Issuer Gateway Knowledge Hub


Enhancements to ESG Risk Ratings 

Planned for 2024

Updated April 2024




What You Need to Know

Morningstar Sustainalytics is working on updating the ESG Risk Ratings model and will introduce these enhancements in May 2024. The enhancements are intended to make these ratings more impactful by providing a more granular assessment of ESG risks and performance.

We will post on the Knowledge Hub additional details about these enhancements to help issuers understand the nature and scope of these changes. 

In the meantime, here is a summary of what the enhancements will include:

  • Aligning the Corporate Governance methodology with the ESG Risk Ratings methodology. 
  • Replacing our current Corporate Governance Material ESG Issues (MEIs) with two standalone MEIs: Corporate Governance and Stakeholder Governance. We will align the scoring methodology with other MEIs. 
  • Creating a new Water MEI to enhance the assessment of water-related risk.
  • Updating the Raw Material Use MEI, which will include previously available indicators and new indicators.
  • Updating the Data Privacy and Security MEI by expanding on Cybersecurity.
  • Merging the Business Ethics and the Bribery and Corruption MEIs to enhance consistency and comparability among subindustries.
  • Updating various management indicators to capture the latest standards in reporting and policies and to help us further refine our assessments. 


Corporate Governance: Alignment with ESG Risk Ratings

Currently, Morningstar Sustainalytics uses a separate, standalone Corporate Governance product methodology to assess how issuers manage corporate governance risk. The Corporate Governance rating currently consists of six separately scored management pillars. We score management indicators within each of these pillars on a scale of zero to 100. However, we recognize that this adds additional complexity to our overarching Risk Ratings methodology. With this in mind, we will be aligning our Corporate Governance methodology to that of our Material ESG Issues. This alignment has three major components:

1. Exposure

  • The new Corporate Governance MEI will have a subindustry-based variation in exposure scores, and betas that allow for variation according to company. Currently, all companies receive the same Exposure score of 9.0.

2. Pillars

  • The methodology will no longer consist of six pillars.
  • The Stakeholder Governance pillar will become its own MEI, separated from the Corporate Governance MEI
  • The management indicators of the remaining 5 corporate governance pillars will be represented in the Management Indicators for the new Corporate Governance MEI. See Figure 1. 

3. Management Indicator Scoring

  • All management indicator scoring will be on a 0-100 scale, identical to the scoring used for all other management indicators in the Risk Rating model.

Figure 1. New Corporate and Stakeholder Governance MEIs Incorporate Details from Current CG Framework

Source: Morningstar Sustainalytics, August 2023


Material ESG Issues: Summary of Improvements

See MEI descriptions here

Material ESG Issue New or Existing Nature of Change
Water Use – Own Operations
Water Use – Supply Chain
New Carving out and enhancing assessments of water-related risk.
Raw Material Use New Coverage of remaining critical resources.
Data Privacy and Security Existing Expansion of cybersecurity coverage.
Business Ethics and Bribery & Corruption Existing Merger of MEIs to enhance consistency and comparability across all subindustries.


Water Use and Raw Material Use

Water-related risks are a crucial consideration in an ESG risk rating due to their significant impact on environmental sustainability, social welfare, and long-term business viability. Factors such as water stress, pollution, inadequate water infrastructure and unsustainable water management practices pose substantial challenges to companies, communities, and ecosystems worldwide. The climate crisis further exacerbates these challenges. To manage water risks, companies need to work with other stakeholders (communities, regulators) in the same watershed to build water resilience for their businesses, people, and nature.

Morningstar Sustainalytics is expanding the thematic scope of water in the ESG Risk Ratings in alignment with materiality frameworks and disclosure standards. We will consider comprehensive physical, regulatory and reputational water-related risks within the ESG Risk Ratings framework. This will enable investors to better assess a company’s commitment to sustainable water management practices and its ability to navigate the growing challenges related to water in its own operations and/ or supply chain.

Furthermore, the increasing number of applications of other mineral resources in the low-carbon transition are expected to drive exponential growth in demand for additional critical resources such as cobalt, nickel and rare earth elements. Clean energy technologies heavily rely on critical resources in electrification, energy storage technologies, and low-carbon power generation. As such, a possible resource constraint poses a significant risk to the energy transition if mineral supplies cannot keep pace with what is required to meet the Paris Agreement-aligned climate targets. 

