← Back to all briefings
Governance 7 min read Published Updated Credibility 92/100

Governance Briefing — July 1, 2022

SEBI’s July 2022 reforms bring ESG Rating Providers under credit rating-style supervision, demanding registered governance, conflict controls, transparent methodologies, and outcome testing for investors relying on sustainability scores.

Zeph Tech Research Lead

Research lead, Zeph Tech

Timeline plotting source publication cadence sized by credibility.
2 publication timestamps supporting this briefing. Source data (JSON)

Executive briefing: On 1 July 2022 the Securities and Exchange Board of India (SEBI) amended the Credit Rating Agencies Regulations to recognise ESG Rating Providers (ERPs) as a regulated category, subjecting sustainability rating methodologies, governance, and disclosure practices to SEBI oversight. The reform was reinforced by a 25 July circular that prescribed registration pathways, board independence, conflict of interest controls, transparent methodologies, and grievance handling standards. Taken together, the measures align Indian ESG ratings with IOSCO’s assurance principles and provide institutional investors a clearer compliance perimeter for supplier due diligence, outsourcing governance, and impact reporting.

What changed and why it matters now

The regulatory package rewrites the accountability model for ESG ratings sold to Indian securities market participants. ERPs must now obtain a certificate of registration, adopt a code of conduct, appoint key managerial personnel that meet fit-and-proper criteria, and demonstrate internal control and audit mechanisms that are on par with credit rating agencies. SEBI’s circular requires ERPs to publish detailed rating methodologies, disclose use of third-party data, offer rated entities a right of appeal, and submit quarterly reporting on rating actions. These requirements are designed to reduce greenwashing risk, ensure consistent scoring across industries, and provide asset managers with defensible data lineage when building ESG-labelled products.

Institutional demand for credible ESG benchmarks has accelerated with Reserve Bank of India climate stress testing pilots and the draft Business Responsibility and Sustainability Reporting (BRSR) Core metrics for listed entities. SEBI’s intervention thus forces enterprise compliance teams to evaluate whether current ESG scores relied upon in risk models or sustainability-linked debt frameworks are sourced from registered ERPs and whether supporting contracts contain the new grievance, confidentiality, and data quality controls.

Scope, obligations, and control expectations

The amendment defines an ESG Rating Provider as any entity providing environmental, social, or governance scores to listed or proposed-to-be-listed securities market participants. In-scope providers must:

  • Register with SEBI by submitting Form A, demonstrating capital adequacy of INR 5 crore, detailing shareholding patterns, and providing policies for analyst independence, data acquisition, and client confidentiality.
  • Institute governance controls including a minimum of 50% independent directors, a compliance officer reporting to the board, policies separating commercial and analytical teams, and annual internal audits of rating processes.
  • Document methodologies such as sector scorecards, weightings, data imputation rules, and assurance processes, with public disclosure updates within seven working days of any change.
  • Offer review mechanisms granting rated entities up to five working days to contest preliminary ratings, with clear escalation pathways to senior management and SEBI.
  • Maintain data retention and security controls preserving rating workpapers, model versions, and raw data for at least five years, with systems safeguards that limit unauthorised access.

SEBI emphasised alignment with IOSCO’s Recommendations on ESG Ratings and Data Product Providers, meaning ERPs are expected to implement enterprise risk management, third-party vendor oversight, and board-level accountability frameworks. Compliance testing must evidence how conflicts are identified and mitigated, how qualitative assessments are standardised, and how external information sources are vetted for reliability.

Outcome testing and assurance considerations

SEBI expects ERPs and their institutional clients to demonstrate that ESG ratings meaningfully differentiate issuers on sustainability performance and do not mislead investors. Compliance officers should design outcome testing programs that:

  • Reconcile ESG scores against underlying emissions, diversity, and governance indicators disclosed in BRSR Core filings to assess predictive validity.
  • Validate the timeliness of rating updates following significant events, such as environmental incidents or regulatory penalties, benchmarking ERP response times against contractual service levels.
  • Challenge data lineage by tracing each quantitative metric back to audited or assurance-ready sources, identifying where modelled estimates or controversial data sources may introduce bias.
  • Stress test scenario analytics embedded in ERP outputs, comparing physical and transition risk pathways with Reserve Bank of India climate scenario parameters and Science Based Targets initiative references.

Internal audit should incorporate ERP governance into its annual plan, evaluating whether documented methodologies are actually applied, whether analyst workloads permit rigorous due diligence, and whether change management controls capture model updates. Asset managers subject to Securities and Exchange Board of India mutual fund regulations should also integrate ERP performance metrics into stewardship and voting policies, documenting how ratings influence portfolio decisions and engagement outcomes.

