The Role of Capital Market Service Providers in Corporate Governance

Securities analysts research and evaluate stocks, bonds and other financial instruments to provide investment recommendations to individuals and institutions. Some of these analysts are employed by the research departments of full-service investment firms such as broker-dealers and investment banks and, in these cases, are commonly referred to as “sell-side analysts” (IOSCO, 2023[1]). Securities analysts play a crucial role in capital markets by helping investors make informed decisions and by improving price discovery and market efficiency.

Credit rating agencies (CRAs) typically give an opinion on the credit risk of issuers of securities and their financial obligations. CRAs can play a useful role in helping investors sift through information and analyse the credit risks they face when lending to a particular borrower or when purchasing an issuer’s debt (IOSCO, 2015[2]). CRAs evolved to meet the growing need for standardised and reliable information as bond markets expanded. Over time, their role became institutionalised, with regulators and investors alike relying on ratings to guide capital allocation and set risk-based capital requirements. Today, major CRAs are critical players in global credit markets, influencing the cost of borrowing and investor confidence.

Because of securities analysts’ and CRAs’ long history in capital markets, they are regulated by comprehensive oversight frameworks (Section 2.1.1 and Section 2.1.2). In contrast, newer service providers – such as ESG rating and data providers – have gained prominence recently, with methodologies, disclosures, and influence on markets still evolving, and their frameworks still taking shape.

Eighty-eight per cent of the 50 surveyed jurisdictions have established regulatory frameworks for securities analysts based on law, regulation or self-regulatory requirements, while 12% set no such requirements or recommendations. Eighty-six per cent of jurisdictions have set specific requirements for securities analysts to disclose actual or potential conflicts of interest.

In the EU, the main components of the regulatory framework for securities analysts are the Markets in Financial Instruments Directive II (“MiFID II”) and the Market Abuse Regulation (MAR). MiFID II is the EU’s main framework for regulating investment services and markets, while MAR addresses insider dealing and market manipulation (EU, 2014[3]; EU, 2014[4]).

In Brazil, securities analysts are regulated by the securities commission, the Comissão de Valores Mobiliários (CVM). CVM Resolution No. 20/2021 sets mandatory rules on analyst registration, independence and diligence, research preparation and dissemination, and conflict-of-interest policies (CVM, 2021[5]). Additional self-regulation is provided by the Code of Conduct of the national association of capital markets analysts and investment professionals (“APIMEC”), which complements CVM rules with standards of impartiality, confidentiality, transparency, and functional segregation.

In India, the Research Analyst Regulations 2014 govern individuals and entities providing research reports or recommendations on securities. Sell-side analysts must register with the Securities and Exchange Board of India (SEBI), meet qualification and certification requirements, and adhere to a code of conduct supporting independence, diligence and fair presentation of research (SEBI, 2014[6]). These securities market regulations mandate policies to manage conflicts of interest, prohibit dealing in securities contrary to recommendations (with cooling-off periods), and require clear disclosures of shareholding, financial interests, and compensation. Firms must maintain records of research reports and internal controls to separate research from sales/trading functions.

Japan’s regulatory framework is based on self-regulatory requirements. Members of the Securities Analysts Association of Japan (SAAJ) follow its Standards of Professional Conduct, a voluntary code guiding ethical and professional behaviour (SAAJ, 2024[7]). Analysts employed by financial institutions are also subject to the Financial Instruments and Exchange Act (FIEA), Cabinet Office Ordinances and Japan Securities Dealers Association (JSDA) self-regulatory rules. Under the FIEA, securities analysis reports used for solicitation may be subject to advertising regulations. The JSDA’s Rules on Handling of Analyst Reports require firms to maintain internal controls to ensure fair preparation and distribution of research, protect analyst independence, manage material information appropriately, and disclose conflicts of interest (JSDA, 2002[8]).

Eighty-two per cent of jurisdictions require by law or regulation that securities analysts disclose actual or potential conflicts of interest.

In the EU, MiFID and Delegated Regulation EU 2017-565 require firms to identify potential conflicts of interest and implement procedures to prevent or manage them (EU, 2014[3]). Firms must take all reasonable steps to identify and prevent or manage conflicts of interest arising from investment or ancillary services. The European Commission (EC) may define the measures firms should take to identify, prevent, manage, and disclose such conflicts, and set criteria for determining which types may harm clients. Where internal controls cannot fully prevent a conflict from affecting a client’s interests, firms must clearly disclose it before acting. This disclosure should explain the conflict’s nature or source, outline mitigation measures, and provide sufficient detail for the client to make an informed decision. Disclosure is a last resort, used only when other measures cannot reasonably protect the client’s interests.

In Brazil, securities analysts are required to disclose any actual or potential conflicts of interest clearly and accessibly. Disclosures must cover relationships with issuers, including economic and corporate links, involvement in strategic decisions, and financial incentives that could affect independence (CVM, 2021[5]). These obligations are reinforced by the APIMEC Code of Conduct and supported by CVM guidance aimed at improving transparency and reducing information asymmetry.

In India, research analysts must maintain written policies to identify and manage conflicts of interest and ensure their research is independent, objective and not used to manipulate the market. They must disclose in detail any financial interest or ownership in the subject company, compensation received from the issuer in the past 12 months, client relationships, roles as officer or director, market-making activities, and any other material conflict. Personal trading must be monitored, and analysts are prohibited from trading in securities they cover within 30 days before and 5 days after publishing a report, or in contradiction to their recommendations. Research entities must prevent undue influence from investment banking or brokerage divisions, ensure research reflects the analyst’s independent views, and distribute research fairly without selective disclosure (SEBI, 2014[6]).

In South Africa, securities analysts are required to disclose any financial interests, relationships, and arrangements that could affect the impartiality of their advice, in a timely, clear and written manner (South African Government, 2002[9]). The Johannesburg Stock Exchange (JSE) Listings Requirements and Market Conduct Rules further require disclosure of shareholdings, options, fees, or incentives linked to JSE-listed companies covered, and such disclosures must accompany research reports or recommendations. The Financial Sector Conduct Authority (FSCA) Conduct Standard 1 of 2023 also mandates clear identification, disclosure, and management of conflicts through internal policies. Industry codes such as the ASISA Code of Conduct and the Chartered Financial Analyst (CFA) Institute Code of Ethics reinforce full disclosure of ownership interests, business relationships, compensation structures, and any other factor that could reasonably be perceived as a conflict.

In Japan, securities analysts are required to disclose actual or potential conflicts of interest through self-regulatory requirements. For example, the SAAJ Standards of Professional Conduct requires members to avoid or manage conflicts of interest and disclose any factor that could impair objectivity, including personal holdings, third-party compensation, and trading priorities (SAAJ, 2024[7]). Members must disclose any matter that could compromise fair analysis, avoid holding substantial interests in recommended securities unless disclosed, and ensure clients have time to act on recommendations before they or their employer trade. All compensation from third parties must be disclosed. The JSDA also requires any material conflicts of interest to be explicitly stated in analyst reports.

Regulatory frameworks for CRAs are well established, with 96% of jurisdictions setting requirements by law or regulation, including the mandatory disclosure of methodologies. In addition, 94% of jurisdictions require CRAs to disclose actual or potential conflicts of interest.

In most jurisdictions, securities market regulators are responsible for supervising and enforcing these requirements.

All jurisdictions that have legal or regulatory frameworks for CRAs specifically require the disclosure of their methodologies. Many jurisdictions incorporate the IOSCO Code of Conduct Fundamentals for Credit Rating Agencies into their regulatory frameworks to promote integrity, transparency, and quality in credit ratings (IOSCO, 2015[2]). The Code requires CRAs to establish, document, and apply rigorous, consistent, and objectively validated methodologies, supported by a senior management-led review function conducting regular evaluations of methodologies, models, and key assumptions. CRAs must also disclose sufficient information for users to understand how ratings are determined and announce material methodological changes before they take effect – unless doing so would compromise rating integrity.

In Australia, licensed CRAs are required to comply with the IOSCO Code of Conduct Fundamentals for Credit Rating Agencies, with all IOSCO recommendations treated as binding requirements. Under their licence conditions, CRAs must also report annually to the Australian Securities and Investments Commission (ASIC) on compliance with these obligations. Recent reporting shows that Australian CRAs are disclosing their methodologies as required (ASIC, 2025[10]).

In Brazil, CRAs must publicly disclose their rating methodologies. Agencies must also pre-disclose any material changes to their methodologies to ensure market transparency and predictability. These legal requirements are complemented by non-binding recommendations and best practice guidance from CVM and industry associations, which promote consistency and clarity in the presentation and communication of methodologies.

In Malaysia, CRAs must develop specific rating criteria and methodologies for each type of corporate bond, sharia compliant bonds, and relevant industry. These methodologies must be published before assigning any credit rating and should clearly set out the agency’s rating philosophy, the parameters and thresholds for each rating category, and any applicable benchmarks used in the assessment process.

In South Africa, the disclosure of credit rating methodologies is governed by the Credit Rating Services Act (CRSA) and related rules. The CRSA requires CRAs to disclose their methodologies, models, key rating assumptions, limitations, and any material changes, providing sufficient information for users to understand how ratings are derived (Government Gazette, 2013[11]). Under Board Notice 229 of 2013 (Code of Conduct for CRAs), methodologies must be publicly accessible, regularly reviewed (at least annually), applied consistently, and accompanied by clear explanations for any changes. CRAs must also disclose the historical performance of rating categories to demonstrate reliability.

Ninety-four per cent of jurisdictions set requirements by law or regulation for CRAs to disclose actual or potential conflicts of interest. Many jurisdictions embed the IOSCO Code of Conduct Fundamentals for Credit Rating Agencies in their regulations to address conflicts of interest. The Code requires CRA rating decisions to remain independent and free from political, economic, or ownership-related influences, and for CRAs to avoid any activities or relationships that could compromise – or appear to compromise – their independence and objectivity.

In Australia, all AFS licensees, including CRAs, must have adequate arrangements to manage conflicts of interest under the Corporations Act 2001. ASIC’s Regulatory Guide 181 outlines that conflicts should be appropriately managed through avoidance, disclosure, or mitigating controls, depending on the circumstances (ASIC, 2004[12]).

In Brazil, CRAs must implement policies, controls, and procedures to identify, manage, and disclose conflicts, including relationships with rated entities, corporate links, cross-shareholdings, and the provision of other services to the same entity. Such conflicts must be clearly disclosed through public documentation, governance mechanisms, or within rating reports (CVM, 2020[13]). These legal requirements are complemented by CVM guidance and market best practices.

In Hong Kong (China), CRAs are subject to both the general Code of Conduct for licensed intermediaries issued by the Securities and Futures Commission (SFC) and the CRA Code of Conduct, which is aligned with the IOSCO Code of Conduct Fundamentals for Credit Rating Agencies (SFC, 2011[14]).

In Indonesia, CRAs must publish their rating results, statements and related opinions on their websites, disclosing any involvement by rated parties or other stakeholders. They are required to maintain a code of conduct ensuring ratings are objective, independent, consistent, and honest toward issuers, rated parties, and users. The code must address rating quality and integrity, independence and conflict avoidance, responsibilities to investors and rated parties, risk management, training, and transparent disclosure. Employees are prohibited from accepting gifts or benefits from related parties or participating in rating actions if they or immediate family members hold or trade securities of the rated entity, to prevent actual or perceived conflicts of interest (OJK, 2021[15]).

Under Israel’s Credit Rating Agencies Law (2014) and the Regulations to Regulate the Activity of Credit Rating Companies (5775-2014), CRAs must publish on their website a summary of the main conflicts of interest allowed in their operations. Receiving payment for a rating from an investor, issuer, underwriter, or distributor is permitted but requires public disclosure of the paying party’s identity for each rating. Agencies must also establish and publish internal procedures for managing such conflicts, to eliminate or minimise their impact on the rating process.

In Malaysia, CRA analysts and rating committee members must disclose any conflicts of interest, including those of their family members, in rating reports for all corporate bonds and sharia-compliant bonds. If no conflicts exist, the agency must explicitly state this in the report to ensure full transparency (Securities Commission Malaysia, 2023[16]).

In Peru, the regulatory framework for risk rating agencies requires them to issue independent opinions free of conflicts of interest that could arise from their capital structure, business activities, or the interests of shareholders, directors, managers, committee members, analysts, or other staff involved in the rating process. Agencies must also adopt a code of conduct to govern their actions and members, ensuring compliance with regulatory provisions across both their core and complementary activities.