Through the new Raw Material Use MEI, we are enhancing our assessment of how efficiently and effectively a company uses its raw material inputs (excluding water, energy and petroleum-based products which are captured separately) in the production process and how well it manages related risks. Through circularity, eco-design, and substitutes for scarce materials, a company can reduce its negative impact on the environment, mitigate supply shortages, and enhance its resource security.

Data Privacy and Cybersecurity

Data privacy and cybersecurity-related risks are vital considerations in an ESG Risk Rating due to the escalating threats posed by digitization and increasing operational dependence on the collection, use, or disclosure of personal information. As technology advances, businesses gather and store vast amounts of sensitive information, making them vulnerable to cyberattacks, data breaches, and privacy infringements. Beyond traditional IT systems, cyberattacks can target industrial systems, which monitor and control critical infrastructure assets, with potentially severe impacts for companies, as well as the economy and society at large.

We are strengthening the way we capture cybersecurity and privacy risks within the ESG Risk Ratings in MEI.6 – Data Privacy and Cybersecurity, in alignment with international standards and rapidly evolving regulation. By evaluating a company’s privacy practices and cybersecurity safeguards – relating to both its operations and the technology products it produces, if applicable – the ESG Risk Rating provides insight into the company’s ability to protect the privacy of personal information, prevent and effectively respond to cyberattacks, and maintain data integrity. Companies that prioritize robust cybersecurity measures and demonstrate proactive data privacy practices not only mitigate potential reputational and financial risks, but also uphold the rights and trust of their stakeholders.

Introducing New Management Indicators and Revisiting Existing

Management indicators are designed to assess how well a company manages its ESG risks.  These indicators fall into three broad categories: 1. policy commitments; 2. programs to implement those commitments, and 3. performance data showing how well programs perform.

Evolving regulation, international standards, and wider adoption of ESG disclosures by companies result in increased access to more reliable ESG data. This has prompted Morningstar Sustainalytics to introduce new management indicators and revisit some of the existing ones, enhancing benchmarks and assessment criteria:

Scope 3 Emissions included in the assessment of the Carbon – Products and Services MEI. 

  • This will provide a more comprehensive and accurate assessment of a company’s environmental impact throughout its entire value chain.

Intensity Indicators 

  • Changing the benchmark from ‘industry median’ to ‘subindustry or industry median’. The industry median is still used when we do not have sufficient data at the subindustry level.
  • These changes will affect the following management indicators: Carbon Intensity, Water Intensity, Freshwater Intensity for Generators, NOx Intensity, SOx Intensity.

Trend Indicators 

  • Enhance trend indicators by comparing a company trend to subindustry or industry median trend.
  • This will affect the Carbon Intensity Trend, and Water Intensity Trend management indicators.
  • Compare company trend to subindustry or industry median trend thus adding another layer of insight – Carbon Intensity Trend, Water Intensity Trend, new indicator Oil and Hazardous Material Spill (replacing Oil Spill Disclosure & Performance). 
  • Introduce Transparency on Lobbying and Political Expenses management indicator, phasing out the Lobbying and Political Expenses indicator. This provides more meaningful differentiation between companies and aligns with international standards.



We will begin to implement the enhancements to the ESG Risk Ratings in May 2024. Implementation of the changes are guided by the following factors: regulatory guidance; score fluctuations; and methodological considerations. 

With that in mind, the changes will be implemented as follows:


New Corporate Governance and Stakeholder Governance MEIs


To be introduced to all issuers on a set day by May 2024. As these changes are methodological in nature, we believe the new Corporate Governance and Stakeholder Governance MEIs must be applied to all companies at once to keep methodological consistency within the ESG Risk Ratings universe of companies.

Newly created and/or enhanced MEIs, which reflect emerging risks we see in our universe of companies.


These enhancements will follow the existing methodological structure as we know it within the ESG Risk Ratings today and will follow the typical roll-out process during the company’s update cycle.

We will implement the newly introduced and/or enhanced MEIs during each company’s annual update.