ESG Ratings and Their Disagreements

Sustainalytics ESG Risk Ratings: How Risk-Based Scoring Works

Pomegra Learn

How Does Sustainalytics' ESG Risk Rating System Work?

Sustainalytics, now part of Morningstar, is one of the two most widely used ESG rating providers globally alongside MSCI. Its ESG Risk Rating takes a fundamentally different conceptual approach from MSCI: instead of rating how well a company manages ESG factors relative to peers, Sustainalytics rates the magnitude of unmanaged ESG risk that the company's investors are exposed to. The distinction is subtle but important — a company can be very good at managing its ESG risks and still receive a higher (worse) Sustainalytics risk score than a competitor, if it operates in an industry where the inherent ESG risks are simply larger. Understanding this risk-based framing helps investors use Sustainalytics scores correctly.

Quick definition: Sustainalytics' ESG Risk Rating measures the magnitude of a company's unmanaged ESG risks — the ESG exposure that management has not adequately addressed. Scores run from 0 (negligible unmanaged risk) to 100+ (severe unmanaged risk), with lower scores being better. The rating distinguishes between a company's inherent ESG exposure (from its industry and business model) and its management of that exposure.

Key takeaways

Sustainalytics' scoring runs from 0 to 100+, where lower is better — the opposite direction from many rating systems and a frequent source of confusion.
The framework distinguishes three components: Exposure (the inherent ESG risk from the company's industry and activities), Management (how well the company addresses that exposure), and Unmanaged Risk (Exposure minus the portion addressed by Management).
Sustainalytics uses five risk categories: Negligible (0–10), Low (10–20), Medium (20–30), High (30–40), and Severe (40+).
The risk-based approach means a company in an inherently high-risk industry (mining, oil and gas) may have a higher (worse) score than a company in a low-risk industry (software) even if it manages ESG factors better, simply because its industry creates larger inherent risk.
Morningstar acquired Sustainalytics in 2020, leading to ESG risk ratings being integrated into Morningstar fund analysis tools and accessible to retail investors through Morningstar's platforms.

The Three-Component Framework

Sustainalytics' rating methodology is built on three interrelated concepts:

Exposure: The degree to which a company faces material ESG risks based on its industry, business model, and geographic footprint. Exposure is primarily industry-driven — an oil and gas extraction company has high inherent ESG exposure because of the climate risk associated with its core business. A software company has lower inherent ESG exposure because its activities create fewer direct environmental or social risks. Exposure is largely predetermined by industry membership; individual company choices have limited effect on exposure.

Management: The quality of the company's systems, policies, and programs to address its ESG exposures. Management includes: whether the company has adopted relevant ESG policies, the quality of its governance systems for ESG oversight, the implementation quality of ESG programs, and the company's track record on ESG incidents.

Unmanaged risk: The residual risk remaining after subtracting managed risk from exposure. If a company faces 30 units of ESG exposure and its management quality addresses 20 units, it has 10 units of unmanaged risk — its Sustainalytics score. A company with identical exposure but better management (addressing 25 units) would score 5 — meaningfully better.

This framework means Sustainalytics risk scores have two components that investors can use separately: Is this company in a high-exposure industry? And how well is management addressing the exposures the company faces?

Sustainalytics rating framework

Sub-Ratings: Material ESG Issues

Like MSCI, Sustainalytics assesses companies on specific ESG issues that are material for their industry. Sustainalytics calls these MEIs (Material ESG Issues) and identifies a company-specific subset from a broader universe of possible issues.

For each MEI, Sustainalytics assesses:

Controversy incidents associated with the issue
Company policy coverage of the issue
Program implementation quality for managing the issue
Measured performance on quantitative indicators associated with the issue

The MEI assessment distinguishes between Prepared and Unmanaged components — some risk is inherently prepared-for (the industry standard practices that all companies in the sector adopt regardless of individual effort); additional risk is managed (what the specific company does beyond industry baseline); and residual unmanaged risk is what remains.

Company-Level Score and Peer Comparison

Sustainalytics provides:

Overall ESG Risk Score: The main output, on the 0–100+ scale, representing total unmanaged risk. This is what most investors reference when citing a "Sustainalytics score."

Industry rank: Where the company falls in its sub-industry peer group — percentile ranking and position (e.g., "15th out of 87 companies in Oil and Gas Exploration and Production"). This contextualizes the absolute score.

Universe rank: Where the company falls across the full Sustainalytics coverage universe — useful for cross-industry comparison.

Controversy levels: Separate from the ESG risk score, Sustainalytics assigns controversy levels (0–5) for specific incidents, with higher numbers indicating more severe controversies. Controversy incidents can feed into the management assessment.

RepRisk and Controversy Monitoring

Sustainalytics acquired RepRisk, the leading ESG controversy data provider, enhancing its controversy monitoring capabilities. RepRisk provides real-time ESG controversy alerts drawing on media, NGO reports, government filings, and other public sources — covering over 200,000 companies and projects globally, far more than any ESG rating universe.

This controversy monitoring integration gives Sustainalytics a significant dynamic advantage: its ESG risk scores can be updated more quickly in response to breaking negative events than pure annual-cycle assessment allows.

How Sustainalytics Scores Are Used

Sustainalytics scores are used in several distinct ways:

Investment screening: Fund managers use Sustainalytics scores to screen for companies with ESG risk above defined thresholds. A manager might exclude all companies rated "High" (30+) or "Severe" (40+) from their investment universe.