In South Africa, CRAs are legally required under the CRSA and CRA Code of Conduct to disclose all actual or potential conflicts of interest to ensure transparency, independence and market integrity. CRAs must not issue ratings where conflicts could impair objectivity and must maintain internal controls, organisational firewalls, and separation between analysts and commercial functions to prevent undue influence. They are required to implement policies to identify, manage, or eliminate conflicts, ensure analysts remain independent, and prevent fee structures from influencing ratings. Disclosures must clearly identify financial interests, relationships, and ancillary services provided to rated entities, and be made clearly and in a timely manner, usually within rating reports. CRAs must also submit annual reports to the FSCA on their conflict management practices. The FSCA encourages alignment with IOSCO Code of Conduct Fundamentals for Credit Rating Agencies for international consistency.

Institutional investors today own significant stakes in publicly listed companies around the world, bringing increased attention to their stewardship responsibilities. Institutional investors are the largest category of shareholders globally, with 47% of total equity holdings at the end of 2024 (OECD, 2025[17]). In this context, proxy advisory firms have emerged as key service providers globally that help institutional investors exercise their voting rights in shareholder meetings. These firms provide research and voting recommendations on shareholder meeting proposals, supporting investors to make decisions across portfolios that often span thousands of companies.

The proxy advisory industry is highly concentrated. Two major providers control significant market shares in several jurisdictions (Shu, 2024[18]). This broad reach has made proxy advisors the subject of policy debate and regulatory scrutiny across jurisdictions. On the one hand, proxy advisory services enhance the efficiency of investor stewardship by providing independent analysis and informed guidance, which can strengthen corporate accountability (Sisson and Neervoort, 2025[19]). On the other hand, concerns have been raised about potential conflicts of interest and transparency, as well as on the risk of over reliance on their voting recommendations. On the latter, the UK Financial Reporting Council (FRC) conducted a study in 2023 which showed that resource constraints mean investors typically implement proxy advisors’ recommendations automatically for uncontroversial items. The study also showed that investors tend to manually review any advice to vote against management or other flagged items, but while proxy advisors’ negative recommendations influence voting results, their impact is not as strong as often assumed (FRC, Morrow Sodali, Durham University, 2023[20]).

Therefore, whether additional regulation of proxy advisors is needed or if existing market mechanisms are sufficient remains an open question. This peer review aims to inform such policy debate with examples from country approaches to help regulators strike a balance between preserving the benefits of proxy advisors’ expertise while guarding against undue influence and misaligned incentives without reinforcing market concentration. Effective oversight of proxy advisors may support well-informed shareholder engagement, which strengthens investor confidence in corporate governance and promotes healthy capital markets and efficient capital formation over the long term.

Proxy advisors offer voting recommendations to institutional investors and sell services that help in the process of voting. This information intermediary function allows institutional investors to focus their limited resources during periods of concentrated annual general shareholder meeting.

Voting recommendations produced by proxy advisors fall into two categories. Benchmark policies are general voting recommendations on an issue-by-issue basis which are updated annually prior to the proxy season (Krahnen et al., 2023[21]). Custom policies are voting recommendations tailored to an institutional investor’s preferences on a range of issues, from routine corporate governance topics to sustainability issues. Many institutional investors increasingly opt to use custom policies rather than benchmark policies in several markets (Hu, Malenko and Zytnick, 2024[22]). For example, an FRC study focused largely on FTSE 350 companies and investors (mostly asset managers signatories to the UK Stewardship Code) noted that three-quarters of surveyed investors rely on customised voting policies aligned with the investor’s own guidelines rather than default benchmark policies (FRC, Morrow Sodali, Durham University, 2023[20]). In India, benchmark policies are broadly used by institutional investors, and custom policies are still the exception.

Principle III.D. of the G20/OECD Principles recommend proxy advisors to disclose and mitigate conflicts of interest that might compromise the integrity of their advice. Ensuring that proxy advisory firms provide transparency of their methodology and operate with fairness is seen as essential to preserving the integrity of the shareholder voting process.

Sixty per cent of jurisdictions have established regulatory frameworks based on law or regulation for proxy advisors, while 10% address proxy advisors exclusively by recommendations in codes or principles to which proxy advisors and institutional investors may choose to adhere on a voluntary basis. Sixty-two per cent of jurisdictions provide definitions for proxy advisors, but their scope varies.

In the EU, the Shareholder Rights Directive II (Directive (EU) 2017/828 (SRD II) introduced a dedicated regime for proxy advisors, requiring greater transparency over their methodologies and management of conflicts of interest, which was transposed by EU member states (EU, 2017[23]). Besides EU member states, Norway has also transposed SRD II in its framework and, after Brexit, the United Kingdom has kept requirements mirroring SRD II in its Proxy Advisors (Shareholders’ Rights) Regulations 2019.

Other non-EU jurisdictions that have either regulations or recommendations for proxy advisors include Australia, Canada, India, Israel, Japan, Malaysia, Singapore and Switzerland. Five of these countries adopt voluntary recommendations by codes or principles. The Canadian Securities Administrator (CSA) specifies that the guidance for proxy advisors is neither prescriptive nor exhaustive. The CSA encourages proxy advisory firms to use it as a reference when developing and implementing practices suited to their specific structures and activities (CSA, 2015[24]). In Singapore, the Stewardship Principles for Responsible Investors 2.0 encourage proxy advisors to apply the Principles where relevant to support clients in meeting their stewardship responsibilities (ISCA, 2022[25]). The Swiss Code of Best Practice for Corporate Governance recommends that institutional investors, nominees and other intermediaries, including proxy advisors, act transparently towards the company (Economiesuisse, 2023[26]). In Malaysia, the Malaysian Code for Institutional Investors 2022 clarifies that institutional investors are expected to encourage their service providers, which include proxy advisors, to apply the principles of the Code where relevant. Accordingly, service providers are also encouraged to be signatories to the Code (IICM, 2022[27]).

Israel’s regulatory framework is notable as proxy advisory services are indirectly regulated via obligations placed on institutional investors, who thereby assume a monitoring role. Under the Israeli Securities Authority (ISA) rules, mutual fund managers may engage only proxy advisors that formally adhere to the Principles for Proper Conduct of Proxy Advisory Firms. The Israeli Capital Market, Insurance and Savings Authority applies the same requirement to insurance companies and pension funds. Institutional investors are required to engage proxy advisors with demonstrable professional qualifications, operational independence supported by a written conflicts of interest policy, and sufficient resources to ensure the quality and integrity of their recommendations. Fund managers must also maintain a formal internal process for reviewing the advisor’s recommendations as part of their voting policy, so that voting decisions are based on competent and impartial advice (ISA, 2014[28]).

In four jurisdictions, the regulatory framework is complemented by recommendations in codes or principles (Table 2.2). Spain’s Stewardship Code specifies that proxy advisors headquartered or established in Spain must apply professional judgement to determine which principles apply to them and to what extent (CNMV, 2023[29]). In the United Kingdom, complementing the regulations, the UK Stewardship Code 2026 sets out specific “apply and explain” principles for service providers, including proxy advisors (FRC, 2025[30]). Adherence to the UK Stewardship Code is voluntary, but signatories must report annually on how they have applied the principles, and most proxy advisors operating in the United Kingdom were signatories to the UK Stewardship Code 2020.

In addition to implementing SRD II, in France, the Autorité des Marchés Financiers (AMF) has non-binding recommendations applicable to proxy advisors since 2011, long before SRD II came to effect. These recommendations cover establishing and implementing voting policies, issuing voting advice, communicating with listed companies, and preventing conflicts of interest. The AMF recommends proxy advisory firms to apply these recommendations, disclose compliance on their websites, and submit a progress report on their implementation (AMF, 2011[31]).

As for definitions of proxy advisors, 62% of jurisdictions have a specific definition (Figure 2.1). Canada and Japan provide definitions in their voluntary recommendations of codes or principles. EU member states closely mirrored the SRD II definition when transposing it into their legal frameworks. Beyond the EU, most definitions include similar elements, indicating a degree of convergence across markets on the role of proxy advisors.

In the EU, SRD II defines proxy advisors as legal entities that, on a professional and commercial basis, analyse corporate disclosures and other relevant information from listed companies to support investors’ voting decisions by providing research, advice, or voting recommendations (EU, 2017[23]). The definition applies only to legal entities operating for profit, and therefore excludes natural persons, stewardship teams within investors, and not-for-profit entities that do not provide services on a commercial basis. Some stakeholders view these exclusions as problematic, and possible revisions are being considered as a review of SRD II is under consideration (ESMA; EBA, 2023[32]; Centre for Strategy & Evaluation Services, 2025[33]). Some EU member states, in addition to the legal definition transposing SRD II, have additional definitions in a code. For example, Denmark’s code of corporate governance and the Danish Financial Supervisory Authority (FSA)’s “Good practice for active ownership policies” also provide definitions of proxy advisory firms as those that “provide advice to shareholders and handle the practical aspects of voting at general meetings in listed companies” (Danish Committee on Corporate Governance, 2020[34]; FSA, 2025[35]).

In India, SEBI’s (Research Analysts) Regulations 2014 define a proxy advisor as “any person who provides advice, through any means, to an institutional investor or shareholder of a company, in relation to the exercise of their rights in the company including recommendations on a public offer or voting recommendations on agenda items” (SEBI, 2014, p. 4[6]). In Canada, the guidance describes proxy advisory services as encompassing several activities, such as analysing matters put to a vote at shareholder meetings, making voting recommendations, and developing proxy voting guidelines (CSA, 2015[24]). Under Japan’s Stewardship Code, “service providers for institutional investors” primarily means proxy advisors and pension investment consultants, but also includes any institutions that, at the request of institutional investors, provide services to support the effective execution of stewardship activities (JFSA, 2025[36]).

Compared with the EU’s narrower definition centred on voting recommendations and limited to for-profit legal entities, India’s definition is broader as it covers any person and extends to advice on voting as well as public offer recommendations. Canada’s soft-law definition is more activity-based and Japan’s frames proxy advisors within a wider class of stewardship service providers.

Fifty-eight per cent of jurisdictions require proxy advisors to disclose their methodologies and 8% recommend disclosure through voluntary codes. However, only 2% require, and 6% encourage that proxy advisors take account of national market and company-specific conditions, meaning 92% of jurisdictions neither require nor recommend that proxy advisors do so.

Proxy advisory business models and practices vary significantly across each provider. Most firms formulate voting recommendations using only publicly available information, underscoring the importance of comprehensive and transparent disclosures in annual reports, regulatory filings, and corporate websites. A minority of providers accept documented submissions that include non-public information under specified protocols.

The methodologies employed by proxy advisory firms are central to how institutional investors exercise their voting rights and stewardship responsibilities. However, proxy advisors have been criticised for the lack of transparency in their methodologies, which form the basis of voting recommendations (Krahnen et al., 2023[21]). These methodologies translate corporate disclosures, regulatory requirements, and governance best practices into structured voting recommendations in shareholder meetings. For stakeholders, including publicly listed companies, it can be challenging to understand the basis of voting recommendations. Proxy advisors may also lack transparency in how they weigh different factors in their analysis and company-specific nuances, which may lead to recommendations that do not fully reflect individual company circumstances.

Approaches to proxy advisors’ voting policies development and updates also differ. Many providers publish their policy-setting process, solicit input from clients and companies during defined windows (via meetings, policy surveys and public consultation periods), and then release updated methodologies. Other firms deliberately avoid consultation phases to minimise perceived or actual conflicts of interest and to preserve analytical independence. These choices shape both the transparency of the advisory process and the extent to which market participants can anticipate policy changes.

Companies can face challenges when proxy advisors’ voting guidelines diverge significantly from national laws or corporate governance codes. While proxy advisors and their institutional investor clients may aim to raise governance standards beyond legal or regulatory requirements, implementing such changes can be particularly difficult for smaller companies, as these reforms often require considerable time and resources (Zhang, 2022[37]).

Among the 58% of jurisdictions requiring proxy advisors to disclose their methodologies, EU member states that have transposed SRD II, together with Norway and the UK, follow a similar approach (Figure 2.2). They require proxy advisors to publish an annual report to inform clients about the accuracy and reliability of their activities, covering (i) key features of methods and models; (ii) main information sources; (iii) procedures to assure research quality, advice and voting recommendations, and staff qualifications; (iv) how, where relevant, they account for national regulatory and market conditions and company-specific factors; and (v) the essential characteristics of voting policies by market. These frameworks are disclosure-based, and do not require the integration of company or market-specific factors, but require disclosure where such factors are considered. Proxy advisors that adhere to a code of conduct must also disclose how they apply it and, on a comply or explain basis, identify the reasons for any departures and any alternative measures adopted.

Israel’s ISA Principles require proxy advisors to publish on their websites the key elements of their methodology, their full voting policy, and the frequency of updates. Importantly, voting policies must allow advisors to exercise discretion so they can consider case-specific circumstances, including the prevailing norms of the market in which the company operates, particularly for cross-listed companies. As such, Israel’s framework is the only case where market specificities are expected to be taken into account, while maintaining transparency about the methodologies and policies applied (ISA, 2014[28]).

