Ratings providers will be subject to a number of existing FCA rules, as well as bespoke regulatory requirements, which will require a significant uplift to systems and processes.
By Nicola Higgs, Becky Critchley, Anne Mainwaring, and Jaime Martin
Following HM Treasury finalising legislation (subject to final parliamentary approval) to introduce a new UK regulated activity of the provision of environmental, social, and governance (ESG) ratings, the FCA has now set out its own regulatory framework for the supervision of ratings providers.
Background
- Internationally, IOSCO’s recommendations on ESG ratings and data products (governance, conflicts, transparency, and product quality) provide the global benchmark on establishing an integrity framework for ESG ratings.
- The EU has adopted the ESG Ratings Regulation, in effect from 2 July 2026, to introduce an authorisation and oversight framework at EU level.
- The FCA’s proposals are designed to align with core international principles while tailoring to the UK context. For more information on the statutory scope of the regime, please see this Latham article.
Guidance on Scope
Whilst the FCA is bound by the legislative scope of the regime, its consultation provides an insight on how it will seek to apply the scope in practice. Please see Annex I, below, for a detailed list of which activities are likely to be in scope.
Notably, firms that provide ESG ratings as part of an existing activity already regulated by the FCA are excluded from the scope of the ESG ratings regime. Examples include:
- asset managers producing proprietary ESG ratings solely to use in their fund marketing materials;
- investment firms producing ESG ratings as an integral part of their investment research; and
- benchmark administrators developing ESG ratings that they use solely in their index methodologies.
Summary of the Regime
As this will be a newly regulated sector in the UK, the FCA has confirmed that, in addition to the new rules specific to the provision of ESG ratings, it will also expect in-scope firms to comply with the baseline rules applicable to most UK regulated firms:
| Baseline rules | Rules tailored for ESG ratings |
| Threshold Conditions (COND): The minimum conditions, set out in the Financial Services and Markets Act 2000 (FSMA), that a firm must satisfy, and continue to satisfy, to obtain and keep its permissions. Principles for Businesses (PRIN): A general statement of the fundamental obligations that firms must comply with at all times. Systems and Controls (SYSC): How firms must organise their businesses, manage risk, and maintain effective internal systems and controls. Note: There are bespoke rules on conflicts in ESG 6, so SYSC 10 will not apply to ratings providers. Senior Managers and Certification Regime (SMCR): How firms must allocate responsibilities, certify key staff, and apply conduct rules to promote accountability and good governance. Note: Ratings providers will be classified as “core” firms under the SMCR. General Provisions (GEN): General rules that apply to all firms, including statutory disclosure statements and use of the FCA name or logo. Anti-greenwashing rule: Applies to all authorised firms and will therefore also apply to ratings providers. | Transparency: Minimum disclosure requirements for methodologies, data sources, and objectives, helping users to better understand the ratings, and rated entities to understand how they are assessed. See Annex II, below. Systems and controls: Requirements for robust arrangements to ensure the integrity of the ratings process, including quality control, data validation, and methodology reviews. This includes embedding restrictions on personal transactions for relevant personnel. Governance: Requirements to maintain operational responsibility over the ratings process, including any outsourcing, to ensure appropriate oversight and compliance with the regime. Conflicts of interest: Requirements to identify, prevent, manage, and disclose conflicts of interest at the organisational and personnel levels, to maintain the ratings’ independence and integrity. Stakeholder engagement: Requirements to provide rated entities with transparency on the ratings process and data used, including an opportunity to correct factual errors. Procedures to allow other stakeholders to provide feedback and a fair complaints-handling procedure. |
The FCA suggests that there is no need for bespoke prudential requirements for ratings providers beyond Threshold Condition 2D (appropriate resources), COND 2.4, and Principle 4 (a firm must maintain adequate financial resources). This reflects the view that risk of harm to consumers and financial markets is relatively low. Ratings providers will, however, need to make plans for an orderly wind-down.
Jurisdictional Scope
The UK ESG ratings regime is intended to capture:
- UK firms: providing ESG ratings to UK and non-UK users by any means. This applies whether provided by way of a business relationship (paid for by the user, either as a standalone product or as part of another service or bundle of products), or provided for free to users.
- Overseas firms: providing ESG ratings to UK users by way of a business relationship. “Business relationship” is framed broadly to cover paid subscriptions and other contractual arrangements, including where the rating is bundled with wider services. An overseas provider that produces a rating and makes it available via a non‑UK intermediary will still be in scope if the provider could reasonably have expected the rating to be made available to a UK person. This prevents simple offshoring of distribution to avoid UK oversight.
