RepRisk | RepRisk methodology overview (2024)

RepRisk | RepRisk methodology overview (1)

I. Introduction

RepRisk is a global leader and pioneer in data science, specializing in premium ESG and business conduct risk research and quantitative solutions. Since 2006, RepRisk has been leveraging the combination of AI and machine learning with human intelligence to translate big data into actionable research, analytics, and risk metrics. With daily-updated data synthesized in 23 languages using a rules-based methodology, RepRisk systematically flags and monitors material ESG risks and violations of international standards that can have reputational, compliance, and financial impacts on a company. Our flagship product, the RepRisk ESG Risk Platform, is the world’s largest database of its kind, covering 210,000+ public and private companies and 55,000+ infrastructure projects of all sizes, in every sector and market. Leading organizations around the world rely on RepRisk as their key due diligence solution to prevent and mitigate ESG and business conduct risks related to their operations, business relationships, andinvestments.

II. Research approach and scope

# a. What types of sources and stakeholders does RepRisk screen?

RepRisk screens, on a daily basis, over 100,000 public sources and stakeholders in 23 languages.

These include print media, online media, social media including Twitter and blogs, government bodies, regulators, think tanks, newsletters, and other online sources. These sources range from the international to the regional, national, and local level.

This list of sources is reviewed regularly and extended according to daily searches, RepRisk’s own research, and through client feedback.

Figure 1: Scope of sources

Born out of credit risk management, the purpose of RepRisk’s dataset is not to provide ESG ratings, but to systematically identify and assess material ESG risks. RepRisk has always taken an outside-in approach to ESG risks, by analyzing information from public sources and stakeholders, and intentionally excluding company self-disclosures. It is now well-accepted that self-reported information is not reliable data – especially when it comes to risks.

Over a decade of experience has shown that RepRisk’s unique perspective serves as a reality check for how companies conduct their business around the world – do they walk their talk when it comes to human rights, labor standards, corruption, and environmental issues? This perspective, together with a transparent, rules-based methodology and daily updates, ensures that our clients have consistent, timely, and actionable data at their fingertips.

Important: While RepRisk does not verify or validate reported allegations, our analyst team conducts quality checks and regularly reviews our list and classification of sources (see point IIIa). RepRisk focuses on identifying and assessing the risk incidents in a systematic and rules-based way, providing relevant information and transparency.

# b. What languages does RepRisk cover?

RepRisk searches for ESG risk incidents in 23 languages – English, Arabic, Chinese, Danish, Dutch, Filipino, Finnish, French, German, Hindi, Indonesian (Bahasa Indonesia), Italian, Japanese, Korean, Malaysian (Bahasa Malaysia), Norwegian, Polish, Portuguese, Russian, Spanish, Swedish, Thai, and Turkish.

# c. What is RepRisk’s research scope?

RepRisk’s core research scope is comprised of 28 ESG Issues that are broad, comprehensive, and mutually-exclusive (see Figure 2 below).

The 28 Issues drive the entire research process, as every risk incident in RepRisk’s dataset is linked to at least one of these Issues. When RepRisk screens the sources and stakeholders, it screens for any company or project linked to these Issues.

The Issues were selected and defined in accordance with the key international standards related to ESG issues and business conduct, such as the World Bank Group Environmental, Health, and Safety Guidelines, the IFC Performance Standards, the Equator Principles, the OECD Guidelines for Multinational Enterprises, the ILO Conventions, and more.

Furthermore, RepRisk covers 73 Topic Tags, ESG “hot topics” and themes (see Figure 3 below) that are an extension of RepRisk’s core research scope of 28 ESG Issues. Topic Tags are specific and thematic, and one Topic Tag can be linked to multiple ESG Issues. They are a dynamic concept, with the list expanding over time in response to client feedback and emerging trends.

In total, RepRisk covers 101 ESG risk factors allowing comprehensive and granular research.

