Models to Scale ESG Metrics and Data


By Todd Cort

ESG data is scaling through new disclosure regulations. This model is inherently limited because, in the interests of comparability, the focus is on historic performance information and generic attributes of good management. These frequently miss the nature of the ESG risk. The second model, enabled by emerging technologies, will involve the mapping of risk exposure to modes of internalisation and to bespoke risk mitigation mechanisms.

Environmental, social and governance (ESG) data is entering its adolescence. The early days of ESG were characterised by a modicum of faith amongst investors that ESG performance data correlated with financial returns. We knew from empirical studies and meta-analytic summaries of the literature that considering ESG data in investment decisions was more likely than not to correlate with higher returns compared to benchmark1. Investors piled in and the assets under management that considered ESG information grew2, creating in some circumstances a self-fulfilling feedback loop of higher returns.

However, adolescence is characterised by a search for personal meaning and ever-growing responsibility and these challenges are indicative of where ESG data will need to evolve if sustainable finance is to reach its full potential. The challenge with our current approach to ESG data is that we are attempting to surmise financial risk based on proxy information. Our current set of data is indicative of financial risks and opportunities, but cannot be held accountable, because it does not directly measure that risk. Currently, the bulk of ESG fits into one of two categories: historic performance or structural indicators of management quality. Historic performance refers to metrics such as greenhouse gas (GHG) emissions or lost-time incident rates (LTIR). These backward-looking performance metrics are meant to be indicative of whether a company has been successful in mitigating risks compared to peers. For example, the company with low emissions compared to peers may be less exposed to a potential tax on carbon or regulated emissions cap. But these metrics are still only proxies for risk. GHG emissions does not tell us, for example, whether the company is nimble enough to shift emissions to less-regulated jurisdictions to avoid the risk of a carbon price. Nor does it tell us whether having lower emissions will shield the company from consumer backlash or litigation based on the perception of a high-emitting company.

The company with low emissions compared to peers may be less exposed to a potential tax on carbon or regulated emissions cap. But these metrics are still only proxies for risk.

Similarly, the descriptions of management structures are also proxies for the risk we are trying to understand. For example, we might ask for evidence that a company assesses ESG risks at the level of the board of directors under the presumption that aligning risk awareness with decision-making ability in the company will allow better action to mitigate these risks. However, the management structures that we seek (board-level decision making, stakeholder engagement, integrated enterprise risk management, standardised disclosure, performance data validation, certified management systems, etc.) are generic structures meant to address a wide range of risks. We know now that ESG risks manifest themselves to individual companies in a variety of highly specific ways. One company may experience rising costs from increasingly frequent and severe weather that disrupts supply chains. Another company may be taxed on carbon emissions. A third company might see their margins drop because of green products entering the marketplace. A fourth may experience massive liability because their operations contributed to wildfires in an increasingly dry and water-stressed area. The mechanisms by which ESG risks accrue to the company are highly bespoke, and yet our data to understand the mitigation of the internalisation pathways continues to be generic.

In one sense, the focus on historic performance data and standardised descriptions of good management practice makes sense. Both of these data types have the advantage of comparability. Consider the asset manager of a large portfolio of companies, such as a pension fund. In the case of a large portfolio, we do not buy and sell based on idiosyncratic risk. Rather, our strategy is to minimise covariance of risk. If one company or sector drops in value, the rest do not. To understand covariant risk, we need comparable data. It is no wonder, then, that the current suite of disclosure regulations for ESG focus on narrowing the scope of ESG factors to the most material and then mandate consistent disclosure to allow comparison of risk across the portfolio. But this approach cannot directly measure risk. The result is that ESG factors will remain peripheral to financial information, because the causal link can never be established. We need look no further than the examples of Pacific Gas & Electric (2019), Volkswagen (2015), and BP (2010) for validation that strong historic performance data and solid disclosure of generic management system controls does not effectively measure risk from ESG issues3.


While this approach (standardised, comparable ESG information that is a proxy to risk and peripheral to core financial data) is one model of scaling, it is not the only one. The second model to scale ESG data is to shift to a more idiosyncratic risk measurement approach. The reality is that most ESG risks are currently rising and less well understood than traditional financial risks4. In order to scale ESG into a practical set of financially material data, we must answer the question: how can investors identify companies that are able to identify and prevent acute missteps in the face of these rising challenges?

