ESG Enforcement: Ready for the Next Wave?

From Voluntary to Verifiable

Only a few years ago, environmental, social and governance (ESG) was dominated by pledges, glossy sustainability reports and ambitious net-zero dates set safely beyond current executives’ tenure. Firms signed up to voluntary principles and told compelling stories about purpose. Today, the mood has shifted sharply. Regulators are moving from encouragement to enforcement, and ESG claims are being tested just like financial disclosures.

In the UK, the Financial Conduct Authority’s (FCA) anti-greenwashing rules now require sustainability statements to be fair, clear and not misleading. In the EU, the Corporate Sustainability Reporting Directive (CSRD) turns ESG data into something that must be auditable and consistent across the value chain. Recent fines over exaggerated environmental claims in retail and asset management show this is not theoretical… it has teeth!

But the uncomfortable truth is that many firms still treat ESG as reputational polish rather than regulatory exposure. However, the coming wave will reward those who can prove, not just promise.

The End of ESG Theatre

For years, ESG theatre flourished. Annual reports swelled with striking photography, selective metrics and targets so loosely defined they were impossible to miss. Carbon neutrality was promised without clear baselines. Supply chain ethics were asserted on the strength of supplier questionnaires. This behaviour was often rewarded, or at least ignored. Now it is becoming dangerous.

Regulators are no longer judging ESG by intent or tone. They are testing it as evidence. In the UK, the FCA has made clear that sustainability claims are subject to the same standards as financial promotions, with enforcement action following where statements cannot be substantiated. In the EU, the European Securities and Markets Authority (ESMA) has intensified scrutiny of asset managers whose ESG labels outpace their underlying processes.

This shift exposes a hard truth. Vague ambition is no longer a harmless branding choice. Without documented controls, reliable data and clear governance, ESG claims can trigger fines, investor challenges and supervisory intervention. Good intentions are irrelevant if they cannot be traced, tested and defended. ESG theatre is giving way to something far less comfortable, and far more consequential.

ESG Meets Supervision

ESG has now entered the world it long claimed to welcome but rarely prepared for. Supervision. What began as values-led disclosure is colliding with the familiar machinery of audits, inspections and sanctions. Regulators are applying the same tools used for conduct and prudential risk, and they are doing so with increasing confidence.

In the EU, the CSRD requires firms to produce consistent, auditable ESG data and to take responsibility for impacts across their value chains, not just within their own operations. Supervisors have already warned that weak controls or unreliable data will attract intervention. In parallel, the ESMA has challenged asset managers whose sustainability claims were not supported by investment processes or governance.

The UK has taken a complementary route. The FCA treats greenwashing as a consumer protection issue, bringing ESG firmly into the territory of misleading communications and market integrity.

The critical shift is conceptual. ESG is no longer assessed as a moral stance. It is judged as a source of consumer harm, market distortion and systemic risk. That reframing changes everything about how firms must respond.

The ESG Audit Era

Critique is giving way to inspection. Firms are discovering that ESG is now examined with the same discipline as financial reporting. Regulators are not asking whether intentions were sincere. They are asking whether claims can be evidenced, owned and repeated.

In practice, this means verifiable data that can be traced back to source systems rather than marketing surveys. It means named senior owners for climate targets, diversity metrics and supply chain assurances. It also means consistent methodologies that do not change year to year when results disappoint. Where judgement is unavoidable, regulators expect it to be documented and defensible.

This is already visible in supervisory reviews by the FCA and the ESMA, which have challenged firms unable to explain gaps between stated ESG strategies and day to day decision making. Similar expectations sit behind the EU’s sustainability reporting regime, where audit readiness is becoming a practical necessity rather than a future aspiration.

In response, leading firms are borrowing tools from financial risk management. ESG control frameworks mirror internal control over financial reporting. Internal challenge functions test assumptions before regulators do. The aim is defensible sustainability, where claims survive scrutiny, and the message is simple; ESG audits are about systems and governance and slogans do not pass inspections.

ESG as a Core Risk Function

ESG is no longer a side discipline owned by sustainability teams. It is hardening into a permanent risk category alongside conduct, operational and financial risk. Boards are being held accountable for oversight, while senior managers are increasingly exposed where ESG claims fail under scrutiny. This mirrors earlier shifts seen with conduct risk, when responsibility moved sharply upwards.

In the UK, expectations set by the FCA make clear that misleading sustainability claims are a governance failure, not a communications error. In parallel, EU supervisors now expect ESG risks to be embedded within enterprise risk management frameworks, particularly where they affect capital allocation or consumer outcomes. However, this inevitably creates friction inside firms. Sustainability teams may push ambition, while legal and compliance functions demand caution. Finance teams want consistent data that can survive audit. Without clear ownership, ESG becomes contested ground. Leading firms are resolving this by treating ESG like model risk or conduct risk. They define risk appetite, assign accountable owners, test assumptions and document decisions.

The forward looking insight is simple. Firms that integrate ESG into core risk governance adapt faster when rules tighten. Those that continue to treat ESG as branding or corporate conscience are slower to respond and more exposed when enforcement arrives.

The Strategic Choice Ahead

ESG enforcement is no longer a future scenario to plan around. It is already reshaping expectations of how firms govern, evidence and defend their claims. Regulators are signalling that sustainability statements sit firmly within the scope of supervision, with real consequences when they fail.

A clear warning came recently from the enforcement action against DWS, the asset management arm of Deutsche Bank, which was fined by German regulator BaFin for misleading ESG disclosures that could not be supported by internal processes or controls. The lesson was not about ambition, but about preparedness. Firms that invest early in data quality, ownership and governance are signalling seriousness and operational resilience to regulators, investors and boards alike.

Preparedness has become strategic. It shows a firm understands that ESG now behaves like any other regulated risk, subject to challenge and escalation. Those still relying on narratives and good intentions are increasingly exposed. The choice is stark. The firms that succeed in the next ESG phase will not be those with the best stories, but those whose claims can survive uncomfortable and ever more persistent questions.

And what about you…?

• Where do ESG responsibilities sit in your organisation, and are there tensions between sustainability ambition and legal or compliance caution?
• What would be the most uncomfortable ESG question a supervisor could ask you, and do you genuinely know the answer?