# d. Which international ESG frameworks are mapped toRepRisk’sdata?

RepRisk maps its data to international ESG and regulatory frameworks:

The 17 Sustainable Development Goals (SDGs) are mapped to RepRisk’s 101 ESG risk factors.
The Australian Modern Slavery Act is mapped to the 101 ESG risk factors.
The California Transparency in Supply Chain Act is mapped to the 101 ESG risk factors.
The SASB Materiality Map is mapped to RepRisk’s 101 ESG risk factors.
The Sustainable Finance Disclosure Regulation (SFDR) is mapped to the 101 ESG risk factors.
The ten principles of the UN Global Compactaremapped to RepRisk’s 28 Issues.
The UK Modern Slavery Act is mapped to the 101 ESG risk factors.

The goal of integrating these frameworks intoRepRisk’sproducts is to allow clients to assess a company’s or infrastructure project’s ESG risk exposure through the lens of a universally used framework. Clients can easily identify material ESG risks in line with any of these standards, as well as identifying companies and infrastructure projects that may harm progress on a framework such as the SDGs or violate a framework such as the UN Global Compact.

Figure 2: RepRisk's Research Scope - 28 ESG Issues

Figure 3: RepRisk's Research Scope - 73 ESG Topic Tags

# e. What is the universe of companies that RepRiskanalyzes?

RepRisk’s methodology is issues- and event-driven, rather than company-driven – i.e., RepRisk screens sources and stakeholders (see question IIa above) for ESG risk incidents, in accordance with the RepRisk research scope (see question IIc above), not a defined list ofcompanies.

This means that RepRisk offers universal coverage – i.e., RepRisk captures any company exposed to ESG risks, regardless of the company’s size, sector, country of headquarters or operations, or whether the company is listed or non-listed.

The RepRisk Dataset grows daily as new relevant information is captured and analyzed. 30-50 new companies are added each day.

# f. How many companies in the RepRisk Dataset are currently associated with risk incidents?

As of July 2022, the RepRisk Dataset includes more than 210,000 companies that are associated with risk incidents. Of these 210,000 companies, approx. 5% are listed companies and approx. 95% are non-listed companies.

The companies in RepRisk's dataset stem from all sectors and countries. The geographical distribution is as follows: approx. 24% of the companies are headquartered in North America, 33% in Asia, 26% in Europe, 9% in Latin America and the Caribbean, 5% in Africa, and 3%inOceania.

# g. How often is the data updated?

Daily – i.e., every day, RepRisk screens, identifies, and analyzes risk incidents, adds curated research and analytics to its dataset, and updates its proprietary risk metrics whenever new risk information is published.

# h. How far back does RepRisk’s data history go?

RepRisk’s data history spans back to January 2007, representing a consistent time series with 15+ years of data.

III. Methodology: The research process

# a. What are the various steps of the researchprocess?

RepRisk follows a strict, rules-based research process that helps ensure consistent data over time. AI and machine learning combined with human intelligence help translate big data into curated research and metrics.

# Screening and identification

The goal of the screening process is to identify any company or project associated with an ESG risk incident, per RepRisk’s research scope (see question IIc above).
RepRisk screens, on a daily basis, over 100,000 public sources and stakeholders in 23 languages (see question IIa above).
Every day, more than 500,000 documents are aggregated through advanced text and metadata extraction from unstructured content and undergo multilingual de-duplication and clustering processes, reducing incoming documents to approximately 150,000 daily. These documents are analyzed for relevancy and sentiment scoring, as well as entity detection and issue classification, based on proprietary machine learning models to further support the automatic identification of relevant risk incidents.
Based on the machine learning model predictions, each risk incident is automatically tagged to all the entities identified, for example the related companies, projects, sectors, countries, ESG Issues, etc. The automated tagging serves to pre-select the relationships between various entities and issues in the RepRisk Dataset before being distributed for analysis and curation.
When a particular risk incident appears in multiple sources, the incident is taken only once, from the most influential source, as this reflects the overall risk exposure. Whenever possible a sample source in English is selected for display. The incident is only added again if the risk profile of the incident changes (see below for details).

# Analysis and curation

The results of the screening process are delivered to the RepRisk analyst team, who is responsible for reviewing and approving the automated tagging, relevancy scoring, and news analytics according to RepRisk’s proprietary rules-based system. The analyst team further curates the identified risk incidents including a risksummary.

