- The California legislature recently passed two climate disclosure bills—SB 253, the Climate Corporate Data Accountability Act, and SB 261, the Climate-Related Financial Risk Act. Governor Gavin Newsom is expected to sign the bills into law on or before October 14, 2023, making California the first state to enact legislation mandating climate disclosure.
- The bills apply to both public and private companies that do business in California and meet certain annual revenue thresholds.
- The disclosure requirements follow in the footsteps of the Securities and Exchange Commission’s proposed climate disclosure rule for issuers, expected to be finalized in the fourth quarter of this year, and, in certain respects, reach further than the SEC’s proposed rule.
The California legislature recently passed two climate disclosure bills—SB 253, the Climate Corporate Data Accountability Act (the “CCDAA”) and SB 261, the Climate-Related Financial Risk Act (the “CRFRA”), part of the “California Climate Accountability Package.” Governor Gavin Newsom is expected to sign the bills into law on or before October 14, 2023, making California the first state to enact legislation mandating climate disclosure. With respect to the CCDAA, Governor Newsom indicated that his signature is subject to minor amendments to the legislation.
The disclosure requirements in the CCDAA and CRFRA follow in the footsteps of the Securities and Exchange Commission’s (the “SEC”) proposed climate disclosure rule for issuers, expected to be finalized in the fourth quarter of this year, and, in certain respects, reach further than the SEC’s proposed climate disclosure rule. In particular, the CCDAA and CRFRA apply to both public and private companies that do business in California and meet certain annual revenue thresholds. In contrast, the SEC’s proposed climate disclosure rule only applies to SEC registrants.
SB 253: THE CLIMATE CORPORATE DATA ACCOUNTABILITY ACT
The CCDAA applies to private and public U.S. companies that do business in California with total annual revenues of US$1 billion or greater (calculated on a global basis). Applicability is determined based on the reporting entity’s revenue for the prior fiscal year. While “doing business in California” is not defined in the CCDAA, it is expected that California will interpret the phrase broadly, as it has in the context of other state regulations. Notably, “doing business in California” may not require physical presence in the state. The California Air Resources Board (the “CARB”), which is responsible for overseeing the new disclosure regime, is required to develop and adopt regulations implementing the CCDAA on or before January 1, 2025.
Under the CCDAA, covered companies must annually publicly disclose their full value chain greenhouse gas (“GHG”) emissions, inclusive of Scopes 1, 2 and 3 GHG emissions. Covered companies must begin reporting Scope 1 and Scope 2 GHG emissions for the prior fiscal year beginning in 2026 (on or by a date to be determined by the CARB). Scope 3 GHG emissions for the prior fiscal year must be disclosed beginning in 2027, no later than 180 days after the disclosure of a covered company’s Scope 1 and Scope 2 GHG emissions.
Under the CCDAA as currently drafted, GHG emissions measurements and reports must adhere to the Greenhouse Gas Protocol (the “GHG Protocol”), which includes the Greenhouse Gas Protocol Corporate Accounting and Reporting Standard and the Greenhouse Gas Protocol Corporate Value Chain (Scope 3) Accounting and Reporting Standard developed by the World Resources Institute and the World Business Council for Sustainable Development. For purposes of the CCDAA and the GHG Protocol, “Scope 1” GHG emissions include direct GHG emissions from operations that are owned or controlled by a covered company; “Scope 2” GHG emissions cover indirect GHG emissions from the generation of purchased electricity, steam, heating and cooling consumed by a covered company; and “Scope 3” GHG emissions include all other indirect GHG emissions that occur in the upstream or downstream activities in the covered company’s value chain, including, but not limited to, purchased goods and services, employee commuting, processing and use of sold products and investments.
Notably, the CCDAA goes beyond the SEC’s proposed climate disclosure rule by requiring all covered companies to report Scope 3 GHG emissions rather than only those companies that have set Scope 3 GHG emissions reduction targets or have determined that Scope 3 GHG emissions are material, as proposed by the SEC. Calculating Scope 3 GHG emissions continues to present particular challenges for companies, including that the calculation requires GHG emissions information from third parties.
Independent Assurance Requirements
Covered companies are required to engage an independent assurance provider to audit their emissions reporting. Initially, reports disclosing Scope 1 and Scope 2 GHG emissions will need to receive “limited assurance” (i.e., assurance that no material misstatement of fact or omission was found after a review), and by 2030, those reports will need to receive “reasonable assurance” (i.e., assurance that the reporting is free of material misstatements). Assurance is also required for reports of Scope 3 GHG emissions but only “limited assurance” and beginning in 2030.