Portfolio risk monitoring: Weighted average portfolio Sustainalytics scores provide a portfolio-level ESG risk metric. Institutional LPs often request this metric from their investment managers.

Norms-based exclusion: Sustainalytics provides specific norms-based screening services that identify companies in violation of UN Global Compact principles — used separately from or alongside ESG risk ratings.

Proxy voting research: Sustainalytics provides proxy advisory services (separate from its ESG ratings) that inform institutional investor voting at AGMs.

Real-world examples

ExxonMobil's Sustainalytics score: ExxonMobil consistently receives a "High Risk" Sustainalytics score (typically in the 30–40 range), reflecting its large inherent ESG exposure as a major oil and gas producer. Even when ExxonMobil improves its management quality (better climate disclosure, improved safety record), its score remains elevated because the industry exposure is inherently large. This illustrates Sustainalytics' exposure-driven architecture.

Alphabet (Google) comparison: Alphabet, as a technology company, typically receives a "Medium Risk" or lower Sustainalytics score — not because Google has no ESG concerns (data privacy, antitrust, labor practices are genuine concerns), but because the inherent ESG exposure of search and advertising is lower than fossil fuel extraction. The absolute exposure is smaller, so even if management is only adequate, unmanaged risk is relatively low.

Controversy score impact: When a company is named in a major human rights controversy — factory fire, supply chain labor abuse, environmental violation — its Sustainalytics controversy score can jump quickly, before the controversy is incorporated into annual management scores. This lag between incident and score update is a known limitation that controversy monitoring partially addresses.

Common mistakes

Using Sustainalytics scores without understanding the direction: Sustainalytics' lower-is-better scoring is counterintuitive — a score of 5 is excellent, while a score of 45 is severe. Investors accustomed to 0–100 scales where higher is better (like MSCI's key issue scores) sometimes misinterpret Sustainalytics scores.

Comparing Sustainalytics scores across industries without accounting for exposure differences: A medium risk score (25) in oil and gas and a medium risk score (25) in technology represent very different situations — the oil and gas company may be managing its risks exceptionally well to achieve 25, while the technology company may be managing relatively poorly given its lower inherent exposure.

Treating management quality and unmanaged risk as the same thing: A company can have excellent management quality and still carry significant unmanaged risk because its industry exposure is so large. Understanding which component is driving the score helps investors assess whether the risk reflects structural industry exposure (unavoidable) or management failures (potentially improvable).

FAQ

What is the difference between Sustainalytics and RepRisk?

Sustainalytics is an ESG rating provider; RepRisk is an ESG controversy data provider. Sustainalytics acquired RepRisk in 2022. Sustainalytics provides structured ESG risk assessments of companies across a defined coverage universe. RepRisk provides real-time controversy monitoring across a much larger universe — including smaller companies and specific projects. The two services complement each other: ESG risk ratings for structured assessment; RepRisk for real-time incident alerts.

How does Morningstar integrate Sustainalytics scores?

Morningstar, which acquired Sustainalytics in 2020, integrates ESG risk scores into its fund analysis tools. The Morningstar Sustainability Rating ("Globe" rating) for funds uses Sustainalytics ESG risk scores of portfolio holdings to assess the overall ESG risk profile of funds. Retail investors can access Morningstar's Globe ratings on most mutual fund fact sheets.

Why might a company with strong ESG programs still receive a high Sustainalytics score?

If a company operates in a high-exposure industry — oil and gas, mining, chemicals — its inherent ESG exposure may be so large that even excellent management practices leave significant unmanaged risk. The score reflects the residual exposure, not just management quality. This is by design: investors in high-exposure industry companies face structurally more ESG risk than investors in low-exposure industry companies, regardless of how well individual companies manage it.

Does Sustainalytics provide ratings for bonds as well as equities?

Yes — Sustainalytics provides second-party opinions on green bonds, social bonds, and sustainability-linked bonds, assessing whether the bond frameworks meet the relevant Green Bond Principles or other applicable standards. This service is separate from company-level ESG risk ratings and represents a significant revenue source for the firm.

Can Sustainalytics scores be negative?

No — the minimum Sustainalytics score is 0 (no unmanaged risk) and scores increase from there. A score of 0 would be exceptional; most companies carry some unmanaged ESG risk by Sustainalytics' assessment.

Summary

Sustainalytics' ESG Risk Rating measures unmanaged ESG risk — the residual exposure remaining after subtracting management quality from inherent industry-driven exposure. Its 0–100+ scale (lower = better) and five-category framework (negligible through severe) reflect a risk-based approach that explicitly separates what a company is exposed to from how well it manages that exposure. Acquired by Morningstar in 2020, Sustainalytics scores are now integrated into retail investor fund analysis tools. The core methodological difference from MSCI — risk exposure versus relative performance — means the two systems can rank the same companies very differently, particularly for companies in high-inherent-exposure industries that manage their risks well.

→ S&P Global ESG Scores

Key takeaways​

The Three-Component Framework​

Sustainalytics rating framework​

Sub-Ratings: Material ESG Issues​

Company-Level Score and Peer Comparison​

RepRisk and Controversy Monitoring​

How Sustainalytics Scores Are Used​

Real-world examples​

Common mistakes​

FAQ​

What is the difference between Sustainalytics and RepRisk?​

How does Morningstar integrate Sustainalytics scores?​

Why might a company with strong ESG programs still receive a high Sustainalytics score?​

Does Sustainalytics provide ratings for bonds as well as equities?​

Can Sustainalytics scores be negative?​

Related concepts​

Summary​

Next​