Among EU states, France’s AMF guidance not only recommends that all proxy advisors publish their benchmark policies on their website but also that they include a definition of any specific notions or concepts used by the firm (AMF, 2011[31]). Japan’s principle-based Stewardship Code recommends disclosure of methodologies and encourages proxy advisors to deliver recommendations based on accurate and company-specific information. Policies should avoid a mechanical checklist approach and be designed to support companies’ sustainable growth (JFSA, 2025[36]). Canada’s recommendations encourage proxy advisors to take into account local market or regulatory conditions and other relevant characteristics of companies which may include size, industry and governance structure (CSA, 2015[24]).

South Africa is among the jurisdictions without a framework and without a specific requirement on the disclosure of methodologies. However, as governance codes and stewardship principles call on institutional investors to vote responsibly, proxy advisors are implicitly expected to support transparency and accountability by explaining how their recommendations are produced.

Specific obligations to ensure competence, experience, ethics and independence of proxy advisory staff are uncommon: 90% of jurisdictions have no requirements, only 4% impose mandatory obligations, and 6% address them via voluntary code recommendations. Formalised expectations are therefore largely absent, raising the question of whether market incentives and norms alone can deliver good practice.

The way proxy advisory firms organise their analyst teams varies between proxy advisors. Typically, proxy advisors organise their analysts by market segment and expand their capacity during the peak proxy season by hiring short-term analysts and consultants. Temporary staff generally provide data collection and process support and do not develop voting recommendations. Providers report that they do not use artificial intelligence (AI) in the substantive development of recommendations. Currently, AI is only used for limited services such as web-data scraping and translation. One provider has implemented a machine-learning tool to help clients identify and weight priority issues when configuring their voting guidelines.

Some proxy advisors have recently expressed their intention of deploying AI to move clients beyond standard benchmark policies, guiding them in developing customised voting frameworks that are more aligned with specific investment philosophies and stewardship priorities. The aim is that all clients can ultimately vote according to their own policies. For example, proxy advisors could offer framed perspectives reflecting different priorities (e.g. management alignment or stricter governance standards), with AI synthesising evidence, highlighting trade-offs, and supporting more nuanced voting decisions (Glass Lewis, 2025[38]).

India and Israel are the two countries with mandatory provisions to ensure proxy advisors have staff with specific professional qualifications. In India, under the Research Analyst Regulations, individuals must hold at least a graduate degree from and may qualify through a one-year National Institute of Securities Markets (NISM) Post Graduate Program in Securities Market (Research Analysis), or by obtaining a CFA Charter. Further, all research analysts, their officers, partners, and associated persons must maintain a valid NISM certification (or board-recognised equivalent), with timely renewal to ensure continuous compliance (SEBI, 2014[6]).

In the EU, by virtue of SRD II, there is no explicit requirement or recommendation on the competence, experience, ethics or independence of staff preparing voting research. However, proxy advisors are required to publish an annual report describing the procedures used to assure the quality of research, advice and voting recommendations and the qualifications of the personnel involved. Among EU member states, only France, through the AMF’s guidance, specifically recommends that proxy advisors maintain appropriate skills and resources, especially for analysing draft resolutions, and ensure that staff responsible have adequate expertise and experience. Proxy advisory firms should adopt procedural rules for preparing analyses, monitor compliance, and publish the policy covering resources, competencies, and procedures on their website (AMF, 2011[31]).

Canada’s guidance on proxy advisory firms’ staff is detailed. Proxy advisors are recommended to maintain sufficient resources and staff expertise to produce rigorous voting recommendations. Firms are also expected to describe on their websites how they hire, train, and retain competent staff to support these functions (CSA, 2015[24]). Japan also recommends proxy advisors to develop appropriate and sufficient human and operational resources (JFSA, 2025[36]).

Engagement with companies remains largely unregulated: 94% of jurisdictions set no requirement or recommendation for proxy advisors’ engagement with companies. Where the topic of engagement is addressed, frameworks typically emphasise disclosure when engagement occurs rather than mandating proxy advisors to engage. Four per cent set voluntary recommendations to engage, and 2% impose a legal obligation to do so.

Different business models of proxy advisors reflect on their engagement with companies. Some proxy advisors may not engage with companies at all because their investor clients prefer limited interaction, believing that engagement could compromise their proxy advisor’s independence when issuing voting research and recommendations. In practice, even when companies are permitted to comment on draft recommendations, the window for doing so is often very brief (24-48 hours).

Engagement models for company feedback and error correction both during and outside the annual general meeting (AGM) season vary widely. Proxy advisors have been criticised for perceived insufficient engagement when issuing voting recommendations, particularly in closely contested items where their influence may be decisive or where factual misrepresentations arise (Crain, 2025[39]). Practices differ across firms: some allow companies to review draft research or submit feedback only for a fee, while others provide similar opportunities at no cost (FRC, Morrow Sodali, Durham University, 2023[20]). Providers also handle company comments differently: some systematically publish company responses or corrections alongside their research, whereas others retain discretion over whether to incorporate or disclose such feedback.

A recent OECD report highlighted that distributing meeting materials well in advance would give both proxy advisors and shareholders more time for analysis, improving companies’ ability to address inaccuracies and strengthening the overall proxy voting chain and the effective exercise of voting rights (OECD, 2025[40]). Israel is the only country with a legal obligation to engage. The ISA Principles permit engagement before and after general shareholder meetings. Proxy advisors must act with objectivity and good faith, give companies a reasonable chance to present their views, and engage in good-faith discussions. Voting reports to institutional investors must disclose whether engagement occurred, whether documents were requested and when handling them was refused, and whether the company raised material objections (ISA, 2014[28]).

Across EU member states, further to the transposition of SRD II, proxy advisors are not required to engage with companies before issuing research or voting recommendations. However, if they do communicate with the companies they cover, with shareholder proponents or other stakeholders, they must disclose whether such engagement occurs and, where relevant, its frequency and nature (EU, 2017[23]).

France goes beyond the SRD II baseline by encouraging engagement. The AMF recommends that proxy advisors submit draft reports to the companies for review, or else clearly state in the final analysis that no draft was provided and explain why. Companies should be given at least 24 hours to provide comments, provided they supplied draft resolutions, relevant committee reports, and other necessary documents to the advisor at least 35 days before the general meeting (AMF, 2011[31]).

Japan’s recommendations state that proxy advisors should base recommendations on corporate disclosures and, where necessary, engage in dialogue with companies. Upon request, they should allow the company to confirm the factual basis of the analysis and transmit the company’s statement to clients alongside the recommendation (JFSA, 2025[36]).

In Canada, the National Policy 25-201 recommends proxy advisors to disclose and clearly describe on their websites policies and procedures for dialogue with companies, shareholder proponents and other stakeholders, including whether draft reports are shared for comment, and designate a contact point for such communications (CSA, 2015[24]).

Across jurisdictions, approaches to conflicts of interest disclosure vary significantly: 58% address conflict of interest disclosure by proxy advisors directly in their laws or regulations, and 8% do so through voluntary code recommendations. Only 6% of jurisdictions require disclosure when proxy advisors provide secondary services. In some cases, jurisdictions interpret conflict of interest disclosure as implicitly covering secondary services, without setting a specific obligation or recommendation in their frameworks. Only India requires proxy advisors to disclose their ownership structure publicly.

The business model of proxy advisors that provide secondary services can give rise to conflicts of interest (Larcker and Tayan, 2024[41]). Secondary services could include: i) consulting services to publicly listed companies, which may be the same companies whose corporate governance and sustainability‑related practices they evaluate as part of their proxy advice business; ii) voting platforms for institutional investors to execute votes; and iii) engagement services on behalf of institutional investors with publicly listed companies (Krahnen et al., 2023[21]; Spatt, 2019[42]).

Proxy advisors may have incentives to provide more favourable advice for companies that are their clients for consulting services for two main reasons (Krahnen et al., 2023[21]). First, proxy advisors may simply fear losing a consulting client in retaliation for proxy advice that goes against the interests of incumbent management. Second, employees of proxy advisors may have a natural confirmation bias, finding it challenging to provide proxy advice for their institutional investor clients that goes against a resolution they previously recommended in a consulting project.

Proxy advisory firms report taking a range of measures to address potential conflicts of interest, such as segregating ancillary or secondary services into separate legal entities and setting up information barriers that prevent research staff from knowing whether a company under review is a client of other services. In some cases, client platforms display information indicating that the company under review purchases other services from the firm so that investors are aware of the relationship while preserving confidentiality.

Concerning the legal frameworks, in the EU, proxy advisors have a duty to promptly identify and disclose to clients any actual or potential conflicts of interest or business relationships that could influence their research, advice or voting recommendations, together with the measures adopted to eliminate, mitigate or manage them. Their annual report must set out a policy for preventing and managing potential conflicts of interest, and proxy advisors that adhere to a code of conduct must report on its application. SRD II and implementing laws do not directly impose obligations to disclose secondary services provided by proxy advisory firms, nor their ownership structure (EU, 2017[23]).

In the United Kingdom, proxy advisors must publicly disclose whether they provide secondary services such as consulting to listed companies, particularly where these create potential conflicts of interest, specifying the nature of the services and the measures adopted to manage related conflicts (Legislation.gov.uk, 2019[43]). However, as in the EU, proxy advisors are not generally required to publish their full ownership structures as a separate obligation. However, when any element of ownership creates an actual or potential conflict of interest (e.g. a shareholder is also a client or the subject of recommendations), the firm would have to publicly disclose the conflict, its nature, and the measures taken to manage it.

In Israel, under the ISA Principles Document, proxy advisors must disclose any specific conflicts of interest to institutional investors in their recommendation reports. Although there is no specific requirement to list secondary services, the applicable principle clearly implies that such services must be disclosed insofar as they place the proxy advisor in a conflict of interest (ISA, 2014[28]).

Among jurisdictions that have both legal requirements and voluntary code recommendations, France complements the law by recommending proxy advisors to define and publish on their websites reasonable and appropriate measures to prevent conflicts of interest involving the firm, its executives, and its analysts, and to set out procedures to follow in case conflicts arise, especially where multiple activities are involved (e.g. advising companies, providing a voting platform, proxy solicitation). The AMF recommendation also specifies that these measures should be consolidated in a Charter of Ethics or Code of Conduct, with a designated person responsible for implementation and compliance (AMF, 2011[31]).

India is the only country that requires disclosure of proxy advisors’ ownership structure. To obtain a certificate of registration, proxy advisors must submit a form, together with a non-refundable application fee, with information on their shareholding and beneficial ownership structure (SEBI, 2014[6]).

Among the jurisdictions with voluntary recommendations to manage proxy advisors’ conflicts of interest, Singapore’s Stewardship Principles for Responsible Investors 2.0 call on responsible investors to disclose conflicts of interest and put clients’ and beneficiaries’ interests first. Responsible investors should require their service providers, including proxy advisors, to disclose all potential conflicts of interest and explain how those conflicts are managed (ISCA, 2022[44]). In Malaysia, the recommendation is placed upon institutional investors who should communicate to their service providers the need to publicly disclose all known potential conflicts of interest and to explain how they are managed, as well as putting in place mitigating measures when a potential conflict of interest is identified (IICM, 2022[27]).

In Canada, the CSA recommends that proxy advisory firms disclose to clients, in a timely manner, any actual or potential conflicts of interest and provide sufficient detail for clients to assess the firm’s independence and objectivity, including steps taken to address the conflict. Where feasible, firms are further expected to describe on their websites their policies, procedures, internal safeguards and controls, code of conduct, and compliance programme relating to conflicts. Firms are also encouraged to designate an appropriately qualified individual or committee to monitor compliance with these policies and codes, assess the adequacy of internal safeguards and conflict management practices, and report periodically to the board, executive management, or a designated committee (CSA, 2015[24]).

Four jurisdictions require formal licensing or registration of proxy advisors. Most jurisdictions rely on disclosure-based oversight and general market‑conduct rules.

There is an active debate in the EU (in the context of the SRD II review) and other markets on whether introducing authorisation could improve accountability and conflict management. However, it has also been argued that an authorisation requirement may increase barriers to entry. No jurisdictions consider the competitive landscape or a provider’s size in their frameworks.

In Australia, proxy advisors need an Australian Financial Services (AFS) licence only when advising wholesale investors on votes about financial-product dealings; other governance recommendations (e.g. director elections, remuneration reports) do not require them to obtain a licence, and all proxy advisors remain subject to the Corporations Act ban on misleading or deceptive conduct. Australia has debated whether proxy advisors should be subject to formal licensing, with Treasury consultations in 2021 considering extending the AFS licence regime to cover proxy advice that currently falls outside the scope (Australian Government, 2021[45]).

