November 9, 2022, Zurich, Switzerland
#
Senator Pat Toomey
Ranking Member, Committee on Banking, Housing, and Urban Affairs
Washington, DC 20510-6075
Dear Mr. Toomey:
I am pleased to submit below RepRisk’s responses to your letter from September 20, 2022 requesting information about RepRisk’s practices related to assigning ESG ratings to companies.
Please note that while RepRisk operates in the same landscape, it does not consider itself an ESG rating agency. Born out of credit risk management, its history, research approach, and methodology are different compared to a traditional ESG rating agency. RepRisk looks at ESG through a risk lens, and to evaluate companies and infrastructure projects (such as mines and pipelines) on ESG risks, we have always taken an “outside-in” approach, by analyzing information from public sources and stakeholders and intentionally excluding company self-disclosures and self-reporting. Our core product, the RepRisk ESG Risk Platform, was launched in 2006 as a due diligence tool for financial institutions – and today, we serve over 550 clients and partners across 30+ markets including over 85 banks, 17 of the top 25 asset managers, and some of the world’s largest asset owners and non-financial corporates.
ESG rating agencies generally aim to evaluate the impact of the environment and society on a company’s financial performance – for example, whether there is enough water near a company’s factory to support their water-dependent operations. However, RepRisk systematically identifies and assesses ESG risks (or adverse impacts) associated with a company’s business conduct (such as child labor, pollution, and corruption) – for example, whether that same company’s water-dependent operations pollute the water supply for local communities and wildlife, which can lead to reputational damage, violations of local laws, and fines. Thereby, RepRisk enables companies, investors, and others to proactively identify and mitigate these risks that can lead to material reputational, compliance, and financial impacts for the company and its stakeholders, as well as impacts on people and the planet.
RepRisk’s methodology is publicly available on our website – including the research approach, research scope (including definitions of its 108 ESG risk factors), the rules-based research process, and the algorithms behind its risk metrics. We also provide sample data and live code for users to customize their own ESG scores here.
Sincerely,
Dr. Philipp Aeby1
CEO of RepRisk
# 1. Copies of any non-proprietary methodologies used by your firm to assign ESG ratings, including the specific E, S, and G factors that you measure and how those factors are weighed in your rating methodologies;
RepRisk’s methodology is publicly available on our website – including the research approach, research scope (including definitions of its 108 ESG risk factors), the rules-based research process, machine learning models, and the algorithms behind our risk metrics. We also provide sample data and live code for users to customize their own ESG scores here.
RepRisk’s research approach is issues- and events-driven – i.e., on a daily basis, we search 150,000+ public sources and stakeholders, in 23 language, in order to identify ESG issues (the 108 ESG risk factors in our research scope, which are derived from key international standards such as the OECD Guidelines for Multinational Enterprises), and link any public and private company or infrastructure project (e.g., dam, pipeline, factory) that is associated with this ESG issue. The aim of the research is to systematically identify, assess, and quantify ESG risks that can lead to material compliance, reputational, and financial risks.
RepRisk does not use an industry-specific or country-specific weighting scheme when analyzing the individual ESG risk incidents related to companies. As outlined in our methodology, we look at the underlying severity, source, and novelty of the risk incident:
- Severity (harshness) of the risk incident or criticism. The severity is determined as a function of three dimensions: firstly, what are the consequences of the risk incident (e.g., with respect to health and safety: no further consequences, injury, death); secondly, what is the extent of the impact (e.g., one person, a group of people, a large number of people); and thirdly, was the risk incident caused by an accident, by negligence, or intent, or even in a systematic way. There are three levels of severity: low severity, medium severity, and high severity.
- Reach of the information source (influence based on readership/circulation as well as by its importance in a specific country; reach of the source can also be considered a proxy for credibility), according to RepRisk’s own classification: All sources are pre-classified by reach: limited reach, medium reach, and high reach. Limited reach sources would include local media, smaller NGOs, local governmental bodies, and social media. Medium reach sources include most national and regional media, international NGOs, and state, national, and international governmental bodies. High reach sources are the few truly global media outlets.
- Novelty (newness) of the issues addressed for the company and/or project, i.e., whether it is the first time a company or project is exposed to a specific ESG issue in a certain location.
This approach allows RepRisk to both provide transparency on all ESG related risks of a company and to flag them at an early stage, when the severity level is still low. Clients can thus prepare or react before risks become material.
RepRisk provides both qualitative information (risk incident details and underlying analytics) and quantitative information (standard and customizable ESG risk metrics) to clients.
# 2. Copies of any non-proprietary sector-specific methodologies used by your firm to assign ESG ratings, including how you determine the scope of industry sectors and whether you employ analysts with sector-specific expertise to work on these ESG ratings;
As mentioned under Q1, RepRisk does not apply a sector-specific weighting scheme.
All companies in the RepRisk database are classified according to RepRisk’s own sector classification. These 34 sectors have been mapped to NACE sub-sectors for a more granular sector classification.
