Relying on ESG data providers can expose investors and organizations to three major risks: inconsistent ratings, incomplete data, and overdependence on third-party sources. These challenges can lead to flawed investment decisions, regulatory non-compliance, and weakened internal accountability.

Key findings include:

• ESG ratings from different providers often conflict due to varying methodologies, with an average correlation of just 0.54.

• Over 70% of investors cite incomplete and inconsistent data as a major obstacle, with providers frequently relying on estimates for missing metrics like Scope 3 emissions.

• Blind reliance on external providers can create a "black box" problem, limiting transparency and control over ESG strategies.

Solutions: Use multiple data sources, conduct internal validation, and establish strong ESG governance frameworks to ensure data accuracy, manage risks, and maintain compliance with regulations like the SEC’s climate disclosure rules.

This article explains these risks in detail and offers actionable steps to address them effectively.

3 Major Risks of ESG Data Providers: Key Statistics and Solutions

Mitigating ESG and Business Conduct Risk through Ratings and Raw Data

Risk 1: Inconsistent ESG Ratings Across Providers

When evaluating ESG ratings from various providers, you’ll often notice significant discrepancies for the same company. The average correlation between six major ESG ratings providers is only 0.54 [6]. These inconsistencies stem from differing methodologies, which introduce further risks discussed below.

Different Methodologies and Opaque Scoring Systems

The inconsistency in ESG ratings primarily arises from how providers calculate their scores. Research highlights three main factors driving these differences: measurement (the metrics used to evaluate the same attribute), scope (the attributes assessed), and weight (the importance assigned to each attribute) [5].

Take the Wells Fargo scandal as an example. In December 2017, one provider ranked Wells Fargo in the top third for governance, while another placed it in the bottom 5%. The discrepancy occurred because one provider gave a score of zero for "Business Ethics Incidents", which accounted for 20% of the total score, while the other classified the scandal under "Information to Customers" within the Social pillar instead of Governance [5].

A similar issue arose with Facebook. One ESG provider rated the company in the top decile for environmental performance, while another rated it as below average. The difference came down to one provider assigning significant weight to "Management of Environmental Impacts from Personal Transportation", a metric the other provider didn’t include [5]. These examples show how varying criteria can undermine confidence in ESG ratings.

Proprietary algorithms further complicate matters by converting qualitative metrics into scores, often relying on imputed data when companies fail to disclose specific figures. For instance, 92% of "Social" indicators merely confirm the existence of policies rather than measuring tangible outcomes [6].

Temporal instability adds another layer of complexity. A study comparing ESG scores over six weeks (February 9 to March 23, 2021) found that 85% of firms' scores had changed [1].

"The data for any specific point in time should remain the same for a firm unless there is a documented reason for a retroactive change. However, our study revealed significant unannounced and unexplained changes." – Florian Berg, Research Associate, MIT Sloan Sustainability Initiative [1]

Effects on Investment Portfolio Decisions

These methodological differences directly affect portfolio performance. Portfolios built using identical processes but with different ESG providers showed a performance variation of 130 basis points (1.3%) per year in the U.S. and 70 basis points (0.7%) in Europe [5]. Correlations in excess returns also vary widely by ESG category. For example, European governance portfolios from two providers had a correlation as low as 0.03, while U.S. social-themed portfolios showed a correlation of just 0.51 [5].

Such discrepancies can lead to flawed assessments, poor capital allocation, and misaligned sustainability goals. Aggregating Environmental, Social, and Governance factors into a single score can further obscure risks, as strong performance in one area may hide serious shortcomings in another [6].

"Positive performance in one area does not negate poor performance in another – a point that combined ratings might obscure." – Paul Weiss Rifkind Wharton & Garrison LLP [6]

The case of Workday Inc. highlights the paradox of disclosure. After expanding its ESG reporting from 54 to 98 pages under G4 Global Reporting Initiative guidelines, ratings providers diverged even more. While Bloomberg and Thomson Reuters increased their scores, MSCI lowered its environmental rating but raised its social rating, and Sustainalytics left its environmental rating unchanged [6]. In this instance, more transparency led to greater confusion.

Solution: Use Multiple Data Sources and Internal Analysis

To navigate these inconsistencies, rely on at least two comprehensive ESG providers. This approach helps identify outliers and areas of significant disagreement [5]. Instead of focusing solely on headline scores, investors should examine the specific metrics and weightings used by providers to ensure alignment with their ESG priorities.