In the United Kingdom, there is a notification regime for in-scope proxy advisors, and the Financial Conduct Authority (FCA) maintains a public list on its website (FCA, 2024[46]). Bulgaria is currently the only EU member state that requires proxy advisors to register to conduct their activities. This register is maintained by the Financial Supervision Commission (FSC). In India, proxy advisors are also required to register under the SEBI (Research Analyst) Regulations, 2014.

ESG ratings refer to the assessment of an entity, instrument or issuers’ exposure to environmental, social and governance risks and opportunities. While some ESG ratings typically result from quantitative analysis, some use qualitative analysis supported by analytical judgement or opinion (IOSCO, 2021[47]). ESG rating providers have considerable discretion in selecting and weighing ESG issues to consider, making analytical judgement or opinions, and updating methodologies over time. ESG data providers have less discretion, as they generally focus on collecting, cleaning and reporting ESG metrics without offering analytical judgement or opinion.

ESG rating and data providers emerged to meet growing demand for non-financial metrics to assess corporate performance. As of 2025, ESG ratings and data remain a rapidly expanding market. The sector likely exceeded USD 1.5 billion in revenues in 2023 and was projected to grow at around 23% annually through 2025 (Balluffi, 2023[48]). What began with reliance on voluntary corporate disclosures has evolved into specialist firms that collect, standardise and transform diverse information into comparable metrics. Larger players now offer comprehensive ESG scores, rankings and datasets among other services (Section 2.3.3).

The growth of ESG rating and data providers has been driven by regulatory requirements and institutional investor pressure. Standardised sustainability reporting obligations have created demand for reliable, auditable ESG data, while in many markets investors face increasing expectations to integrate material ESG factors into decision-making.

The business models of ESG rating and data providers are often different. Some ESG rating and data providers also offer: i) ESG indexes; ii) consulting services to issuers, including ESG ratings improvement; iii) provision of certifications and second-party opinions; and iv) sustainability reporting assistance for issuers and financial market participants (IOSCO, 2021[47]).

ESG data can be broadly grouped into three categories: i) raw data; ii) screening tools; and iii) controversy alerts (IOSCO, 2021[47]). Raw data are collected from disclosures by issuers, other public sources, or questionnaires answered by issuers. Screening tools assess the exposure of individual issuers to ESG risks. Controversy alerts enable investors to monitor company-related news that may imply reputational risks, impacting issuers and their stakeholders.

Two-thirds of jurisdictions have established regulatory frameworks for ESG rating providers. However, most jurisdictions have not included ESG data providers in the scope of their frameworks. Where jurisdictions have adopted voluntary codes of conduct, they apply to both ratings and data providers. Key terminology for ESG rating and data across jurisdictions has some similarities, but also differences.

Most jurisdictions have established regulatory frameworks for ESG rating and data providers. Fifty-six per cent of jurisdictions have frameworks established in their law or regulations, 2% set self‑regulatory requirements, and 8% have voluntary codes or principles which are not binding (Figure 2.6). Some jurisdictions have introduced requirements or recommendations based on the IOSCO recommendations. In a 2021 report, on ESG rating and data providers, IOSCO highlighted the challenges in regulating providers and formulated recommendations for regulators and market participants (IOSCO, 2021[47]). In 2022, IOSCO issued a Call for Action, promoting good practices such as conflict management and robust and transparent methodologies (IOSCO, 2022[49]).

The 56% of jurisdictions that have regulatory frameworks set by law or in regulations include Costa Rica, EU member states, India and Thailand. In the EU, member states are subject to the ESG Ratings Regulation, which was published in December 2024 and entered into force in January 2025 in all member states. The ESG Rating Regulation will apply from July 2026 onwards. ESG data providers are not included in the scope of this regulation (EU, 2024[50]). Hungary adopted Act CVIII of 2023 (the ESG Act) in December 2023, and its scope regulates both ESG rating and data providers (including registered ESG consultants and ESG software). There is no material difference in the regulatory framework applicable to these two categories.

In India, the regulatory framework is provided by the Credit Ratings Agencies (CRA) Regulations, 1999 and the Master Circular for ESG Rating Providers (ERPs). ESG data providers are not in the scope of the regulatory framework in India. In Thailand, the regulatory framework, which applies equally to ESG rating and data providers, places obligations on asset management companies (AMCs) to assess the transparency of ESG providers (Section 2.3.7).

Korea is the only jurisdiction where the regulatory framework for ESG ratings providers includes self‑regulatory requirements by an industry association. In May 2023, the Financial Services Commission (FSC) issued the ESG Evaluation Agency Guidance. The Guidance provides guidelines and best practices intended to foster enhanced transparency in methodology and effective management of conflicts of interest (ISS Insights, 2023[51]). The regulatory framework applies only to ESG rating providers and does not extend to ESG data providers. The association issues guidance for ESG rating practices, and the Korea Exchange reviews and discloses each member’s compliance annually. Membership is voluntary but influential since the three agencies that dominate the market are part of it. The association is also developing membership entry, maintenance, and withdrawal rules.

Hong Kong (China), Japan, Singapore and the United Kingdom have introduced non-binding voluntary codes or principles as part of their regulatory frameworks for ESG rating and data providers. In 2022, the UK Financial Conduct Authority (FCA) appointed the International Capital Markets Association (ICMA) and International Regulatory Strategy Group (IRSG) to convene an industry group to develop a globally consistent voluntary code for those providing third-party data and ratings. In line with IOSCO’s recommendations, the code focuses on promoting transparency, good governance, management of conflicts of interest, and strengthening systems and controls (FCA, 2023[52]). Hong Kong (China), Japan and Singapore introduced their own codes grounded in IOSCO’s recommendations in 2024, 2022 and 2023, respectively (FSA, 2022[53]; ICMA, 2024[54]; MAS, 2023[55]). The codes developed by all three jurisdictions apply to both ESG rating and data providers.

Across surveyed jurisdictions, ESG rating and data terminology shows some similarities, but definitions of key terms – such as “ESG rating providers,” “ESG data providers,” “ESG ratings/scores/opinions,” and “ESG data” – vary. These differences reflect divergent regulatory approaches. The EU and India regulate ESG ratings, not including data providers, while jurisdictions such as Hong Kong (China), Japan, Singapore, and the United Kingdom use voluntary codes of conduct that include both ratings and data. Many definitions share common elements supporting some convergence across markets.

In the EU, an ESG rating provider is defined as “a legal person whose activities include the issuance, and the publication or distribution, of ESG ratings on a professional basis” (EU, 2024, p. 12[50]). An ESG rating refers to “an opinion or a score, or a combination of both, regarding a rated item’s profile or characteristics with regard to environmental, social and human rights, or governance factors, or regarding a rated item’s exposure to risks or impact on environmental, social and human rights, or governance factors, that is based on both an established methodology and a defined ranking system of rating categories, irrespective of whether such ESG rating is labelled as ‘ESG rating’, ‘ESG opinion’ or ‘ESG score’” (EU, 2024, p. 12[50]). The EU ESG Rating Regulation does not define ESG data providers or ESG data.

Under Hungary’s ESG Act, which covers both ESG rating and data providers, an ESG consultant is any person or legal entity providing ESG information and advice in Hungary, including support for corporate governance and ESG disclosures, compliance with sustainability due-diligence obligations, collection and analysis of sustainability data, and implementation of risk management, risk analysis and preventive measures.

In Hong Kong (China), the voluntary code of conduct defines a provider of ESG ratings/data products as “an entity whose activities involve the provision of ESG ratings/scores and/or data products” (ICMA, 2024, p. 7[54]). ESG rating/score is defined “as a product that is provided, or marketed as providing an opinion, score or other ranking issued using an established and defined ranking system, regarding the environmental, social or governance characteristics or risks in relation to one or more entities’, financial instruments’, or products or one or more companies’ ESG profile, characteristics, or exposure to ESG, climate-related or other environmental risks or impact on society and the environment. For the purposes of this definition, it is irrelevant whether or not the relevant product is explicitly labelled as an “ESG rating or ESG score” (ICMA, 2024, p. 7[54]). The voluntary code also defines ESG data products as a “product provided, or marketed as providing either a specific environmental, social, or governance focus or a holistic ESG focus, or a combined focus on a combination of E, S or G factors, in respect of one or more entities, financial instruments, products or companies’ ESG profile, characteristics, or exposure to ESG, climate‑related or other environmental risks or impact on society and the environment. For the purposes of this definition, it is irrelevant whether or not the product is explicitly labelled as an “ESG data product” (ICMA, 2024, p. 7[54]).

Sixty-two per cent of jurisdictions require or recommend ESG rating providers to disclose their methodologies. Sixty per cent require or recommend that methodologies be updated or reviewed, but independent reviews are far less common, with only India mandating them.

ESG ratings are typically paid for by institutional investors, not issuers, in contrast to credit ratings. This subscriber-pays model can pressure ESG rating providers to prioritise broad coverage over analytical quality to meet institutional investor demand across geographies and sectors, even if data are limited or unreliable. Given the current subscriber-pays model, there is generally low incentive for ESG rating or data providers to interact with the issuers. As a result, issuers rarely get a chance to verify report accuracy, increasing the risk of factual errors (IOSCO, 2021[47]). This lack of verification poses reputational risks for issuers and may lead to investment decisions by institutional investors based on incomplete information.

Diverse methodologies and concerns with the availability, quality, and comparability of ESG disclosure lead to low correlation and high divergence in ESG ratings (IOSCO, 2021[47]). There can be wide divergence in the metrics, methodologies and data used by ESG ratings providers to calculate environmental pillar scores of ESG ratings (OECD, 2022[56]; OECD, 2025[57]). A study found that the measurement of an attribute using different indicators contributes to 56% of the divergence of ESG ratings while scope (coverage of different sets of attributes) and weight (different views on the relative importance of attributes) contribute to 38% and 6%, respectively (Berg, Kölbell and Rigobon, 2019[58]). Frequent and unannounced changes in methodologies can hinder performance comparisons over time and cause confusion for issuers and institutional investors. Imperfect transparency around methodologies and how ESG factors are weighted may make it difficult to understand ESG ratings.

The quality of data used by ESG rating providers can vary greatly between issuers, as they rely on self-reported information that is not always independently verified. As a result, issuers with more comprehensive disclosure practices or issuers with resources to answer detailed questionnaires in a short time may receive higher ESG ratings, regardless of their actual sustainability performance, while those that disclose less information may be rated lower.

Methodological issues with standalone ESG data – independent of ESG ratings – also stem from data gaps and the judgements made by data providers. Definitions, formats and calculation methods vary, making indicators such as scope 3 emissions often non-comparable. Incomplete reporting is filled by data providers with estimates.

In line with Principle III.D. of the OECD/G20 Principles of Corporate Governance, 62% of jurisdictions require or recommend the disclosure of methodologies by ESG rating providers (Figure 2.7). Within this group of jurisdictions, 52% require the disclosure of methodologies by law or regulation, primarily EU member states and India. Korea is the only jurisdiction with a self-regulatory framework for the disclosure of methodologies by ESG rating providers. Hong Kong (China), Japan, Singapore and the United Kingdom all follow voluntary codes for the disclosure of methodologies by ESG rating providers.

Article 23 of the EU’s ESG Ratings Regulation requires providers to publish their methodologies, models and key assumptions in a dedicated section of their website (EU, 2024[50]). Alongside the EU-level requirement, in Hungary, Section 35(2) of the ESG Act requires ESG rating providers to publish their methodology and review it periodically in line with international standards and relevant legislation (Nemzeti Jogszabalytar, 2023[59]). India’s CRA Regulations require providers to disclose their methodologies, including indicators, data sources, weightings and sector-specific criteria (SEBI, 2024[60]).

In the 8% of jurisdictions that follow a voluntary code approach, these codes take a principles-based approach to the disclosure of methodologies by ESG rating and data providers. Singapore’s voluntary code calls on ESG rating and data providers to use rigorous, systematic, and consistently applied methodologies, while protecting proprietary or confidential elements. Providers should also be transparent, where possible, about data sources, including the use of industry averages, estimates, or proxies when actual data is unavailable. This includes clarity on data timeliness and whether data is publicly sourced (ICMA, 2024[54]).

Sixty per cent of jurisdictions require or recommend methodologies to be updated or reviewed by an independent party (Figure 2.7). Although EU member states must review their methodologies on an ongoing basis, the regulation does not mandate an independent review by a third party (EU, 2024[50]). In Japan, the voluntary code requires ESG evaluation methodologies and data to be regularly updated, but it does not mandate independent reviews (FSA, 2022[53]). In Singapore, ESG rating providers should regularly review their methodologies and are encouraged to have the review verified by an independent party (MAS, 2023[55]).