Please see Q10 below for more details on our human analyst team.
# 3. Copies of any non-proprietary methodologies used by your firm to produce ESG ratings or reports intended to capture controversies faced by a company, such as pending litigation, negative press coverage, or shareholder resolutions.
RepRisk is specialized in identifying and assessing ESG and business conduct risks related to companies and infrastructure projects. Please refer to Q1 above for the methodology.
In addition, please provide written answers to the following questions no later than October 5, 2022:
#
Compliance burden on rated entities
#
1. How do you engage with companies before and after releasing ESG ratings or data on them? How is that engagement process communicated to companies? For example, do you provide clear, publicly available contact information so that companies may contact you?
As stated in our methodology, RepRisk excludes company self-disclosures and self-reporting (for example, on their policies or processes) from its research process. Instead, RepRisk screens and analyzes public information from more than 150,000 sources and stakeholders in 23 languages to identify and assess the ESG risks associated with companies and infrastructure projects. RepRisk’s “outside in” perspective serves as a “reality check” for how companies conduct their business on the ground around the world where they operate.
Therefore, we do not collect any information from companies directly, nor require them to complete questionnaires or surveys. In other words, companies are not able to influence the information related to them in our dataset.
For this reason, we do not have an engagement process in place with companies. However, companies (or anyone) can easily contact us with any questions they have. We provide contact information publicly available on our website (including contact form, email address, phone number, and postal address).
Our clients are able to contact us directly from within our online web-based tool, the RepRisk ESG Risk Platform, or via our Client Support Team, or via their Account Manager.
#
2. Do you have a process for revising your ESG analysis when provided with supplemental information by a company that you are rating?
No, there is no process for revising our ESG analysis when provided with supplemental information by a company, because we do not use company-provided information in our research process and companies therefore cannot influence their risk profile or score. Please see question 1 of this section (Compliance burden on rated entities) above for more details.
#
3. In the event that a company disagrees with your ESG analysis, do you give it the opportunity to include clarifying comments with its rating for the benefit of investors who review the rating?
No. Please see question 1 of this section (Compliance burden on rated entities) above for more details.
#
4. If a company does not respond to your requests for information, how does that impact its ESG rating? How do you prevent companies that provide you information from gaining an unfair advantage in their ESG ratings over companies that do not?
We do not use company-provided information in our research process and companies therefore cannot influence their risk profile or score. Please see question 1 of this section (Compliance burden on rated entities) above.
#
Data veracity
#
5. In general, how do you determine the credibility of the data sources you use? How do you determine that data sources are free from political or other bias?
RepRisk screens, on a daily basis, over 150,000 public sources and stakeholders in 108 languages. These include print media, online media, social media, blogs, government bodies, regulators, think tanks, newsletters, and other online sources. These sources range from the international to the regional, national, and local level. This list of sources is reviewed regularly by the research management team and extended according to daily searches, RepRisk’s own research, and through client feedback.
As mentioned under Q1, all sources are pre-classified by reach, which refers to the readership/circulation of the source; reach of the source can also serve as a proxy for credibility. There are three levels of reach: limited reach, medium reach, and high reach; clients can see the reach level for every ESG risk incident in our dataset.
In our 17+ years of research experience, we see that “fake news” is a rather recent phenomenon and one that is mostly limited to the political sphere rather than our area of focus (ESG). That being said, RepRisk does systematically screen for trolling sources and the analyst team is constantly curating our source list. Thereby, we have established a track record of sources.
# 6. Do you use data provided by external organizations, including nonprofit groups, in your ESG ratings products? If so, please identify the names of the organizations.
Please see Q5 above. Our research is exclusively based on public sources and stakeholders, including NGOs / non-profit groups. While we do not provide the full list of more than 150,000 sources publicly, our clients are able to view sample sources for each ESG risk incident in our dataset and they are able to refer to the original document (source of the ESG risk incident).
#
7. Have you ever used as data sources state-controlled foreign media, such as Russia Today or Xinhua News Agency?
Both Russia Today and Xinhua News Agency are part of the 150,000+ sources RepRisk screens to identify ESG risks. Clients come to RepRisk because we help them systematically identify ESG risks from a broad set of public sources in 23 languages that can have a material compliance, reputational, and financial impact on the company. RepRisk’s work is to provide clients with this data in a comprehensive and rules-based manner; then it is up to the client to decide how to interpret or use that data for their decision-making. Please see Q5 above for more details on sources.
# 8. Do you assume a normal distribution of ESG ratings for entities that you rate? If so, please describe.
RepRisk’s ESG risk metrics are calculated based on a company’s business conduct and indicate the company’s current ESG-related risk exposure. They measure absolute risk, not relative risk. Therefore, the distributions reflect our measured rates of absolute risk levels across companies and are not forced to fit any particular probability distribution (e.g., normal distribution).
Please refer to section IV of our methodology for more details on our ESG risk metrics.
# 9. Do you compare the financial results, including credit quality, of companies that you rate against ESG ratings that you produced for that entity?