The answer to this question requires a three-part evaluation and associated data set:

  1. We must measure the exposure of the ESG risk to the company. For example, companies with higher GHG emissions have higher exposure to a potential regulated cost on carbon. Companies with specialised supply chains have higher exposure to climate impacts.
  2. We must measure the specific mechanisms by which the ESG risks internalise to the financial performance of the company. For example, a tax on carbon emissions will impact on the cost of goods sold. Discovery of human rights violations in the supply chain may impact on market penetration and revenue through consumer action.
  3. Finally, we must measure the mitigation of ESG risks by looking at the quality of management practices specific to those internalisation pathways. For example, reducing GHG emissions does little to mitigate the risk of operational or supply chain disruption from severe weather.

This information is highly bespoke. The exposure, internalisation, and mitigation of ESG risks are unique to every company. Therefore, the path to scaling ESG information in this case is not through comparability, but rather through consistent understanding and structuring of risk analysis. While not perfect, our understanding of the exposures and internalisation pathways is relatively well developed. Our understanding of mitigation approaches, while difficult given the bespoke nature of the risks to each company, can be defined in terms of traditional risk control techniques5.

In contrast to portfolio managers, the direct measurement of risk will be relevant to a wide variety of investor types. Fixed-income investors need ESG risk information that directly corresponds to debt default rates. Insurance companies need highly specific risk insights at asset levels against a variety of ESG issues from climate change and water scarcity to human rights and workers’ compensation. Corporations seeking to develop investment strategies need specific risk information at the local and regional levels to better inform the placement of fixed assets. Investors seeking to outperform the market need unpriced, bespoke risk information to aid buy / sell decisions. Scaling of ESG information into financial markets depends on meeting the needs of these types of investors as well.

In contrast to portfolio managers, the direct measurement of risk will be relevant to a wide variety of investor types. Fixed-income investors need ESG risk information that directly corresponds to debt default rates.

For ESG to grow out of its adolescence into a fully integrated set of financially material data will require both models of scaling. Standardised, comparable performance data and management system descriptions will be crucial for large-portfolio managers enabled by regulated disclosure rules. However, this model alone will not be sufficient. We will also need to develop highly specific risk assessment approaches to produce data that measures exposure, internalisation, and mitigation of ESG risks to individual companies. This will require the application of emerging technologies and increasingly complex raw data sets such as geospatial data, social media data, sentiment analysis data, and more.

The future of ESG, however, is not a question of “if” but “how”. It is clear that ESG data in financial decision-making will continue to grow. It is important that that growth not focus exclusively on scale through standardisation, lest ESG remain sidelined to traditional financial data.

About the Author

Todd CortTodd Cort is a senior lecturer at the Yale School of Management and Yale School of Environment. He is also Faculty Co-Director for the Yale Center for Business and the Environment (CBEY), the Yale Initiative on Sustainable Finance (YISF), and the Sustainability track of the Yale Executive MBA. Todd is an affiliated faculty member for the Yale Center for Climate Change and Health.


  1. See, for example, Whelan, T., Atz, U., Van Holt, T., & Clark, C. (2021). “ESG and financial performance”. Uncovering the Relationship by Aggregating Evidence from, 1, 2015-20, as well as Flammer, C. (2015). “Does corporate social responsibility lead to superior financial performance? A regression discontinuity approach”. Management science, 61(11), 2549-68.
  2. Current global ESG AUM was estimated at over $30 trillion in early 2024: Bloomberg Global Intelligence (2024) “Global ESG assets predicted to hit $40 trillion by 2030 despite challenging environment, forecasts Bloomberg Intelligence”, 8 February, accessed 5 March 2024,
  3. Cort, T. (2020). “ESG Risk Depends on Management Control Quality”, published in Esty, D.C., & Cort, T. (Eds.); Values at work: Sustainable investing and ESG reporting. New York, NY, USA: Palgrave Macmillan.
  4. Esty, D. & Cort, T. (2017). “Corporate Sustainability Metrics: What Investors Need and Don’t Get”, The Journal of Environmental Investing, volume 8, no. 1.
  5. Risk control tends to fall into one of five categories: transfer, tolerate, treat, terminate, or take the opportunity. The latest guidance on enterprise risk management from COSO can be found at:


Please enter your comment!
Please enter your name here