Intermediaries that only distribute (without producing or altering) ratings are not captured. The regulatory focus remains on the entity that produces and makes the rating available. Nevertheless, distributors of ESG ratings will need to be mindful to perform diligence on the UK regulatory standing of the provider to ensure they are distributing compliant ESG ratings to UK users.
Regardless of location, an ESG rating is in scope only if it is likely to influence a decision to make a specified investment, which differs from the approach taken under the EU ESG Ratings Regulation.
Interaction With the EU ESG Ratings Regulation
One notable challenge for global ESG ratings providers looking to serve clients in both the UK and the EU is the need to seek authorisation from the FCA in addition to ESMA. The FCA recognises that the regimes are substantively aligned. In that regard, the FCA advises providers to prepare documentation that can satisfy both regimes (methodology files, model documentation, conflict registers, outsourcing files), and consider whether to centralise or localise certain functions to meet UK oversight expectations while leveraging EU compliance work where possible.
Next Steps
The FCA is seeking feedback by 31 March 2026 and aims to proactively engage with industry participants through webinars and roundtables early in 2026. Whilst the UK ESG ratings legislation is currently subject to final parliamentary approval, it is expected to be in force by the time the FCA publishes its final rules in a Q4 2026 Policy Statement.
For in-scope ESG ratings providers, the FCA authorisations gateway opens in June 2027 to ensure that firms can obtain regulatory approval by the effective date of 29 June 2028 (which is notably two years after the EU equivalent). From January 2027, the FCA will operate a six-month, pre-gateway support period to assist firms in seeking regulatory approval.
Annex I: Scope
| Activity / output | Examples | In scope? | Boundary considerations |
| Third‑party ESG ratings, scores, or rankings assessing entities, instruments, products, or portfolios | Overall ESG scores; pillar (E/S/G) scores; thematic ratings (e.g., human rights, biodiversity); sector ratings | Yes | Ensure the output is a standardised rating/score/rank, not merely data or commentary |
| Impact/alignment ratings | Paris‑alignment ratings; temperature scores; taxonomy alignment ratings; “net zero alignment” ratings | Yes | Distinguish from factual alignment attestations or raw taxonomy mapping without a rating |
| ESG risk ratings (entity or instrument) | Transition‑risk ratings; physical‑risk ratings; controversy‑integrated risk ratings | Yes | If “risk” is expressed only as raw indicators without an overall evaluative conclusion, may fall out of scope |
| Product/portfolio ratings provided to intermediaries or asset owners | Fund‑level ESG ratings; portfolio controversy or sustainability ratings | Yes | If the provider only supplies a tool for the client to self‑rate, see “tools/software” row |
| Outsourced ratings provided by a third party for a firm’s external use | White‑label ratings; outsourced scoring modules | Yes | Internal‑only outputs kept within one regulated firm may be out of scope (see “intra‑group/internal” rows) |
| Overseas providers supplying ratings into the UK | Cross‑border ratings platforms accessed by UK clients | Yes (territorially) | Application of “in the UK” tests and any Overseas Persons Exclusion requires careful analysis |
| Credit ratings within the credit ratings agency regime | Issuer/instrument credit ratings (which may incorporate ESG factors) | No | A separate ESG rating distinct from the credit rating can be in scope |
| Benchmark administration under the UK Benchmarks Regulation | ESG indices and their administration | No (benchmark admin) | If the index provider also markets standalone ESG ratings/scores, those ratings may be in scope |
| Raw or unprocessed ESG data | Emissions data; controversy event feeds; corporate disclosures databases | No | If the provider adds an overall score/rating, the scored output becomes in-scope |
| Tools, analytics engines, or software enabling users to self‑score | SaaS platforms where clients set weightings and generate their own scores | No (typically) | Pre‑configured outputs marketed as ratings to multiple clients may be in scope |
| Bespoke advisory that is not a transferable “rating” | One‑off consultancy reports; tailored memos without a standardised score | No | If the deliverable is a repeatable, standardised rating marketed to multiple clients, scope may apply |
| Issuer self‑assessments and marketing claims | Corporate sustainability self‑scores in reports; product “green” claims | No | If an issuer commissions an independent rating and publishes it, the provider’s activity is in scope |
| Editorial, journalistic, academic, or NGO content not positioned as ratings | Investigations, white papers, academic studies, op‑eds | No | If positioned or used as an investment “rating”, scope may apply |
| Investment research discussing ESG topics (not a rating) | Analyst notes discussing ESG risks/opportunities | No | Adding a standardised third‑party ESG score/rank can bring that element into scope |
| Assurance, audit, or verification services | Limited/reasonable assurance on sustainability reports; verification engagements | No | If an assurance provider also sells a proprietary ESG rating, that rating activity can be in scope |
| Intra‑group services within the same corporate group | Group ESG scoring used only within the group | No | If outputs are distributed externally, scope analysis changes |