In India, the CRA Regulations require ESG rating providers to undergo an annual independent internal audit, with detailed requirements set out in the Master Circular for ERPs. Audits must be conducted by conflict-free firms with at least three years’ financial sector experience. The internal audit covers all operations, grievance mechanisms, and regulatory compliance, with reports outlining methodology, deficiencies, management responses, and adequacy of compliance systems. Auditors must also confirm no other engagements or associations with ESG rating providers (SEBI, 2023[61]).

Sixty-six per cent of jurisdictions have requirements or recommendations on the competence, experience, ethics and independence of providers’ staff as part of their regulatory frameworks. In 8% of jurisdictions, voluntary codes of conduct for ESG rating and data providers are grounded in IOSCO’s recommendations that providers’ staff be professional, competent and of a high integrity.

In Costa Rica, staff must have relevant expertise, including professional experience in at least two areas such as environmental or social project analysis, and knowledge in at least one field such as climate change, sustainability consulting, risk management, or local sustainability regulation. Providers must also maintain clear policies and procedures, employ skilled staff, and ensure adequate technological and operational infrastructure to fulfil their responsibilities (Sugeval, 2022[62]). In Thailand, those undertaking ESG rating activities must have the appropriate expertise, experience, qualifications and ethics. The EU and India also set competence, experience, ethics and independence criteria in the EU ESG Ratings Regulation and the CRA Regulations, respectively.

Jurisdictions that use voluntary codes of conduct – such as Hong Kong (China), Japan, Singapore, and the United Kingdom – set similar requirements because their codes are based on IOSCO’s recommendations, which stress that “personnel involved in ESG ratings and data products must be professional, competent, and of high integrity” (IOSCO, 2021, p. 38[47]).

Only two jurisdictions that have legal or regulatory frameworks set a minimum notice period that ESG rating providers must give rated entities to inform them of any factual errors or inaccuracies. In one jurisdiction, a voluntary code recommends allowing rated entities the opportunity to point out any factual errors or inaccuracies, although it does not specify a minimum notice period.

Some jurisdictions require ESG rating providers to give rated entities a minimum notice period to identify any factual errors or inaccuracies. Fifty-two per cent have formalised this through legal or regulatory requirements, including the EU and India. Under the EU ESG Rating Regulation, ESG rating providers must notify rated entities at least two full working days before issuing an ESG rating. This gives rated entities the opportunity to identify and correct any factual errors (EU, 2024[50]). In India, the regulatory framework distinguishes between issuer-pays and subscriber-pays models. Under the CRA Regulations, ESG rating providers must share the draft report with the rated issuer before publication and allow an opportunity for appeal or representation. In the subscriber-pays model, reports must be shared simultaneously with subscribers and the rated entity, which then has two working days to comment. Providers must include any comments in an addendum and, if the entity disputes data or assumptions, either revise the report or issue an addendum with their own remarks, circulated to all subscribers (SEBI, 2023[63]).

In Japan, under the voluntary code of conduct, when disclosing ESG evaluations and data, institutions should, where practicable and consistent with their methodologies and policies, promptly notify the company of the key information sources used. This gives the company an opportunity to review the sources and identify any significant deficiencies, such as factual errors (FSA, 2022[53]).

Sixty-six per cent of jurisdictions require or recommend disclosure of actual or potential conflicts of interest, as well as policies and procedures to ensure that business interests do not compromise the independence or accuracy of providers’ products. Requirements or recommendations to disclose ownership structures are less common, with 54% of jurisdictions setting such expectations.

The provision of consulting services by ESG rating and data providers can give rise to potential conflicts of interest. For example, ESG rating and data providers could offer consulting advice to issuers on their ESG performance or insights into how ESG ratings and data are developed, or support with reporting that influences ESG ratings and data products. ESG rating and data providers may have incentives to provide more favourable advice for issuers that are their clients for consulting services than for others that are not for two main reasons. First, ESG rating and data providers may fear losing a consulting client in retaliation of a ratings advice that goes against the interest of management. Second, employees of the ESG rating and data providers may have a natural confirmation bias, where they would find it challenging to provide advice for their institutional investor clients that goes against a recommendation they previously gave in a consulting project requested by a listed company. Additionally, there may be a conflict of interest arising from the fact that the institutional investor paying for an ESG rating may expect a positive rating for its investee companies, notably if a negative rating would force the investor to disinvest from a company.

In line with Principle III.D. of the G20/OECD Principles, 66% of jurisdictions require or recommend the disclosure of actual of potential conflicts of interest. Fifty-six percent of jurisdictions set legal or regulatory requirements for the disclosure of actual or potential conflicts (Figure 2.8).

In Costa Rica, ESG rating providers must implement and publicly disclose policies to identify, assess, manage, and prevent actual, potential, or apparent conflicts of interest with the issuers or fund managers they audit (Sugeval, 2022[62]). In the EU, ESG rating providers shall disclose to the European Securities and Markets Authority (ESMA) all existing or potential conflicts of interest, including conflicts of interest arising from the ownership or control of the ESG rating providers (EU, 2024[50]). In India, the ESG rating providers must identify, disclose and avoid or mitigate potential conflicts of interest (SEBI, 2023[63]; SEBI, 2023[61]). In Thailand, ESG rating providers are required to maintain independence and avoid conflicts of interest.

Hong Kong (China), Japan, Singapore and the United Kingdom have all adopted voluntary codes of conduct which incorporate IOSCO’s recommendations including in relation to conflicts of interest (Figure 2.8).

In 56% of jurisdictions, laws or regulations mandate policies and procedures to prevent business interests from compromising product independence or accuracy (Figure 2.8). In the EU, ESG rating providers must adopt and implement due diligence policies and procedures to ensure business interests do not compromise the independence or accuracy of their ratings. Also, providers must take all necessary measures to prevent ratings from being influenced by their own business or by the interests of shareholders, managers, analysts, employees or others under their control (EU, 2024[50]).

India’s SEBI requires ESG rating providers to keep rating activities independent from consulting or other business services and to disclose any ties with rated entities. Providers must adopt policies and codes of conduct, with board-level oversight, to manage conflicts of interest. Analysts and rating staff cannot engage in marketing, fee negotiations, or hold shares in rated issuers, and ratings must be reviewed if an employee joins a rated entity. ERPs must also prevent misuse of price-sensitive information, with strict rules on staff trading, disclosure of holdings and annual reporting of securities transactions (SEBI, 2023[63]; SEBI, 2023[61]).

Korea is the only jurisdiction which has adopted a code of conduct which has self-regulatory requirements for ESG rating providers (Figure 2.8). ESG rating providers must avoid relationships that compromise independence or fairness and publicly disclose relevant facts. They are required to adopt internal procedures to identify, manage, and mitigate conflicts of interest, including separating ESG rating activities from consulting or advisory services. Providers must also establish policies covering affiliates’ activities, act on reported conflicts, and manage risks arising from equity or other business relationships with rated issuers (KCGS, 2023[64]).

In the United Kingdom, ESG rating and data providers must adopt written policies and procedures to identify, eliminate, or where necessary manage, mitigate, and disclose conflicts of interest that could affect their ratings or analyses. They are also required to disclose the measures in place to avoid and manage such conflicts and to ensure that business relationships with rated entities or affiliates do not compromise the integrity of their products (ICMA, 2023[65]).

The requirement or recommendation for ESG rating providers to disclose their ownership structures is less common, with 54% of jurisdictions having some-related provision (Figure 2.8). In the EU, ESG rating providers are required to disclose their ownership structures when applying for authorisation from ESMA (EU, 2024[50]). In India, ESG rating providers must disclose their shareholding pattern and any change in control, including ownership structure, with providers required to submit details of their current and proposed shareholding for SEBI’s approval (SEBI, 2023[63]; SEBI, 2023[61]).

In Japan, the voluntary code recommends that ESG evaluation and data providers recognise that ownership structures and other factors may give rise to conflicts of interest. They should therefore disclose these risks and establish effective policies that ensure independent decision-making and the proper management of conflicts arising from ownership, organisational structure, business and investment activities, funding, and employee compensation (FSA, 2022[53]).

Forty-six per cent of jurisdictions do not have any specific requirements or recommendations for ownership disclosure from ESG rating providers (Figure 2.8). In some jurisdictions that follow voluntary codes of conduct, ESG rating and data providers are not specifically required to disclose their ownership structures. Disclosure may still be necessary where ownership creates actual or potential conflicts of interest. In Hong Kong (China), the voluntary code does not explicitly recommend ownership disclosure but recommends that providers disclose the measures they have implemented to avoid and manage conflicts, which may include ownership-related issues. Participating providers must publish a self-attestation document setting out how they apply the code and explaining any deviations (ICMA, 2024[54]).

Only the EU and India require ESG rating providers to be registered or authorised, while public lists are more common where voluntary codes of conduct are used. Where codes, principles or self-regulatory requirements apply, monitoring practices vary. Ninety per cent of jurisdictions do not consider the competitive landscape or a provider’s size in their frameworks.

Fifty-four per cent of jurisdictions – primarily EU member states and India – require ESG rating providers to be registered or authorised under their respective regulations (Figure 2.9). ESG rating providers wishing to operate in the EU must apply for authorisation from ESMA (EU, 2024[50]). Hungary has established the Supervisory Authority for Regulatory Affairs of Hungary (SARA) with an electronic register for ESG rating providers, where their name, registered office, contact details, as well as where and how to access rating methodologies, are provided. Moreover, ESG data providers must also be accredited by Hungary’s SARA.

In India, ESG rating providers must register through SEBI’s online Intermediary Portal, and obtain SEBI’s prior approval for any change in control (SEBI, 2023[63]; SEBI, 2023[61]). In Korea, ESG rating providers are governed by a self-regulatory system through an association formed by the three major agencies (Section 2.3.3). Korea’s FSC also monitors and publishes whether agencies meet the requirements in the guidance every year.

Hong Kong (China), Japan, Singapore and the United Kingdom all maintain public lists of firms that have adopted their respective voluntary codes of conduct. In Singapore, providers that have publicly attested their adoption of the code can be found on the ICMA website. This list also highlights providers that have taken the voluntary step of enhancing the credibility of their attestation with a third-party audit (MAS, 2023[55]).

In 10% of jurisdictions where codes, principles or self-regulatory requirements are part of the regulatory framework for ESG rating and data providers, monitoring practices vary. Korea is the only jurisdiction where the regulatory framework for ESG ratings and data providers includes self-regulatory requirements by an industry association (Section 2.3.3). To oversee this framework, the ESG Evaluation Agency Council was established as a self-regulatory body by three domestic agencies (ISS Insights, 2023[51]). The Council is responsible for monitoring the effectiveness of the Guidance and may issue recommendations or new guidance if deemed necessary. The FSC also monitors and publishes whether agencies meet the requirements in the Guidance every year.

In Hong Kong (China), given that ESG rating and data providers are not currently within the SFC’s regulatory remit, the SFC does not undertake any monitoring and supervision of providers regarding the adoption of the voluntary code of conduct. However, in 2024, the SFC issued guidance encouraging licensed asset managers to reference the voluntary code (or equivalent standards) when conducting due diligence and ongoing assessments of ESG providers (SFC, 2024[66]).

In Japan, the FSA does not impose any penalties or sanctions on firms that choose not to comply with the voluntary code of conduct. However, the FSA monitors the overall market and individual firms’ compliance with the principles through measures such as surveys on adherence. The FSA could intervene later if adoption proves weak or inconsistent. In Singapore, ESG rating and data providers are expected to publicly disclose their adoption of, and compliance with, the Code of Conduct. MAS maintains an online list of adopters based on these self-declarations, while providers may also choose to obtain independent assurance of their self-attestation to enhance credibility. MAS does not audit or enforce adherence to the Code, focusing instead on tracking adoption and promoting transparency. In the United Kingdom, the ICMA maintains ownership of the Code of Conduct and will publish and maintain on its website a list of providers that have agreed to adhere to the Code. The ICMA does not monitor or confirm the adoption of the Code of Conduct by providers (ICMA, 2023[65]).

India is the only jurisdiction whose regulation considers the competitive landscape and the size or the development level of ESG rating providers. Under the CRA Regulations, Category I firms, typically subsidiaries of SEBI-registered intermediaries such as Research Analysts or Credit Rating Agencies, must employ at least four qualified specialists across specific areas and maintain a minimum liquid net worth of ₹5 crores (approximately USD 600 000). Category II firms, usually smaller start-ups without prior SEBI registration, are required to employ at least two specialists across specific areas and maintain a minimum liquid net worth of ₹10 lakhs (approximately USD 12 000) (SEBI, 2023[63]).