"Investors must ensure the approach taken by the ratings provider they rely on is consistent with their ESG preferences or they risk constructing portfolios that do not align with their ESG views." – Feifei Li and Ari Polychronopoulos, Research Affiliates [5]

Many investors now create their own assessments using raw, unaudited ESG data rather than depending solely on third-party scores [6]. Specialized providers like CDP for carbon data or Equileap for gender metrics can offer more detailed insights than aggregate scores [5].

Organizations should also actively monitor raw ESG data to catch inaccuracies or errors. Given that ESG data is largely unaudited, implementing rigorous internal validation processes is crucial to identifying omissions or unsupported claims in sustainability reports.

For strategic guidance, organizations can turn to experts like Council Fire, who help design ESG evaluation frameworks that combine multiple data sources with internal analysis. This approach ensures that sustainability assessments align with organizational values and financial goals, reducing the risks posed by inconsistent third-party ratings. By integrating diverse data sources with internal scrutiny, companies can better safeguard their portfolios against these challenges.

Risk 2: Incomplete Data and Limited Coverage

One of the most pressing challenges for ESG data providers is missing or incomplete information. Over 70% of investors cite "inconsistent and incomplete" data as the top obstacle to ESG investing [7]. This gap forces providers to rely on estimation models and imputation techniques to fill in the blanks [7].

Problems with Data Accuracy and Completeness

To address missing ESG metrics, providers often use different estimation models, leading to notable inconsistencies [4]. This issue is particularly evident with Scope 3 emissions, which measure indirect carbon impacts across a company’s supply chain. Regulations like the SEC's climate rules, finalized in March 2024, exclude Scope 3 from mandatory disclosures, leaving providers to depend heavily on estimates rather than verified figures [8].

Even when data is available, accuracy remains a concern. A staggering 94% of investors believe corporate sustainability reports include unsupported claims [8]. The lack of standardized reporting frameworks further complicates matters, making it difficult to compare ESG data across companies. For example, more than 20 different methods are currently used to report employee health and safety data, rendering cross-company comparisons nearly impossible [4].

"There is a significant shortage of reliable and comparable data across various aspects of ESG. Even for widely used key performance indicators, such as carbon emissions, we encounter substantial discrepancies among data providers."
– Elodie Laugel, Chief Responsible Investment Officer, Amundi [7]

Interestingly, increasing disclosure doesn’t always lead to better data quality [4]. Research shows that companies providing more ESG details often experience greater variation in their ratings because providers interpret the additional information differently [4]. Without standardized metrics, transparency can sometimes cause more confusion than clarity.

Variations Across Industries and Regions

The quality of ESG data coverage also varies significantly across industries and regions. Factors like company size, location, and asset class heavily influence the availability of reliable data. While large-cap listed equities benefit from improved coverage, smaller firms and emerging markets often receive far less attention.

"Data coverage is still mainly focused on listed equities and becomes patchier when you move to smaller companies and emerging markets."
– Robert Sawbridge, Head of Responsible Investment, Insight Investment [7]

Certain financial instruments, such as asset-backed securities and municipal bonds, face even greater limitations, leaving investors with blind spots when building diversified ESG portfolios. Industry-specific challenges add another layer of complexity. For instance, a manufacturing company’s material ESG concerns differ significantly from those of a financial services firm. Yet, providers frequently use standardized frameworks that fail to account for these nuances, especially in global supply chains where data collection is more difficult.

Solution: Improve Data Validation and Monitoring Processes

To tackle these data issues, organizations need robust validation systems. Around 85% of investors believe ESG metrics should be assured with the same rigor as financial audits [8]. This involves implementing internal controls that trace each metric from its raw source to the final report [8].

Larger companies might benefit from appointing a dedicated ESG controller to establish data quality standards and document processes at the metric level [8]. This role ensures accountability and helps identify data gaps early, while maintaining comprehensive historical records for auditors.

In June 2025, Morningstar Sustainalytics introduced updated guidance through its "Issuer Gateway" platform, enabling companies to validate their ESG Risk Ratings. Using a structured "Management Indicator Response Template", companies can submit factual corrections backed by public documentation. This process covers Beta Indicators across four categories: Product & Production, Financials, Events, and Geographic [9].

