template CAE1, and the liquidity requirements for Group 1a exposures under template CAE3. It will proceed with this proposal. Although separate disclosure could become unnecessary if tokenisation grows significantly, the Committee considers it important for banks to report these exposures separately. Separate disclosure allows Pillar 3 users to monitor the evolution in banks’ exposures to tokenised assets as well as the application of the infrastructure risk add-on.  …. Various other amendments have been incorporated into the final standard. Thoughts? 👇

#𝗘𝗦𝗚𝗶𝗻𝗧𝗵𝗿𝗲𝗲: 𝗜𝘁’𝘀 𝗴𝗼 𝘁𝗶𝗺𝗲!  𝙃𝙤𝙩 𝙤𝙛𝙛 𝙩𝙝𝙚 𝙥𝙧𝙚𝙨𝙨! Deloitte’s comprehensive Heads Up https://lnkd.in/ewk2x8_d provides a deep dive analysis of the final SEC Climate Disclosure Rule. Check out this practical tool that helps unpack the requirements and nuances of the final rule, including practical examples. A few areas of further emphasis to highlight connectedness considerations across multiple areas of the final rule: 𝟭. 𝗦𝘁𝗿𝗮𝘁𝗲𝗴𝘆: More than 90% of the S&P 500 disclosed matters related to climate change or GHG emissions in the risk factors section of their most recent annual report. However, much more specific disclosure will be required under the final rule, including specific disclosures by type of climate risk (physical and transition). For material climate-related risks, required disclosures about the impact (actual or potential) of the risk to “strategy, business model, and outlook” include specific information on how they affect strategy, targets/goals, resources, etc. For LAFs, #DCPs related to these disclosures will need to be in place and tested by 1/1/25.  𝟮. 𝗖𝗹𝗶𝗺𝗮𝘁𝗲 𝗥𝗶𝘀𝗸 𝗠𝗮𝗻𝗮𝗴𝗲𝗺𝗲𝗻𝘁: A registrant is required to disclose its 𝗽𝗿𝗼𝗰𝗲𝘀𝘀𝗲𝘀 for “identifying, assessing and managing” material climate-related risks, including evaluating whether the risk has been incurred/likely to be incurred, response to the risk including whether it will address the material risk and whether the process is integrated into #ERM. Orgs should consider existing processes in place for purposes of #TCFD or #CDP disclosures, which are both designed to meet info needs of investors. Again, for LAFs, #DCPs related to these disclosures (including the process by which the materiality determination was made) will need to be in place and tested by 1/1/25. 𝟯. 𝗧𝗮𝗿𝗴𝗲𝘁𝘀 𝗮𝗻𝗱 𝗚𝗼𝗮𝗹𝘀: A registrant must disclose info on their publicly announced or 𝙞𝙣𝙩𝙚𝙧𝙣𝙖𝙡 climate-related targets or goals, if material. Required disclosures then include; scope of activities (e.g., Scopes 1,2,3 GHG emissions), how measured, time horizon, baseline, update on progress, etc. This is where disclosure of GHG emissions could be required well ahead of phase-in implementation dates for Scopes 1 & 2 GHG emissions, for example. Again, for LAFs, this means #DCPs related to these disclosures (potentially including Scopes 1,2,3 GHG emissions) will need to be in place and tested by 1/1/25. Additionally, the final rule requires disclosures about any voluntary assurance obtained (before required) if the GHG emissions disclosures are included in the SEC filing. The time to accelerate preparedness is now, #assurancereadiness can be an important tool. Please note the implementation considerations included in the Heads Up! #deloitteesgnow