Hong Kong (China), Singapore, and the United Kingdom are jurisdictions that consider the competitive landscape and developmental stage of ESG rating and data providers in their voluntary codes of conduct. In Hong Kong (China), the voluntary codes state that ESG rating and data providers should apply the code proportionately, considering the nature, scale and complexity of their activities or business.

In the EU, the ESG Ratings Regulation does not introduce a streamlined regime that takes into account the competitive landscape or size of ESG rating providers. Instead, it establishes a temporary regime of up to three years maximum for small providers.

Index providers are firms responsible for creating, calculating, and overseeing market indexes, which serve as financial benchmarks. According to IOSCO’s Principles for Financial Benchmarks, an index is defined as a financial benchmark that is available to users either for free or for a fee, calculated periodically through a formula or method based on underlying interests (IOSCO, 2013[67]). Indexes are used for various purposes, including determining interest rates or sums payable under loan agreements or financial contracts, setting the price for buying, selling, trading, or redeeming financial instruments, and measuring the performance of such instruments.

Index providers grew as financial markets matured and institutional investors sought standardised benchmarks to track performance. As equity markets expanded and diversified, demand grew for more sophisticated benchmarks capable of covering different market segments. Global firms which dominate the index provider market such as FTSE Russell, MSCI, and S&P Dow Jones have developed indexes that now span equities, bonds, commodities, and other asset classes (Petry, Fichtner and Heemskerk, 2019[68]).

Thousands of indexes are in operation worldwide. The leading providers have become major financial service providers, with their benchmarks used to track trillions of dollars in assets under management (Petry, Fichtner and Heemskerk, 2019[68]). The rise of index-linked investment strategies has prompted complex questions about the influence of index providers on capital allocation. Inclusion in major indexes can trigger substantial inflows from index-based funds, meaning decisions on eligibility criteria, weighting methodologies, and corporate actions can materially affect issuers and markets. This has led to greater scrutiny of their methodologies and potential conflicts of interest.

Regulators and international bodies such as IOSCO have issued principles on benchmark governance and transparency, encouraging providers to adopt robust, conflict-free processes for index construction and maintenance (IOSCO, 2013[67]). IOSCO recently issued a report on the application of the Principles for Financial Benchmarks to ESG indices, finding that they are broadly applicable and provide a foundation for ESG benchmarks (IOSCO, 2025[69]). Nonetheless, regulatory frameworks for index providers continue to vary across jurisdictions (Section 2.4.3).

An index provider’s business model often centres on defining, creating and periodically rebalancing indexes, calculating index values, and then charging index licensing fees to institutional investors to generate revenues (An, Benetton and Song, 2023[70]).

Both passive and active institutional investors use indexes. Passive institutional investors maintain portfolios that replicate predefined indexes, adjusting holdings automatically as index composition or prices change, with the aim of minimising both tracking error and trading costs. Active institutional investors use indexes as performance benchmarks and aim to outperform them, accepting some deviation as part of their strategy but still seeking to limit departures to avoid prolonged underperformance (OECD, 2014[71]).

Some index providers may also provide secondary services, which could include: i) advisory services to publicly listed companies, which may be the same companies whose corporate governance and sustainability-related practices they evaluate as part of their index provider business, and lead to conflicts of interest; ii) ESG ratings; and iii) data and analytics services.

Seventy per cent of jurisdictions have established regulatory frameworks for index providers. Some jurisdictions only regulate indices of significant or systemic importance, while specific requirements for ESG-orientated indices are infrequent.

In Australia, Section 5 of the Australian Securities and Investments Commission (ASIC) Corporations Instrument designates five significant financial benchmarks (SFBs), including the S&P/ASX 200, the country’s largest stock market index (ASIC, 2018[72]). In Canada, the Multilateral Instrument 25-102 focuses on the Canadian Dollar Offered Rate and Term CORRA (a designated interest rate benchmark) (OSC, 2024[73]). In India, the Index Provider Regulations apply only to significant indices used by domestic mutual funds above SEBI’s asset thresholds. SEBI recently launched a consultation to define significant indices (Section 5.6.1). In Japan, oversight is limited to two specified financial indices: the Tokyo Interbank Offered Rate and the Tokyo Term Risk Free Rate. In Singapore, regulation targets systemically important benchmarks, such as the Singapore Overnight Rate Average (SORA) for interest rate derivatives (MAS, 2025[74]; Parliament of Singapore, 2021[75]).

The EU and the United Kingdom also set specific requirements for index providers that provide ESG-orientated indices. In the EU, under the 2018 Benchmark Regulation (BMR), all index providers – whether offering ESG-oriented or non-ESG-oriented benchmarks – must have met a baseline set of requirements. These include governance standards, methodology transparency, oversight measures and the publication of benchmark statements (EU, 2016[76]). ESG‑orientated benchmarks faced additional obligations, including explaining how ESG factors were integrated into their methodology. Stricter requirements applied to EU Climate Transition Benchmarks (CTBs) and EU Paris-Aligned Benchmarks (PABs), which must meet minimum ESG standards and disclose alignment with EU climate targets.

The revision to the EU’s BMR in 2025 narrows its scope considerably. Only critical, significant and climate‑related benchmarks (CTBs and PABs treated as significant benchmarks) remain within the regulation, while most non-significant and non-ESG indexes fall outside (EC, 2025[77]). ESG disclosure obligations will therefore apply only to administrators of benchmarks that remain in scope. Furthermore, under the revised framework, only those benchmarks that meet the regulatory requirements will be permitted to use the CTB or PAB labels. The new rules apply from 1 January 2026.

In the United Kingdom, the EU BMR was incorporated into UK law, which is why the United Kingdom regulatory framework for index providers mirrors the original 2018 EU framework and applies only to benchmarks in the United Kingdom. European Economic Area (EEA) benchmark administrators providing benchmarks in the United Kingdom are now subject to the third country regime under the United Kingdom BMR. Similarly, United Kingdom benchmark administrators are now treated as third country administrators under the EU BMR. In late 2025, the UK government launched a consultation on revising the UK BMR framework to ensure it remains proportionate and tailored to UK markets. The consultation closed in March 2026 (HM Treasury, 2025[78]).

In Canada, although there are no regulatory requirements directly applicable to ESG rating and ESG index providers, the CSA has issued CSA Staff Notice 81-334, which provides guidance on the disclosure and sales communication practices of investment funds as they relate to ESG matters. CSA Staff Notice 81-334 includes guidance relating to funds that track or use an ESG-related index and funds that use ESG ratings, scores, indices or benchmarks, as well as sales communications that include fund-level ESG ratings, scores or rankings (CSA, 2024[79]).

Similarly in Thailand, although there are no regulatory requirements directly governing index providers, most ESG indices are constructed using ESG ratings data – meaning that ESG index providers are also acting in the capacity of ESG ratings providers. Therefore, the SEC’s rules governing ESG ratings providers apply to ESG index construction as well. The SEC imposes specific eligibility and disclosure requirements for ESG index providers used by ESG funds. These requirements include independence, governance, credibility and public disclosure of index construction methodology. Non-ESG index providers are not subject to equivalent scrutiny.

Across surveyed jurisdictions, index provider-related terminology shows some similarities, but definitions of key terms – such as “index providers”, “financial index” and “stock index” – vary.

In Australia, Section 908AB of the Corporations Act 2001 defines a financial benchmark as a price, estimate, rate, index or value that: (a) is made available to users (whether or not for a fee); and (b) is calculated periodically from one or more: (i) transactions, instruments, currencies, prices, estimates, rates, indices, values, financial products, bank accepted bills or negotiable certificates of deposit; or (ii) other interests or goods (whether tangible or intangible); and (c) is referenced or otherwise used for purposes that include one or more of the following: (i) calculating the interest, or other amounts, payable under financial products, bank accepted bills or negotiable certificates of deposit; (ii) calculating the price at which a financial product, bank accepted bill or negotiable certificate of deposit may be traded, redeemed or dealt in; (iii) calculating the value of a financial product, bank accepted bill or negotiable certificate of deposit; (iv) measuring the performance of a financial product, bank accepted bill or negotiable certificate of deposit.

In the EU, a benchmark is defined as “any index by reference to which the amount payable under a financial instrument or a financial contract, or the value of a financial instrument, is determined, or an index that is used to measure the performance of an investment fund with the purpose of tracking the return of such index or of defining the asset allocation of a portfolio or of computing the performance fees” (EU, 2016, p. 13[76]). An index is defined as “any figure (a) that is published or made available to the public; (b) that is regularly determined: (i) entirely or partially by the application of a formula or any other method of calculation, or by an assessment; and (ii) on the basis of the value of one or more underlying assets or prices, including estimated prices, actual or estimated interest rates, quotes and committed quotes, or other values or surveys” (EU, 2016, p. 13[76]). The term administrator refers to a natural or legal person that has control over the provision of a benchmark” (EU, 2016, p. 14[76]).

In India, index providers are defined as “a person who controls the creation, operation and administration of a Benchmark or an Index, whether or not it owns the intellectual property rights relating to the Benchmark or an Index, and is in particular responsible for all stages of the Benchmark or an Index administration process, including: (i) the calculation of the Benchmark or an Index; (ii) determining and applying the Benchmark or an Index methodology; and (iii) disseminating the Benchmark or an Index” (SEBI, 2024, p. 4[60]).

In Israel, an “index” is defined as “an index that serves or is expected to serve as a benchmark for a fund”. The Capital Market, Insurance and Savings Authority regulations also define a benchmark index as “a public index published by a stock exchange, foreign exchange, regulated market, or an electronic information system such as Bloomberg, Reuters, or any other recognized platform that publishes index values for assets traded on an exchange, foreign exchange, or regulated market.” (Capital Market, Insurance and Savings Authority, 2019[80]).

Seventy per cent of jurisdictions require index providers to disclose their methodologies. In 64% of jurisdictions, providers must outline consultation procedures for material methodology changes, explain the rationale for such changes, and notify users when they occur. The same proportion of jurisdictions requires methodologies to be periodically updated or reviewed by an independent party.

A possible concern with index providers is the lack of transparency in how methodologies are developed and applied, especially where providers exercise significant discretion, such as in ESG indices (Bebchuk and Kastiel, 2017[81]). Key rules on eligibility, sector classification, weighting and rebalancing are not always fully disclosed, making it difficult for institutional investors and issuers to verify index construction or anticipate changes. Opacity becomes particularly problematic when providers alter or override methodological rules – such as delaying rebalancing, reinterpreting inclusion criteria or applying ad hoc adjustments – without clear explanation or consultation. These discretionary decisions can significantly influence global capital flows by determining country and company weights, creating uncertainty for investors, and potentially leading to informational asymmetries. The lack of methodological clarity is especially acute in ESG indices, where scoring systems and inclusion criteria vary widely, hindering users’ ability to make informed comparisons or hold providers accountable. Given that index inclusion can materially affect access to capital, these issues reinforce the need for transparent and consistently applied and well-disclosed methodologies (Financial Times, 2024[82]).

In Australia, the Benchmark Rules require a licensed benchmark administrator to publicly disclose adequate information to enable users and contributors to understand the interest, market, or economic reality that the licensed benchmark is intended to measure, as well as the method for generating it. This ensures transparency in the benchmark’s methodology and representativeness.

In the EU, all in-scope index providers (Sections 2.4.3 and 3.6.1) must disclose their methodologies to ensure transparency on how benchmarks are constructed, maintained and updated. Article 13 requires administrators to publish a clear explanation covering data sources, adjustments, and procedures for changes, applying to all benchmarks. For ESG benchmarks, additional disclosures apply, and administrators must explain how ESG factors are reflected. EU CTBs and PABs are subject to further mandatory ESG disclosures (EU, 2016[76]).

In India, the Index Provider Regulations require providers to publish their calculation methodology, allow adequate time for constituent changes, review methodologies regularly, and, for significant changes, consult stakeholders and give advance notice before implementation (Section 5.6.1).

In Israel, index providers are regulated indirectly under the ISA Index Directive. Providers must publish their full methodology online, detailing calculation methods, update and weighting procedures, security selection criteria, and the scope of discretion, all based on predefined rules. Compliance is enforced through funds: managers must review the index and its provider, and trustees must verify that this review was properly conducted.

Although South Africa has no dedicated regulatory framework for index providers, under the JSE Listings Requirements, issuers of exchange-traded funds or exchange-traded notes must include a summary of the index methodology in their listing documents. This must explain how the index is constructed, identify the provider, disclose rebalance frequency, and provide public access to the index rules.

In 64% of jurisdictions, index providers are required to disclose the procedures for consulting on any proposed material changes in their methodology, the rationale for such changes, and the circumstances in which the index provider is to notify users of any such changes (Figure 2.11). In Australia, a benchmark licensee must take reasonable steps to consult and notify users before implementing any proposed material change to the methodology, including final stage methods.

