Leading to Nowhere: the ‘ESG Leaders’ shunning disclosure
Written by Integrum ESG Analyst Hazel Cranmer.
In today’s digital age, companies face the dual imperative of safeguarding customer data and fortifying their defences against cyber threats.
Proactively addressing both fronts is crucial for the company’s success. A lapse in either area will be conducive to increased risks including regulatory fines for non-compliance, erosion of consumer trust, and disruptions in business operations.
It is therefore understandable why investors look at how well companies are addressing this risk as part of their investment decision-making. One source many will look to is MSCI.
Privacy & Data Security – where’s the disclosure?
MSCI identifies several ‘key issues’ for each company, assessing and categorising them as an ‘ESG leader’, ‘ESG laggard’, or ‘ESG average’ for that industry. However, it is not made public how these issues are weighted or what underlying data is used to evaluate them.
I carried out a deep-dive using data available on the Integrum ESG platform into the companies which MSCI considers ‘ESG leaders’ in the issue called ‘Privacy and Data Security’ by MSCI and found a theme of many large companies responsible for sensitive information failing to disclose data relating to data breaches or loss of customer private information.
During this research, we found big disparities in the overall ESG scores of key market players in the Software and IT industry. To interpret the results in the table below, MSCI mimics the 7-point grade scale of credit rating agencies ranging from AAA to CCC while Integrum ESG uses a 5-point grade scale from A to E.
Let us look at an example – Automatic Data Processing (ADP) is an American provider of human resources management software and services with a market cap of more than $100bn (£81.8bn) and a workforce of more than 60,000.
Identified as an ‘ESG leader’ in ‘privacy and data security’ by MSCI, Integrum ESG scores ADP poorly in the metrics ‘Customer Privacy’ and ‘Data Security’ as the company does not disclose whether there have been any data breaches or instances of customer data loss – a significant issue to the industry.
They have been awarded the coveted ‘AAA’ by MSCI every year since 2020. In contrast, Integrum ESG scores ADP the average grade – a C.
ADP’s summary ESG scoring – Integrum ESG Platform (as of January 2024)
Our score reflects not only ADP’s poor disclosure in Data security but failure to disclose data or policies on their water consumption or incidents of anti-competitive behaviour – issues deemed relevant to the industry by the Sustainability Accounting Standards Board (SASB). The first issue is not mentioned by MSCI while for the second they once again identify ADP as an ESG ‘leader’.
ADP’s historical ESG ratings – MSCI (as of January 2024)
Continuing to look within the Software & IT services industry we find more examples. Oracle Corporation, IBM, Salesforce Inc and Microsoft are all labelled as ‘ESG leaders’ in MSCI’s ‘privacy and data security’ while failing to disclose relevant data on the issue.
This theme is not unique to the industry. It is a similar story for big names in the Internet Media industry, with ‘ESG leaders’ Alphabet and Meituan also failing to disclose.
In the Commercial Banking industry, we find ‘ESG leaders’ HSBC, Citigroup and the Royal Bank of Canada all failing to disclose details on data breaches and are subsequently scored poorly for the metric Data Security by Integrum ESG.
Although in the US, varying state legislation exists requiring that companies notify the state government of breaches involving personal data, disclosing this and related data in their reports is vital for supporting the informed decision-making of both consumers and investors.
Why investors need transparent ESG data & methodologies
The discrepancies between MSCI’s conclusions and ours raise a lot of questions. Is MSCI too generous in how they judge what an ESG leader is?
We suspect that MSCI have come to their optimistic conclusions based on policies the companies have in place rather than empirical evidence of their performance – a general concern we hear from the market.
However, their opaqueness makes these suspicions difficult to prove.
Whilst opinions regarding the most important ESG risks for a company will sometimes differ, it is imperative to provide a detailed explanation for the selected issues and the information and data evaluated in any assessment.
MSCI for example, makes available a public methodology document but is opaque in terms of how scores and issue weightings are generated or what underlying data is used to evaluate them.
Increased, if not total transparency is vital – without this, investors will struggle to gain a true understanding of an ESG score leading to inefficient, if not dangerous, asymmetric information in the market.