Implementation guidance for operators

Organisations relying on ESG scores should establish a structured transition plan:

  1. Inventory all ESG data relationships. Build a register of rating providers, third-party data vendors, and embedded analytics tools, capturing contract terms, scope, and usage across investment, lending, or procurement workflows.
  2. Update procurement and vendor due diligence. Require proof of SEBI registration, board composition disclosures, methodology documentation, and cybersecurity controls. Incorporate SEBI’s code of conduct obligations into master service agreements.
  3. Align internal governance. Map ERP output dependencies to board committees (e.g., risk, sustainability, audit) and ensure oversight charters reflect accountability for ESG ratings and derived disclosures.
  4. Integrate data quality controls. Implement automated feeds to ingest ERP rating rationales, compare them against issuer-reported KPIs, and flag variances that exceed defined thresholds for remediation.
  5. Document investor communications. When using ERP scores in sustainability-linked financing, include disclaimers about methodology reliance and detail validation steps to satisfy Reserve Bank of India and Securities and Exchange Board of India expectations.

For ERPs seeking registration, technology teams should enable role-based access, audit trails, and encryption of sensitive issuer information. Compliance should maintain a breach response plan outlining notification timelines to SEBI and clients. Human resources should develop ongoing competency programs covering ESG taxonomies, sector-specific metrics, and Indian accounting standards to maintain analyst proficiency.

Cross-border considerations and interoperability

Multinational financial institutions must reconcile SEBI’s framework with parallel regimes. The European Union’s Corporate Sustainability Reporting Directive (CSRD) and European Securities and Markets Authority guidance on ESG rating providers emphasise transparency and avoidance of conflicts. Japanese Financial Services Agency consultations similarly target rating transparency. Firms can streamline compliance by mapping SEBI controls to IOSCO recommendations, EU draft regulation on ESG ratings, and Monetary Authority of Singapore guidelines on environmental risk management. Doing so supports consolidated control testing, especially for global ESG indices that incorporate Indian issuers.

Data localisation and privacy requirements also come into play. ERPs processing Indian personal data within ESG assessments must align with the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, and prepare for the forthcoming Digital Personal Data Protection Act. Cross-border data transfers should be covered by contractual clauses ensuring equivalent protection, given SEBI’s expectation that confidential issuer information is safeguarded.

Risk signals to monitor

  • Regulatory inspections. SEBI retains the right to conduct inspections of ERP offices, seize records, and impose penalties for misstatements or governance failures. Non-compliance could result in suspension of registration or prohibition on issuing ratings.
  • Litigation exposure. Inaccurate ESG scores that contribute to investor losses or greenwashing claims can trigger class actions under India’s securities laws, especially as sustainable funds market labelled products.
  • Operational resilience. ERPs must evidence business continuity plans, disaster recovery testing, and cyber incident reporting in line with SEBI’s circular to sustain rating operations during disruptions.
  • International comparability. Divergence between SEBI-registered ERP scores and assessments from global providers may require reconciliation analyses when marketing funds to overseas investors subject to EU Sustainable Finance Disclosure Regulation classifications.

Key actions for the next quarter

  • Complete gap assessments contrasting current ERP onboarding processes with SEBI registration checklists and board governance requirements.
  • Launch quarterly outcome testing dashboards that track rating accuracy, timeliness, and appeals, with oversight from risk and audit committees.
  • Embed ERP governance narratives into BRSR Core and integrated reporting cycles, detailing controls and data provenance for investors.
  • Engage with ERPs on methodological updates tied to climate transition scenarios, ensuring coverage of sectors such as energy, manufacturing, and financial services.

Sources

Zeph Tech helps Indian issuers, mutual funds, and global investors vet SEBI-registered ESG rating providers, connecting governance controls, outcome testing analytics, and regulatory reporting support into a unified operating framework.

Timeline plotting source publication cadence sized by credibility.
2 publication timestamps supporting this briefing. Source data (JSON)
Horizontal bar chart of credibility scores per cited source.
Credibility scores for every source cited in this briefing. Source data (JSON)

Related briefings

Curated signals from the same pillar or overlapping topics.

Continue in the Governance pillar

Return to the hub for curated research and deep-dive guides.

Visit pillar hub

Latest guides

  • SEBI ESG rating supervision
  • ESG data governance
  • Vendor due diligence
  • Sustainability outcome testing
Back to curated briefings