In the EU, index providers must disclose procedures for material changes to their methodologies. Administrators are required to publish consultation procedures, including the rationale for changes and how users will be notified (EU, 2016[76]). In Israel, index providers are required to maintain a policy for advance publication of material changes to methodology or other significant events. Fund managers must verify the existence of such a policy and ensure that their agreement with the index provider includes a right to receive ongoing updates regarding such changes.

Sixty-four per cent of jurisdictions set requirements via law or regulation for the methodologies of index providers to be periodically updated or reviewed by an independent party (Figure 2.11). In the EU, following the 2025 revision, administrators of critical, significant and climate-related benchmarks must regularly review their methodologies. Critical benchmark administrators must also appoint an independent external auditor at least annually to assess compliance and methodology robustness. For non-critical benchmarks (including most ESG and non-ESG indices), independent reviews are not required, but internal review procedures must be maintained under the administrator’s control framework (EU, 2016[76]).

In India, index providers must establish an independent oversight committee to review index design, methodology changes, audit results, cessation procedures and use of expert judgement. They must also undergo an independent external audit of compliance with IOSCO Principles for Financial Benchmarks at least every two years, with the first audit within one year of registration with SEBI, and publish the audit report on their website (SEBI, 2024[60]).

No jurisdictions require or recommend that index providers engage with issuers whose securities are or may be included in their indexes.

In Australia, although there is no explicit requirement or recommendation for index providers to engage with issuers in their indexes, the Australian Securities Exchange (ASX), as a benchmark administrator, encourages such engagement by licensed users.

Sixty-six per cent of jurisdictions require index providers to disclose actual or potential conflicts of interest, and 66% require policies and procedures to ensure business interests do not compromise the independence or accuracy of their products. By contrast, 96% of jurisdictions do not require or recommend the explicit disclosure of ownership structures, although some may require it where they are linked to actual or potential conflicts of interest.

Index providers face conflicts of interest arising from their commercial incentives and the scope of their business activities (Hirst and Kastiel, 2019[83]). A primary source of revenue stems from their reliance on licensing fees from large institutional investors, particularly asset managers. Institutional investors may exert influence to ensure that indices prioritise the most liquid assets, thereby reducing replication costs in their portfolio. This may result in pressure to select easily tradable securities, potentially at the expense of broader representativeness or methodological neutrality.

Conflicts may also arise from the diversified business models of index providers. Issuers included in indices may also be consumers of additional services. Where index methodologies are opaque or where there is room for greater discretion, this raises concerns about whether commercial relationships might affect inclusion or exclusion decisions (Winden, 2024[84]). For example, issuers that hire any of the other services offered by index providers may expect a more favourable treatment if the methodology to establish the index is not clearly disclosed and fairly developed.

In Canada, index providers are required to maintain policies and procedures for identifying, managing and disclosing actual or potential conflicts of interest related to any designated benchmark they administer (OSC, 2024[73]). The EU’s BMR sets requirements for managing conflicts of interest, which require providers to implement robust governance arrangements to identify and manage any actual or potential conflicts of interest (EU, 2016[76]). In India, index providers must have policies and procedures to manage conflicts of interest and ensure the integrity and independence of all functions involved in index determination (SEBI, 2024[60]).

Sixty-six per cent of jurisdictions require via law or regulation that index providers implement policies and procedures to ensure their business interests do not impair the independency of their calculations or accuracy of their products (Figure 2.12). In Australia, benchmark licensees must maintain arrangements to manage conflicts of interest and, for submission-based benchmarks, implement codes of conduct that restrict front-office involvement, separate reporting lines, mitigate manipulation risks, and address conflicts from other business activities. In Israel, although index providers are regulated indirectly (Section 2.4.4), index providers must have formal policies to identify and manage conflicts involving staff, shareholders, and data providers, and ensure clear separation between benchmark-setting and other business operations. The UK BMR requires benchmark administrators to implement governance, oversight and control frameworks to identify and manage conflicts, keep benchmark activities independent from other business interests, ensure accurate and representative input data, and maintain procedures for reporting potential breaches.

People’s Republic of China (hereafter “China”) and India set requirements for index providers to disclose their ownership structures as part of their regulatory frameworks, but 96% of jurisdictions set no such requirement (Figure 2.12). In China, Article 10 of the State Council’s Interim Regulations on Enterprise Information Disclosure requires enterprises to disclose, via the National Enterprise Credit Information Publicity System, within 20 working days: i) shareholder or sponsor capital contributions (amount, timing, and method) for limited liability or joint-stock companies; and ii) equity transfers and other equity changes for limited liability companies. In India, when registering with SEBI as an index provider, they must disclose a list of major shareholders that hold 5% or more equity in the firm (SEBI, 2024[60]).

Sixty-four per cent of jurisdictions set registration or authorisation requirements or provide a public list for firms offering indexes in their jurisdictions.

In Australia, the ASIC Corporations (Significant Financial Benchmarks) Instrument 2018/420 designates five significant financial benchmarks, including the S&P/ASX 200 Index (Section 2.2.3), and a list of all licensed benchmark administrators is also published on ASIC’s website (ASIC, 2018[72]).

In China, the Beijing, Shanghai and Shenzhen Stock Exchanges play a central role in overseeing index providers. Only entities that they license or authorise are permitted to compile and operate indexes, reflecting the exchanges’ self-regulatory approach.

Under the EU’s revised BMR, benchmark administrators – ESG and non-ESG – must be registered or authorised, with significant or critical providers requiring authorisation and smaller providers able to register (EC, 2025[77]). All authorised and registered entities appear in ESMA’s public register, which also lists third-country administrators admitted via equivalence, recognition or endorsement, allowing their benchmarks to be used in the EU under set conditions. From January 2026, ESMA’s role expanded: it directly supervises all EU critical benchmark administrators and any EU administrator endorsing a third-country benchmark, making ESMA the single-entry point for non-EU providers, while national authorities continue overseeing significant and national critical benchmarks.

In India, no entity may act as an index provider for significant indices without obtaining a certificate of registration from SEBI. Applications must include a compliance report confirming adherence to IOSCO Principles for Financial Benchmarks, or an undertaking to submit such a report within six months. To qualify, applicants must be legally incorporated under the Companies Act, 2013 (or equivalent), maintain a minimum net worth of ₹25 crore (certified annually), have adequate infrastructure and qualified personnel, and ensure that promoters and directors meet SEBI’s fit and proper criteria. Once registered, index providers must continue to meet the net worth requirement, notify SEBI of any changes within 30 days, obtain prior approval for any change in control, and comply with all SEBI regulations, guidelines, and directions (SEBI, 2024[60]).

In Singapore, licensing/authorisation requirements apply to the administrator and submitters of a financial benchmark designated by the MAS, based on their systemic importance, susceptibility to manipulation, or where it is in the interest of the public to do so.

[31] AMF (2011), AMF Recommandation 2011-06 Proxy voting advisory firms, https://www.amf-france.org/sites/institutionnel/files/doctrine/Recommandation/Proxy%20voting%20advisory%20firms.pdf.

[70] An, Y., M. Benetton and Y. Song (2023), Index Providers: Whales Behind the Scenes of ETFs, https://corpgov.law.harvard.edu/2023/08/08/index-providers-whales-behind-the-scenes-of-etfs/.

[10] ASIC (2025), Credit rating agencies - lodging compliance report with ASIC, https://www.asic.gov.au/regulatory-resources/financial-services/credit-rating-agencies/credit-rating-agencies-lodging-compliance-report-with-asic/.

[72] ASIC (2018), Financial benchmarks, https://www.asic.gov.au/regulatory-resources/markets/financial-benchmarks/.

[12] ASIC (2004), Licensing: Managing conflicts of interest, https://www.asic.gov.au/regulatory-resources/find-a-document/regulatory-guides/rg-181-licensing-managing-conflicts-of-interest/.

[45] Australian Government (2021), Greater Transparency of Proxy Advice, https://oia.pmc.gov.au/sites/default/files/posts/2021/12/Greater%20Transparency%20of%20Proxy%20Advice%20RIS_0.pdf.

[48] Balluffi, S. (2023), ESG Solutions for Private Markets, https://www.opimas.com/research/898/detail/.

[81] Bebchuk, L. and K. Kastiel (2017), “The Untenable Case for Perpetual Dual-Class Stock”, Virginia Law Review, Vol. 103/4, pp. 585-631, https://doi.org/10.2139/SSRN.2954630.

[58] Berg, F., J. Kölbell and R. Rigobon (2019), “Aggregate Confusion: The Divergence of ESG Ratings”, SSRN Electronic Journal, https://doi.org/10.2139/SSRN.3438533.

[80] Capital Market, Insurance and Savings Authority (2019), Part 2 of Section 5 regarding investment asset management has been updated, https://www.gov.il/BlobFolder/guide/information-entities-codex/he/Codex_Gate5_Part2_Chapter4.pdf.

[33] Centre for Strategy & Evaluation Services (2025), Study on the application of the shareholder rights directives, https://op.europa.eu/en/publication-detail/-/publication/834aae3d-eda9-11ef-b5e9-01aa75ed71a1.

[29] CNMV (2023), Code of good practices for institutional investors, asset managers and proxy advisors in relation to their duties in respect of assets entrusted to or services provided by them (“Stewardship Code”), https://www.cnmv.es/docportal/Buenas-practicas/CBPinversores_EN.pdf.

[39] Crain, C. (2025), Testimony in House Hearing: “Exposing the Proxy Advisory Cartel: How ISS & Glass Lewis Influence Markets”, https://corpgov.law.harvard.edu/2025/05/06/testimony-in-house-hearing-exposing-the-proxy-advisory-cartel-how-iss-glass-lewis-influence-markets-4/.

[79] CSA (2024), CSA Staff Notice 81-334 (Revised) ESG-Related Investment Fund Disclosure, https://www.osc.ca/sites/default/files/2024-03/20240307_81-334_sn-related-investment-fund-disclosure.pdf.

[24] CSA (2015), Policy 25-201 Guidance for Proxy Advisory Firms, https://www.asc.ca/-/media/ASC-Documents-part-1/Regulatory-Instruments/2018/10/5127811-National-Policy-25-201-Guidance-for-Proxy-Advisory-Firms.pdf.

[5] CVM (2021), CVM RESOLUTION Nº 20, https://www.gov.br/cvm/en/foreign-investors/regulation-files/resol020Traduo_v.SDM22032023.pdf.

[13] CVM (2020), CVM RESOLUTION NO. 9, OF OCTOBER 27TH, 2020, https://www.gov.br/cvm/en/foreign-investors/regulation-files/resolution-cvm-9.pdf.

[34] Danish Committee on Corporate Governance (2020), Danish Recommendations on Corporate Governance, https://corporategovernance.dk/sites/default/files/2023-08/Danish-recommendations-corporate-governance-02122020.pdf.

[77] EC (2025), Benchmarks, https://finance.ec.europa.eu/news/benchmarks-2025-01-30_en.

[26] Economiesuisse (2023), Swiss Code of Best Practice for Corporate Governance, https://backend-api.economiesuisse.ch//sites/default/files/2025-09/swisscode_e_web_0.pdf.

[32] ESMA; EBA (2023), Implementation of SRD2 provisions on proxy advisors and the investment chain, https://www.esma.europa.eu/sites/default/files/2023-07/ESMA32-380-267_Report_on_SRD2.pdf.

[50] EU (2024), “Regulation (EU) 2024/3005 of the European Parliament and of the Council of 27 November 2024 on the transparency and integrity of Environmental, Social and Governance (ESG) rating activities, and amending Regulations (EU) 2019/2088 and (EU) 2023/2859”, European Union Law, p. 48, https://eur-lex.europa.eu/eli/reg/2024/3005/oj/eng.

[23] EU (2017), DIRECTIVE (EU) 2017/828 amending DIRECTIVE 2007.36/EC as regards the encouragement of long-term shareholder engagement, https://eur-lex.europa.eu/eli/dir/2017/828/oj/eng.

[76] EU (2016), “REGULATION (EU) 2016/1011 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on indices used as benchmarks in financial instruments and financial contracts or to measure the performance of investment funds and amending Directives 2008/48/EC and 2014/17/EU”, Official Journal of the European Union, https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R1011.

[3] EU (2014), Directive 2014/65/EU of the European Parliament and of the Council of 15 May 2014 on markets in financial instruments and amending Directive 2002/92/EC and Directive 2011/61/EU (recast) Text with EEA relevance, https://eur-lex.europa.eu/eli/dir/2014/65/oj/eng.

[4] EU (2014), Regulation (EU) No 596/2014 of the European Parliament and of the Council of 16 April 2014 on market abuse (market abuse regulation), https://eur-lex.europa.eu/eli/reg/2014/596/oj/eng.