"The software being used is only as effective as the data entered into the system. Without complete, accurate and reliable ESG data, the software alone will not be sufficient."
– PwC [8]

Investors should diversify their sources by using multiple data providers and conducting independent validation reviews [7]. Specialized platforms focusing on specific metrics, such as supply chain emissions or diversity data, often deliver more reliable insights than aggregated scores. Direct engagement with investee companies or suppliers can also yield more precise disclosures, reducing reliance on third-party estimates.

Continuous monitoring tools offer a way to maintain up-to-date ESG data, reflecting current risks and emerging trends [9]. As regulations like the EU's Corporate Sustainability Reporting Directive (CSRD) and California’s climate requirements push for stricter disclosure standards, the shift from voluntary reporting to auditable, high-quality data is inevitable [8]. Companies that build strong validation processes today will be better equipped to adapt to this changing landscape.

Council Fire supports organizations in developing ESG data governance frameworks that integrate automated data collection with thorough validation. By focusing on industry-specific material metrics and establishing clear accountability, businesses can ensure their ESG data is as reliable as their financial reporting.

Risk 3: Excessive Dependence on Third Parties

Relying heavily on external ESG data providers can lead to a "black box" problem for organizations. When teams accept third-party ratings without questioning the underlying methodologies, data sources, or potential limitations, they risk losing transparency and control. This blind reliance undermines internal judgment and leaves companies exposed when regulators or auditors demand evidence to substantiate ESG claims.

Loss of Internal Judgment and Accountability

The SEC's climate disclosure rules, finalized in March 2024, mandate that companies include auditable ESG data in their 10-K filings, particularly for climate-related risks and Scope 1 and 2 greenhouse gas emissions [8]. Companies that depend entirely on external providers without conducting their own validation processes often struggle to provide the "sufficient evidence" auditors require to confirm data reliability [8]. The lack of transparency in third-party methodologies further complicates regulatory compliance, making it nearly impossible to trace and verify the data.

"The software being used is only as effective as the data entered into the system. Without complete, accurate and reliable ESG data, the software alone will not be sufficient to satisfy SEC requirements."
– PwC [8]

In addition to regulatory risks, conflicts of interest within ESG data providers can compromise the quality of the information they supply. External vendors may face political or economic pressures, yet many companies fail to verify whether providers have robust policies to ensure independence [2]. For investment managers, misalignment between a provider's methodology and the firm's compliance philosophy can lead to operational inefficiencies and strategic disconnects [3].

This erosion of internal accountability also creates broader governance issues, particularly in vendor management.

Weak Governance and Vendor Management

Many organizations lack a structured approach to ESG data governance, skipping essential steps like vendor due diligence and performance reviews. The Financial Stability Board emphasizes the importance of gathering and reviewing detailed information about the methodologies and limitations of ESG products [2]. Unfortunately, some companies treat ESG data procurement as a routine transaction rather than a critical governance responsibility.

Without proper internal processes, teams often struggle to reconcile conflicting scores from different providers. This lack of a defined protocol for resolving discrepancies can lead to inconsistent decision-making across departments [3]. Such governance gaps become even more problematic as regulators increase scrutiny of ESG ratings and the providers themselves [2].

Solution: Build ESG Data Governance Frameworks

To address these challenges, organizations must integrate ESG oversight into their existing governance structures. A good starting point is developing a due diligence checklist to evaluate each provider's transparency, conflict-of-interest policies, and data collection methods [2].

"Market participants could consider conducting due diligence or gathering and reviewing information on the ESG ratings and data products that they use in their internal processes."
– Financial Stability Board (FSB) [2]

Maintaining an internal registry of the "blind spots" and methodological weaknesses of each external provider can help risk management teams identify gaps [2]. Organizations should also establish clear guidelines for using external ESG data, specifying which internal processes can rely on this information and which require additional validation [2]. For larger firms, appointing a dedicated ESG controller to oversee data quality and work with independent validators can ensure accountability remains in-house [8].

Council Fire specializes in developing ESG governance frameworks that integrate vendor management, data validation, and board-level oversight. By creating clear accountability structures and aligning ESG data practices with broader risk management systems, companies can retain control over their sustainability strategies while leveraging external expertise. Strengthening internal ESG governance not only mitigates these risks but also supports the broader measures discussed earlier in this analysis.