SEC Cybersecurity Incident Disclosure Report Imagine a 60% rise in cyber incidents since new SEC rules. This report dives deep into 75 disclosures from 48 companies (December 2023 and October 2024). ↳ Key Insights: • Less than 10% described the material impact. • 78% disclosed within eight days, with 42% updating their Form 8-K. • One in four breaches were third-party incidents. • Threat actors used SEC rules as extortion tactics, even submitting whistleblower reports. ↳ Authors analyzed these disclosures, focusing on: • Information disclosed about Cybersecurity Incidents. • Methods of disclosure to the SEC. • Future compliance strategies. ↳ Key Findings: • 75% of incidents notified law enforcement. • 13% included press releases or blog references. • 42% filed multiple disclosures for the same incident. ↳ Timing of Disclosures: • 32% within four days of discovery. • 78% within eight days. ↳ Examples of Material Impact: • Bassett Furniture Industries: Business operations affected. • Sonic Automotive: Quarterly results impacted. • First American Financial: Fourth-quarter operations affected. ↳ Industries Affected: • Financial Services • Healthcare • Retail • Technology ↳ Recommendations: • Evaluate and test disclosure controls. • Prepare for SEC enforcement actions. ♻️ Repost this post to help your colleagues today 💬 Leave a comment with your experience ➕ Follow Andrey Gubarev for more posts like this

In the world of CSRD reporting, materiality is a cornerstone concept—but did you know there are three distinct types of materiality tests, each serving a unique purpose?     Here’s a breakdown:   ♟️Material matters:  Identifying material matters ensures you're reporting on the right topics. These topics are identified through a double materiality assessment, which considers both the impact of external factors on your business and your business's impact on external stakeholders. T   📄Material information:  Once you’ve identified your material matters, you need to determine the material information about those matters. This means considering the disclosure requirements of applicable standards and considering what your report users (e.g., investors, customers, regulators) would find relevant and useful for decision-making.    ✅Material misstatement:  Assurance providers will look for whether there has been a material misstatement in your disclosure. This involves evaluating whether the material information that you provided is accurate and reliable, as well as whether you omitted information that should be considered material.    Each type of materiality builds on the other, creating a robust framework for transparent and effective sustainability reporting.     To achieve a CSRD-compliant report, you must pass all three materiality tests: ensuring you’re reporting on the right topics (material matters), providing the right information (material information), and ensuring the accuracy and reliability of the information. By addressing all three, you not only align with regulatory standards but also strengthen stakeholder confidence and enhance the credibility of your disclosures ✅

Overview of data requirements of ESRS: The information companies need to provide, assess and report if they find ESRS material (high-level summary) The European Sustainability Reporting Standards (ESRS), under the Corporate Sustainability Reporting Directive (CSRD), provide a structured framework for companies to disclose sustainability-related information. This chart presents reporting requirements across ESRS, categorizing sustainability topics into environmental (E), social (S), and governance (G) dimensions, including sub-topics. However, this is not the full picture, as companies must also conduct a materiality assessment to provide relevant information for stakeholders. It highlights where policies, actions, targets, transition plans, and key metrics are mandatory. At a topical level, if an organization deems a data point immaterial, it does not have to report on it. A sustainability topic must typically be reported under a specific disclosure requirement to become actionable. Reliable reporting requires diligent systems, operating procedures, and data manuals. Companies must conduct a double materiality assessment to determine whether a sustainability matter has a significant financial impact or affects people and the environment. The chart outlines ESRS reporting requirements, including policies, actions, targets, and transition plans. For example, Environmental Topics (E1-E5) require both policies and targets for CSRD compliance and GHG reductions, and a reporting on plans, investments, and levers (by e.g., including CapEx and OpEx-planning from EU taxonomy). Gaps exist between commitments and implementation. However, since CSRD is a reporting directive, it does not mandate specific actions. Sustainability reporting must go beyond commitments and include measurable actions. Each policy should have specific objectives linked to measurable targets for accountability. The Social Standards (ESRS S1-S4) and Governance Standard (G1) are policy-based. CSRD and ESRS require reporting on human rights, labor conditions, and social responsibility, referencing OECD and UNGP. SMEs must prepare for extended supplier reporting obligations. Policies must be implemented via transition or action plans to support long-term sustainability. Companies must assign accountability for each material sustainability matter. Hopefully once implemented and transposed, the Corporate Sustainability Due Diligence Directive (CSDDD) will work alongside CSRD, requiring businesses to integrate ESG into corporate governance. Looking forward to see a lot of new ESRS reports in the coming months!