The independent assurance provider must have “significant experience in measuring, analyzing, reporting, or attesting to the emission of greenhouse [gases] and sufficient competence and capabilities necessary to perform engagements in accordance with professional standards and applicable legal and regulatory requirements.”
A covered company that fails to file the required report, or that fails to make adequate disclosures in a filed report, may be subject to an administrative penalty of up to $500,000 per reporting year. Administrative penalties will not be applied to misstatements with regard to Scope 3 GHG emissions if they are made with a reasonable basis and disclosed in good faith.
SB 261: THE CLIMATE-RELATED FINANCIAL RISK ACT
The CRFRA applies to both private and public U.S. companies that do business in California with total annual revenues of US$500 million or greater (calculated on a global basis), a lower threshold than the CCDAA. Applicability is determined based on the reporting entity’s revenue for the prior fiscal year. We note that the CRFRA does not apply to insurance companies, whether regulated by the California Department of Insurance or any other state. Unlike the CCDAA, the CRFRA does not require the CARB to develop and adopt regulations implementing the disclosure regime.
Climate-Related Financial Risk Reporting
Under the CRFRA, on or before January 1, 2026, covered companies will be required to publish a biennial climate-related financial risk report that discloses their climate-related financial risks and the measures they have adopted to mitigate and adapt to the disclosed risks. The CRFRA requires that the reports be prepared in accordance with the disclosure framework recommended by the Task Force on Climate-Related Financial Disclosures (the “TCFD”).
“Climate-related financial risk” refers to all “material risk of harm to immediate and long-term financial outcomes due to physical and transitional risks, including, but not limited to, risks to corporate operations, provision of goods and services, supply chains, employee health and safety, capital and financial investments, institutional investments, financial standing of loan recipients and borrowers, shareholder value, consumer demand, and financial markets and economic health.”
Covered companies may satisfy CRFRA reporting requirements by preparing comparable, publicly accessible reports or disclosures, including pursuant to SEC rules and regulations, Corporate Sustainability Reporting Directive disclosures or the International Sustainability Standards Board (the “ISSB”) framework. In June 2023, the ISSB, which will assume the TCFD’s monitoring responsibilities, finalized its initial sustainability disclosure standards, IFRS S1 and IFRS S2, which build on the TCFD framework and consolidate various sustainability-related frameworks and standards.
In addition, climate-related financial risk reports may be consolidated at the parent level; subsidiaries of a parent company subject to the law will not be required to file separate reports.
Covered companies must file their first climate-related financial risk report on or before January 1, 2026. Thereafter, reports must be filed every two years. Reports must be posted publicly on the covered company's website and filed with the CARB.
In circumstances where a covered company cannot provide all of the disclosures required by the CRFRA, it must provide the disclosures to the best of its ability, offer a detailed explanation of any reporting gaps and describe the steps it is taking to comply with the CRFRA. A covered company that fails to file the required report, or that fails to make adequate disclosures in a filed report, may face an administrative penalty of up to $50,000.
Beginning in 2026, covered companies will be required to pay annual fees to the CARB for the administration and implementation of each of the CCDAA and CRFRA. The fees are yet to be determined, but each bill limits the total amount to be collected by the CARB to the actual and reasonable costs to administer and implement the act.
We expect the CCDAA and the CRFRA to face legal challenges on constitutional grounds, either under the U.S. Constitution or the California State Constitution. Covered companies may remain subject to the disclosure requirements of the CCDAA and the CRFRA while any such challenges are pending.
NEXT STEPS FOR COVERED COMPANIES
Covered companies should consider taking a number of actions to prepare for the new disclosure regime and to mitigate potential enforcement risks, including:
- Defining their GHG footprint, including their own emissions profile and those of their value chain.
- Reviewing (or, if necessary, adopting) internal processes for climate-related disclosure and reporting to ensure they have robust internal controls for climate reporting and related governance.
- Adopting and maintaining a risk-based approach to climate governance. Covered companies should consider continuously evaluating company- and business-line specific climate-related risks (including physical, transition, legal and reputational risks), and developing robust, forward-looking policies and due diligence processes that sufficiently account for such risks.
- Reviewing current and expected climate-related disclosures and conducting a gap analysis to ensure compliance with applicable reporting regimes and consistency in disclosures. With respect to the SEC’s proposed climate disclosure rule, covered companies should consider whether the SEC may question a covered company’s materiality assessment with respect to that covered company’s Scope 3 GHG emissions if its Scope 3 GHG emissions disclosed under the CCDAA are large in comparison to its Scopes 1 and 2 GHG emissions and the covered company fails to disclose Scope 3 GHG emissions in its SEC filings.
- Identifying suitable independent advisers, including an assurance firm appropriate for the covered company and its industry to review emissions data and disclosures.