Five key ESG topics for private companies in 2024

ESG factors continue to be critical business issues for public and private companies alike. In our view, understanding and incorporating material ESG factors as early as possible enables more informed and strategic business decisions. Notably, however, 38% of private company directors do not feel that their board has been effective at integrating ESG into corporate strategy.¹ And ongoing debate around ESG has added complexity to considerations of how to respond to stakeholders’ ESG priorities. In 2024, we will continue advancing our ESG team’s mission to minimize investment risk and maximize company value for our private investments. Though materiality differs for each industry, we think the following five ESG topics will be particularly relevant for private companies in the coming year:

• Governance and shareholder rights
• Human capital management and diversity, equity, and inclusion 
• Climate-change mitigation and adaptation 
• Cybersecurity and data privacy
• Responsible approach to artificial intelligence

Governance and shareholder rights: As private companies grow, they inevitably face more complexity and scrutiny from investors and the broader public. We believe this makes corporate governance practices likes board independence and diversity, remuneration, share structures, and succession planning vital considerations and key areas of potential value add. Many asset owners, asset managers, ESG ratings agencies, and proxy advisers are taking a harder stance on governance for newly public companies. Some advisers recommend that shareholders vote against the entire board of directors at companies that go public with multiple class-share structures and unequal voting rights without reasonable sunset provisions. And the European Union’s Sustainable Finance Disclosure Regulation requires asset managers to define “good governance” without differentiating between public and private companies. We encourage private firms to familiarize themselves with asset managers’ proxy voting guidelines to get a sense of evolving public market shareholder expectations on major governance issues. 

Human capital management (HCM) and diversity, equity, and inclusion (DEI): We expect HCM and DEI to remain necessary focus areas for companies in 2024. Although the US job market softened in 2023, the economy continued to add jobs, with the US Chamber of Commerce showing three million more openings than unemployed workers as of October 2023.² Against this backdrop, investors maintain their efforts to bolster HCM-related disclosure requirements. 

The recommendations set forth by the US Securities and Exchange Commission (SEC) in September 2023 call for increased standardization of HCM disclosure and include specific language on diversity data, another signal that recent pushback on corporate DEI programs has slowed progress but not changed the trajectory for these efforts. In private markets specifically, over 60% of private equity firms surveyed in 2023 said their investors requested disclosure of portfolio company diversity data.³ And in October 2023, California passed legislation mandating that all venture capital funds operating in the state report on the demographic characteristics of their founders, including race, sexual orientation, and disability status.

Private companies should expect increasing requests for disclosure on HCM and DEI practices from investors, particularly as they approach public markets. We recommend companies proactively prepare to meet these requests by beginning to track key metrics. 

Climate-change mitigation and adaption: We expect that climate change will again be a dominant ESG theme in 2024 as global climate-related regulation accelerates, disclosures such as the CDP and the Task Force on Climate-related Financial Disclosures (TCFD) become more standardized (and in some regions, mandatory), and investor focus on how climate change affects financial outcomes intensifies. While many companies still overlook and/or underreport material climate-related risks and opportunities, we expect the scope and quality of emissions reporting and other climate-related disclosures to become more accurate and specific in the coming years. 

In March 2022, the SEC proposed regulations that require public companies to report on — and seek assurance for — material greenhouse gas emissions and net-zero targets or transition plans. These rules will continue to shape the landscape for public and private companies alike. California’s 2023 Senate Bills (SB) 253 and SB 261, known as the Climate Corporate Data Accountability Act and the Climate-Related Financial Risk bill, respectively, are set to take effect in 2026. The bills will require large public and private companies that do business in California to disclose their carbon footprint and/or climate-related financial risks in accordance with the TCFD framework, depending on their total annual revenues. 