Each risk incident is analyzed according to the following three parameters:

Severity (harshness) of the risk incident or criticism. The severity is determined as a function of three dimensions: firstly, what are the consequences of the risk incident (e.g., with respect to health and safety: no further consequences, injury, death); secondly, what is the extent of the impact (e.g., one person, a group of people, a large number of people); and thirdly, was the risk incident caused by an accident, by negligence, or intent, or even in a systematic way. There are three levels of severity: low severity, medium severity, and high severity.
Reach of the information source (influence based on readership/circulation as well as by its importance in a specific country), according to RepRisk’s own rating. All sources are pre-classified by reach: limited reach, medium reach, and high reach. Limited reach sources would include local media, smaller NGOs, local governmental bodies, and social media. Medium reach sources include most national and regional media, international NGOs, and state, national, and international governmental bodies. High reach sources are the few truly global mediaoutlets.
Novelty (newness) of the issues addressed for the company and/or project, i.e., whether it is the first time a company/project is exposed to a specific ESG Issue in a certain location.

For each risk incident, a RepRisk Analyst writes an original Risk Incident Brief in English that summarizes the risk incident. For simple risk incidents where a title captures the relevant issues, an additional body of text may not be required.
A risk incident is only reflected once in the RepRisk Dataset, unless the risk profile of the incident changes. This can occur in one of the three following scenarios, which increases the reputational risk of the incident for thecompany:

Story development: a new development appears related to the same issue.
Source escalation: the issue appears again in a more influential source.
Six-week rule: the issue appears again for the same company in the same country after a six-week period, which is a potential signal that the issues are unresolved.

# Quality assurance

Before a risk incident is published in RepRisk's dataset, it undergoes a quality assurance check and approval by a seniorRepRisk Analyst to ensure that the overall analysis process is in line with RepRisk's strict, rules-based methodology.
The goal of the quality assurance process is to ensure that the complete analysis process has been completed in line with RepRisk’s strict, rules-based methodology.

# Quantification

The final step in the process, the quantification of the risk, is done through data science. There are proprietary standard and customized risk metrics. The RepRisk Index (RRI) dynamically captures and quantifies reputational risk exposure related to ESG Issues. The RepRisk Rating (RRR), a letter rating (AAA to D), facilitates benchmarking and integration of ESG and business conduct risks. The United Nations Global Compact (UNGC) Violator Flag identifies companies that have a high risk or potential risk of violating one or more of the ten UNGC Principles.

IV. The RepRisk Index (RRI): Ouralgorithmforreputationalriskexposure

# a. What is the RepRisk Index (RRI)?

The RepRisk Index (RRI) is a proprietary algorithm developed by RepRisk that dynamically captures and quantifies a company’s or project’s reputational risk exposure to ESG issues.

The RRI facilitates an initial assessment of the ESG risks associated with investments or business relationships, allows the comparison of a company’s exposure with that of its peers, and helps track risk trends over time.

The RRI is purely performance-based i.e.,:

The RRI of company A depends only on A’sriskincidents.
The RRI reflects a company’s actual risk management performance as opposed to its communicated goals and policies.

# b. How is the RRI calibrated?

The RRI ranges from zero (lowest) to 100 (highest). The higher the value, the higher theriskexposure:

0-25 generally denotes low risk exposure
See Also
Easiest AP Classes: What Are They And Should You Take Them?
26-49 denotes medium risk exposure
- Note: It is expected that most large multinationals have an RRI between 26-49, due to their global footprint and salience vis-à-vis media and stakeholders.
50-59 denotes high risk exposure
60-74 denotes very high risk exposure
75-100 denotes extremely high risk exposure
- Note: The RRI is calibrated in such a way that only the handful of companies that are extremely exposed ever reach this threshold, helping clients to easily identify thesecompanies.

# c. What do the three RRI values mean?

Current RRI: reflects the current level of media and stakeholder attention ESG issues are being given in connection to a certain company.
Peak RRI: is equal to the highest level of the RRI over the last two years – a proxy for the overall reputational risk exposure related to ESG issues of a company.
RRI Change or Trend: shows the increase or decrease of the RRI within the past 30 days.