| Internal‑only models and scores used by a single firm | Bank’s internal ESG scoring for its own portfolios | No | Sharing externally (clients/market) can trigger scope |
| Controversy/event “flags” and factual classifications without an overall score | Binary or categorical flags (e.g., “involved/not involved”) | No | If aggregated to a controversy “rating/score”, that rated output becomes in-scope |
| Label verification/certification against a defined standard | Checking compliance with a taxonomy/label rulebook | No | If the service includes an independent evaluative rating, scope can apply |
| Disclosure platforms and taxonomy/tagging utilities | Tools that help prepare or file sustainability disclosures | No | Adding built‑in, provider‑issued ratings shifts that component into scope |
| Stewardship and proxy advice without ratings | Voting recommendations; engagement strategies | No | If the service bundles or markets an ESG “rating”, that portion may be in scope |
| Second‑party opinions (SPOs) on sustainable bonds | Opinions on framework alignment; use‑of‑proceeds conformity | Depends | If presented as a proprietary evaluative rating/score of the issuer/instrument, that element may be in scope |
| ESG training and educational content | Courses, webinars, handbooks | No | N/A |
Annex II: Disclosures
The FCA is proposing minimum public disclosures with enhanced disclosure requirements to direct users and rated entities.
Minimum Disclosure Requirements
| Objectives, characteristics, or rating assessment and coverage universe | – The product’s objective(s), including whether it assesses ESG risks, impacts, or other dimensions – The scope of the ratings, i.e., which ESG factors are assessed (e.g., a wide range across E, S, and G or a subset, such as biodiversity or transition risk) – The meaning of the rating scale and categories, including what a higher or lower ranking means – Whether ratings are given as absolute values, or relative to a peer group, and how the peer group is selected (if applicable) – How rated items are selected, i.e., how the coverage universe of the product is decided |
| Approach to engagement | – Where applicable, a summary of the approach to engaging with rated entities (as required under the proposed Stakeholder Engagement rules), including means and process for such engagement |
| Methodology | A summary of the methodology, covering at a minimum: – a summary of the model and how the ratings are determined, including how factors, inputs, or data are weighted or aggregated; – a breakdown of the factors assessed; – a summary of the types of data used, including whether it is forward- or backward-looking; – a summary of the sources of data and whether they are public or not; – whether the assessment is forward- or backward-looking and the timeframe considered; – the main assumptions (e.g., on financial materiality); – a summary of the main data policies and processes, including on data gaps, corrections, and updates (including frequency); – how AI is used in data collection or the rating process (if applicable); – how often the methodology is reviewed and the process for making material changes (as set out in the proposed Systems and Controls rules); and – the date and nature of the last material methodology change. |
| Risks | – How and why any aspect of the methodology or rating process could materially affect the accuracy of ratings |
| Conflicts | – Summary of, or full, conflicts of interest policy – Information about any conflict of interest if steps taken to prevent or manage the conflict are not sufficient to prevent the risk of undermining the integrity or independence of a rating |
| Complaints | Information on: – how to raise a complaint; – how it will be handled (including expected timeline); and – contact details of the complaints lead or team. |
Disclosures to Direct Users and Rated Entities
| Product-level disclosures | Individual rating-level disclosures |
| A full explanation of the methodology, which may include a more complete overview of the ESG factors, data sources, types of data, and assumptions underpinning the product | Where relevant: – Which business activities and group entities are covered by the rating – If the rating was inherited from another group entity, the rules and conditions for this decision |
| Information on methodology reviews, including: – The policy on methodology review, including what triggers a revision and, where applicable, how relevant stakeholders are engaged in the process – The outcome of the latest methodology review, required under Systems and Controls rules | The factors (and related weights, where applicable), criteria, and data used to assess the relevant characteristics of the rated item |
| Steps taken to address risks from material limitations in the rating process | A detailed explanation of the sources of specific data points used in the rating |
| An overview of the steps taken to implement required quality control measures (see Systems and Controls rules), including the remediation process if quality issues arise | How data is estimated (if applicable) |
| How gaps in data are handled where no estimation is made | |
| Where applicable, any unresolved material challenge by a relevant rated entity to the factual accuracy of the rating’s underlying data | |
| When the rating was last updated and when it is next expected to be reviewed | |
| The reason for any material change to the rating or its underlying data |