Sustainability Reporting and the Law: Practical Considerations for Avoiding Liability

By Matthew L. Mattila, J.D. 

With the steady rollout of corporate filings in 2012, the sustainability reporting movement remains strong. Social pressure and the desire to market green initiatives are common themes fueling the trend, yet there are also growing legal concerns.

Can companies and their officers be liable for the content that they report or fail to report?

Recent court decisions suggest that the answer is yes, and reporting organizations should therefore take steps to minimize their liability risk. As discussed below, practical considerations include a renewed focus on responsible, standardized reporting at the organizational level, as well as an increased need for external assurance and legal oversight.

Background: The BP investor lawsuits 

BP has embraced sustainability reporting for well over a decade and received praise along the way, including through its addition to the Dow Jones Sustainability Index. Then, the April 20, 2010 explosion on the Deepwater Horizon rig created one of the worst environmental disasters on record. The tragic and immediate loss of life, combined with the effects of spilling millions of gallons of crude oil, incited justifiable outrage and waves of litigation.

Predictably, BP was removed from the Dow Jones Sustainability Index. More surprising to many, perhaps, was the fact that an oil giant like BP had ever been listed at all. Indeed, the fact that BP’s replacement on the list was Halliburton (a company implicated in the Deepwater Horizon incident) put the spotlight squarely on what it means to be “sustainable.” Lawsuits were another immediate consequence of the disaster and will likely continue for decades. BP must deal not only with the $20 Billion Claims Fund, the government investigations, and the litigation between potentially responsible companies, but also with numerous class actions concerning investments that soured after the disaster.

In connection with the investor lawsuits, a federal court in Texas recently issued two decisions highlighting the risk of liability in sustainability reporting. The court addressed several alleged misrepresentations publicly made by BP and its officers prior to the 2010 explosion, including statements in BP’s sustainability reporting materials and in BP’s revised Oil Spill Response Plan for the Gulf of Mexico (Regional OSRP). Numerous statements in the sustainability reporting materials concerned BP’s safety programs and procedures, while the Regional OSRP boasted the ability to “recover approximately 491,721 barrels of oil per day (or more than 20.6 million gallons) in the event of an oil spill in the Gulf of Mexico.” The investors alleged that they relied on these statements as part of their decision to invest, that BP knew the statements were false when made, and that they suffered financial harm as a result following the disaster in the Gulf of Mexico.

The court described in detail how a corporation can be held liable not only for intentional false statements made by corporate officers, but also for “unattributed” false corporate statements that are so “dramatic” that they must have been approved by knowledgeable corporate officers. For these general corporate statements, a corporation can be liable for fraud by exercising a reckless indifference for the truth, but not when the statements merely show “mistakes at the management level.” In BP’s case, one of the safety statements made in a 2009 Sustainability Review was directly attributable to Tony Hayward, the former CEO of BP, but Plaintiffs’ claims were defective since they could not show Mr. Hayward actually received information showing that he knew his statement was false. Other safety statements in the 2006 and 2009 Sustainability Reports were not attributable to corporate officers, and Plaintiffs could not establish fraud based on these general, unattributed safety statements.

The court took issue, however, with other statements by BP, including the bold claims in the Regional OSRP. This document had been prepared by an Environmental Coordinator and other employees with “fairly low positions.” The court noted that BP was only collecting 15,000 barrels per day 49 days after the explosion, in contrast to its claim that it could capture 491,721 barrels of oil per day, suggesting such numbers were “invented out of thin air.” The statements in the Regional OSRP were therefore reckless and supported fraud claims against BP. As there was already a basis for the fraud claims, the court did not decide whether the Environmental Coordinator and other employees were “authorized officers” that could be individually liable or cause BP to be liable based on their individual intent.

The court ultimately concluded that investors alleged valid fraud claims against BP based on the statements concerning oil recovery and numerous other public statements. As such, the court’s decisions have broad implications for those involved with sustainability reporting. False statements and omissions in sustainability reports create clear liability risks for companies and their officers. Chief Sustainability Officers and other C-Suite executives must exercise caution with public statements and in approving content in sustainability reports. Moreover, while “mistakes at the management level” typically should not support a fraud claim, both companies and their employees should recognize the potential for liability stemming from truly egregious or reckless false statements and from an employee’s potential status as an “authorized officer” with regard to such statements.

Minimizing liability risks from sustainability reporting 

Based on the BP investor lawsuits, those involved with sustainability reporting should start aggressively managing their liability risk. Risk management strategies will necessarily vary by organization, but there are common considerations. Common strategies include a renewed focus on responsible reporting through standardized reporting frameworks, increased use of external assurance, and increased involvement of legal counsel. These risk management tools are discussed below.