# d. How is the RRI calculated?

The RRI calculation is based on the reach of information sources, the frequency, and timing of ESG risk incidents, as well as the risk incident content, i.e., severity (harshness) and novelty (newness) of the issues addressed. The RRI does not depend on the sequence of ESGriskincidents.
The RRI emphasizes companies and/or projects that are newly exposed or have had less exposure in the past, i.e., companies and/or projects with a lot of past exposure are less sensitive to new risk incidents.
The methodology does not change depending on whether an issue is an environmental (E), social (S) or governance (G) issue.
There is no weighting of the ESG Issues e.g., by sector or country.
The RRI does not have any E, S, or G components. What is available, however, is a breakdown of each RRI by the number of associations a company has with the aggregate E, S, or G issues. The ESG breakdown should not be used for company-to-company comparisons, but rather to see how a company’s E, S, or G exposure has developed over time.

# e. How does the RRI develop over time?

For any given day, there are two events that canhappen:

There is a new risk incident for a company or project, in which case the RRI is recalculated. The magnitude of the increase depends on the severity, reach, and novelty of the incident.
There is no new risk exposure, in which case the RRI decays.

The RRI decays over time as follows:

For the first 14 days after a significant risk incident, the Current RRI remains constant.
If no new exposure is captured thereafter, the Current RRI decays to zero over a maximum period of two years:
- If the Current RRI is in the range of 25-100 and no significant exposure is captured, it decays at a rate of 25 every two months until it reaches 25.
- If the Current RRI is at or below 25 and no significant exposure is captured, it decays at a rate of 25 every 18 months until it reacheszero.

Discover the Jupyter Notebook on the RRI, Country RRI, and Country-Sector RRI.

V. The RepRisk Rating (RRR): Our rating or riskbenchmarking

# a. What is the RepRisk Rating?

The RepRisk Rating (RRR) is a letter rating (AAA to D) that facilitates corporate benchmarking against the peer group and sector of a company, as well as integration of ESG and business conduct risks into business processes. The Rating provides decision support in risk management, compliance, investment management, and supplier risk assessment.

In contrast to the RepRisk Index (RRI), the RRR depends not only on a company’s own performance (i.e., on its own ESG risk incidents) but also on its country and sectoraffiliations.

# b. How is the RRR calculated?

The methodology combines two factors:

The Company-specific ESG risk
- Provided by the Peak RepRisk Index (RRI) (please see question IVc above)
The Country-sector ESG risk
- Provided by the Country-Sector Average of the company, calculated by:
- The Headquarters ESG Risk Exposure (weighted 50%): Captures the risk exposure of a company's business activity in its headquarters country and primary sector(s)
- The International ESG Risk Exposure (weighted 50%): Captures the risk exposure of a company's business activities in the countries and sectors (worldwide) where it was associated with ESG risk incidents.

# c. How is the RRR calibrated and what doesitindicate?

The RepRisk Rating ranges from AAA to D:

AAA, AA, A denotes low ESG risk exposure
BBB, BB, B denotes medium ESGriskexposure
CCC, CC, C denotes high ESG risk exposure
D denotes very high ESG risk exposure

Discover the Jupyter Notebook on the RRR.

VI. The UNGC Violator Flag

# a. What is the UNGC Violator Flag?

The UNGC Violator Flag allows for an easy identification of companies that have a high risk or potential risk of violating one or more of the ten UNGC Principles. With the Flag, it is also possible to see if the UNGC violations are primarily linked to the operations (O) or to the supply chain (S) of a company.

# b. How is the UNGC Violator Flag calibrated and what does it indicate?

For each company and each Principle, the UNGC Violator Flag will have one of the three values:

“Violator” (red): high risk of violating the UNGCPrinciples
“Potential” (yellow): potential risk of violating the UNGCPrinciples
“Blank” (gray): no strong evidence of violating the UNGCPrinciples

Companies classified as “UNGC Violators” are those that have had a significant and credible exposure to ESG risk incidents associated with one or more of the ten UNGC Principles.