[46] FCA (2024), Proxy advisors, https://www.fca.org.uk/markets/primary-markets/proxy-advisors.

[52] FCA (2023), FCA welcomes the launch of industry code of conduct for ESG ratings and data products providers, https://www.fca.org.uk/news/news-stories/fca-welcomes-launch-industry-code-conduct-esg-ratings-and-data-products-providers.

[82] Financial Times (2024), MSCI axes dozens more Chinese stocks from global indices, https://www.ft.com/content/849bd1e6-3adc-4867-b417-ca52dc64520c.

[30] FRC (2025), The UK Stewardship Code 2026, https://media.frc.org.uk/documents/UK_Stewardship_Code_2026.pdf.

[20] FRC, Morrow Sodali, Durham University (2023), The influence of proxy advisors and ESG rating agencies on the actions and reporting of FTSE350 companies and investor voting, https://media.frc.org.uk/documents/The_influence_of_proxy_advisors_and_ESG_rating_agencies_on_the_actions_and_reporting_of_FTSE_350_com.pdf.

[35] FSA (2025), God praksis for politikker for aktivt ejerskab, https://www.finanstilsynet.dk/Media/638799151680673193/God%20praksis%20rapport%20om%20politikker%20for%20aktivt%20ejerskab.pdf.

[53] FSA (2022), The Code of Conduct for ESG Evaluation and Data Providers, https://www.fsa.go.jp/en/news/2024/20240708.html.

[38] Glass Lewis (2025), Glass Lewis Leads Change in Proxy Voting Practices, https://www.glasslewis.com/news-release/glass-lewis-leads-change-in-proxy-voting-practices.

[11] Government Gazette (2013), Credit Rating Services Act, https://www.gov.za/sites/default/files/gcis_document/201409/36071gon15.pdf.

[83] Hirst, S. and K. Kastiel (2019), “Corporate Governance by Index Exclusion”, https://doi.org/10.31030/1702642.

[78] HM Treasury (2025), Future regulatory regime for benchmarks and benchmark administrators: Consultation, https://www.gov.uk/government/consultations/future-regulatory-regime-for-benchmarks-and-benchmark-administrators/future-regulatory-regime-for-benchmarks-and-benchmark-administrators-consultation#responding-to-this-consultation.

[22] Hu, E., N. Malenko and J. Zytnick (2024), Custom Proxy Voting Advice, https://corpgov.law.harvard.edu/2024/05/23/custom-proxy-voting-advice/.

[54] ICMA (2024), Hong Kong Code of Conduct for ESG Rating and Data Products Providers, https://www.icmagroup.org/assets/documents/Sustainable-finance/Codes-of-conduct/ICMA-Hong-Kong-Code-of-Conduct-for-ESG-Ratings-and-Data-Products-Providers-ENGLISH-version-October-2024-031024.pdf.

[65] ICMA (2023), Code of Conduct for ESG Ratings and Data Products Providers, https://www.icmagroup.org/assets/DRWG-Code-of-Conduct-for-ESG-Ratings-and-Data-Products-Providers-v3.pdf.

[27] IICM (2022), The Malaysian Code for Institutional Investors, https://iicm.org.my/wp-content/uploads/2024/11/Malaysian-Code-for-Institutional-Investors-2022.pdf.

[69] IOSCO (2025), ESG Indices as Benchmarks, https://www.iosco.org/library/pubdocs/pdf/IOSCOPD804.pdf.

[1] IOSCO (2023), IOSCO STATEMENT OF PRINCIPLES FOR ADDRESSING SELLS-SIDE SECURITIES ANALYST CONFLICTS OF INTEREST, https://www.iosco.org/library/pubdocs/pdf/ioscopd150.pdf.

[49] IOSCO (2022), IOSCO GOOD SUSTAINABLE FINANCE PRACTICES CALL FOR ACTION, https://www.iosco.org/library/pubdocs/pdf/IOSCOPD717.pdf.

[47] IOSCO (2021), Environmental, Social and Governance (ESG) Ratings and Data Products Providers Final Report, https://www.iosco.org/library/pubdocs/pdf/IOSCOPD690.pdf.

[2] IOSCO (2015), CODE OF CONDUCT FUNDAMENTALS FOR CREDIT RATING AGENCIES, https://www.iosco.org/library/pubdocs/pdf/IOSCOPD482.pdf.

[67] IOSCO (2013), Principles for Financial Benchmarks, https://www.iosco.org/library/pubdocs/pdf/ioscopd415.pdf.

[28] ISA (2014), The ISA staff’s position on a fund manager’s engagement with a professional firm for the purpose of receiving recommendations on how to vote at a general meeting.

[25] ISCA (2022), Singapore Stewardship Principles, https://isca.org.sg/docs/default-source/i-p--our-future-together/ssp-2-0-principles.pdf?sfvrsn=55ef84cc_0.

[44] ISCA (2022), Singapore Stewardship Principles For Responsible Investors 2.0, https://isca.org.sg/docs/default-source/i-p--our-future-together/ssp-2-0-principles.pdf?sfvrsn=55ef84cc_0202.

[51] ISS Insights (2023), ESG Regulation in South Korea: Disclosure Guidance, https://insights.issgovernance.com/posts/esg-regulation-in-south-korea-disclosure-guidance/.

[36] JFSA (2025), Principles for Responsible Institutional Investors “Japan’s Stewardship Code”, https://www.fsa.go.jp/en/refer/councils/stewardship/20250626/01.pdf.

[8] JSDA (2002), RULES CONCERNING HANDLING OF ANALYST REPORTS, https://www.jsda.or.jp/en/rules-guidelines/files/E29.pdf.

[64] KCGS (2023), Guidance for ESG Ratings Providers, https://www.cgs.or.kr/eng/openmng/agency_guidance.jsp.

[21] Krahnen, J. et al. (2023), The controversy over proxy voting: The role of asset managers and proxy advisors, https://corpgov.law.harvard.edu/2023/01/30/the-controversy-over-proxy-voting-the-role-of-asset-managers-and-proxy-advisors/.

[41] Larcker, D. and B. Tayan (2024), Seven Questions about Proxy Advisors, https://papers.ssrn.com/abstract=4808820.

[43] Legislation.gov.uk (2019), The Proxy Advisors (Shareholders’ Rights) Regulations 2019, https://www.legislation.gov.uk/uksi/2019/926.

[74] MAS (2025), SORA Interest Rate Benchmark, https://www.mas.gov.sg/monetary-policy/sora.

[55] MAS (2023), Annex C: Singapore Code of Conduct for ESG Rating and Data Product Providers, https://www.mas.gov.sg/-/media/mas/regulations-and-financial-stability/regulations-guidance-and-licensing/financial-advisers/consultation-paper/annex-c-code-of-conduct-for-esg-rating-and-data-product-providers.pdf.

[59] Nemzeti Jogszabalytar (2023), Act CVIII of 2023, https://njt.hu/jogszabaly/2023-108-00-00.

[57] OECD (2025), Behind ESG ratings: Unpacking sustainability metrics, OECD Publishing, Paris, https://doi.org/10.1787/3f055f0c-en.

[17] OECD (2025), OECD Corporate Governance Factbook 2025, OECD Publishing, Paris, https://doi.org/10.1787/f4f43735-en.

[40] OECD (2025), Shareholder Meetings and Corporate Governance: Trends and Implications, OECD Publishing, Paris, https://doi.org/10.1787/2d36fa5c-en.

[56] OECD (2022), ESG ratings and climate transition: An assessment of the alignment of E pillar scores and metrics, OECD Publishing, Paris, https://doi.org/10.1787/2fa21143-en.

[71] OECD (2014), OECD Journal: Financial Market Trends, Volume 2013 Issue 2, OECD Publishing, Paris, https://doi.org/10.1787/fmt-v2013-2-en.

[15] OJK (2021), Guidelines for securities rating company activities, https://www.ojk.go.id/id/regulasi/Documents/Pages/Pedoman-Kegiatan-Perusahaan-Pemeringkat-Efek/POJK%2024%20-%2004%20-%202021.pdf.

[73] OSC (2024), CSA Notice and Request for Comment – Proposed Amendments to Multilateral Instrument 25-102 Designated Benchmarks and Benchmark Administrators and Proposed Changes to Companion Policy 25-102 Designated Benchmarks and Benchmark Administrators, https://www.osc.ca/en/securities-law/instruments-rules-policies/2/25-102/csa-notice-and-request-comment-proposed-amendments-multilateral-instrument-25-102-designated-0.

[75] Parliament of Singapore (2021), Securities and Futures Act 2001, https://sso.agc.gov.sg/Act/SFA2001?WholeDoc=1.

[68] Petry, J., J. Fichtner and E. Heemskerk (2019), “Steering capital: the growing private authority of index providers in the age of passive asset management”, https://doi.org/10.1080/09692290.2019.1699147.

[7] SAAJ (2024), Ethical Principles and Standards, https://www.saa.or.jp/english/ethics_standards/ethics.html.

[60] SEBI (2024), Securities and Exchange Board of India (Index Providers) Regulations, 2024 [Last amended on November 28, 2024], https://www.sebi.gov.in/legal/regulations/nov-2024/securities-and-exchange-board-of-india-index-providers-regulations-2024-last-amended-on-november-28-2024-_89268.html.

[61] SEBI (2023), Master Circular for ESG Rating Providers (ERPs), https://www.sebi.gov.in/legal/master-circulars/jul-2023/master-circular-for-esg-rating-providers-erps-_73856.html.

[63] SEBI (2023), Securities and Exchange Board of India (Credit Rating Agencies) Regulations, 1999 [Last amended on July 4, 2023], https://www.sebi.gov.in/legal/regulations/jul-2023/securities-and-exchange-board-of-india-credit-rating-agencies-regulations-1999-last-amended-on-july-4-2023-_74002.html.

[6] SEBI (2014), SEBI (Research Analysts) Regulations, 2014, https://www.sebi.gov.in/legal/regulations/dec-2024/securities-and-exchange-board-of-india-research-analysts-regulations-2014-last-amended-on-december-16-2024-_90153.html.

[16] Securities Commission Malaysia (2023), GUIDELINES ON CREDIT RATING AGENCIES, https://www.sc.com.my/api/documentms/download.ashx?id=d61c6c78-91c2-4089-af8a-b10307de7462.

[66] SFC (2024), Guidance to asset managers regarding due diligence expectations for third-party ESG ratings and data products providers, https://apps.sfc.hk/edistributionWeb/gateway/EN/circular/intermediaries/supervision/doc?refNo=24EC58.

[14] SFC (2011), Code of Conduct for Persons Providing Credit Rating Services, https://www.sfc.hk/-/media/EN/assets/components/codes/files-current/web/codes/code-of-conduct-for-persons-providing-credit-rating-services/Code-of-Conduct-for-Persons-Providing-Credit-Rating-Services.pdf?rev=568dd4fb73834e179431b32e5a6bfecd.

[18] Shu, C. (2024), “The Proxy Advisory Industry: Influencing and Being Influenced”, SSRN Electronic Journal, https://doi.org/10.2139/SSRN.3614314.

[19] Sisson, J. and S. Neervoort (2025), “Letter Regarding the Hearing on ‘Exposing the Proxy Advisory Cartel: How ISS & Glass Lewis Influence Markets”, Harvard Law School Forum on Corporate Governance, https://corpgov.law.harvard.edu/2025/05/13/letter-regarding-the-hearing-on-exposing-the-proxy-advisory-cartel-how-iss-glass-lewis-influence-markets/.

[9] South African Government (2002), Financial Advisory and Intermediary Services Act 37 of 2002, https://www.gov.za/documents/financial-advisory-and-intermediary-services-act.

[42] Spatt, C. (2019), Proxy Advisory Firms, Governance, Failure, and Regulation, https://corpgov.law.harvard.edu/2019/06/25/proxy-advisory-firms-governance-failure-and-regulation/.

[62] Sugeval (2022), REGLAMENTO PARA EL REGISTRO DE VERIFICADORES EXTERNOS DE LA, https://www.bolsacr.com/sites/default/files/MAB/Reglas/regl_registro_verificadores_externos_emisiones_tematicas.pdf.

[84] Winden, A. (2024), “Regulation by Indexation?”, Columbia Business Law Review, Vol. 2024/2, https://doi.org/10.52214/CBLR.V2024I2.13514.

[37] Zhang, H. (2022), “How Small Companies Suffer When Investors Vote in Lockstep With Proxy Advisors”, Institutional Investor, https://www.institutionalinvestor.com/article/2bstolshmelxxynmww35s/corner-office/how-small-companies-suffer-when-investors-vote-in-lockstep-with-proxy-advisors.