SEBI ESG rating supervision

On 1 July 2022 the Securities and Exchange Board of India (SEBI) amended the Credit Rating Agencies Regulations to recognize ESG Rating Providers (ERPs) as a regulated category, subjecting sustainability rating methodologies, governance, and disclosure practices to SEBI oversight. The reform was reinforced by a 25 July circular that prescribed registration pathways, board independence, conflict of interest controls, transparent methodologies, and grievance handling standards. Taken together, the measures align Indian ESG ratings with IOSCO’s assurance principles and provide institutional investors a clearer compliance perimeter for supplier due diligence, outsourcing governance, and impact reporting.

What changed and why it matters now

The regulatory package rewrites the accountability model for ESG ratings sold to Indian securities market participants. ERPs must now obtain a certificate of registration, adopt a code of conduct, appoint key managerial personnel that meet fit-and-proper criteria, and show internal control and audit mechanisms that are on par with credit rating agencies.

SEBI’s circular requires ERPs to publish detailed rating methodologies, disclose use of third-party data, offer rated entities a right of appeal, and submit quarterly reporting on rating actions. These requirements are designed to reduce greenwashing risk, ensure consistent scoring across industries, and provide asset managers with defensible data lineage when building ESG-labeled products.

Institutional demand for credible ESG benchmarks has accelerated with Reserve Bank of India climate stress testing pilots and the draft Business Responsibility and Sustainability Reporting (BRSR) Core metrics for listed entities. SEBI’s intervention thus forces enterprise compliance teams to evaluate whether current ESG scores relied upon in risk models or sustainability-linked debt frameworks are sourced from registered ERPs and whether supporting contracts contain the new grievance, confidentiality, and data quality controls.

Scope, obligations, and control expectations

The amendment defines an ESG Rating Provider as any entity providing environmental, social, or governance scores to listed or proposed-to-be-listed securities market participants. In-scope providers must:

• Register with SEBI by submitting Form A, demonstrating capital adequacy of INR 5 crore, detailing shareholding patterns, and providing policies for analyst independence, data acquisition, and client confidentiality.
• Institute governance controls including a minimum of 50% independent directors, a compliance officer reporting to the board, policies separating commercial and analytical teams, and annual internal audits of rating processes.
• Document methodologies such as sector scorecards, weightings, data imputation rules, and assurance processes, with public disclosure updates within seven working days of any change.
• Offer review mechanisms granting rated entities up to five working days to contest preliminary ratings, with clear escalation pathways to senior management and SEBI.
• Maintain data retention and security controls preserving rating workpapers, model versions, and raw data for at least five years, with systems safeguards that limit unauthorized access.

SEBI emphasized alignment with IOSCO’s Recommendations on ESG Ratings and Data Product Providers, meaning ERPs will implement enterprise risk management, third-party vendor oversight, and board-level accountability frameworks. Compliance testing must evidence how conflicts are identified and mitigated, how qualitative assessments are standardized, and how external information sources are vetted for reliability.

Outcome testing and assurance considerations

SEBI expects ERPs and their institutional clients to show that ESG ratings meaningfully differentiate issuers on sustainability performance and do not mislead investors. Compliance officers should design outcome testing programs that:

• Reconcile ESG scores against underlying emissions, diversity, and governance indicators disclosed in BRSR Core filings to assess predictive validity.
• Validate the timeliness of rating updates following significant events, such as environmental incidents or regulatory penalties, benchmarking ERP response times against contractual service levels.
• Challenge data lineage by tracing each quantitative metric back to audited or assurance-ready sources, identifying where modeled estimates or controversial data sources may introduce bias.
• Stress test scenario analytics embedded in ERP outputs, comparing physical and transition risk pathways with Reserve Bank of India climate scenario parameters and Science Based Targets initiative references.

Internal audit should incorporate ERP governance into its annual plan, evaluating whether documented methodologies are actually applied, whether analyst workloads permit rigorous due diligence, and whether change management controls capture model updates. Asset managers subject to Securities and Exchange Board of India mutual fund regulations should also integrate ERP performance metrics into stewardship and voting policies, documenting how ratings influence portfolio decisions and engagement outcomes.

Implementation guidance for operators

Teams relying on ESG scores should set up a structured transition plan:

1. Inventory all ESG data relationships. Build a register of rating providers, third-party data vendors, and embedded analytics tools, capturing contract terms, scope, and usage across investment, lending, or procurement workflows.
2. Update procurement and vendor due diligence. Require proof of SEBI registration, board composition disclosures, methodology documentation, and cybersecurity controls. Incorporate SEBI’s code of conduct obligations into master service agreements.
3. Align internal governance. Map ERP output dependencies to board committees (for example, risk, sustainability, audit) and ensure oversight charters reflect accountability for ESG ratings and derived disclosures.
4. Integrate data quality controls. Implement automated feeds to ingest ERP rating rationales, compare them against issuer-reported KPIs, and flag variances that exceed defined thresholds for remediation.
5. Document investor communications. When using ERP scores in sustainability-linked financing, include disclaimers about methodology reliance and detail validation steps to satisfy Reserve Bank of India and Securities and Exchange Board of India expectations.

For ERPs seeking registration, technology teams should enable role-based access, audit trails, and encryption of sensitive issuer information. Compliance should maintain a breach response plan outlining notification timelines to SEBI and clients. Human resources should develop ongoing competency programs covering ESG taxonomies, sector-specific metrics, and Indian accounting standards to maintain analyst proficiency.

