SEC Proposes Rules on Cyber Risk and Climate Risk Disclosures
The U.S. Securities and Exchange Commission (SEC) proposed the rules to enhance and standardize climate risk disclosures for investors as well as the rules on cybersecurity risk management, strategy, governance, and incident disclosure by public companies.
The comment period for both the aforementioned proposals is 30 days after their respective publication in the Federal Register, or 60 days after the date of issuance and publication on the SEC website, whichever period is longer. The proposed rules on climate risk disclosures require registrants to provide certain climate-related information in their registration statements and annual reports, including information about climate-related financial risks and financial metrics in their financial statements and disclosure of registrants greenhouse gas emissions. The proposed climate-related disclosure framework is modeled in part on the Task Force on Climate-Related Financial Disclosures (TCFD) recommendations and draws on the Greenhouse Gas (GHG) Protocol. The proposed rules would require a registrant to disclose information about:
- governance of climate-related risks and relevant risk management processes
- how any climate-related risks identified by the registrant have had or are likely to have a material impact on its business and consolidated financial statements, which may manifest over the short, medium, or long-term
- how any identified climate-related risks have affected or are likely to affect the registrant’s strategy, business model, and outlook
- the impact of climate-related events (severe weather events and other natural conditions) and transition activities on the line items of a registrant’s consolidated financial statements, as well as on the financial estimates and assumptions used in the financial statements
- direct greenhouse gas emissions (Scope 1) and indirect emissions from purchased electricity or other forms of energy (Scope 2)
- greenhouse gas emissions from upstream and downstream activities in its value chain (Scope 3), if material or if the registrant has set a greenhouse gas emissions reduction target or goal that includes Scope 3 emissions
- climate-related targets or goals, and transition plan, if any
For registrants that already conduct scenario analysis, have developed transition plans, or publicly set climate-related targets or goals, the proposed amendments would require certain disclosures to enable investors to understand those aspects of the registrants’ climate risk management. The proposals for greenhouse gas emission disclosures would provide investors with decision-useful information to assess a registrant’s exposure to, and management of, climate-related risks, and in particular transition risks. The proposed rules would include a phase-in period for all registrants, with the compliance date dependent on the registrant’s filer status, and an additional phase-in period for Scope 3 emissions disclosures. If adopted this year, the rules are expected to apply beginning with the 2023 annual report.
Related Links
- Press Release on Climate Risk Disclosures
- Proposed Rule on Climate Risk Disclosures (PDF)
- Press Release on Cyber Risk Disclosures
- Proposed Rule on Cyber Risk Disclosures (PDF)
Keywords: Americas, US, Banking, ESG, Climate Change Risk, Disclosures, Transition Risk, TCFD, TCFD Recommendations, Cyber Security, Cyber Risk, SEC, Headline
Featured Experts

Michael Denton, PhD, PE
Dr. Denton provides industry leadership in the quantification of sustainability issues, climate risk, trade credit and emerging lending risks. His deep foundations in market and credit risk provide critical perspectives on how climate/sustainability risks can be measured, communicated and used to drive commercial opportunities, policy, strategy, and compliance. He supports corporate clients and financial institutions in leveraging Moody’s tools and capabilities to improve decision-making and compliance capabilities, with particular focus on the energy, agriculture and physical commodities industries.

James Edwards
James leads the initiative to model the risk implications of climate change for corporates, SMEs, and sovereigns.
Previous Article
FSB Report Examines Impact of Pandemic on Market StructureRelated Articles
EU Agencies Update LCR Rule and Macro-Prudential Policy Recommendation
The European Commission (EC) published the Delegated Regulation 2022/786 with regard to the liquidity coverage requirements for credit institutions under the Capital Requirements Regulation (CRR).
EBA Publishes Regulatory Standards to Identify Shadow Banking Entities
The European Banking Authority (EBA) published the final draft regulatory technical standards specifying the criteria to identify shadow banking entities for the purposes of reporting large exposures.
EIOPA Examines Physical Climate Risk Exposure, SII Non-Compliance
The European Insurance and Occupational Pensions Authority (EIOPA) published a report assessing insurers' exposure to physical climate change risks
NGFS Report Explores Quantification of Climate Risk Differentials
The Network for Greening the Financial System (NGFS) published two reports to aid central banks and regulators in their oversight of the financial sector and in their central bank operations
EC Publishes Results on Review of Web Accessibility Directive
The European Commission (EC) published the results of a public consultation, held in October 2021, on the review of the Web Accessibility Directive.
MAS Consults on Adjustment Spreads for Conversion of SOR Contracts
The Monetary Authority of Singapore (MAS) and the SC-STS are jointly consulting, until June 10, 2022, on setting adjustment spreads for the conversion of legacy SOR contracts to SORA reference rate.
OSFI Discusses Benchmark Rate Transition, Sets Out Work Priorities
The Office of the Superintendent of Financial Institutions (OSFI) published the strategic plan for 2022-2025 and the departmental plan for 2022-23.
EBA Proposes Standards to Support Secondary NPL Markets
The European Banking Authority (EBA) is consulting, until August 31, 2022, on the draft implementing technical standards specifying requirements for the information that sellers of non-performing loans (NPLs) shall provide to prospective buyers.
EU Confirms Agreement on Rules on Cybersecurity and Banking Resolution
The European Council and the Parliament reached an agreement on the revised Directive on security of network and information systems (NIS2 Directive).
EBA Issues Standards for Crowdfunding Service Providers Under ECSPR
The European Banking Authority (EBA) published the final draft regulatory technical standards specifying information that crowdfunding service providers shall provide to investors on the calculation of credit scores and prices of crowdfunding offers.