Regulation 33 - ESG Ratings and Data Products Providers - International Financial Services Centres Authority (Capital Market Intermediaries) Regulations, 2025

33. ESG Ratings and Data Products Providers (1) An ERDPP may undertake services relating to ESG Ratings and ESG Data Products in an IFSC or a Foreign Jurisdiction. (2) An ERDPP shall not provide any other service without the prior approval of the Authority. (3) An ERDPP shall adhere to the following Code of Conduct , on a comply or explain basis: (a) Principle on Good Governance ERDPP shall ensure appropriate governance arrangements are in place that enable it to promote and uphold the principles and overall objectives of the Code of Conduct. (b) Principle on Securing Quality (Systems and Controls) ERDPP shall adopt and implement written policies and procedures designed to help ensure the issuance of high quality ESG Ratings and Data Products. (c) Principles on managing Conflicts of Interest i. ERDPP shall adopt and implement written policies and procedures designed to help ensure that its decisions are independent, free from political or economic interference, and appropriately address actual or potential conflicts of interest that may arise from, among other things, ERDPP s organisational structure, business or financial activities, or the financial interests of the ERDPP, its officers and employees. ii. ERDPP shall also identify, avoid or appropriately manage, mitigate and disclose actual or potential conflicts of interest that may compromise the independence and integrity of the ERDPP s operations. (d) Principle on Transparency ERDPP shall make adequate levels of public disclosure and transparency a priority for its ESG Ratings and Data Products, including its methodologies and processes to enable the users of the product to understand what the product is and how it is produced, including any potential conflicts of interest, while maintaining a balance with respect to proprietary or confidential information, data and methodologies. (e) Principle on Confidentiality (Systems and Controls) ERDPP shall adopt and implement written policies and procedures designed to address and protect all non-public information received from or communicated to it by any entity, or its agents, related to their ESG Ratings and ESG Data Products, in a manner appropriate in the circumstances. (f) Principles on Engagement (Systems and Controls) i. ERDPP shall regularly consider whether its information gathering processes with entities covered by its products lead to efficient information procurement for both the providers and these entities. Where potential improvements to information gathering processes are identified, the ERDPP shall consider what measures can be taken to implement them. ii. Where feasible and appropriate, the ERDPP shall respond to and address issues flagged by entities covered by its ESG Ratings and Data Products and by users while maintaining the independence and integrity of these products. (4) An ERDPP shall disclose compliance of the Code of Conduct provided above on a comply or explain basis on its website. (5) An ERDPP providing ESG Ratings shall have guidelines / criteria / methodology on the rating process and the same shall be disclosed on its website. (6) An ERDPP shall disclose all ESG Ratings provided by it on its website. (7) An ERDPP shall segregate its activities relating to ESG Ratings and ESG Data Products from its other activities to ensure that there is no conflict of interest between these activities.