# c. What is the RepRisk UNGC Violator Index (UNGC VI)?

The underlying risk metric of the RepRisk UNGC Violator Flag is the RepRisk UNGC Violator Index (UNGC VI), which is based on the ESG risk incidents related to a company over the previous two years. Very severe risk incidents are given a higher importance than severe and less severe risk incidents. Further, the UNGC VI underweights risk incidents reported in less influential sources.

The threshold for being classified as a “UNGC Violator” is higher for highly scrutinized companies, i.e., particularly multinationals that are more exposed due to their size, global footprint, and saliency towards media and stakeholders. This approach helps to balance the information available on smaller companies that may inherently be more vulnerable to risks.

Discover the Jupyter Notebook on the UNGC Violator Flag and UNGC VI.

Copyright 2021 RepRisk AG. All rights reserved. RepRisk AG owns all intellectual property rights to this methodology and to the content of this website. This information herein is given in summary form and does not purport to be complete. Any reference to or distribution of this methodology must include the entire methodology to provide sufficient context. The information provided on this website does not constitute an offer or quote for our services or a recommendation regarding any investment or other business decision. Should you wish to obtain a quote for our services, please contact us.

RepRisk | RepRisk methodology overview (2024)

FAQs

What is the description of RepRisk? ›

RepRisk runs the world's largest, daily updated database on ESG risks with 15+ years of unbroken data history. We combine AI and advanced machine learning with human intelligence to identify material ESG risks on companies, real assets, and countries.

Tell Me More ›

What is RepRisk mission statement? ›

Our mission

To provide transparency on business conduct risks to help drive accountability and responsible behavior of companies, thus creating positive change.

What is RepRisk in ESG ratings? ›

What is the RepRisk Rating? The RepRisk Rating (RRR) is a letter rating (AAA to D) that facilitates corporate benchmarking against the peer group and sector of a company, as well as integration of ESG and business conduct risks into business processes.

Tell Me More ›

What is RepRisk RRI score? ›

RepRisk Index (RRI)

The RRI is a quantitative measure ranging from 1 (lowest) to 100 (highest). Companies that have been exposed to higher levels of criticism in the past are less sensitive to new adverse events and allegations in comparison to a company that experiences a first-time incident.

Explore More ›

Who uses RepRisk? ›

RepRisk is used by the Investment Engagement team of the UN-supported Principles for Responsible Investment (PRI) to help assess ESG risks in the investment value chain and to promote engagement with companies and stakeholders.

Know More ›

How does ESG reporting work? ›

What Is ESG Reporting? An ESG report deals with the disclosure of data about your company's environmental, social, and corporate governance initiatives. The report is meant to provide a snapshot of how sustainable and responsible the company is.

Find Out More ›

What is the purpose of an ESG rating agency? ›

The purpose of ESG ratings is to provide information to market participants about the quality of a company's ESG program and potential risks that might arise due to societal or environmental exposure.

Learn More Now ›

What is an ESG mission statement? ›

An ESG Vision Statement is the first step to committing a business to sustainable practices and ensuring it continues working towards those long-term ambitions as it grows. ESG (environmental, social and governance) spans a diverse range of issues, from climate change to workplace conditions and corruption.

What is the mission of ESG company? ›

In helping to deliver this new energy transition, our mission is to provide innovative technology that empowers energy leaders to deliver on the future promise of energy. The path towards energy security, sustainability, affordability and shared benefit from new technology will take decades for humankind to deliver.

Read The Full Story ›

What is the difference between ESG rating and ESG reporting? ›

ESG reporting is consumed by a wide variety of stakeholders, including customers, employees, investors, rating providers, researchers, and regulators. On the other hand, ESG ratings are used almost exclusively by investors.

Show Me More ›

What is the best ESG score? ›

Some ESG ratings (or ESG scores) methodologies give a range from 0-100, with 70 and above considered a “good” ESG rating and 50 and below considered a “bad” rating. But others use a letter-based scoring mechanism—C (or CCC) being the worst and AAA being the best.

Get More Info ›

What is the best ESG risk rating? ›

ESG ratings range from CCC to AAA. The leaders have AA and AAA scores. As shown in the table below, the ratings are also grouped into three segments: laggard, average, and leader. Data source: MSCI.

