Compliance Briefing — December 5, 2023

Executive briefing: On December 5, 2023, the Monetary Authority of Singapore (MAS) and the Singapore FinTech Association released the Voluntary Code of Conduct (VCOC) for ESG Rating and Data Product Providers. The code outlines baseline practices around governance, transparency, methodology, data quality, and conflicts management that providers should observe when supporting financial institutions.

Immediate compliance priorities

• Vendor benchmarking. Evaluate current ESG data and ratings providers against the VCOC principles, documenting gaps and remediation commitments.
• Contract uplift. Update sourcing and due diligence questionnaires to capture VCOC alignment, audit rights, and incident reporting expectations.
• Governance integration. Embed VCOC adherence into ESG governance forums, including oversight of methodologies, assurance, and change management.

Control alignment

• Risk management. Incorporate VCOC compliance into third-party risk assessments and vendor tiering processes.
• Data quality. Require providers to evidence data validation, error correction, and version control in line with the code.
• Transparency. Ensure providers furnish methodology summaries, key assumptions, and update notices for downstream users.

Enablement moves

• Create dashboards tracking VCOC adoption status and remediation actions across the ESG data supply chain.
• Host joint workshops with providers to clarify documentation expectations and assurance options.
• Monitor MAS supervisory communications for future integration of the code into licensing or conduct requirements.

Sources

• MAS media release on the ESG ratings VCOC
• Voluntary Code of Conduct for ESG Rating and Data Product Providers

Zeph Tech helps APAC financial institutions operationalise VCOC requirements through vendor assessments, contract frameworks, and assurance coordination.