Responsible reporting through the Global Reporting Initiative (GRI) guidelines 

First issued in 2000 and periodically revised, the GRI Guidelines have become the most widely used framework for sustainability reporting. Though reporting remains voluntary and the Guidelines are sometimes criticized for providing too much flexibility, strict adherence to GRI’s reporting framework can reduce liability risks. For example, the Guidelines identify six factors that define the quality of the report. A renewed focus on each of these factors can help minimize the risk of lawsuits by investors and others relying on the reports:

Balance: A balanced report is an important risk management tool, because fraud claims can result from the omission of material data. Since reporting is voluntary, companies have an incentive to focus only on their achievements, but under the Guidelines, sustainability reports should reflect negative performance data as well as positive. Unbalanced reports that merely highlight a company’s achievements and which omit reference to material risks are defective.

Comparability: Reporting organizations should strive for consistent reporting in order that stakeholders can compare performance data over time. Companies that change metrics from year to year may confuse readers and bolster subsequent claims that there were material misstatements. The Guidelines aim for consistent reporting over time, with common measurement units and normalized data that promotes useful comparison from one reporting year to the next.

Accuracy: Few sustainability reports are perfect, but companies that recklessly compile and present inaccurate data face increased liability risks, particularly given the recent BP decisions. The Guidelines emphasize accurate reporting of both qualitative and quantitative information. For quantitative information, this requires sound data measurement techniques and the rejection of any margin of error that could unduly influence stakeholder conclusions. Meanwhile, qualitative statements are evaluated by their context, including through consideration of the level of reporting detail. To further minimize the risk of liability and better evaluate reporting accuracy, companies should also consider internal audit and external assurance options.

Timeliness: At best, old data loses its relevance. At worst, old data misleads stakeholders into believing that it reflects current conditions, or demonstrates improper delay that harms investors. The Guidelines vaguely encourage disclosures “recent relative to the reporting period.” Given the absence of a precise reporting timeline, reporting organizations should ensure timeliness through fact-specific determinations and strive for prompt disclosure without sacrificing accuracy.

Clarity: Companies that bury key disclosures in their sustainability reports or use technical jargon will alienate stakeholders. The information should be easy to locate and be accessible to the intended audience; otherwise it may be misleading and increase the risk of future litigation.

Reliability: Ensuring reliability is closely related to ensuring the accuracy of data. Fraud claims can easily result from unreliable report content. For example, if data gathering techniques across an organization are untested or inconsistent, then data in the reports will suffer. Report content should therefore be gathered using well-defined processes that will produce accurate information and results. The Guidelines recommend that performance disclosures be “substantiated by evidence” or at least accompanied by explanations concerning the level of uncertainty. Moreover, organizations should maintain and be able to identify supporting evidence.

Obtaining external assurance 

A company’s sustainability report gains credibility with external assurance, routinely provided by large accounting firms and other qualified consultants. Proper assurance provides a valuable risk management tool, and benefits both the public and the company. For the public, it can reduce the risk of greenwashing and enhance report objectivity. For the company, it provides a check and balance on reporting parameters and the data capture process.

As with sustainability reporting itself, the assurance process continues to evolve. Unlike financial reporting, sustainability reporting is inherently more subjective. The GRI Guidelines specifically allow a “variety of approaches” for external assurance, and two standards dominate the environmental assurance field. One standard (ISAE 3000) is used by accountants, while another standard (AA1000) is used by consultants and others, subject to a licensing fee. Under these standards, verifiers can provide different levels of assurance and they can limit the scope of assurance to various items in a sustainability report, depending on the needs of the reporting organization.

Companies seeking external assurance should take steps to ensure that they have retained a reliable service provider and that the scope and level of assurance are fully disclosed in the sustainability report.

Involvement of legal counsel 

The recent BP decisions suggest that counsel should be actively involved in sustainability reporting. As the reporting process continues to evolve, there is a developing role for attorneys both within and outside of the reporting organization.

Evaluating report parameters and content 

Reporting organizations should consider involving attorneys early in the reporting process. Ideally, one or more attorneys should be included at the threshold planning stage and actively participate in identifying stakeholders, defining report boundaries, and evaluating the materiality of GRI indicators. Attorneys within the company are often uniquely situated to know whether it is appropriate to exclude certain subject areas or facilities from the report based on currently pending or threatened legal risks. For example, if in-house counsel knows of threatened litigation concerning human rights violations in third world countries, she might recommend that the report focus on domestic operations, or exclude one or more of the human rights subject area indicators identified in the GRI Guidelines. Early determinations are critical to the success of the report, as later determinations may conflict with stakeholder input.

Reporting organizations should also consider having their attorneys perform a legal review of the sustainability report prior to finalization and external distribution. Counsel should review and edit drafts to ensure accuracy, completeness, and the other GRI framework factors. Given the recent BP decisions, even general statements concerning broad subject areas such as “safety” should be evaluated for their veracity and an eye toward the risk of future litigation. Equally important, counsel should analyze the absence of report content and consider whether there are material omissions that could form the basis for fraud claims. When substantive content is intentionally excluded, counsel should ensure that the reporting procedures, scope and boundary, and any limitations thereon, are fully disclosed consistent with the GRI standards.