Discover More Details ›

What is a bad ESG score? ›

Investors can compare a company's performance to that of industry peers and companies from other sectors by assigning an ESG score, which can range from 0-100. A score of less than 50 is regarded as poor, while a score of more than 70 is considered excellent.

Is a high ESG disclosure score good? ›

Company's ESG score: A company's ESG score is a reflection of its commitment to environmental protection and social responsibility. The higher the score, the better a company is performing in these areas according to ratings agencies such as MSCI or S&P Global Ratings.

Find Out More ›

What does a high risk ESG score mean? ›

ESG scores in a nutshell

A strong ESG rating indicates that a company manages its ESG risks well in comparison to its peers, whereas a poor ESG rating indicates that the company has comparatively higher unmanaged ESG risk exposure.

Who is the largest ESG provider? ›

Major ESG rating providers. The biggest ESG rating providers are considered to be MSCI and Sustainalytics, mainly due to their wide coverage. Bloomberg, and Refinitiv (formerly Thomson Reuters) as well as credit ratings agencies like Moody's, S&P and Fitch also provide ESG ratings.

View Details ›

Is RepRisk a good company? ›

Is RepRisk AG a good company to work for? RepRisk AG has an overall rating of 4.4 out of 5, based on over 31 reviews left anonymously by employees. 75% of employees would recommend working at RepRisk AG to a friend and 88% have a positive outlook for the business.

Who is the leader in ESG reporting? ›

Bloomberg has been named a leader in the ESG space with the highest current offering score, according to Forrester Research's new report, “The Forrester New Wave™: ESG Ratings, Data, And Analytics, Q3 2022”.

What is ESG reporting summary? ›

ESG reporting is the disclosure of data covering business operations related to the environmental, social, and governance aspects of a business. By disclosing this information in a report, a company's progress related to these three fields can be examined against benchmarks and targets.

Show Me More ›

What is difference between ESG and sustainability? ›

Sustainability: Three Differences. The main difference between sustainability and ESG is that ESG may be explicitly measured with defined environmental, social, sustainability, and governance metrics. ESG also has precise parameters that outline its reach, guidelines and disclosure of data.

Tell Me More ›

Who determines an ESG score? ›

ESG scores are generated by rating platforms where analysts evaluate corporate disclosures, conduct management interviews, and review publicly available information about an organization to provide an objective rating of the organization's performance.

Read On ›

Why is ESG reporting mandatory? ›

The Move Toward Global ESG Reporting Standards

This comes as a result of inconsistencies from participating entities and a bid for transparency and accountability. One such step came in November 2021, when the IFRS Foundation announced the establishment of the International Sustainability Standards Board (ISSB).

What is the main difference between CSR and ESG? ›

It's easy to conflate these two terms because, in truth, they're different angles of measuring the same thing – a company's impact on society. The main difference between CSR and ESG is that CSR is an internal initiative to fulfill a corporate purpose, while ESG reflects a company's external impact.

Is Apple an ESG company? ›

Apple Stock Ranks Fifth On ESG List. For investors who care about a company's ESG initiatives, Apple stock is a standout. In addition to environmental causes, Apple is working with community groups to improve technology education and job opportunities, especially for minorities.

Get More Info Here ›

What is the brief description of ESG? ›

ESG stands for Environmental, Social, and Governance. Investors are increasingly applying these non-financial factors as part of their analysis process to identify material risks and growth opportunities.

Know More ›

What is the description of ESG? ›

Environmental, social and governance (ESG) refers to a collection of corporate performance evaluation criteria that assess the robustness of a company's governance mechanisms and its ability to effectively manage its environmental and social impacts.

View Details ›

What is ESG rating description? ›

What is an ESG Score? An ESG score is an objective measurement or evaluation of a given company, fund, or security's performance with respect to Environmental, Social, and Governance (ESG) issues.

Read The Full Story ›

What is ESG risk description? ›

ESG risks are social, environmental, and governance variables that affect a company's financial position or operating performance. In 2020, the Bank of America research team estimated $600+ billion in market cap for S&P 500 companies had been lost to ESG controversies in the previous seven years.