Compliance Briefing — November 28, 2023

The UK Financial Conduct Authority (FCA) published Policy Statement PS23/16 on 28 November 2023, finalising the Sustainability Disclosure Requirements (SDR) and investment labels regime for asset managers and distributors. The rules introduce four voluntary sustainability labels, a general anti-greenwashing rule, and layered product and entity-level disclosures. Governance teams must strengthen oversight of sustainability statements, ensure implementation workstreams meet staged effective dates through 2025, and build audit trails that support data subject access requests (DSARs) under UK GDPR when investors ask how their data informs sustainability claims.

The FCA’s four labels—Sustainability Focus, Improvers, Impact, and Mixed Goals—are available from 31 July 2024 for UK-authorised funds that meet specified criteria. Each label demands clarity of sustainability objective, investment policy and strategy, KPIs, escalation plans, and resources. Boards should approve which products pursue labels and review attestation packages verifying eligibility. Firms must designate a senior manager, typically under SMCR, accountable for SDR compliance, ensuring board minutes capture challenge and oversight. Because labels require ongoing monitoring of portfolio holdings, stewardship activities, and outcomes, governance frameworks should integrate sustainability committees, risk functions, and compliance officers who can triangulate data with DSAR records if investors query how their personal information or voting instructions contribute to label determinations.

The anti-greenwashing rule, applicable to all authorised firms making sustainability-related claims, takes effect on 31 May 2024. Firms must ensure that any communication about environmental or social characteristics is fair, clear, and not misleading. Implementation teams should inventory marketing materials, websites, prospectuses, and advisor scripts, updating sign-off procedures to include sustainability specialists and privacy reviewers. Documentation should record the data sources supporting each claim, including ESG ratings, proprietary analytics, and stakeholder engagement results. Maintaining these records facilitates DSAR responses from investors who request information about how their data or feedback influenced marketing statements.

Product-level disclosures roll out in phases. From 31 July 2024, labelled products must publish consumer-facing summaries and detailed pre-contractual information covering objectives, investment strategies, KPIs, and resources. Ongoing sustainability product reports follow one year later. Implementation teams should select disclosure templates, align them with Task Force on Climate-related Financial Disclosures (TCFD) and IFRS sustainability standards, and coordinate with reporting vendors. They must also ensure that underlying data—such as investee company impacts, stewardship actions, and KPIs tied to social outcomes—can be traced to source systems. Privacy officers should confirm that any personal data (for example, community stakeholder interviews or investee workforce metrics) is processed lawfully and can be provided or redacted in DSAR responses without breaching confidentiality obligations.

Naming and marketing rules for non-labelled products commence on 2 December 2024. Firms can use sustainability-related terms in product names only if the product meets baseline criteria, including investing at least 70% in assets aligned with its sustainability objective, with robust stewardship strategies for the remainder. Distributors must also comply from the same date, ensuring materials for UK retail investors include required disclosures and avoid overstated claims. Boards should oversee readiness assessments for both manufacturer and distributor obligations, especially for cross-border fund ranges marketed into the UK. Implementation should cover adviser training, distribution agreements, and website content management. DSAR processes must be prepared to retrieve investor communications and suitability data that underpin marketing decisions, in case clients request access or regulators investigate mis-selling.

Entity-level disclosures begin on 2 December 2025 for asset managers with assets under management of £5 billion or more (calculated on a three-year rolling basis). Firms must publish annual sustainability reports covering governance, strategy, risk management, metrics, and targets, aligned with TCFD and the UK’s transition to the International Sustainability Standards Board (ISSB) framework. Boards should integrate these reporting requirements into enterprise risk management and audit programmes, ensuring internal controls cover data aggregation, scenario analysis, and assurance. Because entity-level disclosures may reference workforce diversity, remuneration, and stakeholder engagement data, privacy teams must update records of processing activities and DSAR playbooks to handle requests from employees, portfolio company representatives, or community stakeholders mentioned in reports.

Implementation roadmaps should be structured around the FCA’s milestones. Phase 1 in early 2024 should focus on governance—appointing responsible senior managers, updating product governance committees, and mapping the inventory of sustainability claims. Phase 2 should address data and technology, including enhancing ESG data management platforms, establishing lineage documentation, and integrating DSAR tooling with sustainability reporting systems. Phase 3 should encompass disclosure production, assurance readiness, and distributor engagement ahead of the July and December deadlines. Firms should conduct dress rehearsals for consumer-facing disclosures, including testing readability and alignment with the FCA’s behavioural research insights.

The FCA expects firms to combat greenwashing risks with robust controls. Compliance functions should update monitoring plans to test sustainability statements, review portfolio holdings, and assess stewardship outcomes. Internal audit should include SDR compliance in annual plans, testing data accuracy, governance effectiveness, and DSAR responsiveness. Where firms rely on third-party ESG data providers, vendor management should scrutinise licensing terms, methodology transparency, and incident response obligations. Contracts must clarify how providers support DSARs involving shared personal data, such as information on investee company workers or community impacts.

Data governance must evolve alongside the disclosure regime. Firms should map every sustainability metric back to data owners, quality checks, and evidence repositories, documenting whether inputs originate from investee companies, third-party data vendors, stewardship interactions, or direct consumer research. Integrating these inventories with DSAR tooling allows compliance teams to respond when investors or other data subjects request access to information referenced in reports. It also enables independent assurance providers to trace calculations during annual reviews, reducing the risk of restatements or regulatory intervention.

Cross-border considerations loom large. UK distributors marketing overseas funds must comply with marketing rules, and the FCA plans to consult on extending SDR labels to overseas funds via the Overseas Funds Regime. Global asset managers should harmonise sustainability narratives across jurisdictions while respecting data localisation and privacy requirements. DSAR coordination agreements between UK and EU/US entities can prevent inconsistent responses and ensure that investor rights are honoured regardless of booking centre.

By treating SDR as a firm-wide governance priority—combining board oversight, disciplined implementation schedules, and privacy-aware data management—asset managers can meet regulatory expectations, deliver credible sustainability products, and maintain investor trust in the integrity of their disclosures.