We are specialized in identifying and assessing ESG and business conduct risks and do not include financial results in our research process.
#
10. What level of discretion are your analysts permitted in determining ESG ratings? Please provide copies of any guidance given to analysts to exercise that discretion.
RepRisk’s research methodology is fully rules-based and transparent, i.e., there is no discretion or judgment call of an analyst when it comes to evaluating the ESG risks of a company or project; RepRisk analysts are carefully trained to follow RepRisk’s strict, rules-based methodology.
In order to ensure data quality and consistency over time, RepRisk has an extensive quality assurance process in place. Before an ESG risk incident is published in RepRisk's dataset, it undergoes a quality assurance check and approval by a senior RepRisk Analyst to ensure that the overall analysis process has been completed is in line with RepRisk's rules-based methodology – i.e. that each incident is analyzed and scored in the same way.
RepRisk has a team of more than 150 highly skilled and carefully trained analysts across its offices around the world. Together, the analysts speak more than 40 languages and play a crucial role in producing high-quality data and refining RepRisk’s algorithms to accurately identify ESG risk.
#
Ratings approach with respect to political issues
# 11. Does a company’s involvement in a legal yet politically disfavored industry (e.g., fossil fuels, firearms, tobacco) negatively impact its ESG rating? If so, please list the industries.
RepRisk does not use an industry-specific weighting scheme when analyzing the individual ESG risk incidents related to companies. As outlined in our methodology, we look at the underlying severity, source, and novelty of the risk incident. In other words, RepRisk is “company neutral” – a company’s sector or business model do not automatically have a negative impact on a company’s score; instead of evaluating what a company produces, we essentially look at how they are doing it (i.e., a company’s business conduct on-the-ground around the world where they operate). Please see Q1 above for further details.
#
12. How do you determine which industries warrant a negative ratings impact and which ones do not?
RepRisk does not use an industry-specific weighting scheme when analyzing the individual ESG risk incidents related to companies. As outlined in our methodology, we look at the underlying severity, source, and novelty of the risk incident. Please see Q1 and Q11 above for further details.
# 13. In assigning ESG ratings, how do you take into consideration, if at all, donations to organizations that promote political causes such as voting rights, police reform, racial justice, climate change activism, and abortion rights? If such donations are considered, how do they impact a company’s ESG rating? Please list any companies whose ratings have been positively impacted by the consideration of such donations.
Corporate donations are not systematically captured by our methodology. However, if th company is being criticized and the criticism is linked to an ESG issue as defined within our research scope, the incident is captured and analyzed based on severity, source, and novelty as stated under Q1 above.
Note that RepRisk exclusively focuses on identifying and assessing ESG risks from public sources in line with our research scope (see methodology for more details) – we do not capture positive corporate behavior or initiatives.
# 14. Do you consider a company’s political lobbying in assigning ESG ratings?
“Lobbying” is one of the 108 ESG risk factors covered in RepRisk’s research scope. If a company is linked to ESG-related lobbying in the sample source text, RepRisk will link the ESG topic tag “Lobbying” to the risk incident and the company. For clarity, the linking and analysis is based on the information coming from one of the 150,000+ sources and stakeholders RepRisk screens on a daily basis. Please refer to our ESG research scope definition for more details.
# 15. In assigning ESG ratings to municipal bond issuers, do you consider the presence or absence of laws and policies on controversial topics, such as abortion, gun control, or crime control measures, in the issuer’s jurisdiction?
“Violation of national legislation” is one of the 108 ESG risk factors covered in RepRisk’s research scope. If a company is linked to an ESG-related violation of national law in the sample source text, RepRisk will link the ESG issue “Violation of national legislation” to the risk incident and the company (within its definition; please refer to our ESG research scope definition for more details) and analyze each risk incident based on severity, source, and novelty as stated in Q1 above.
# 16. Do you issue opinions or recommendations for proxy votes? If so, what processes do you have in place to ensure that your ESG ratings and your proxy voting businesses are free from conflicts of interest?
RepRisk does not issue opinions or recommendations for proxy votes.
# 17. Do you offer advisory services to rated companies related to your ESG ratings? If so, what processes do you have in place to ensure that your ratings and advisory businesses are free from conflicts of interest?
RepRisk does not offer advisory services.
About RepRisk
Founded in 1998 and headquartered in Switzerland, RepRisk is a global technology company that provides transparency on business conduct risks like deforestation, human rights abuses, and corruption. RepRisk enables efficient decision-making for clients and supports alpha generation and value preservation for their organization, investments, and business interests. RepRisk is trusted by 80+ of the world’s leading banks, 17 of the 25 largest investment managers, corporates, and the world’s largest sovereign wealth funds for their due diligence processes. RepRisk uses human curation and cutting-edge artificial intelligence to generate the world’s most comprehensive business conduct and biodiversity risk datasets on public and private companies, real assets, and countries.
Visit us at www.reprisk.com.