Conclusion

The analysis highlights several challenges that undermine effective ESG investing, including inconsistent ratings, incomplete data, and overreliance on external sources. While ESG data providers offer valuable metrics, depending too heavily on them without proper verification introduces significant risks. For example, correlations between ESG ratings from major providers have been reported as low as 0.11, illustrating the lack of consistency [11]. Moreover, 94% of investors express concerns about unsupported sustainability claims in corporate reporting [10]. Such heavy reliance on third-party data can also weaken internal accountability.

To address these issues, organizations must treat ESG data with the same rigor as financial data. This means implementing strong governance structures, appointing dedicated ESG controllers, establishing thorough validation processes, and integrating multiple data sources. Rather than accepting any single rating at face value, companies should combine external assessments with in-depth internal analysis [12].

The urgency is amplified by evolving regulatory demands. For instance, the SEC's climate disclosure rules, effective March 2024, mandate auditable ESG data in 10-K filings. Without proper controls, companies risk compliance violations and strategic missteps.

Council Fire offers a pathway for organizations to go beyond mere ESG compliance and achieve strategic integration. Their framework addresses these risks by embedding robust governance, validation processes, and strategic oversight. By blending technical expertise with stakeholder collaboration, Council Fire helps transform ESG data from a reporting requirement into a strategic asset. This approach ensures that sustainability efforts are aligned with business goals while maintaining transparency and accountability.

The path forward requires balancing external expertise with robust internal oversight. ESG data providers should serve as tools, not replacements for sound judgment. Building a governance infrastructure that validates, monitors, and acts on ESG data is key to turning sustainability metrics into actionable strategies.

FAQs

How can organizations verify the reliability of ESG data from multiple providers?

To ensure the accuracy and reliability of ESG data from third-party providers, organizations should implement a structured validation process. Begin by incorporating data verification into your ESG governance framework. This includes requiring providers to disclose their methodologies, data sources, and any adjustments they make. Comparing metrics across multiple providers can also help uncover discrepancies or errors early in the process.

Building an internal team dedicated to monitoring data quality and addressing inconsistencies is a crucial step. Partnering with an independent sustainability consultancy, such as Council Fire, can further enhance your efforts. These experts can assist in crafting strong data governance policies and verifying the accuracy of aggregated ESG data. Combining thorough validation processes with professional oversight enables organizations to make sustainability decisions with greater confidence and reliability.

What are the key risks of relying on third-party ESG data providers?

Relying entirely on third-party ESG data providers comes with its own set of challenges. A key concern is the lack of consistent methodologies and standardization among providers, which often results in conflicting ratings. This inconsistency can make it difficult to draw meaningful comparisons or trust the data across different sources.

Another issue lies in transparency and data quality, as limited insight into how scores are calculated can erode confidence in the accuracy of the information. Compounding this is the problem of retroactive changes to ESG scores, which can disrupt reliability and complicate efforts to measure progress over time.

Lastly, there’s the risk of greenwashing or biased evaluations, where companies might be portrayed as more sustainable than they truly are due to flawed or overly favorable assessments.

To address these challenges, organizations should take a proactive approach by thoroughly evaluating their data sources, demanding greater transparency from providers, and supplementing third-party data with internal evaluations or expert insights from sustainability-focused firms like Council Fire. This balanced approach can help ensure more reliable and actionable ESG insights.

Why is it crucial to establish internal ESG governance frameworks?

Building a solid internal ESG governance framework is essential for maintaining the accuracy, reliability, and transparency of your organization's ESG data. Relying exclusively on third-party providers can lead to risks like data errors, opaque processes, or unexpected retroactive changes. By managing ESG data internally, companies can exercise greater control and avoid the challenges often associated with external ESG ratings.

An internal framework also ensures compliance with shifting regulatory demands by incorporating safeguards such as clear oversight, defined accountability, and effective data management practices. These measures not only help minimize the risk of greenwashing but also build stronger trust with investors and other stakeholders.

Moreover, having an internal ESG governance structure enables companies to align ESG standards with their specific strategies and objectives, transforming ESG data into a valuable strategic resource. Council Fire provides expert support to help organizations craft customized frameworks that seamlessly integrate financial performance with positive environmental and social impacts.

Related Blog Posts

• ESG Reporting Checklist: Key Requirements for 2025

• Common ESG Implementation Challenges and Solutions

• Ultimate Guide to Regional ESG Compliance

• Cross-Border ESG Rules: What Businesses Need to Know