Comparing data with regulatory reporting requirements 

Frequently, the data voluntarily disclosed in sustainability reports must also be reported to regulatory agencies. For example, environmental permits and regulations routinely require reporting for air emissions, wastewater discharges, and the manufacturing and use of toxic chemicals. Counsel should ensure consistent reporting. If material data is reported to a regulatory agency but not disclosed in a sustainability report, investors and other stakeholders may become wary. Conversely, if data is disclosed in the sustainability report but is omitted from or differs from the required regulatory submittals, then this could form the basis for enforcement action by EPA or other regulators. The failure to disclose required information can lead to substantial civil and criminal penalties, and counsel should therefore review sustainability reports in light of required regulatory submittals.

Preserving privilege and protecting drafts from disclosure 

Attorneys should also be involved in sustainability reporting because they play a critical role in preserving the attorney-client privilege. Companies that circulate draft reports without the input of counsel may be taking unnecessary risks, particularly when legally sensitive information is removed from the drafts. If there is a subsequent lawsuit by investors or others concerning the reports, for example, then the draft reports will likely be discoverable and the deleted information may bolster the other party’s claims.

Active attorney involvement in the reporting process can help mitigate such concerns. Although routine business communications are not privileged and companies cannot hide information merely by routing it through counsel, the attorney-client privilege protects bona-fide communications between the attorney and client made for the purpose of obtaining legal advice. By analogy, the privilege has been upheld in the context of SEC reporting. Specifically, in the recent case of Roth v. Aon Corporation, a court concluded that drafts of a regulatory 10K communicated to the general counsel by the CFO were not discoverable. The court noted that there was “good reason” that corporations and attorneys would consult “over compliance with legally mandated disclosures” and further found that the public disclosure of the final document did not result in waiver of the privilege.

Although sustainability reporting is voluntary and SEC reporting is mandatory, both activities share common privilege concerns. In both instances, the reporting process involves decisions surrounding the disclosure of legally sensitive corporate information. Companies need attorneys to advise them about legal risks arising from public disclosures and how to mitigate such risks, and this properly involves attorney review and input on draft reports. Counsel can provide valuable advice concerning the wording of sensitive matters being disclosed and whether disclosure is legally prudent or necessary. Moreover, counsel’s input may be necessary to evaluate whether voluntary disclosures are consistent with required SEC reporting and other regulatory reporting obligations.

Based on these considerations, attorney-client privilege should shield against the disclosure of draft sustainability reports and communications involving attorney advice. While inconsistent court decisions provide no guarantees that privilege will be upheld, companies should take early steps to preserve privilege. Counsel should be involved at the threshold planning stage, and as data is collected, the report itself should be prepared in close consultation with counsel. Draft reports should be prepared for counsel’s review and should be clearly labeled as “Attorney-Client Privileged.” Emails and communications circulating drafts should similarly be sent directly to counsel for the purpose of seeking legal advice on the content and should be labeled as “Attorney-Client Privileged.” Such communications should not be widely distributed within the organization or treated like standard business communications, as this erodes privilege protections.

Evaluating contracts between reporting organizations and service providers 

Attorneys also have a role in negotiating and evaluating contractual relationships between reporting organizations and their sustainability service providers, including sustainability consultants, external assurance providers, and information technology vendors. Consider, for example, who should bear the liability risk if an external assurance provider fails to identify material misrepresentations or validates inaccurate data. As another example, consider who should bear the liability risk if a software provider’s product improvements reveal data inaccuracies in prior sustainability reports.

In any of these situations, the threat of litigation extends beyond stakeholder lawsuits to include lawsuits between the reporting organization and its service providers. Attorneys can minimize liability risks by negotiating service provider agreements, including through defining the scope of work, the content of license agreements, ensuring confidentiality, and contractually allocating risk through appropriate indemnity and insurance provisions.

Moving forward with sustainability reporting 

The BP investor lawsuits highlight growing liability concerns for those involved with sustainability reporting. Investors and other stakeholders are entitled to rely on the reports, and reporting organizations must therefore exercise caution throughout the disclosure process. Corporate officers and employees must guard against reckless report content, and avoid misstating or omitting material information, while the reporting organization itself should take steps to manage and reduce the risk of liability. Common risk management strategies should include a renewed focus on standardized reporting procedures, increased use of external assurance, and increased involvement of counsel throughout the reporting process. Early implementation of appropriate risk management strategies will allow those involved with voluntary sustainability reporting to be better prepared for the day when sustainability reporting becomes mandatory.

Matthew L. Mattila is an environmental attorney in Atlanta, Georgia. Mr. Mattila received his B.S. in Natural Resources and Environmental Sciences from University of Illinois, and his J.D. and a Certificate of Specialization in Environmental Law from Tulane, where he served as an articles editor for the Tulane Law Review. He can be reached at 

This article is for general educational and informational purposes only. This article is not intended as legal advice and should not be construed as such. As always, readers should consult a qualified attorney for legal advice concerning specific situations. 

[image credit: Brian Turner: Flickr]

3p Contributor

TriplePundit has published articles from over 1000 contributors. If you'd like to be a guest author, please get in touch!

Leave a Reply