Cybersecurity and data privacy: Though previously considered a technology issue, cybersecurity has become an increasingly material ESG concern for companies, investors, regulators, and consumers alike. Cyberattacks raise the risk of exposing confidential company information or sensitive customer data, halting operations that can consequently disrupt supply chains, increasing regulatory scrutiny, and/or causing reputational harm. And they are costly: The average cost of a data breach in 2023 reached US$4.45 million per incident, a 15% increase over the past three years.⁴

Public companies are often better prepared, having faced consistent scrutiny on cyber risks due to established oversight practices and engagement with public investors. In contrast, earlier-stage private companies may face less scrutiny and be more focused on client and revenue growth, with fewer resources allotted to cybersecurity risk management. 

In July 2023, the SEC adopted new rules requiring companies to disclose material cybersecurity incidents, risk management, and strategy; management’s role in assessing and managing material risks from cybersecurity threats; and board oversight of cybersecurity risks. While the new rules apply to publicly listed companies, private companies should familiarize themselves with them and be prepared to answer customer and investor questions on business-specific risks, breach history, and governance. 

Data privacy and transparency on data management are also key areas of focus for global regulators, with an increased emphasis on consumer welfare and control. We encourage companies to adhere to these guidelines, use clear and simple language in their privacy policies, provide high-level disclosure on any AI decision-making processes, and facilitate consumer access to correction, retention, portability, and deletion of data.

Responsible approach to artificial intelligence (AI): Generative AI has the potential to disrupt industries and accelerate innovation. Most companies are already leveraging generative AI to an extent, and we expect usage to increase exponentially in the coming years. But leadership oversight and expertise are lacking: While 93% of private company directors believe that the increased adoption of AI tools will impact their businesses, only 23% indicate that AI is discussed regularly at board level, and less than 7% report that their management teams are very or extremely proficient with AI.⁵ We think companies should consider:

• Governance and oversight of AI usage and related risks, including intellectual property rights and other legal concerns 
• Compliance with evolving regulatory environments
• Data privacy and cybersecurity risks
• Social concerns, including the generation of inaccuracies, falsehoods, and biases
• Negative impacts on the environment, human health, and labor/HCM 

Earlier-stage private companies can begin by identifying (or hiring) individuals with the necessary expertise to serve in an AI oversight and strategy capacity. Investors will expect later-stage companies to have more sophisticated governance in place, such as AI oversight committees, an AI ethics policy, and employee training protocols. All companies may need to develop testing and reporting processes to comply with applicable regulation. We believe companies that develop internal expertise and processes around AI can position themselves well to react and adapt to a changing environment. Our team plans to do more work on this topic in 2024, including tracking and sharing emerging best practices from public and private companies.

Bottom line on ESG for private companies in 2024

The ESG landscape in private markets is constantly evolving. What remains unchanged is our belief that material ESG issues can affect the long-term value of securities, and therefore it is the best interests of our portfolio companies and limited partners to identify and assess them. In our view, private companies that proactively address their material ESG issues can better equip themselves to navigate the market’s evolving expectations.

Additional resources
We offer many resources designed to help private company leadership teams learn about and prepare for the evolving ESG landscape. 

Wellington’s Governance Guide for Private Companies (available upon request) is an exclusive resource for our portfolio companies. It provides an overview of generally accepted corporate governance practices and Wellington investor perspectives across a company’s life cycle. 

The climate leadership video on this page details how we collaborate Woodwell Climate Research Center and the Massachusetts Institute of Technology Joint Program on the Science and Policy of Global Change to integrate climate science into investment management, where appropriate.

See also the selected articles featured on this page for deep dives on key ESG topics. 

¹ 2023 NACD Private Company Board Practices and Oversight Survey, National Association of Corporate Directors,  24 August 2023. | ² Stephanie Ferguson, Understanding America’s Labor Shortage, U.S. Chamber of Commerce, 20 November 2023. | ³ The State of Diversity in Global Private Markets: 2023, McKinsey & Company, 22 August 2023. | ⁴ Cost of a Data Breach Report 2023, IBM. | ⁵ 2023 NACD Private Company Board Practices and Oversight Survey, National Association of Corporate Directors, 24 August 2023.