Cross-border considerations and interoperability

Multinational financial institutions must reconcile SEBI’s framework with parallel regimes. The European Union’s Corporate Sustainability Reporting Directive (CSRD) and European Securities and Markets Authority guidance on ESG rating providers emphasize transparency and avoidance of conflicts. Japanese Financial Services Agency consultations similarly target rating transparency. Firms can simplify compliance by mapping SEBI controls to IOSCO recommendations, EU draft regulation on ESG ratings, and Monetary Authority of Singapore guidelines on environmental risk management. Doing so supports consolidated control testing, especially for global ESG indices that incorporate Indian issuers.

Data localization and privacy requirements also come into play. ERPs processing Indian personal data within ESG assessments must align with the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, and prepare for the forthcoming Digital Personal Data Protection Act. Cross-border data transfers should be covered by contractual clauses ensuring equivalent protection, given SEBI’s expectation that confidential issuer information is safeguarded.

Risk signals to monitor

• Regulatory inspections. SEBI retains the right to conduct inspections of ERP offices, seize records, and impose penalties for misstatements or governance failures. Non-compliance could result in suspension of registration or prohibition on issuing ratings.
• Litigation exposure. Inaccurate ESG scores that contribute to investor losses or greenwashing claims can trigger class actions under India’s securities laws, especially as sustainable funds market labeled products.
• Operational resilience. ERPs must evidence business continuity plans, disaster recovery testing, and cyber incident reporting in line with SEBI’s circular to sustain rating operations during disruptions.
• International comparability. Divergence between SEBI-registered ERP scores and assessments from global providers may require reconciliation analyzes when marketing funds to overseas investors subject to EU Sustainable Finance Disclosure Regulation classifications.

Key actions for the next quarter

• Complete gap assessments contrasting current ERP onboarding processes with SEBI registration checklists and board governance requirements.
• Launch quarterly outcome testing dashboards that track rating accuracy, timeliness, and appeals, with oversight from risk and audit committees.
• Embed ERP governance narratives into BRSR Core and integrated reporting cycles, detailing controls and data provenance for investors.
• Engage with ERPs on methodological updates tied to climate transition scenarios, ensuring coverage of sectors such as energy, manufacturing, and financial services.

Further reading

• SEBI (Credit Rating Agencies) (Amendment) Regulations, 2022
• SEBI circular on ESG Rating Providers for securities markets
• IOSCO recommendations on ESG ratings and data product providers
• SEBI ESG Rating Providers committee report
• SEBI consultation on BRSR Core

This brief helps Indian issuers, mutual funds, and global investors vet SEBI-registered ESG rating providers, connecting governance controls, outcome testing analytics, and regulatory reporting support into a unified operating framework.

Similar analysis

Additional analysis covering similar themes.

Governance · Credibility 93/100 · December 16, 2022

CSRD and Sustainability reporting

The EU's new Corporate Sustainability Reporting Directive is massive. Nearly 50,000 companies will need to report on everything from climate risk to human rights in their supply chains—with mandatory third-party…

Governance · Credibility 90/100 · June 29, 2022

CSRD and Sustainability

The European Council adopted the Corporate Sustainability Reporting Directive (CSRD), significantly expanding mandatory sustainability disclosure requirements for companies operating in EU markets. This directive…

Governance · Credibility 92/100 · May 25, 2022

Governance — ESG funds

The SEC’s May 2022 ESG fund proposals would standardize fund categories, expand prospectus and annual report disclosures—including emissions data—and tighten the Names Rule, driving asset managers to upgrade governance…

Governance · Credibility 73/100 · August 11, 2022

Governance — Sustainability reporting

Philippines SEC Memorandum Circular No. 4, Series of 2022, revised sustainability reporting guidelines for publicly listed companies, mandating improved ESG disclosures, board oversight, and KPI tracking starting with…

Governance · Credibility 92/100 · August 25, 2022

SEC pay versus performance

SEC pay-versus-performance rules tie compensation actually paid to multi-year financial and ESG metrics, requiring valuation controls, governance ownership, and outcome analysis before the first proxy cycles in 2023.

Continue in the Governance pillar

Return to the hub for curated research and deep-dive guides.

Visit pillar hub

Latest guides

• Board Oversight Governance Blueprint

  Unify Basel Committee, PRA, SEC, and ISSB oversight mandates into an auditable board governance operating model with data lineage, assurance cadences, and regulatory source packs.

• Third-Party Governance Control Blueprint

  Deliver OCC, Federal Reserve, PRA, EBA, DORA, MAS, and OSFI third-party governance requirements through board reporting, lifecycle controls, and resilience evidence.

• Public-Sector Governance Alignment Playbook

  Align OMB Circular A-123, GAO Green Book, OMB M-24-10 AI guidance, EU public sector directives, and UK Orange Book with digital accountability, risk management, and service…

Coverage intelligence

Published

July 1, 2022

Coverage pillar

Governance

Source credibility

92/100 — high confidence

Topics

SEBI ESG rating supervision · ESG data governance · Vendor due diligence · Sustainability outcome testing

Sources cited

3 sources (sebi.gov.in, iso.org)

Reading time

7 min

Further reading

1. SEBI (Credit Rating Agencies) (Amendment) Regulations, 2022 — Securities and Exchange Board of India
2. SEBI circular on ESG Rating Providers for securities markets — Securities and Exchange Board of India
3. ISO 37000:2021 — Governance of Organizations — International Organization for Standardization